Reapply "Merge branch 'main' into za/2348-csv-export-org-member-domain-export"

This reverts commit 8becad8186.
2025-08-21 16:51:08 +02:00 · 2024-08-01 09:53:59 -06:00 · 2024-08-01 09:53:59 -06:00 · 86f040e4b7
commit 86f040e4b7
parent 8becad8186
9 changed files with 221 additions and 54 deletions
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@ -77,11 +77,6 @@ class User(AbstractUser):

        VIEW_ALL_DOMAINS = "view_all_domains", "View all domains and domain reports"
        VIEW_MANAGED_DOMAINS = "view_managed_domains", "View managed domains"
-        # EDIT_DOMAINS is really self.domains. We add is hear and leverage it in has_permission
-        # so we have one way to test for portfolio and domain edit permissions
-        # Do we need to check for portfolio domains specifically?
-        # NOTE: A user on an org can currently invite a user outside the org
-        EDIT_DOMAINS = "edit_domains", "User is a manager on a domain"

        VIEW_MEMBER = "view_member", "View members"
        EDIT_MEMBER = "edit_member", "Create and edit members"
@ -269,11 +264,6 @@ class User(AbstractUser):
    def _has_portfolio_permission(self, portfolio_permission):
        """The views should only call this function when testing for perms and not rely on roles."""

-        # EDIT_DOMAINS === user is a manager on a domain (has UserDomainRole)
-        # NOTE: Should we check whether the domain is in the portfolio?
-        if portfolio_permission == self.UserPortfolioPermissionChoices.EDIT_DOMAINS and self.domains.exists():
-            return True
-
        if not self.portfolio:
            return False

@ -287,21 +277,14 @@ class User(AbstractUser):
        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO)

    def has_domains_portfolio_permission(self):
-        return (
-            self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS)
-            or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS)
-            # or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
-        )
-
-    def has_edit_domains_portfolio_permission(self):
-        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
+        return self._has_portfolio_permission(
+            User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS
+        ) or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS)

    def has_domain_requests_portfolio_permission(self):
-        return (
-            self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS)
-            or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)
-            # or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_REQUESTS)
-        )
+        return self._has_portfolio_permission(
+            User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS
+        ) or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)

    def has_view_all_domains_permission(self):
        """Determines if the current user can view all available domains in a given portfolio"""