Merge branch 'main' into za/806-analyst-view-domain-management-data

2025-05-16 09:37:03 +02:00 · 2023-08-30 07:47:37 -06:00 · 2023-08-30 07:47:37 -06:00 · 7e0a4aea76
commit 7e0a4aea76
parent 4dd175f2a0 93ec99185b
29 changed files with 803 additions and 95 deletions
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@ -103,6 +103,36 @@ class MyUserAdmin(BaseUserAdmin):

    inlines = [UserContactInline]

+    list_display = (
+        "email",
+        "first_name",
+        "last_name",
+        "is_staff",
+        "is_superuser",
+        "status",
+    )
+
+    fieldsets = (
+        (
+            None,
+            {"fields": ("username", "password", "status")},
+        ),
+        ("Personal Info", {"fields": ("first_name", "last_name", "email")}),
+        (
+            "Permissions",
+            {
+                "fields": (
+                    "is_active",
+                    "is_staff",
+                    "is_superuser",
+                    "groups",
+                    "user_permissions",
+                )
+            },
+        ),
+        ("Important dates", {"fields": ("last_login", "date_joined")}),
+    )
+
    def get_list_display(self, request):
        if not request.user.is_superuser:
            # Customize the list display for staff users
@ -198,6 +228,10 @@ class DomainApplicationAdmin(ListHeaderAdmin):

    """Customize the applications listing view."""

+    # Set multi-selects 'read-only' (hide selects and show data)
+    # based on user perms and application creator's status
+    # form = DomainApplicationForm
+
    # Columns
    list_display = [
        "requested_domain",
@ -271,7 +305,7 @@ class DomainApplicationAdmin(ListHeaderAdmin):
    ]

    # Read only that we'll leverage for CISA Analysts
-    readonly_fields = [
+    analyst_readonly_fields = [
        "creator",
        "type_of_work",
        "more_organization_information",
@ -289,49 +323,81 @@ class DomainApplicationAdmin(ListHeaderAdmin):

    # Trigger action when a fieldset is changed
    def save_model(self, request, obj, form, change):
-        if change:  # Check if the application is being edited
-            # Get the original application from the database
-            original_obj = models.DomainApplication.objects.get(pk=obj.pk)
+        if obj and obj.creator.status != models.User.RESTRICTED:
+            if change:  # Check if the application is being edited
+                # Get the original application from the database
+                original_obj = models.DomainApplication.objects.get(pk=obj.pk)

-            if obj.status != original_obj.status:
-                if obj.status == models.DomainApplication.STARTED:
-                    # No conditions
-                    pass
-                elif obj.status == models.DomainApplication.SUBMITTED:
-                    # This is an fsm in model which will throw an error if the
-                    # transition condition is violated, so we roll back the
-                    # status to what it was before the admin user changed it and
-                    # let the fsm method set it. Same comment applies to
-                    # transition method calls below.
-                    obj.status = original_obj.status
-                    obj.submit()
-                elif obj.status == models.DomainApplication.IN_REVIEW:
-                    obj.status = original_obj.status
-                    obj.in_review()
-                elif obj.status == models.DomainApplication.ACTION_NEEDED:
-                    obj.status = original_obj.status
-                    obj.action_needed()
-                elif obj.status == models.DomainApplication.APPROVED:
-                    obj.status = original_obj.status
-                    obj.approve()
-                elif obj.status == models.DomainApplication.WITHDRAWN:
-                    obj.status = original_obj.status
-                    obj.withdraw()
-                elif obj.status == models.DomainApplication.REJECTED:
-                    obj.status = original_obj.status
-                    obj.reject()
-                else:
-                    logger.warning("Unknown status selected in django admin")
+                if obj.status != original_obj.status:
+                    status_method_mapping = {
+                        models.DomainApplication.STARTED: None,
+                        models.DomainApplication.SUBMITTED: obj.submit,
+                        models.DomainApplication.IN_REVIEW: obj.in_review,
+                        models.DomainApplication.ACTION_NEEDED: obj.action_needed,
+                        models.DomainApplication.APPROVED: obj.approve,
+                        models.DomainApplication.WITHDRAWN: obj.withdraw,
+                        models.DomainApplication.REJECTED: obj.reject,
+                        models.DomainApplication.INELIGIBLE: obj.reject_with_prejudice,
+                    }
+                    selected_method = status_method_mapping.get(obj.status)
+                    if selected_method is None:
+                        logger.warning("Unknown status selected in django admin")
+                    else:
+                        # This is an fsm in model which will throw an error if the
+                        # transition condition is violated, so we roll back the
+                        # status to what it was before the admin user changed it and
+                        # let the fsm method set it.
+                        obj.status = original_obj.status
+                        selected_method()

-        super().save_model(request, obj, form, change)
+            super().save_model(request, obj, form, change)
+        else:
+            # Clear the success message
+            messages.set_level(request, messages.ERROR)
+
+            messages.error(
+                request,
+                "This action is not permitted for applications "
+                + "with a restricted creator.",
+            )

    def get_readonly_fields(self, request, obj=None):
+        """Set the read-only state on form elements.
+        We have 2 conditions that determine which fields are read-only:
+        admin user permissions and the application creator's status, so
+        we'll use the baseline readonly_fields and extend it as needed.
+        """
+
+        readonly_fields = list(self.readonly_fields)
+
+        # Check if the creator is restricted
+        if obj and obj.creator.status == models.User.RESTRICTED:
+            # For fields like CharField, IntegerField, etc., the widget used is
+            # straightforward and the readonly_fields list can control their behavior
+            readonly_fields.extend([field.name for field in self.model._meta.fields])
+            # Add the multi-select fields to readonly_fields:
+            # Complex fields like ManyToManyField require special handling
+            readonly_fields.extend(
+                ["current_websites", "other_contacts", "alternative_domains"]
+            )
+
        if request.user.is_superuser:
-            # Superusers have full access, no fields are read-only
-            return []
+            return readonly_fields
        else:
-            # Regular users can only view the specified fields
-            return self.readonly_fields
+            readonly_fields.extend([field for field in self.analyst_readonly_fields])
+            return readonly_fields
+
+    def display_restricted_warning(self, request, obj):
+        if obj and obj.creator.status == models.User.RESTRICTED:
+            messages.warning(
+                request,
+                "Cannot edit an application with a restricted creator.",
+            )
+
+    def change_view(self, request, object_id, form_url="", extra_context=None):
+        obj = self.get_object(request, object_id)
+        self.display_restricted_warning(request, obj)
+        return super().change_view(request, object_id, form_url, extra_context)


 admin.site.register(models.User, MyUserAdmin)