merge main

2025-08-21 16:51:08 +02:00 · 2024-08-02 13:12:02 -04:00 · 2024-08-02 13:12:02 -04:00 · c8797e77dd
commit c8797e77dd
parent 3e70b344e3 eb8c7a16c1
51 changed files with 743 additions and 254 deletions
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@ -76,11 +76,6 @@ class User(AbstractUser):

        VIEW_ALL_DOMAINS = "view_all_domains", "View all domains and domain reports"
        VIEW_MANAGED_DOMAINS = "view_managed_domains", "View managed domains"
-        # EDIT_DOMAINS is really self.domains. We add is hear and leverage it in has_permission
-        # so we have one way to test for portfolio and domain edit permissions
-        # Do we need to check for portfolio domains specifically?
-        # NOTE: A user on an org can currently invite a user outside the org
-        EDIT_DOMAINS = "edit_domains", "User is a manager on a domain"

        VIEW_MEMBER = "view_member", "View members"
        EDIT_MEMBER = "edit_member", "Create and edit members"
@ -268,11 +263,6 @@ class User(AbstractUser):
    def _has_portfolio_permission(self, portfolio_permission):
        """The views should only call this function when testing for perms and not rely on roles."""

-        # EDIT_DOMAINS === user is a manager on a domain (has UserDomainRole)
-        # NOTE: Should we check whether the domain is in the portfolio?
-        if portfolio_permission == self.UserPortfolioPermissionChoices.EDIT_DOMAINS and self.domains.exists():
-            return True
-
        if not self.portfolio:
            return False

@ -289,21 +279,14 @@ class User(AbstractUser):
        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_PORTFOLIO)

    def has_domains_portfolio_permission(self):
-        return (
-            self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS)
-            or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS)
-            # or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
-        )
-
-    def has_edit_domains_portfolio_permission(self):
-        return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
+        return self._has_portfolio_permission(
+            User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS
+        ) or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS)

    def has_domain_requests_portfolio_permission(self):
-        return (
-            self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS)
-            or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)
-            # or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_REQUESTS)
-        )
+        return self._has_portfolio_permission(
+            User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS
+        ) or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)

    @classmethod
    def needs_identity_verification(cls, email, uuid):