Unit tests for transition sets user status to ineligible and deomain and application permissions

src/registrar/models/domain_application.py

@@ -610,7 +610,9 @@ class DomainApplication(TimeStampedModel):
         """The applicant is a bad actor, reject with prejudice.
 
         No email As a side effect, but we block the applicant from editing
-        any existing domains and from submitting new apllications"""
+        any existing domains/applications and from submitting new aplications.
+        We do this by setting an ineligible status on the user, which the
+        permissions classes test against"""
         
         self.creator.block_user()
 

src/registrar/tests/test_admin.py

@@ -275,6 +275,33 @@ class TestDomainApplicationAdmin(TestCase):
         # Perform assertions on the mock call itself
         mock_client_instance.send_email.assert_called_once()
         
+    def test_save_model_sets_ineligible_status_on_user(self):
+        # make sure there is no user with this email
+        EMAIL = "mayor@igorville.gov"
+        User.objects.filter(email=EMAIL).delete()
+
+        # Create a sample application
+        application = completed_application(status=DomainApplication.IN_REVIEW)
+
+        # Create a mock request
+        request = self.factory.post(
+            "/admin/registrar/domainapplication/{}/change/".format(application.pk)
+        )
+
+        # Create an instance of the model admin
+        model_admin = DomainApplicationAdmin(DomainApplication, self.site)
+
+        # Modify the application's property
+        application.status = DomainApplication.INELIGIBLE
+
+        # Use the model admin's save_model method
+        model_admin.save_model(request, application, form=None, change=True)
+
+        # Test that approved domain exists and equals requested domain
+        self.assertEqual(
+            application.creator.status, "ineligible"
+        )
+
     def tearDown(self):
         DomainInformation.objects.all().delete()
         DomainApplication.objects.all().delete()

src/registrar/tests/test_views.py

@@ -101,6 +101,18 @@ class LoggedInTests(TestWithUser):
             "What kind of U.S.-based government organization do you represent?",
         )
         
+    def test_domain_application_form_with_ineligible_user(self):
+        """Application form not accessible for an ineligible user.
+        This test should be solid enough since all application wizard
+        views share the same permissions class"""
+        self.user.status = "ineligible"
+        self.user.save()
+        
+        with less_console_noise():
+            response = self.client.get("/register/", follow=True)
+            print(response.status_code)
+            self.assertEqual(response.status_code, 403)
+
 
 class DomainApplicationTests(TestWithUser, WebTest):
 
@@ -1423,6 +1435,20 @@ class TestDomainDetail(TestWithDomainPermissions, WebTest):
             success_page, "The security email for this domain have been updated"
         )
         
+    def test_domain_overview_blocked_for_ineligible_user(self):
+        """We could easily duplicate this test for all domain management
+        views, but a single url test should be solid enough since all domain
+        management pages share the same permissions class"""
+        self.user.status = "ineligible"
+        self.user.save()
+        home_page = self.app.get("/")
+        self.assertContains(home_page, "igorville.gov")
+        with less_console_noise():   
+            response = self.client.get(
+                reverse("domain", kwargs={"pk": self.domain.id})
+            )        
+            self.assertEqual(response.status_code, 403)
+
 
 class TestApplicationStatus(TestWithUser, WebTest):
     def setUp(self):
@@ -1447,6 +1473,27 @@ class TestApplicationStatus(TestWithUser, WebTest):
         self.assertContains(detail_page, "Admin Tester")
         self.assertContains(detail_page, "Status:")
         
+    def test_application_status_with_ineligible_user(self):
+        """Checking application status page whith a blocked user.
+        The user should still have access to view."""
+        self.user.status = "ineligible"
+        self.user.save()
+        
+        application = completed_application(
+            status=DomainApplication.SUBMITTED, user=self.user
+        )
+        application.save()
+
+        home_page = self.app.get("/")
+        self.assertContains(home_page, "city.gov")
+        # click the "Manage" link
+        detail_page = home_page.click("Manage")
+        self.assertContains(detail_page, "city.gov")
+        self.assertContains(detail_page, "Chief Tester")
+        self.assertContains(detail_page, "testy@town.com")
+        self.assertContains(detail_page, "Admin Tester")
+        self.assertContains(detail_page, "Status:")
+
     def test_application_withdraw(self):
         """Checking application status page"""
         application = completed_application(