Merge pull request #2373 from cisagov/nl/2218-emails-readonly-for-analysts

Issue #2218 - Make email field read-only for Users for analysts
2025-05-17 18:09:25 +02:00 · 2024-07-02 15:00:18 -06:00 · 2024-07-02 15:00:18 -06:00 · a8f73342e9
commit a8f73342e9
parent 01d2c4494f 18c512deab
2 changed files with 27 additions and 7 deletions
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@ -598,6 +598,27 @@ class UserContactInline(admin.StackedInline):
    model = models.Contact
    # Read only that we'll leverage for CISA Analysts
    analyst_readonly_fields = [
        "user",
        "email",
    ]
    def get_readonly_fields(self, request, obj=None):
        """Set the read-only state on form elements.
        We have 1 conditions that determine which fields are read-only:
        admin user permissions.
        """
        readonly_fields = list(self.readonly_fields)
        if request.user.has_perm("registrar.full_access_permission"):
            return readonly_fields
        # Return restrictive Read-only fields for analysts and
        # users who might not belong to groups
        readonly_fields.extend([field for field in self.analyst_readonly_fields])
        return readonly_fields  # Read-only fields for analysts
 class MyUserAdmin(BaseUserAdmin, ImportExportModelAdmin):
    """Custom user admin class to use our inlines."""
@ -645,7 +666,7 @@ class MyUserAdmin(BaseUserAdmin, ImportExportModelAdmin):
            None,
            {"fields": ("username", "password", "status", "verification_type")},
        ),
-        ("Personal info", {"fields": ("first_name", "middle_name", "last_name", "title", "email", "phone")}),
+        ("User profile", {"fields": ("first_name", "middle_name", "last_name", "title", "email", "phone")}),
        (
            "Permissions",
            {
@ -676,7 +697,7 @@ class MyUserAdmin(BaseUserAdmin, ImportExportModelAdmin):
                )
            },
        ),
-        ("Personal Info", {"fields": ("first_name", "middle_name", "last_name", "title", "email", "phone")}),
+        ("User profile", {"fields": ("first_name", "middle_name", "last_name", "title", "email", "phone")}),
        (
            "Permissions",
            {
@ -700,7 +721,7 @@ class MyUserAdmin(BaseUserAdmin, ImportExportModelAdmin):
    # NOT all fields are readonly for admin, otherwise we would have
    # set this at the permissions level. The exception is 'status'
    analyst_readonly_fields = [
-        "Personal Info",
+        "User profile",
        "first_name",
        "middle_name",
        "last_name",
@ -937,6 +958,7 @@ class ContactAdmin(ListHeaderAdmin, ImportExportModelAdmin):
    # Read only that we'll leverage for CISA Analysts
    analyst_readonly_fields = [
        "user",
        "email",
    ]
    def get_readonly_fields(self, request, obj=None):
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@ -3558,7 +3558,7 @@ class TestMyUserAdmin(MockDb):
                        )
                    },
                ),
-                ("Personal Info", {"fields": ("first_name", "middle_name", "last_name", "title", "email", "phone")}),
+                ("User profile", {"fields": ("first_name", "middle_name", "last_name", "title", "email", "phone")}),
                ("Permissions", {"fields": ("is_active", "groups")}),
                ("Important dates", {"fields": ("last_login", "date_joined")}),
            )
@ -4049,9 +4049,7 @@ class TestContactAdmin(TestCase):
            readonly_fields = self.admin.get_readonly_fields(request)
-            expected_fields = [
+            expected_fields = ["user", "email"]
                "user",
            ]
            self.assertEqual(readonly_fields, expected_fields)