From bd0edf7203748fafdfae282a0d05422bce1d0796 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 18 Aug 2023 15:29:03 -0600
Subject: [PATCH 01/40] Redirect and basic changes

---
 src/registrar/admin.py                        | 11 +++++
 src/registrar/assets/sass/_theme/_admin.scss  | 45 ++++++++++++++-----
 .../django/admin/domain_change_form.html      |  1 +
 src/registrar/templates/domain_base.html      | 29 ++++++++----
 src/registrar/templates/domain_detail.html    | 28 +++++++++---
 src/registrar/templates/domain_sidebar.html   | 21 ++++-----
 src/registrar/views/domain.py                 |  1 -
 src/registrar/views/utility/mixins.py         | 16 +++++--
 .../views/utility/permission_views.py         | 16 ++++++-
 9 files changed, 124 insertions(+), 44 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 96b8aaa33..a0894c203 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -160,6 +160,17 @@ class DomainAdmin(ListHeaderAdmin):
 
         return super().response_change(request, obj)
 
+    # Sets domain_id as a context var
+    def change_view(self, request, object_id, form_url="", extra_context=None):
+        extra_context = extra_context or {}
+        extra_context["domain_id"] = object_id
+        return super().change_view(
+            request,
+            object_id,
+            form_url,
+            extra_context=extra_context,
+        )
+
 
 class ContactAdmin(ListHeaderAdmin):
 
diff --git a/src/registrar/assets/sass/_theme/_admin.scss b/src/registrar/assets/sass/_theme/_admin.scss
index b87257344..204d335e9 100644
--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@@ -1,7 +1,7 @@
 @use "cisa_colors" as *;
 @use "uswds-core" as *;
 
-// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support 
+// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support
 // and assign USWDS theme vars whenever possible
 // If needed (see below), we'll use the USWDS hex value
 // As a last resort, we'll use CISA colors to supplement the palette
@@ -72,34 +72,34 @@ html[data-theme="light"] {
 @media (prefers-color-scheme: dark) {
     :root,
     html[data-theme="dark"] {
-      // Edit the primary to meet accessibility requ.  
+      // Edit the primary to meet accessibility requ.
       --primary: #23485a;
       --primary-fg: #f7f7f7;
-  
+
       --body-fg: #eeeeee;
       --body-bg: #121212;
       --body-quiet-color: #e0e0e0;
       --body-loud-color: #ffffff;
-  
+
       --breadcrumbs-link-fg: #e0e0e0;
       --breadcrumbs-bg: var(--primary);
-  
+
       --link-fg: #81d4fa;
       --link-hover-color: #4ac1f7;
       --link-selected-fg: #6f94c6;
-  
+
       --hairline-color: #272727;
       --border-color: #353535;
-  
+
       --error-fg: #e35f5f;
       --message-success-bg: #006b1b;
       --message-warning-bg: #583305;
       --message-error-bg: #570808;
-  
+
       --darkened-bg: #212121;
       --selected-bg: #1b1b1b;
       --selected-row: #00363a;
-  
+
       --close-button-bg: #333333;
       --close-button-hover-bg: #666666;
     }
@@ -108,7 +108,7 @@ html[data-theme="light"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td, 
+    .change-list .usa-table thead td,
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -122,7 +122,7 @@ html[data-theme="dark"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td, 
+    .change-list .usa-table thead td,
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -163,10 +163,31 @@ table > caption > a {
     height: auto!important;
 }
 
-// Keep th from collapsing 
+// Keep th from collapsing
 .min-width-25 {
     min-width: 25px;
 }
 .min-width-81 {
     min-width: 81px;
 }
+
+.buttonAdminPadding {
+    background: var(--button-bg);
+    padding: 10px 15px;
+    border: none;
+    border-radius: 4px;
+    color: var(--button-fg);
+    cursor: pointer;
+    transition: background 0.15s;
+
+}
+
+.submit-row input {
+    height: 2.1875rem;
+    line-height: 0.9375rem;
+}
+
+a.button{
+    font-size: 100% !important;
+    padding: 9px 15px !important;
+}
\ No newline at end of file
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 5fa89f20a..e8eaeaf78 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -2,6 +2,7 @@
 
 {% block field_sets %}
     <div class="submit-row">
+        <a href="{% url 'domain' domain_id %}" class="button" >Edit domain</a>
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
     {{ block.super }}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index ac1f8c7a9..41273fe92 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -5,11 +5,11 @@
 
 {% block content %}
 <div class="grid-container">
-  <div class="grid-row"> 
-    <p class="font-body-md margin-top-0 margin-bottom-2 
+  <div class="grid-row">
+    <p class="font-body-md margin-top-0 margin-bottom-2
               text-primary-darker text-semibold"
     >
-      <span class="usa-sr-only"> Domain name:</span> {{ domain.name }} 
+      <span class="usa-sr-only"> Domain name:</span> {{ domain.name }}
     </p>
   </div>
   <div class="grid-row grid-gap">
@@ -19,16 +19,29 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-
+    {% if not is_analyst_or_superuser %}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
         </svg>
-        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains 
-        </p>
-      </a>
 
+        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
+        Back to manage your domains
+        </p>
+
+      </a>
+      {% elif is_analyst_or_superuser%}
+      <a href="{% url 'admin:registrar_domain_change' domain.id%}" class="breadcrumb__back">
+        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
+        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
+        </svg>
+
+        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
+        Back to manage your domains
+        </p>
+
+      </a>
+      {% endif %}
       {# messages block is under the back breadcrumb link #}
       {% if messages %}
       {% for message in messages %}
diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index dd176c862..256e09f2b 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -4,24 +4,38 @@
 {% block domain_content %}
   {{ block.super }}
   <div class="margin-top-4 tablet:grid-col-10">
-
     {% url 'domain-nameservers' pk=domain.id as url %}
-    {% if domain.nameservers %} 
-      {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
+    {% if domain.nameservers %}
+      {% if is_original_creator %}
+        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
+      {% else %}
+        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' %}
+      {% endif %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>
+      {% if is_original_creator %}
       <p> No DNS name servers have been added yet. Before your domain can be used we’ll need information about your domain name servers.</p>
-      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a> 
+      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a>
+      {% else %}
+        <p>No DNS name servers have been added yet.</p>
+      {% endif %}
     {% endif %}
 
     {% url 'domain-org-name-address' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Organization name and mailing address' value=domain.domain_info address='true' edit_link=url %}
 
     {% url 'domain-authorizing-official' pk=domain.id as url %}
-    {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
-
+    {% if is_original_creator %}
+      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
+    {% else %}
+      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true'%}
+    {% endif %}
     {% url 'domain-your-contact-information' pk=domain.id as url %}
-    {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
+    {% if is_original_creator %}
+      {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
+    {% else %}
+      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' %}
+    {% endif %}
 
     {% url 'domain-security-email' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Security email' value=domain.security_email edit_link=url %}
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index 1e4cd1882..7b47a64aa 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -4,23 +4,23 @@
   <nav aria-label="Domain sections">
     <ul class="usa-sidenav">
       <li class="usa-sidenav__item">
-        {% url 'domain' pk=domain.id as url %} 
-        <a href="{{ url }}" 
+        {% url 'domain' pk=domain.id as url %}
+        <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
           Domain overview
         </a>
       </li>
-
+      {% if is_original_creator %}
       <li class="usa-sidenav__item">
-        {% url 'domain-nameservers' pk=domain.id as url %} 
+        {% url 'domain-nameservers' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
             DNS name servers
         </a>
       </li>
-
+      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-org-name-address' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -28,8 +28,8 @@
         >
             Organization name and mailing address
         </a>
-      </li>      
-
+      </li>
+      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -38,16 +38,17 @@
             Authorizing official
         </a>
       </li>
-
+      {% endif %}
+      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
-            Your contact information
+          Your contact information
         </a>
       </li>
-
+      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-security-email' pk=domain.id as url %}
         <a href="{{ url }}"
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 6a33ec994..ee66ceade 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -38,7 +38,6 @@ logger = logging.getLogger(__name__)
 class DomainView(DomainPermissionView):
 
     """Domain detail overview page."""
-
     template_name = "domain_detail.html"
 
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 05da75d35..00c53bd1b 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -3,7 +3,8 @@
 from django.contrib.auth.mixins import PermissionRequiredMixin
 
 from registrar.models import UserDomainRole, DomainApplication, DomainInvitation
-
+import logging
+logger = logging.getLogger(__name__)
 
 class PermissionsLoginMixin(PermissionRequiredMixin):
 
@@ -23,6 +24,8 @@ class DomainPermission(PermissionsLoginMixin):
 
         The user is in self.request.user and the domain needs to be looked
         up from the domain's primary key in self.kwargs["pk"]
+
+        analysts and superusers are exempt
         """
 
         # ticket 806
@@ -33,10 +36,15 @@ class DomainPermission(PermissionsLoginMixin):
         if not self.request.user.is_authenticated:
             return False
 
+        # user needs to be the creator of the application
+        # this query is empty if there isn't a domain application with this
+        # id and this user as creator
+        user_is_creator: bool = DomainApplication.objects.filter(
+            creator=self.request.user, id=self.kwargs["pk"]
+        ).exists()
+        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
         # user needs to have a role on the domain
-        if not UserDomainRole.objects.filter(
-            user=self.request.user, domain__id=self.kwargs["pk"]
-        ).exists():
+        if not user_is_creator and not user_is_analyst_or_superuser:
             return False
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index e52ed102c..990ec47e0 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -5,14 +5,15 @@ import abc  # abstract base class
 from django.views.generic import DetailView, DeleteView
 
 from registrar.models import Domain, DomainApplication, DomainInvitation
+from registrar.models.domain_information import DomainInformation
 
 from .mixins import (
     DomainPermission,
     DomainApplicationPermission,
     DomainInvitationPermission,
 )
-
-
+import logging
+logger = logging.getLogger(__name__)
 class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
     """Abstract base view for domains that enforces permissions.
@@ -26,6 +27,17 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     # variable name in template context for the model object
     context_object_name = "domain"
 
+    # Adds context information for user permissions
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        user = self.request.user
+        context['primary_key'] = self.kwargs["pk"]
+        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
+        context['is_original_creator'] = DomainInformation.objects.filter(
+            creator=self.request.user, id=self.kwargs["pk"]
+        ).exists()
+        return context
+
     # Abstract property enforces NotImplementedError on an attribute.
     @property
     @abc.abstractmethod

From fc101e86761ee7cb45c74a9954b4a418227ba579 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 21 Aug 2023 14:04:31 -0600
Subject: [PATCH 02/40] Progress save

---
 src/registrar/templates/domain_base.html      |  6 +--
 src/registrar/templates/domain_detail.html    |  2 +-
 .../templates/domain_org_name_address.html    |  5 +-
 src/registrar/templates/domain_sidebar.html   |  7 ++-
 src/registrar/views/utility/mixins.py         | 53 ++++++++++++-------
 .../views/utility/permission_views.py         | 15 ++++--
 6 files changed, 60 insertions(+), 28 deletions(-)

diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 41273fe92..ab1b38a83 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -19,7 +19,7 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser %}
+    {% if not is_analyst_or_superuser or is_original_creator %}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
@@ -35,9 +35,9 @@
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
         </svg>
-
+        {# Q: should this be 'Back to .gov admin' or  'Back to manage your domains'? #}
         <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
+        Back to change domain
         </p>
 
       </a>
diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 256e09f2b..77ac44d3e 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -34,7 +34,7 @@
     {% if is_original_creator %}
       {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
     {% else %}
-      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' %}
+      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' edit_link=url %}
     {% endif %}
 
     {% url 'domain-security-email' pk=domain.id as url %}
diff --git a/src/registrar/templates/domain_org_name_address.html b/src/registrar/templates/domain_org_name_address.html
index 587ba4782..a9691fc08 100644
--- a/src/registrar/templates/domain_org_name_address.html
+++ b/src/registrar/templates/domain_org_name_address.html
@@ -8,8 +8,11 @@
   {% include "includes/form_errors.html" with form=form %}
 
   <h1>Organization name and mailing address </h1>
-
+  {% if is_original_creator %}
   <p>The name of your organization will be publicly listed as the domain registrant.</p>
+  {% else %}
+  <p>The name of the organization will be publicly listed as the domain registrant.</p>
+  {% endif %}
 
   {% include "includes/required_fields.html" %}
 
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index 7b47a64aa..e5f9e045a 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -39,16 +39,19 @@
         </a>
       </li>
       {% endif %}
-      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
+        {% if is_original_creator %}
           Your contact information
+        {% else %}
+          Contact information
+        {% endif %}
         </a>
       </li>
-      {% endif %}
+
       <li class="usa-sidenav__item">
         {% url 'domain-security-email' pk=domain.id as url %}
         <a href="{{ url }}"
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 00c53bd1b..f1acf4265 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -1,9 +1,12 @@
 """Permissions-related mixin classes."""
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.http import Http404
 
-from registrar.models import UserDomainRole, DomainApplication, DomainInvitation
+from registrar.models import DomainApplication, DomainInvitation
 import logging
+
+from registrar.models.domain_information import DomainInformation
 logger = logging.getLogger(__name__)
 
 class PermissionsLoginMixin(PermissionRequiredMixin):
@@ -24,35 +27,49 @@ class DomainPermission(PermissionsLoginMixin):
 
         The user is in self.request.user and the domain needs to be looked
         up from the domain's primary key in self.kwargs["pk"]
-
-        analysts and superusers are exempt
         """
 
-        # ticket 806
-        # if self.request.user is staff or admin and
-        # domain.application__status = 'approved' or 'rejected' or 'action needed'
-        #     return True
-
         if not self.request.user.is_authenticated:
             return False
 
-        # user needs to be the creator of the application
-        # this query is empty if there isn't a domain application with this
-        # id and this user as creator
-        user_is_creator: bool = DomainApplication.objects.filter(
-            creator=self.request.user, id=self.kwargs["pk"]
-        ).exists()
-        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+        pk = self.kwargs["pk"]
+        if pk is None:
+            raise ValueError("Primary key is null for Domain")
+
+        requested_domain = None
+
+        try:
+            requested_domain = DomainInformation.objects.get(
+                id=pk
+            )
+
+        # This should never happen in normal flow.
+        # If it does, then it likely means something bad happened...
+        except DomainInformation.DoesNotExist:
+            raise Http404()
+
+        # Checks if the creator is the user requesting this item
+        user_is_creator: bool = requested_domain.creator.username == self.request.user.username
+        
         # user needs to have a role on the domain
-        if not user_is_creator and not user_is_analyst_or_superuser:
-            return False
+        if user_is_creator:
+            return True
+
+        # ticket 806
+        # Analysts may manage domains, when they are in these statuses:
+        valid_domain_statuses = [DomainApplication.APPROVED, DomainApplication.IN_REVIEW, DomainApplication.REJECTED, DomainApplication.ACTION_NEEDED]
+        # Check if the user is permissioned...
+        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+
+        if user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
+            return True
 
         # ticket 796
         # if domain.application__status != 'approved'
         #     return false
 
         # if we need to check more about the nature of role, do it here.
-        return True
+        return False
 
 
 class DomainApplicationPermission(PermissionsLoginMixin):
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 990ec47e0..b48e0f4f3 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -31,11 +31,20 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         user = self.request.user
+        # Q: is there a more efficent way to do this?
+        # Searches by creator_id instead of creator,
+        # should be slightly faster than by creator...
+        is_original_creator = DomainInformation.objects.filter(
+            creator_id=self.request.user.id, id=self.kwargs["pk"]
+        ).exists()
+
         context['primary_key'] = self.kwargs["pk"]
         context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
-        context['is_original_creator'] = DomainInformation.objects.filter(
-            creator=self.request.user, id=self.kwargs["pk"]
-        ).exists()
+        context['is_original_creator'] = is_original_creator
+        context['is_active_user'] = DomainInformation.objects.filter(
+            id=self.kwargs["pk"]
+        )
+
         return context
 
     # Abstract property enforces NotImplementedError on an attribute.

From 00d475f3a616e036b9363d608db6af6e5a065594 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 22 Aug 2023 10:53:52 -0600
Subject: [PATCH 03/40] Changes

---
 src/registrar/admin.py                        | 17 ++++++++++----
 .../django/admin/domain_change_form.html      |  4 +++-
 src/registrar/templates/domain_base.html      |  8 +++----
 src/registrar/templates/domain_detail.html    | 22 +++----------------
 .../templates/domain_org_name_address.html    |  5 +----
 src/registrar/templates/domain_sidebar.html   | 10 +--------
 src/registrar/views/domain.py                 | 22 +++++++++++++++++++
 .../views/utility/permission_views.py         | 13 ++++++-----
 8 files changed, 54 insertions(+), 47 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index a0894c203..26002a5e8 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -6,6 +6,7 @@ from django.http.response import HttpResponseRedirect
 from django.urls import reverse
 from . import models
 
+
 logger = logging.getLogger(__name__)
 
 
@@ -141,8 +142,10 @@ class DomainAdmin(ListHeaderAdmin):
     readonly_fields = ["state"]
 
     def response_change(self, request, obj):
-        ACTION_BUTTON = "_place_client_hold"
-        if ACTION_BUTTON in request.POST:
+        PLACE_HOLD = "_place_client_hold"
+        EDIT_DOMAIN = "_edit_domain"
+        if PLACE_HOLD in request.POST:
+            logger.debug("Hit!")
             try:
                 obj.place_client_hold()
             except Exception as err:
@@ -157,11 +160,17 @@ class DomainAdmin(ListHeaderAdmin):
                     % obj.name,
                 )
             return HttpResponseRedirect(".")
-
+        elif EDIT_DOMAIN in request.POST:
+            # We want to know, globally, when an edit action occurs
+            request.session['analyst_action'] = 'edit'
+            return HttpResponseRedirect(reverse('domain', args=(obj.id,)))
         return super().response_change(request, obj)
-
     # Sets domain_id as a context var
     def change_view(self, request, object_id, form_url="", extra_context=None):
+        if 'analyst_action' in request.session:
+            # If an analyst performed an edit action,
+            # delete the session variable
+            del request.session['analyst_action']
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
         return super().change_view(
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index e8eaeaf78..5461cc82a 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -2,7 +2,9 @@
 
 {% block field_sets %}
     <div class="submit-row">
-        <a href="{% url 'domain' domain_id %}" class="button" >Edit domain</a>
+
+        <input type="hidden" value="edit" name="analyst_action">
+        <input type="submit" value="Edit Domain" name="_edit_domain">
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
     {{ block.super }}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index ab1b38a83..335c88980 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -19,7 +19,7 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser or is_original_creator %}
+    {% if not is_analyst_or_superuser or not analyst_action%}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
@@ -30,14 +30,14 @@
         </p>
 
       </a>
-      {% elif is_analyst_or_superuser%}
+      {% elif is_analyst_or_superuser and analyst_action == 'edit' %}
       <a href="{% url 'admin:registrar_domain_change' domain.id%}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
         </svg>
-        {# Q: should this be 'Back to .gov admin' or  'Back to manage your domains'? #}
+        {# Q: For analysts, should this be 'Back to .gov admin' or  'Back to change domain'? #}
         <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to change domain
+        Back to manage your domains
         </p>
 
       </a>
diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 77ac44d3e..4bae384f5 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -6,36 +6,20 @@
   <div class="margin-top-4 tablet:grid-col-10">
     {% url 'domain-nameservers' pk=domain.id as url %}
     {% if domain.nameservers %}
-      {% if is_original_creator %}
-        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
-      {% else %}
-        {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' %}
-      {% endif %}
+      {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>
-      {% if is_original_creator %}
       <p> No DNS name servers have been added yet. Before your domain can be used we’ll need information about your domain name servers.</p>
       <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a>
-      {% else %}
-        <p>No DNS name servers have been added yet.</p>
-      {% endif %}
     {% endif %}
 
     {% url 'domain-org-name-address' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Organization name and mailing address' value=domain.domain_info address='true' edit_link=url %}
 
     {% url 'domain-authorizing-official' pk=domain.id as url %}
-    {% if is_original_creator %}
-      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
-    {% else %}
-      {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true'%}
-    {% endif %}
+    {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
     {% url 'domain-your-contact-information' pk=domain.id as url %}
-    {% if is_original_creator %}
-      {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
-    {% else %}
-      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' edit_link=url %}
-    {% endif %}
+    {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
 
     {% url 'domain-security-email' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Security email' value=domain.security_email edit_link=url %}
diff --git a/src/registrar/templates/domain_org_name_address.html b/src/registrar/templates/domain_org_name_address.html
index a9691fc08..587ba4782 100644
--- a/src/registrar/templates/domain_org_name_address.html
+++ b/src/registrar/templates/domain_org_name_address.html
@@ -8,11 +8,8 @@
   {% include "includes/form_errors.html" with form=form %}
 
   <h1>Organization name and mailing address </h1>
-  {% if is_original_creator %}
+
   <p>The name of your organization will be publicly listed as the domain registrant.</p>
-  {% else %}
-  <p>The name of the organization will be publicly listed as the domain registrant.</p>
-  {% endif %}
 
   {% include "includes/required_fields.html" %}
 
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index e5f9e045a..2260a586d 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -11,7 +11,6 @@
           Domain overview
         </a>
       </li>
-      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-nameservers' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -20,7 +19,6 @@
             DNS name servers
         </a>
       </li>
-      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-org-name-address' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -29,7 +27,6 @@
             Organization name and mailing address
         </a>
       </li>
-      {% if is_original_creator %}
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -38,17 +35,12 @@
             Authorizing official
         </a>
       </li>
-      {% endif %}
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
-        {% if is_original_creator %}
-          Your contact information
-        {% else %}
-          Contact information
-        {% endif %}
+        Your contact information
         </a>
       </li>
 
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index ee66ceade..6274767fe 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -78,6 +78,28 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The organization name and mailing address has been updated."
         )
+
+        # If the user is not privileged, don't do any special checks
+        if not self.request.user.is_staff and not self.request.user.is_superuser:
+            # superclass has the redirect
+            return super().form_valid(form)
+
+        # Otherwise, if they are editing from an '/admin' redirect, log their actions
+        # Q: do we want to be logging on every changed field?
+        # I could see that becoming spammy log-wise, but it may also be important.
+        # To do so, I'd likely have to override some of the save() functionality of ModelForm.
+        if 'analyst_action' in self.request.session:
+            action = self.request.session['analyst_action']
+
+            # Template for future expansion,
+            # in the event we want more logging granularity.
+            # Could include things such as 'view'
+            # or 'copy', for instance.
+            match action:
+                case 'edit':
+                    if(self.request.user.is_staff):
+                        logger.info("Analyst {} edited {} for {}".format(self.request.user, type(form_class).__name__, self.get_object().domain_info))
+
         # superclass has the redirect
         return super().form_valid(form)
 
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index b48e0f4f3..30a421ce9 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -37,13 +37,14 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         is_original_creator = DomainInformation.objects.filter(
             creator_id=self.request.user.id, id=self.kwargs["pk"]
         ).exists()
-
-        context['primary_key'] = self.kwargs["pk"]
-        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
         context['is_original_creator'] = is_original_creator
-        context['is_active_user'] = DomainInformation.objects.filter(
-            id=self.kwargs["pk"]
-        )
+        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
+
+        # Flag to see if an analyst is attempting to make edits
+        if 'analyst_action' in self.request.session:
+            context['analyst_action'] = self.request.session['analyst_action']
+            # Clear the session variable after use
+            # del self.request.session['analyst_action']
 
         return context
 

From 73b2bf6a252cdea269f988e00e710a3e95fbdb32 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 22 Aug 2023 12:45:36 -0600
Subject: [PATCH 04/40] Logging

---
 src/registrar/admin.py                        |  7 ++-
 src/registrar/views/domain.py                 | 51 +++++++++++--------
 src/registrar/views/utility/mixins.py         | 14 +++--
 .../views/utility/permission_views.py         | 24 ++++++++-
 4 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 26002a5e8..98d1cc553 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -145,7 +145,6 @@ class DomainAdmin(ListHeaderAdmin):
         PLACE_HOLD = "_place_client_hold"
         EDIT_DOMAIN = "_edit_domain"
         if PLACE_HOLD in request.POST:
-            logger.debug("Hit!")
             try:
                 obj.place_client_hold()
             except Exception as err:
@@ -163,6 +162,9 @@ class DomainAdmin(ListHeaderAdmin):
         elif EDIT_DOMAIN in request.POST:
             # We want to know, globally, when an edit action occurs
             request.session['analyst_action'] = 'edit'
+            # Restricts this action to this domain only
+            request.session['analyst_action_location'] = obj.id
+
             return HttpResponseRedirect(reverse('domain', args=(obj.id,)))
         return super().response_change(request, obj)
     # Sets domain_id as a context var
@@ -171,6 +173,9 @@ class DomainAdmin(ListHeaderAdmin):
             # If an analyst performed an edit action,
             # delete the session variable
             del request.session['analyst_action']
+            # delete the associated location
+            del request.session['analyst_action_location']
+
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
         return super().change_view(
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 6274767fe..5eee3e41b 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -79,26 +79,9 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
             self.request, "The organization name and mailing address has been updated."
         )
 
-        # If the user is not privileged, don't do any special checks
-        if not self.request.user.is_staff and not self.request.user.is_superuser:
-            # superclass has the redirect
-            return super().form_valid(form)
-
-        # Otherwise, if they are editing from an '/admin' redirect, log their actions
-        # Q: do we want to be logging on every changed field?
-        # I could see that becoming spammy log-wise, but it may also be important.
-        # To do so, I'd likely have to override some of the save() functionality of ModelForm.
-        if 'analyst_action' in self.request.session:
-            action = self.request.session['analyst_action']
-
-            # Template for future expansion,
-            # in the event we want more logging granularity.
-            # Could include things such as 'view'
-            # or 'copy', for instance.
-            match action:
-                case 'edit':
-                    if(self.request.user.is_staff):
-                        logger.info("Analyst {} edited {} for {}".format(self.request.user, type(form_class).__name__, self.get_object().domain_info))
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -142,6 +125,11 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The authorizing official for this domain has been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -208,6 +196,11 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The name servers for this domain have been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return super().form_valid(formset)
 
@@ -248,6 +241,11 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "Your contact information for this domain has been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -293,6 +291,11 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
         messages.success(
             self.request, "The security email for this domain have been updated."
         )
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         # superclass has the redirect
         return redirect(self.get_success_url())
 
@@ -368,6 +371,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
                 messages.success(
                     self.request, f"Invited {email_address} to this domain."
                 )
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
         return redirect(self.get_success_url())
 
     def form_valid(self, form):
@@ -389,6 +395,11 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
             pass
 
         messages.success(self.request, f"Added user {requested_email}.")
+
+        if self.request.user.is_staff or self.request.user.is_superuser:
+            # if they are editing from an '/admin' redirect, log their actions
+            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+
         return redirect(self.get_success_url())
 
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index f1acf4265..33d70ae32 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -44,13 +44,13 @@ class DomainPermission(PermissionsLoginMixin):
             )
 
         # This should never happen in normal flow.
-        # If it does, then it likely means something bad happened...
+        # That said, it does need to be raised here.
         except DomainInformation.DoesNotExist:
             raise Http404()
 
         # Checks if the creator is the user requesting this item
         user_is_creator: bool = requested_domain.creator.username == self.request.user.username
-        
+
         # user needs to have a role on the domain
         if user_is_creator:
             return True
@@ -58,10 +58,18 @@ class DomainPermission(PermissionsLoginMixin):
         # ticket 806
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [DomainApplication.APPROVED, DomainApplication.IN_REVIEW, DomainApplication.REJECTED, DomainApplication.ACTION_NEEDED]
+
         # Check if the user is permissioned...
         user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
 
-        if user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
+        session = self.request.session
+
+        # Check if the user is attempting a valid edit action.
+        # If analyst_action is present, analyst_action_location will be present.
+        # if it isn't, then it either suggests tampering or a larger omnipresent issue with sessions.
+        can_do_action = 'analyst_action' in session and session['analyst_action_location'] == pk
+
+        if can_do_action and user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
             return True
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 30a421ce9..faabc171d 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -43,11 +43,31 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         # Flag to see if an analyst is attempting to make edits
         if 'analyst_action' in self.request.session:
             context['analyst_action'] = self.request.session['analyst_action']
-            # Clear the session variable after use
-            # del self.request.session['analyst_action']
 
         return context
 
+    def log_analyst_form_actions(self, form_class_name, printable_object_info):
+        """ Generates a log for when 'analyst_action' exists on the session """
+        if 'analyst_action' in self.request.session:
+            action = self.request.session['analyst_action']
+
+            user_type = "Analyst"
+            if(self.request.user.is_superuser):
+                user_type = "Superuser"
+
+            # Template for potential future expansion,
+            # in the event we want more logging granularity.
+            # Could include things such as 'view'
+            # or 'copy', for instance.
+            match action:
+                case 'edit':
+                    # Q: do we want to be logging on every changed field?
+                    # I could see that becoming spammy log-wise, but it may also be important.
+                    # To do so, I'd likely have to override some of the save() functionality of ModelForm.
+                    logger.info(f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}")
+        else:
+            logger.debug("'analyst_action' does not exist on the session")
+
     # Abstract property enforces NotImplementedError on an attribute.
     @property
     @abc.abstractmethod

From 65384710910664433fb4942ffd121ee1ba876951 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 22 Aug 2023 12:58:37 -0600
Subject: [PATCH 05/40] Black and lint changes

---
 src/registrar/admin.py                        | 13 +++----
 src/registrar/views/domain.py                 | 29 +++++++++++----
 src/registrar/views/utility/mixins.py         | 36 ++++++++++++++-----
 .../views/utility/permission_views.py         | 31 +++++++++-------
 4 files changed, 75 insertions(+), 34 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 98d1cc553..4ea37e6e8 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -161,20 +161,21 @@ class DomainAdmin(ListHeaderAdmin):
             return HttpResponseRedirect(".")
         elif EDIT_DOMAIN in request.POST:
             # We want to know, globally, when an edit action occurs
-            request.session['analyst_action'] = 'edit'
+            request.session["analyst_action"] = "edit"
             # Restricts this action to this domain only
-            request.session['analyst_action_location'] = obj.id
+            request.session["analyst_action_location"] = obj.id
 
-            return HttpResponseRedirect(reverse('domain', args=(obj.id,)))
+            return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
         return super().response_change(request, obj)
+
     # Sets domain_id as a context var
     def change_view(self, request, object_id, form_url="", extra_context=None):
-        if 'analyst_action' in request.session:
+        if "analyst_action" in request.session:
             # If an analyst performed an edit action,
             # delete the session variable
-            del request.session['analyst_action']
+            del request.session["analyst_action"]
             # delete the associated location
-            del request.session['analyst_action_location']
+            del request.session["analyst_action_location"]
 
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 5eee3e41b..6f649661b 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -38,6 +38,7 @@ logger = logging.getLogger(__name__)
 class DomainView(DomainPermissionView):
 
     """Domain detail overview page."""
+
     template_name = "domain_detail.html"
 
 
@@ -81,7 +82,9 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -128,7 +131,9 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -199,7 +204,9 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(formset)
@@ -244,7 +251,9 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -294,7 +303,9 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         # superclass has the redirect
         return redirect(self.get_success_url())
@@ -373,7 +384,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
                 )
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
         return redirect(self.get_success_url())
 
     def form_valid(self, form):
@@ -398,7 +411,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(self.form_class.__name__, self.get_object().domain_info)
+            self.log_analyst_form_actions(
+                self.form_class.__name__, self.get_object().domain_info
+            )
 
         return redirect(self.get_success_url())
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 33d70ae32..7644ef7cf 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -7,8 +7,10 @@ from registrar.models import DomainApplication, DomainInvitation
 import logging
 
 from registrar.models.domain_information import DomainInformation
+
 logger = logging.getLogger(__name__)
 
+
 class PermissionsLoginMixin(PermissionRequiredMixin):
 
     """Mixin that redirects to login page if not logged in, otherwise 403."""
@@ -39,9 +41,7 @@ class DomainPermission(PermissionsLoginMixin):
         requested_domain = None
 
         try:
-            requested_domain = DomainInformation.objects.get(
-                id=pk
-            )
+            requested_domain = DomainInformation.objects.get(id=pk)
 
         # This should never happen in normal flow.
         # That said, it does need to be raised here.
@@ -49,7 +49,9 @@ class DomainPermission(PermissionsLoginMixin):
             raise Http404()
 
         # Checks if the creator is the user requesting this item
-        user_is_creator: bool = requested_domain.creator.username == self.request.user.username
+        user_is_creator: bool = (
+            requested_domain.creator.username == self.request.user.username
+        )
 
         # user needs to have a role on the domain
         if user_is_creator:
@@ -57,19 +59,35 @@ class DomainPermission(PermissionsLoginMixin):
 
         # ticket 806
         # Analysts may manage domains, when they are in these statuses:
-        valid_domain_statuses = [DomainApplication.APPROVED, DomainApplication.IN_REVIEW, DomainApplication.REJECTED, DomainApplication.ACTION_NEEDED]
+        valid_domain_statuses = [
+            DomainApplication.APPROVED,
+            DomainApplication.IN_REVIEW,
+            DomainApplication.REJECTED,
+            DomainApplication.ACTION_NEEDED,
+        ]
 
         # Check if the user is permissioned...
-        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+        user_is_analyst_or_superuser = (
+            self.request.user.is_staff or self.request.user.is_superuser
+        )
 
         session = self.request.session
 
         # Check if the user is attempting a valid edit action.
         # If analyst_action is present, analyst_action_location will be present.
-        # if it isn't, then it either suggests tampering or a larger omnipresent issue with sessions.
-        can_do_action = 'analyst_action' in session and session['analyst_action_location'] == pk
+        # if it isn't, then it either suggests tampering
+        # or a larger omnipresent issue with sessions.
+        can_do_action = (
+            "analyst_action" in session and session["analyst_action_location"] == pk
+        )
 
-        if can_do_action and user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
+        # If the valid session keys exist, if the user is permissioned,
+        # and if its in a valid status
+        if (
+            can_do_action
+            and user_is_analyst_or_superuser
+            and requested_domain.domain_application.status in valid_domain_statuses
+        ):
             return True
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index faabc171d..6a991d016 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -13,7 +13,10 @@ from .mixins import (
     DomainInvitationPermission,
 )
 import logging
+
 logger = logging.getLogger(__name__)
+
+
 class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
     """Abstract base view for domains that enforces permissions.
@@ -37,22 +40,22 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         is_original_creator = DomainInformation.objects.filter(
             creator_id=self.request.user.id, id=self.kwargs["pk"]
         ).exists()
-        context['is_original_creator'] = is_original_creator
-        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
+        context["is_original_creator"] = is_original_creator
+        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
 
         # Flag to see if an analyst is attempting to make edits
-        if 'analyst_action' in self.request.session:
-            context['analyst_action'] = self.request.session['analyst_action']
+        if "analyst_action" in self.request.session:
+            context["analyst_action"] = self.request.session["analyst_action"]
 
         return context
 
     def log_analyst_form_actions(self, form_class_name, printable_object_info):
-        """ Generates a log for when 'analyst_action' exists on the session """
-        if 'analyst_action' in self.request.session:
-            action = self.request.session['analyst_action']
+        """Generates a log for when 'analyst_action' exists on the session"""
+        if "analyst_action" in self.request.session:
+            action = self.request.session["analyst_action"]
 
             user_type = "Analyst"
-            if(self.request.user.is_superuser):
+            if self.request.user.is_superuser:
                 user_type = "Superuser"
 
             # Template for potential future expansion,
@@ -60,11 +63,15 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
             # Could include things such as 'view'
             # or 'copy', for instance.
             match action:
-                case 'edit':
+                case "edit":
                     # Q: do we want to be logging on every changed field?
-                    # I could see that becoming spammy log-wise, but it may also be important.
-                    # To do so, I'd likely have to override some of the save() functionality of ModelForm.
-                    logger.info(f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}")
+                    # I could see that becoming spammy log-wise,
+                    # but it may also be important.
+
+                    # noqa here as breaking this up further leaves it hard to read
+                    logger.info(
+                        f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
+                    )
         else:
             logger.debug("'analyst_action' does not exist on the session")
 

From 274e31cc3716747c26c8b7d2f2a753d61b4529a9 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 23 Aug 2023 14:07:54 -0600
Subject: [PATCH 06/40] Small Refactoring

---
 src/registrar/admin.py                        | 12 +++++-
 .../django/admin/domain_change_form.html      |  2 -
 src/registrar/templates/domain_base.html      |  3 +-
 src/registrar/views/utility/mixins.py         | 39 +++++++++++--------
 .../views/utility/permission_views.py         | 17 +++-----
 5 files changed, 40 insertions(+), 33 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 4ea37e6e8..503b6abbd 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -6,7 +6,6 @@ from django.http.response import HttpResponseRedirect
 from django.urls import reverse
 from . import models
 
-
 logger = logging.getLogger(__name__)
 
 
@@ -162,7 +161,7 @@ class DomainAdmin(ListHeaderAdmin):
         elif EDIT_DOMAIN in request.POST:
             # We want to know, globally, when an edit action occurs
             request.session["analyst_action"] = "edit"
-            # Restricts this action to this domain only
+            # Restricts this action to this domain (pk) only
             request.session["analyst_action_location"] = obj.id
 
             return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
@@ -179,6 +178,7 @@ class DomainAdmin(ListHeaderAdmin):
 
         extra_context = extra_context or {}
         extra_context["domain_id"] = object_id
+
         return super().change_view(
             request,
             object_id,
@@ -186,6 +186,14 @@ class DomainAdmin(ListHeaderAdmin):
             extra_context=extra_context,
         )
 
+    def has_change_permission(self, request, obj=None):
+        # Fixes a bug wherein users which are only is_staff can access 'change' when GET,
+        # but cannot access this page when it is a request of type POST.
+        if request.user.is_staff:
+            return True
+
+        return super().has_change_permission(request, obj)
+
 
 class ContactAdmin(ListHeaderAdmin):
 
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 5461cc82a..6c5fc1384 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -2,8 +2,6 @@
 
 {% block field_sets %}
     <div class="submit-row">
-
-        <input type="hidden" value="edit" name="analyst_action">
         <input type="submit" value="Edit Domain" name="_edit_domain">
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 335c88980..3208350b7 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -19,7 +19,7 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser or not analyst_action%}
+    {% if not is_analyst_or_superuser or not analyst_action %}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
         <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
@@ -39,7 +39,6 @@
         <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
         Back to manage your domains
         </p>
-
       </a>
       {% endif %}
       {# messages block is under the back breadcrumb link #}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 7644ef7cf..e0bf381cd 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -4,9 +4,9 @@ from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.http import Http404
 
 from registrar.models import DomainApplication, DomainInvitation
-import logging
 
-from registrar.models.domain_information import DomainInformation
+from registrar.models import DomainInformation, UserDomainRole
+import logging
 
 logger = logging.getLogger(__name__)
 
@@ -35,29 +35,36 @@ class DomainPermission(PermissionsLoginMixin):
             return False
 
         pk = self.kwargs["pk"]
+
+        # If pk is none then something went very wrong...
         if pk is None:
-            raise ValueError("Primary key is null for Domain")
-
-        requested_domain = None
-
-        try:
-            requested_domain = DomainInformation.objects.get(id=pk)
-
-        # This should never happen in normal flow.
-        # That said, it does need to be raised here.
-        except DomainInformation.DoesNotExist:
-            raise Http404()
+            raise ValueError("Primary key is None")
 
         # Checks if the creator is the user requesting this item
-        user_is_creator: bool = (
-            requested_domain.creator.username == self.request.user.username
-        )
+
+        user_is_creator: bool = UserDomainRole.objects.filter(
+            user=self.request.user, domain__id=pk
+        ).exists()
 
         # user needs to have a role on the domain
         if user_is_creator:
             return True
 
         # ticket 806
+        requested_domain: DomainInformation = None
+
+        try:
+            requested_domain = DomainInformation.objects.get(id=pk)
+
+        except DomainInformation.DoesNotExist:
+            # Q: While testing, I saw that, application-wide, if you go to a domain
+            # that does not exist (i.e: https://getgov-staging.app.cloud.gov/domain/73333),
+            # the page throws a 403 error,
+            # instead of a 404. This fixes that behaviour,
+            # but do we want it to throw a 403 instead?
+            # Basically, should this be logger.debug()?
+            raise Http404()
+
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
             DomainApplication.APPROVED,
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 6a991d016..d7543d375 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -34,23 +34,20 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         user = self.request.user
-        # Q: is there a more efficent way to do this?
-        # Searches by creator_id instead of creator,
-        # should be slightly faster than by creator...
-        is_original_creator = DomainInformation.objects.filter(
-            creator_id=self.request.user.id, id=self.kwargs["pk"]
-        ).exists()
-        context["is_original_creator"] = is_original_creator
-        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
 
+        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
         # Flag to see if an analyst is attempting to make edits
         if "analyst_action" in self.request.session:
             context["analyst_action"] = self.request.session["analyst_action"]
+            context["analyst_action_location"] = self.request.session["analyst_action_location"]
 
         return context
 
     def log_analyst_form_actions(self, form_class_name, printable_object_info):
-        """Generates a log for when 'analyst_action' exists on the session"""
+        """Generates a log for when key 'analyst_action' exists on the session.
+            Follows this format: f"{user_type} {self.request.user}
+            edited {form_class_name} in {printable_object_info}"
+        """
         if "analyst_action" in self.request.session:
             action = self.request.session["analyst_action"]
 
@@ -72,8 +69,6 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
                     logger.info(
                         f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
                     )
-        else:
-            logger.debug("'analyst_action' does not exist on the session")
 
     # Abstract property enforces NotImplementedError on an attribute.
     @property

From 8ef3cd95d39f559dd9bb3f6736478d202a05805e Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 10:14:52 -0600
Subject: [PATCH 07/40] Stash push - prepping for PR

---
 src/registrar/assets/js/get-gov.js            |  3 ++-
 src/registrar/assets/sass/_theme/_admin.scss  | 21 -----------------
 .../_theme/_uswds-theme-custom-styles.scss    | 23 +++++++++++++------
 .../django/admin/domain_change_form.html      |  8 ++++++-
 src/registrar/templates/domain_base.html      | 19 +++++++--------
 5 files changed, 35 insertions(+), 39 deletions(-)

diff --git a/src/registrar/assets/js/get-gov.js b/src/registrar/assets/js/get-gov.js
index 57dc6d2e3..9c0df7c71 100644
--- a/src/registrar/assets/js/get-gov.js
+++ b/src/registrar/assets/js/get-gov.js
@@ -211,7 +211,7 @@ function handleValidationClick(e) {
  * An IIFE that will attach validators to inputs.
  *
  * It looks for elements with `validate="<type> <type>"` and adds change handlers.
- * 
+ *
  * These handlers know about two other attributes:
  *  - `validate-for="<id>"` creates a button which will run the validator(s) on <id>
  *  - `auto-validate` will run validator(s) when the user stops typing (otherwise,
@@ -261,3 +261,4 @@ function handleValidationClick(e) {
       totalForms.setAttribute('value', `${formNum+1}`)
   }
 })();
+
diff --git a/src/registrar/assets/sass/_theme/_admin.scss b/src/registrar/assets/sass/_theme/_admin.scss
index 204d335e9..91d0d5e3c 100644
--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@@ -170,24 +170,3 @@ table > caption > a {
 .min-width-81 {
     min-width: 81px;
 }
-
-.buttonAdminPadding {
-    background: var(--button-bg);
-    padding: 10px 15px;
-    border: none;
-    border-radius: 4px;
-    color: var(--button-fg);
-    cursor: pointer;
-    transition: background 0.15s;
-
-}
-
-.submit-row input {
-    height: 2.1875rem;
-    line-height: 0.9375rem;
-}
-
-a.button{
-    font-size: 100% !important;
-    padding: 9px 15px !important;
-}
\ No newline at end of file
diff --git a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
index 905ab872c..678084d00 100644
--- a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
+++ b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
@@ -26,6 +26,7 @@ $letter-space--xs: .0125em;
 @use "uswds-core" as *;
 
 /* Styles for making visible to screen reader / AT users only. */
+
 .sr-only {
    @include sr-only;
  }
@@ -61,9 +62,9 @@ body {
 }
 
 p,
-address, 
-.usa-list li { 
-  @include typeset('sans', 'sm', 5); 
+address,
+.usa-list li {
+  @include typeset('sans', 'sm', 5);
   max-width: measure(5);
 }
 
@@ -118,7 +119,7 @@ h2 {
     color: color('violet-70v'); //USWDS default
   }
 }
-.register-form-step .usa-form-group:first-of-type, 
+.register-form-step .usa-form-group:first-of-type,
 .register-form-step .usa-label:first-of-type {
   margin-top: units(1);
 }
@@ -180,7 +181,7 @@ a.withdraw:active {
       a.link_usa-checked {
         padding: 0;
       }
-    }    
+    }
   }
 }
 
@@ -242,7 +243,7 @@ a.withdraw:active {
 
 .usa-form .usa-button {
   margin-top: units(3);
-} 
+}
 
 .usa-button--unstyled .usa-icon {
   vertical-align: bottom;
@@ -395,7 +396,7 @@ a.usa-button--unstyled:visited {
 }
 
 .dotgov-status-box {
-  background-color: color('primary-lightest'); 
+  background-color: color('primary-lightest');
   border-color: color('accent-cool-lighter');
 }
 
@@ -432,3 +433,11 @@ abbr[title] {
     height: units('mobile');
   }
 }
+
+// Fixes some font size disparities with the Figma
+// for usa-alert alert elements
+.usa-alert {
+  .usa-alert__heading.larger-font-sizing {
+    font-size: units(3);
+  }
+}
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 6c5fc1384..e7363851a 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -1,8 +1,14 @@
 {% extends 'admin/change_form.html' %}
+{% load i18n static %}
+
+{% block extrahead %}
+{{ block.super }}
+<script src="{% static 'js/get-gov-admin.js' %}" defer></script>
+{% endblock %}
 
 {% block field_sets %}
     <div class="submit-row">
-        <input type="submit" value="Edit Domain" name="_edit_domain">
+        <input id="manageDomainSubmitButton" type="submit" value="Manage Domain" name="_edit_domain">
         <input type="submit" value="Place hold" name="_place_client_hold">
     </div>
     {{ block.super }}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 3208350b7..4ecee908a 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -6,11 +6,13 @@
 {% block content %}
 <div class="grid-container">
   <div class="grid-row">
+    {% if not is_analyst_or_superuser or not analyst_action %}
     <p class="font-body-md margin-top-0 margin-bottom-2
               text-primary-darker text-semibold"
     >
       <span class="usa-sr-only"> Domain name:</span> {{ domain.name }}
     </p>
+    {% endif %}
   </div>
   <div class="grid-row grid-gap">
     <div class="tablet:grid-col-3">
@@ -31,15 +33,14 @@
 
       </a>
       {% elif is_analyst_or_superuser and analyst_action == 'edit' %}
-      <a href="{% url 'admin:registrar_domain_change' domain.id%}" class="breadcrumb__back">
-        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
-        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
-        </svg>
-        {# Q: For analysts, should this be 'Back to .gov admin' or  'Back to change domain'? #}
-        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
-        </p>
-      </a>
+      <div class="usa-alert usa-alert--warning">
+        <div class="usa-alert__body">
+          <h4 class="usa-alert__heading larger-font-sizing ">Attention!</h4>
+          <p class="usa-alert__text ">
+            You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates
+          </p>
+        </div>
+      </div>
       {% endif %}
       {# messages block is under the back breadcrumb link #}
       {% if messages %}

From 376aa30e1ec66d91b5c80248a9029830f53889da Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 11:38:46 -0600
Subject: [PATCH 08/40] Linter, reordered logic

---
 src/registrar/admin.py                        |  3 ++-
 src/registrar/templates/domain_base.html      | 24 +++++++++----------
 src/registrar/views/utility/mixins.py         |  8 +++----
 .../views/utility/permission_views.py         | 10 ++++----
 4 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index fb79a6b46..5d6b8c9b8 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -191,7 +191,8 @@ class DomainAdmin(ListHeaderAdmin):
         )
 
     def has_change_permission(self, request, obj=None):
-        # Fixes a bug wherein users which are only is_staff can access 'change' when GET,
+        # Fixes a bug wherein users which are only is_staff
+        # can access 'change' when GET,
         # but cannot access this page when it is a request of type POST.
         if request.user.is_staff:
             return True
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 4ecee908a..0810a422e 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -6,7 +6,7 @@
 {% block content %}
 <div class="grid-container">
   <div class="grid-row">
-    {% if not is_analyst_or_superuser or not analyst_action %}
+    {% if not is_analyst_or_superuser or not analyst_action or analyst_action_location != domain.pk %}
     <p class="font-body-md margin-top-0 margin-bottom-2
               text-primary-darker text-semibold"
     >
@@ -21,18 +21,8 @@
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser or not analyst_action %}
-	  <a href="{% url 'home' %}" class="breadcrumb__back">
-        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
-        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
-        </svg>
 
-        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
-        </p>
-
-      </a>
-      {% elif is_analyst_or_superuser and analyst_action == 'edit' %}
+      {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
       <div class="usa-alert usa-alert--warning">
         <div class="usa-alert__body">
           <h4 class="usa-alert__heading larger-font-sizing ">Attention!</h4>
@@ -41,6 +31,16 @@
           </p>
         </div>
       </div>
+      {% else %}
+      <a href="{% url 'home' %}" class="breadcrumb__back">
+        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
+        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
+        </svg>
+
+        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
+        Back to manage your domains
+        </p>
+      </a>
       {% endif %}
       {# messages block is under the back breadcrumb link #}
       {% if messages %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index e0bf381cd..ef8cfc7fb 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -58,10 +58,10 @@ class DomainPermission(PermissionsLoginMixin):
 
         except DomainInformation.DoesNotExist:
             # Q: While testing, I saw that, application-wide, if you go to a domain
-            # that does not exist (i.e: https://getgov-staging.app.cloud.gov/domain/73333),
-            # the page throws a 403 error,
-            # instead of a 404. This fixes that behaviour,
-            # but do we want it to throw a 403 instead?
+            # that does not exist, for example,
+            # https://getgov-staging.app.cloud.gov/domain/73333,
+            # the page throws a 403 error, instead of a 404.
+            # This fixes that behaviour, but do we want it to throw a 403 instead?
             # Basically, should this be logger.debug()?
             raise Http404()
 
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index d7543d375..22ca6863b 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -5,7 +5,7 @@ import abc  # abstract base class
 from django.views.generic import DetailView, DeleteView
 
 from registrar.models import Domain, DomainApplication, DomainInvitation
-from registrar.models.domain_information import DomainInformation
+
 
 from .mixins import (
     DomainPermission,
@@ -35,11 +35,13 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         context = super().get_context_data(**kwargs)
         user = self.request.user
 
-        context["is_analyst_or_superuser"] = user.is_superuser or user.is_staff
+        context["is_analyst_or_superuser"] = user.is_staff or user.is_superuser
         # Flag to see if an analyst is attempting to make edits
         if "analyst_action" in self.request.session:
-            context["analyst_action"] = self.request.session["analyst_action"]
-            context["analyst_action_location"] = self.request.session["analyst_action_location"]
+            # Stored in a variable for the linter
+            action = "analyst_action"
+            context[action] = self.request.session[action]
+            context[f"{action}_location"] = self.request.session[f"{action}_location"]
 
         return context
 

From 09c336c1da8825eb6ff30809579c23d0b63165d1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 11:39:50 -0600
Subject: [PATCH 09/40] Update get-gov.js

---
 src/registrar/assets/js/get-gov.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/assets/js/get-gov.js b/src/registrar/assets/js/get-gov.js
index 9c0df7c71..0b67df825 100644
--- a/src/registrar/assets/js/get-gov.js
+++ b/src/registrar/assets/js/get-gov.js
@@ -261,4 +261,3 @@ function handleValidationClick(e) {
       totalForms.setAttribute('value', `${formNum+1}`)
   }
 })();
-

From dc0420998be627526cf7d643363bd6ed22938f0a Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 24 Aug 2023 12:58:08 -0600
Subject: [PATCH 10/40] Linting / test

---
 src/registrar/views/utility/mixins.py           | 8 ++++----
 src/registrar/views/utility/permission_views.py | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index ef8cfc7fb..13ea70684 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -1,7 +1,6 @@
 """Permissions-related mixin classes."""
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
-from django.http import Http404
 
 from registrar.models import DomainApplication, DomainInvitation
 
@@ -61,9 +60,10 @@ class DomainPermission(PermissionsLoginMixin):
             # that does not exist, for example,
             # https://getgov-staging.app.cloud.gov/domain/73333,
             # the page throws a 403 error, instead of a 404.
-            # This fixes that behaviour, but do we want it to throw a 403 instead?
-            # Basically, should this be logger.debug()?
-            raise Http404()
+            # Do we want it to throw a 404 instead?
+            # Basically, should this be Http404()?
+            logger.warning(f"Domain with PK {pk} does not exist")
+            return False
 
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 22ca6863b..89cc62299 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -47,8 +47,8 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
     def log_analyst_form_actions(self, form_class_name, printable_object_info):
         """Generates a log for when key 'analyst_action' exists on the session.
-            Follows this format: f"{user_type} {self.request.user}
-            edited {form_class_name} in {printable_object_info}"
+        Follows this format: f"{user_type} {self.request.user}
+        edited {form_class_name} in {printable_object_info}"
         """
         if "analyst_action" in self.request.session:
             action = self.request.session["analyst_action"]

From c46f27d53b2b9a802504e71410cb7bd42d8bc00b Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:42:34 -0600
Subject: [PATCH 11/40] Test cases

---
 src/registrar/templates/domain_base.html |  2 +-
 src/registrar/tests/common.py            |  7 ++
 src/registrar/tests/test_admin.py        | 95 ++++++++++++++++++++++++
 3 files changed, 103 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 0810a422e..6f79adeb5 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -25,7 +25,7 @@
       {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
       <div class="usa-alert usa-alert--warning">
         <div class="usa-alert__body">
-          <h4 class="usa-alert__heading larger-font-sizing ">Attention!</h4>
+          <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
           <p class="usa-alert__text ">
             You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates
           </p>
diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index c4a2772b0..4e9375d29 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -518,3 +518,10 @@ def multiple_unalphabetical_domain_objects(
         application = mock.create_full_dummy_domain_object(domain_type, object_name)
         applications.append(application)
     return applications
+
+def generic_domain_object(domain_type, object_name):
+    """Returns a generic domain object of
+    domain_type 'application', 'information', or 'invitation'"""
+    mock = AuditedAdminMockData()
+    application = mock.create_full_dummy_domain_object(domain_type, object_name)
+    return application
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index a27dcb741..9d60e6ba3 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -1,7 +1,9 @@
 from django.test import TestCase, RequestFactory, Client
 from django.contrib.admin.sites import AdminSite
+from django.urls import reverse
 
 from registrar.admin import (
+    DomainAdmin,
     DomainApplicationAdmin,
     ListHeaderAdmin,
     MyUserAdmin,
@@ -13,14 +15,19 @@ from registrar.models import (
     User,
     DomainInvitation,
 )
+from registrar.models.domain import Domain
 from .common import (
+    AuditedAdminMockData,
     completed_application,
+    generic_domain_object,
     mock_user,
     create_superuser,
     create_user,
     multiple_unalphabetical_domain_objects,
 )
 
+from django.contrib.sessions.backends.db import SessionStore
+
 from django.contrib.auth import get_user_model
 
 from django.conf import settings
@@ -636,3 +643,91 @@ class AuditedAdminTest(TestCase):
         DomainInformation.objects.all().delete()
         DomainApplication.objects.all().delete()
         DomainInvitation.objects.all().delete()
+
+
+class DomainSessionVariableTest(TestCase):
+    """Test cases for session variables in Django Admin"""
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.admin = DomainAdmin(Domain, None)
+        self.client = Client(HTTP_HOST="localhost:8080")
+        self.superuser = create_superuser()
+
+    def test_session_variables_set_correctly(self):
+        """Checks if session variables are being set correctly"""
+
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        dummy_domain_information: DomainInformation = generic_domain_object("information", "session")
+        request = self.factory.post(
+            reverse('admin:registrar_domain_change', args=(dummy_domain_information.domain.pk,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
+
+        self.populate_session_values(request, dummy_domain_information.domain)
+
+        self.assertEqual(request.session['analyst_action'], 'edit')
+        self.assertEqual(request.session['analyst_action_location'], dummy_domain_information.domain.pk)
+
+    def test_session_variables_retain_information(self):
+        """ Checks to see if session variables retain old information """
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        # We need to create multiple of these to ensure data is consistent across all of them
+        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("invitation")
+        for item in dummy_domain_information_list:
+            request = self.factory.post(
+                reverse('admin:registrar_domain_change', args=(item.pk,)),
+                {'_edit_domain': 'true'},
+                follow=True
+            )
+
+            self.populate_session_values(request, item)
+
+            self.assertEqual(request.session['analyst_action'], 'edit')
+            self.assertEqual(request.session['analyst_action_location'], item.pk)
+
+    def test_session_variables_concurrent_requests(self):
+        """ Simulates two requests at once """
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        info_first: DomainInformation = generic_domain_object("information", "session")
+        info_second: DomainInformation = generic_domain_object("information", "session2")
+
+        request_first = self.factory.post(
+            reverse('admin:registrar_domain_change', args=(info_first.domain.pk,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
+        request_second = self.factory.post(
+            reverse('admin:registrar_domain_change', args=(info_second.domain.pk,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
+
+        self.populate_session_values(request_first, info_first.domain)
+        self.populate_session_values(request_second, info_second.domain)
+
+        # Check if anything got nulled out
+        self.assertNotEqual(request_first.session['analyst_action'], None)
+        self.assertNotEqual(request_second.session['analyst_action'], None)
+        self.assertNotEqual(request_first.session['analyst_action_location'], None)
+        self.assertNotEqual(request_second.session['analyst_action_location'], None)
+
+        # Check if they are both the same action 'type'
+        self.assertEqual(request_first.session['analyst_action'], 'edit')
+        self.assertEqual(request_second.session['analyst_action'], 'edit')
+
+        # Check their locations, and ensure they aren't the same across both
+        self.assertNotEqual(request_first.session['analyst_action_location'], request_second.session['analyst_action_location'])
+
+    def populate_session_values(self, request, domain_object):
+        """Boilerplate for creating mock sessions"""
+        request.user = self.client
+        request.session = SessionStore()
+        request.session.create()
+        self.admin.response_change(request, domain_object)
\ No newline at end of file

From 026222327cccfd9b348b8aad0cb1d011a4124f5b Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:53:28 -0600
Subject: [PATCH 12/40] Fixing some commit weirdness

---
 src/registrar/templates/domain_detail.html  | 2 ++
 src/registrar/templates/domain_sidebar.html | 6 +++++-
 src/registrar/views/domain.py               | 4 ++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 4bae384f5..7fbca7c02 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -4,6 +4,7 @@
 {% block domain_content %}
   {{ block.super }}
   <div class="margin-top-4 tablet:grid-col-10">
+    
     {% url 'domain-nameservers' pk=domain.id as url %}
     {% if domain.nameservers %}
       {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
@@ -18,6 +19,7 @@
 
     {% url 'domain-authorizing-official' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Authorizing official' value=domain.domain_info.authorizing_official contact='true' edit_link=url %}
+
     {% url 'domain-your-contact-information' pk=domain.id as url %}
     {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
 
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index 2260a586d..ac3461b5e 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -11,6 +11,7 @@
           Domain overview
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-nameservers' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -19,6 +20,7 @@
             DNS name servers
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-org-name-address' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -27,6 +29,7 @@
             Organization name and mailing address
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
         <a href="{{ url }}"
@@ -35,12 +38,13 @@
             Authorizing official
         </a>
       </li>
+
       <li class="usa-sidenav__item">
         {% url 'domain-your-contact-information' pk=domain.id as url %}
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
-        Your contact information
+            Your contact information
         </a>
       </li>
 
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 6f649661b..471bd4092 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -80,6 +80,10 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
             self.request, "The organization name and mailing address has been updated."
         )
 
+        # Q: Is there a more efficent way to do this?
+        # I don't like repeating code across these functions,
+        # But I can't figure out a way to do this without installing
+        # middleware...
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(

From d0ccd18732468a0d294ec30f0d458973b3f003ed Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:55:34 -0600
Subject: [PATCH 13/40] Update domain_detail.html

---
 src/registrar/templates/domain_detail.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 7fbca7c02..97c1971ca 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -4,14 +4,14 @@
 {% block domain_content %}
   {{ block.super }}
   <div class="margin-top-4 tablet:grid-col-10">
-    
+
     {% url 'domain-nameservers' pk=domain.id as url %}
     {% if domain.nameservers %}
       {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>
       <p> No DNS name servers have been added yet. Before your domain can be used we’ll need information about your domain name servers.</p>
-      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a>
+      <a class="usa-button margin-bottom-1" href="{{url}}"> Add DNS name servers </a> 
     {% endif %}
 
     {% url 'domain-org-name-address' pk=domain.id as url %}

From 4075d827559802d938824c43b250413ddac328a1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 07:56:05 -0600
Subject: [PATCH 14/40] Fixing whitespace difference after merge

---
 src/registrar/templates/domain_detail.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_detail.html b/src/registrar/templates/domain_detail.html
index 97c1971ca..dd176c862 100644
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@@ -6,7 +6,7 @@
   <div class="margin-top-4 tablet:grid-col-10">
 
     {% url 'domain-nameservers' pk=domain.id as url %}
-    {% if domain.nameservers %}
+    {% if domain.nameservers %} 
       {% include "includes/summary_item.html" with title='DNS name servers' value=domain.nameservers list='true' edit_link=url %}
     {% else %}
       <h2 class="margin-top-neg-1"> DNS name servers </h2>

From 0378f1570e821ff1ea43f36d4f8a50b8c59a861e Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 08:34:13 -0600
Subject: [PATCH 15/40] Code cleanup

Had some older code lying around
---
 src/registrar/admin.py                | 17 +++---------
 src/registrar/tests/test_admin.py     | 38 +++++++++++----------------
 src/registrar/views/utility/mixins.py | 20 ++++----------
 3 files changed, 24 insertions(+), 51 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 5d6b8c9b8..80f39dad6 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -171,24 +171,14 @@ class DomainAdmin(ListHeaderAdmin):
             return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
         return super().response_change(request, obj)
 
-    # Sets domain_id as a context var
-    def change_view(self, request, object_id, form_url="", extra_context=None):
+    def change_view(self, request, object_id):
+        # If the analyst was recently editing
         if "analyst_action" in request.session:
-            # If an analyst performed an edit action,
             # delete the session variable
             del request.session["analyst_action"]
             # delete the associated location
             del request.session["analyst_action_location"]
-
-        extra_context = extra_context or {}
-        extra_context["domain_id"] = object_id
-
-        return super().change_view(
-            request,
-            object_id,
-            form_url,
-            extra_context=extra_context,
-        )
+        return super().change_view(request, object_id)
 
     def has_change_permission(self, request, obj=None):
         # Fixes a bug wherein users which are only is_staff
@@ -196,7 +186,6 @@ class DomainAdmin(ListHeaderAdmin):
         # but cannot access this page when it is a request of type POST.
         if request.user.is_staff:
             return True
-
         return super().has_change_permission(request, obj)
 
 
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 9d60e6ba3..35e64582d 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -14,10 +14,9 @@ from registrar.models import (
     DomainInformation,
     User,
     DomainInvitation,
+    Domain
 )
-from registrar.models.domain import Domain
 from .common import (
-    AuditedAdminMockData,
     completed_application,
     generic_domain_object,
     mock_user,
@@ -25,11 +24,8 @@ from .common import (
     create_user,
     multiple_unalphabetical_domain_objects,
 )
-
 from django.contrib.sessions.backends.db import SessionStore
-
 from django.contrib.auth import get_user_model
-
 from django.conf import settings
 from unittest.mock import MagicMock
 import boto3_mocking  # type: ignore
@@ -651,7 +647,6 @@ class DomainSessionVariableTest(TestCase):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
-        self.superuser = create_superuser()
 
     def test_session_variables_set_correctly(self):
         """Checks if session variables are being set correctly"""
@@ -660,12 +655,7 @@ class DomainSessionVariableTest(TestCase):
         self.client.login(username="superuser", password=p)
 
         dummy_domain_information: DomainInformation = generic_domain_object("information", "session")
-        request = self.factory.post(
-            reverse('admin:registrar_domain_change', args=(dummy_domain_information.domain.pk,)),
-            {'_edit_domain': 'true'},
-            follow=True
-        )
-
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
 
         self.assertEqual(request.session['analyst_action'], 'edit')
@@ -676,19 +666,13 @@ class DomainSessionVariableTest(TestCase):
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        # We need to create multiple of these to ensure data is consistent across all of them
-        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("invitation")
+        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("information")
         for item in dummy_domain_information_list:
-            request = self.factory.post(
-                reverse('admin:registrar_domain_change', args=(item.pk,)),
-                {'_edit_domain': 'true'},
-                follow=True
-            )
-
+            request = self.get_factory_post_edit_domain(item.domain.pk)
             self.populate_session_values(request, item)
 
             self.assertEqual(request.session['analyst_action'], 'edit')
-            self.assertEqual(request.session['analyst_action_location'], item.pk)
+            self.assertEqual(request.session['analyst_action_location'], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
         """ Simulates two requests at once """
@@ -730,4 +714,14 @@ class DomainSessionVariableTest(TestCase):
         request.user = self.client
         request.session = SessionStore()
         request.session.create()
-        self.admin.response_change(request, domain_object)
\ No newline at end of file
+        self.admin.response_change(request, domain_object)
+
+    def get_factory_post_edit_domain(self, primary_key):
+        """Posts to registrar domain change
+        with the edit domain button 'clicked',
+        then returns the factory object"""
+        return self.factory.post(
+            reverse('admin:registrar_domain_change', args=(primary_key,)),
+            {'_edit_domain': 'true'},
+            follow=True
+        )
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 13ea70684..5d1101422 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -2,9 +2,7 @@
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
 
-from registrar.models import DomainApplication, DomainInvitation
-
-from registrar.models import DomainInformation, UserDomainRole
+from registrar.models import DomainApplication, DomainInvitation, DomainInformation, UserDomainRole
 import logging
 
 logger = logging.getLogger(__name__)
@@ -34,27 +32,20 @@ class DomainPermission(PermissionsLoginMixin):
             return False
 
         pk = self.kwargs["pk"]
-
         # If pk is none then something went very wrong...
         if pk is None:
             raise ValueError("Primary key is None")
 
-        # Checks if the creator is the user requesting this item
-
-        user_is_creator: bool = UserDomainRole.objects.filter(
-            user=self.request.user, domain__id=pk
-        ).exists()
-
         # user needs to have a role on the domain
-        if user_is_creator:
+        if UserDomainRole.objects.filter(
+            user=self.request.user, domain__id=pk
+        ).exists():
             return True
 
         # ticket 806
         requested_domain: DomainInformation = None
-
         try:
             requested_domain = DomainInformation.objects.get(id=pk)
-
         except DomainInformation.DoesNotExist:
             # Q: While testing, I saw that, application-wide, if you go to a domain
             # that does not exist, for example,
@@ -62,7 +53,7 @@ class DomainPermission(PermissionsLoginMixin):
             # the page throws a 403 error, instead of a 404.
             # Do we want it to throw a 404 instead?
             # Basically, should this be Http404()?
-            logger.warning(f"Domain with PK {pk} does not exist")
+            logger.debug(f"Domain with PK {pk} does not exist")
             return False
 
         # Analysts may manage domains, when they are in these statuses:
@@ -79,7 +70,6 @@ class DomainPermission(PermissionsLoginMixin):
         )
 
         session = self.request.session
-
         # Check if the user is attempting a valid edit action.
         # If analyst_action is present, analyst_action_location will be present.
         # if it isn't, then it either suggests tampering

From 81e5f5f8bb81720e3d9ee19e03d3366dde6279c2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 08:43:47 -0600
Subject: [PATCH 16/40] More code cleanup

---
 src/registrar/admin.py            |  6 ++----
 src/registrar/tests/test_admin.py | 22 ++++++++--------------
 src/registrar/views/domain.py     |  4 +---
 3 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 80f39dad6..d2df04d3a 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -167,16 +167,14 @@ class DomainAdmin(ListHeaderAdmin):
             request.session["analyst_action"] = "edit"
             # Restricts this action to this domain (pk) only
             request.session["analyst_action_location"] = obj.id
-
             return HttpResponseRedirect(reverse("domain", args=(obj.id,)))
         return super().response_change(request, obj)
 
     def change_view(self, request, object_id):
-        # If the analyst was recently editing
+        # If the analyst was recently editing a domain page,
+        # delete any associated session values
         if "analyst_action" in request.session:
-            # delete the session variable
             del request.session["analyst_action"]
-            # delete the associated location
             del request.session["analyst_action_location"]
         return super().change_view(request, object_id)
 
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 35e64582d..84b4535b6 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -654,7 +654,7 @@ class DomainSessionVariableTest(TestCase):
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        dummy_domain_information: DomainInformation = generic_domain_object("information", "session")
+        dummy_domain_information = generic_domain_object("information", "session")
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
 
@@ -663,10 +663,11 @@ class DomainSessionVariableTest(TestCase):
 
     def test_session_variables_retain_information(self):
         """ Checks to see if session variables retain old information """
+
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        dummy_domain_information_list: [DomainInformation] = multiple_unalphabetical_domain_objects("information")
+        dummy_domain_information_list = multiple_unalphabetical_domain_objects("information")
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
             self.populate_session_values(request, item)
@@ -676,22 +677,15 @@ class DomainSessionVariableTest(TestCase):
 
     def test_session_variables_concurrent_requests(self):
         """ Simulates two requests at once """
+
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        info_first: DomainInformation = generic_domain_object("information", "session")
-        info_second: DomainInformation = generic_domain_object("information", "session2")
+        info_first = generic_domain_object("information", "session")
+        info_second = generic_domain_object("information", "session2")
 
-        request_first = self.factory.post(
-            reverse('admin:registrar_domain_change', args=(info_first.domain.pk,)),
-            {'_edit_domain': 'true'},
-            follow=True
-        )
-        request_second = self.factory.post(
-            reverse('admin:registrar_domain_change', args=(info_second.domain.pk,)),
-            {'_edit_domain': 'true'},
-            follow=True
-        )
+        request_first = self.get_factory_post_edit_domain(info_first.domain.pk)
+        request_second = self.get_factory_post_edit_domain(info_second.domain.pk)
 
         self.populate_session_values(request_first, info_first.domain)
         self.populate_session_values(request_second, info_second.domain)
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 471bd4092..804948ae9 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -81,9 +81,7 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         )
 
         # Q: Is there a more efficent way to do this?
-        # I don't like repeating code across these functions,
-        # But I can't figure out a way to do this without installing
-        # middleware...
+        # It would be ideal if we didn't have to repeat this.
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(

From 7fafecab0a2062fc7c620f986e10ae2693396ff2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 09:34:01 -0600
Subject: [PATCH 17/40] Matched figma padding

---
 src/registrar/assets/js/get-gov.js            |  2 +-
 src/registrar/assets/sass/_theme/_admin.scss  | 24 +++++++++---------
 .../_theme/_uswds-theme-custom-styles.scss    | 25 +++++++++++++------
 src/registrar/templates/domain_base.html      |  2 +-
 src/registrar/templates/domain_sidebar.html   |  8 +++---
 src/registrar/views/utility/mixins.py         | 14 +++++++----
 .../views/utility/permission_views.py         | 11 ++++----
 7 files changed, 50 insertions(+), 36 deletions(-)

diff --git a/src/registrar/assets/js/get-gov.js b/src/registrar/assets/js/get-gov.js
index 0b67df825..57dc6d2e3 100644
--- a/src/registrar/assets/js/get-gov.js
+++ b/src/registrar/assets/js/get-gov.js
@@ -211,7 +211,7 @@ function handleValidationClick(e) {
  * An IIFE that will attach validators to inputs.
  *
  * It looks for elements with `validate="<type> <type>"` and adds change handlers.
- *
+ * 
  * These handlers know about two other attributes:
  *  - `validate-for="<id>"` creates a button which will run the validator(s) on <id>
  *  - `auto-validate` will run validator(s) when the user stops typing (otherwise,
diff --git a/src/registrar/assets/sass/_theme/_admin.scss b/src/registrar/assets/sass/_theme/_admin.scss
index 91d0d5e3c..b87257344 100644
--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@@ -1,7 +1,7 @@
 @use "cisa_colors" as *;
 @use "uswds-core" as *;
 
-// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support
+// We'll use Django's CSS vars: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/#theming-support 
 // and assign USWDS theme vars whenever possible
 // If needed (see below), we'll use the USWDS hex value
 // As a last resort, we'll use CISA colors to supplement the palette
@@ -72,34 +72,34 @@ html[data-theme="light"] {
 @media (prefers-color-scheme: dark) {
     :root,
     html[data-theme="dark"] {
-      // Edit the primary to meet accessibility requ.
+      // Edit the primary to meet accessibility requ.  
       --primary: #23485a;
       --primary-fg: #f7f7f7;
-
+  
       --body-fg: #eeeeee;
       --body-bg: #121212;
       --body-quiet-color: #e0e0e0;
       --body-loud-color: #ffffff;
-
+  
       --breadcrumbs-link-fg: #e0e0e0;
       --breadcrumbs-bg: var(--primary);
-
+  
       --link-fg: #81d4fa;
       --link-hover-color: #4ac1f7;
       --link-selected-fg: #6f94c6;
-
+  
       --hairline-color: #272727;
       --border-color: #353535;
-
+  
       --error-fg: #e35f5f;
       --message-success-bg: #006b1b;
       --message-warning-bg: #583305;
       --message-error-bg: #570808;
-
+  
       --darkened-bg: #212121;
       --selected-bg: #1b1b1b;
       --selected-row: #00363a;
-
+  
       --close-button-bg: #333333;
       --close-button-hover-bg: #666666;
     }
@@ -108,7 +108,7 @@ html[data-theme="light"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td,
+    .change-list .usa-table thead td, 
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -122,7 +122,7 @@ html[data-theme="dark"] {
     .change-list .usa-table,
     .change-list .usa-table--striped tbody tr:nth-child(odd) td,
     .change-list .usa-table--borderless thead th,
-    .change-list .usa-table thead td,
+    .change-list .usa-table thead td, 
     .change-list .usa-table thead th,
     body.dashboard,
     body.change-list,
@@ -163,7 +163,7 @@ table > caption > a {
     height: auto!important;
 }
 
-// Keep th from collapsing
+// Keep th from collapsing 
 .min-width-25 {
     min-width: 25px;
 }
diff --git a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
index 678084d00..4878235a9 100644
--- a/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
+++ b/src/registrar/assets/sass/_theme/_uswds-theme-custom-styles.scss
@@ -26,7 +26,6 @@ $letter-space--xs: .0125em;
 @use "uswds-core" as *;
 
 /* Styles for making visible to screen reader / AT users only. */
-
 .sr-only {
    @include sr-only;
  }
@@ -62,9 +61,9 @@ body {
 }
 
 p,
-address,
-.usa-list li {
-  @include typeset('sans', 'sm', 5);
+address, 
+.usa-list li { 
+  @include typeset('sans', 'sm', 5); 
   max-width: measure(5);
 }
 
@@ -119,7 +118,7 @@ h2 {
     color: color('violet-70v'); //USWDS default
   }
 }
-.register-form-step .usa-form-group:first-of-type,
+.register-form-step .usa-form-group:first-of-type, 
 .register-form-step .usa-label:first-of-type {
   margin-top: units(1);
 }
@@ -181,7 +180,7 @@ a.withdraw:active {
       a.link_usa-checked {
         padding: 0;
       }
-    }
+    }    
   }
 }
 
@@ -243,7 +242,7 @@ a.withdraw:active {
 
 .usa-form .usa-button {
   margin-top: units(3);
-}
+} 
 
 .usa-button--unstyled .usa-icon {
   vertical-align: bottom;
@@ -396,7 +395,7 @@ a.usa-button--unstyled:visited {
 }
 
 .dotgov-status-box {
-  background-color: color('primary-lightest');
+  background-color: color('primary-lightest'); 
   border-color: color('accent-cool-lighter');
 }
 
@@ -441,3 +440,13 @@ abbr[title] {
     font-size: units(3);
   }
 }
+
+// The icon was off center for some reason
+// Fixes that issue
+@media (min-width: 64em){
+  .usa-alert--warning{
+    .usa-alert__body::before {
+      left: 1rem !important;
+    }
+  } 
+}
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 6f79adeb5..78c493a9c 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -23,7 +23,7 @@
       <main id="main-content" class="grid-container">
 
       {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
-      <div class="usa-alert usa-alert--warning">
+      <div class="usa-alert usa-alert--warning margin-bottom-2">
         <div class="usa-alert__body">
           <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
           <p class="usa-alert__text ">
diff --git a/src/registrar/templates/domain_sidebar.html b/src/registrar/templates/domain_sidebar.html
index ac3461b5e..1e4cd1882 100644
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@@ -4,8 +4,8 @@
   <nav aria-label="Domain sections">
     <ul class="usa-sidenav">
       <li class="usa-sidenav__item">
-        {% url 'domain' pk=domain.id as url %}
-        <a href="{{ url }}"
+        {% url 'domain' pk=domain.id as url %} 
+        <a href="{{ url }}" 
           {% if request.path == url %}class="usa-current"{% endif %}
         >
           Domain overview
@@ -13,7 +13,7 @@
       </li>
 
       <li class="usa-sidenav__item">
-        {% url 'domain-nameservers' pk=domain.id as url %}
+        {% url 'domain-nameservers' pk=domain.id as url %} 
         <a href="{{ url }}"
           {% if request.path == url %}class="usa-current"{% endif %}
         >
@@ -28,7 +28,7 @@
         >
             Organization name and mailing address
         </a>
-      </li>
+      </li>      
 
       <li class="usa-sidenav__item">
         {% url 'domain-authorizing-official' pk=domain.id as url %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 5d1101422..51fb32d0f 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -2,7 +2,12 @@
 
 from django.contrib.auth.mixins import PermissionRequiredMixin
 
-from registrar.models import DomainApplication, DomainInvitation, DomainInformation, UserDomainRole
+from registrar.models import (
+    DomainApplication,
+    DomainInvitation,
+    DomainInformation,
+    UserDomainRole,
+)
 import logging
 
 logger = logging.getLogger(__name__)
@@ -71,11 +76,10 @@ class DomainPermission(PermissionsLoginMixin):
 
         session = self.request.session
         # Check if the user is attempting a valid edit action.
-        # If analyst_action is present, analyst_action_location will be present.
-        # if it isn't, then it either suggests tampering
-        # or a larger omnipresent issue with sessions.
         can_do_action = (
-            "analyst_action" in session and session["analyst_action_location"] == pk
+            "analyst_action" in session
+            and "analyst_action_location" in session
+            and session["analyst_action_location"] == pk
         )
 
         # If the valid session keys exist, if the user is permissioned,
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 89cc62299..f5a8365d4 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -34,14 +34,15 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         user = self.request.user
-
         context["is_analyst_or_superuser"] = user.is_staff or user.is_superuser
+        # Stored in a variable for the linter
+        action = "analyst_action"
+        action_location = "analyst_action_location"
         # Flag to see if an analyst is attempting to make edits
-        if "analyst_action" in self.request.session:
-            # Stored in a variable for the linter
-            action = "analyst_action"
+        if action in self.request.session:
             context[action] = self.request.session[action]
-            context[f"{action}_location"] = self.request.session[f"{action}_location"]
+        if action_location in self.request.session:
+            context[action_location] = self.request.session[action_location]
 
         return context
 

From 1b8de424b3038d3a13b3452b6e1e9cdcd333c2c5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 11:09:03 -0600
Subject: [PATCH 18/40] Mime type

---
 src/registrar/templates/django/admin/domain_change_form.html | 2 +-
 src/registrar/views/utility/mixins.py                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index e7363851a..22b1182e0 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -3,7 +3,7 @@
 
 {% block extrahead %}
 {{ block.super }}
-<script src="{% static 'js/get-gov-admin.js' %}" defer></script>
+<script type="text/javascript" src="{% static 'js/get-gov-admin.js' %}" defer></script>
 {% endblock %}
 
 {% block field_sets %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 51fb32d0f..c815092bd 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -81,7 +81,7 @@ class DomainPermission(PermissionsLoginMixin):
             and "analyst_action_location" in session
             and session["analyst_action_location"] == pk
         )
-
+        
         # If the valid session keys exist, if the user is permissioned,
         # and if its in a valid status
         if (

From 045717cf85814ebe6712e82517d8bba0e6039501 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 25 Aug 2023 14:01:30 -0600
Subject: [PATCH 19/40] Unauthorized bug fix

Some pages returned an unauthorized when it should not have, because there was no associated DomainInformation object with them
---
 .../django/admin/domain_change_form.html      |  2 +-
 src/registrar/views/utility/mixins.py         | 25 +++++++++----------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 22b1182e0..09d724881 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -3,7 +3,7 @@
 
 {% block extrahead %}
 {{ block.super }}
-<script type="text/javascript" src="{% static 'js/get-gov-admin.js' %}" defer></script>
+<script type="application/javascript" src="{% static 'js/get-gov-admin.js' %}" defer></script>
 {% endblock %}
 
 {% block field_sets %}
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index c815092bd..86d6c681e 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -48,18 +48,9 @@ class DomainPermission(PermissionsLoginMixin):
             return True
 
         # ticket 806
-        requested_domain: DomainInformation = None
-        try:
+        requested_domain = None
+        if(DomainInformation.objects.filter(id=pk).exists()):
             requested_domain = DomainInformation.objects.get(id=pk)
-        except DomainInformation.DoesNotExist:
-            # Q: While testing, I saw that, application-wide, if you go to a domain
-            # that does not exist, for example,
-            # https://getgov-staging.app.cloud.gov/domain/73333,
-            # the page throws a 403 error, instead of a 404.
-            # Do we want it to throw a 404 instead?
-            # Basically, should this be Http404()?
-            logger.debug(f"Domain with PK {pk} does not exist")
-            return False
 
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
@@ -81,13 +72,21 @@ class DomainPermission(PermissionsLoginMixin):
             and "analyst_action_location" in session
             and session["analyst_action_location"] == pk
         )
-        
+
+        # Edge case - some domains do not have
+        # a status or DomainInformation... aka a status of 'None'
+        # This checks that it has a status, before checking if it does
+        # Otherwise, analysts can edit these domains
+        if (requested_domain is not None):
+            can_do_action = (
+                can_do_action 
+                and requested_domain.domain_application.status in valid_domain_statuses
+            )
         # If the valid session keys exist, if the user is permissioned,
         # and if its in a valid status
         if (
             can_do_action
             and user_is_analyst_or_superuser
-            and requested_domain.domain_application.status in valid_domain_statuses
         ):
             return True
 

From a92ad17856eb9ed6c6b4d5fc551a4223f9178e93 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 09:01:12 -0600
Subject: [PATCH 20/40] Better logging / test cases

---
 src/registrar/tests/common.py                 |   1 +
 src/registrar/tests/test_admin.py             | 112 ++++++++++++++----
 src/registrar/views/domain.py                 |   3 +-
 src/registrar/views/utility/mixins.py         |  11 +-
 .../views/utility/permission_views.py         |  36 ++++--
 5 files changed, 124 insertions(+), 39 deletions(-)

diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 4e9375d29..940183646 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -519,6 +519,7 @@ def multiple_unalphabetical_domain_objects(
         applications.append(application)
     return applications
 
+
 def generic_domain_object(domain_type, object_name):
     """Returns a generic domain object of
     domain_type 'application', 'information', or 'invitation'"""
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 84b4535b6..f4e7dae3a 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -14,7 +14,7 @@ from registrar.models import (
     DomainInformation,
     User,
     DomainInvitation,
-    Domain
+    Domain,
 )
 from .common import (
     completed_application,
@@ -643,12 +643,13 @@ class AuditedAdminTest(TestCase):
 
 class DomainSessionVariableTest(TestCase):
     """Test cases for session variables in Django Admin"""
+
     def setUp(self):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
 
-    def test_session_variables_set_correctly(self):
+    def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 
         p = "adminpass"
@@ -657,26 +658,85 @@ class DomainSessionVariableTest(TestCase):
         dummy_domain_information = generic_domain_object("information", "session")
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(
+            request.session["analyst_action_location"],
+            dummy_domain_information.domain.pk,
+        )
 
-        self.assertEqual(request.session['analyst_action'], 'edit')
-        self.assertEqual(request.session['analyst_action_location'], dummy_domain_information.domain.pk)
-
-    def test_session_variables_retain_information(self):
-        """ Checks to see if session variables retain old information """
+    def test_session_vars_set_correctly_hardcoded_domain(self):
+        """Checks if session variables are being set correctly"""
 
         p = "adminpass"
         self.client.login(username="superuser", password=p)
 
-        dummy_domain_information_list = multiple_unalphabetical_domain_objects("information")
+        dummy_domain_information: Domain = generic_domain_object(
+            "information", "session"
+        )
+        dummy_domain_information.domain.pk = 1
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
+        self.populate_session_values(request, dummy_domain_information.domain)
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(request.session["analyst_action_location"], 1)
+
+    def test_session_variables_reset_correctly(self):
+        """Checks if incorrect session variables get overridden"""
+
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        dummy_domain_information = generic_domain_object("information", "session")
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
+
+        self.populate_session_values(
+            request, dummy_domain_information.domain, preloadBadData=True
+        )
+
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(
+            request.session["analyst_action_location"],
+            dummy_domain_information.domain.pk,
+        )
+
+    def test_unauthorized_user(self):
+        """Checks for when a user has invalid perms"""
+
+        p = "userpass"
+        self.client.login(username="staffuser", password=p)
+
+        dummy_domain_information = generic_domain_object("information", "session")
+        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
+        self.populate_session_values(request, dummy_domain_information.domain)
+
+        self.assertEqual(request.session["analyst_action"], "edit")
+        self.assertEqual(
+            request.session["analyst_action_location"],
+            dummy_domain_information.domain.pk,
+        )
+
+    def test_session_variables_retain_information(self):
+        """Checks to see if session variables retain old information"""
+
+        p = "adminpass"
+        self.client.login(username="superuser", password=p)
+
+        dummy_domain_information_list = multiple_unalphabetical_domain_objects(
+            "information"
+        )
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
+            logger.debug(
+                f"Before populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
+            )
             self.populate_session_values(request, item)
-
-            self.assertEqual(request.session['analyst_action'], 'edit')
-            self.assertEqual(request.session['analyst_action_location'], item.domain.pk)
+            logger.debug(
+                f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
+            )
+            self.assertEqual(request.session["analyst_action"], "edit")
+            self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
-        """ Simulates two requests at once """
+        """Simulates two requests at once"""
 
         p = "adminpass"
         self.client.login(username="superuser", password=p)
@@ -691,23 +751,29 @@ class DomainSessionVariableTest(TestCase):
         self.populate_session_values(request_second, info_second.domain)
 
         # Check if anything got nulled out
-        self.assertNotEqual(request_first.session['analyst_action'], None)
-        self.assertNotEqual(request_second.session['analyst_action'], None)
-        self.assertNotEqual(request_first.session['analyst_action_location'], None)
-        self.assertNotEqual(request_second.session['analyst_action_location'], None)
+        self.assertNotEqual(request_first.session["analyst_action"], None)
+        self.assertNotEqual(request_second.session["analyst_action"], None)
+        self.assertNotEqual(request_first.session["analyst_action_location"], None)
+        self.assertNotEqual(request_second.session["analyst_action_location"], None)
 
         # Check if they are both the same action 'type'
-        self.assertEqual(request_first.session['analyst_action'], 'edit')
-        self.assertEqual(request_second.session['analyst_action'], 'edit')
+        self.assertEqual(request_first.session["analyst_action"], "edit")
+        self.assertEqual(request_second.session["analyst_action"], "edit")
 
         # Check their locations, and ensure they aren't the same across both
-        self.assertNotEqual(request_first.session['analyst_action_location'], request_second.session['analyst_action_location'])
+        self.assertNotEqual(
+            request_first.session["analyst_action_location"],
+            request_second.session["analyst_action_location"],
+        )
 
-    def populate_session_values(self, request, domain_object):
+    def populate_session_values(self, request, domain_object, preloadBadData=False):
         """Boilerplate for creating mock sessions"""
         request.user = self.client
         request.session = SessionStore()
         request.session.create()
+        if preloadBadData:
+            request.session["analyst_action"] = "invalid"
+            request.session["analyst_action_location"] = "bad location"
         self.admin.response_change(request, domain_object)
 
     def get_factory_post_edit_domain(self, primary_key):
@@ -715,7 +781,7 @@ class DomainSessionVariableTest(TestCase):
         with the edit domain button 'clicked',
         then returns the factory object"""
         return self.factory.post(
-            reverse('admin:registrar_domain_change', args=(primary_key,)),
-            {'_edit_domain': 'true'},
-            follow=True
+            reverse("admin:registrar_domain_change", args=(primary_key,)),
+            {"_edit_domain": "true"},
+            follow=True,
         )
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 804948ae9..559ea4517 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -83,9 +83,10 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         # Q: Is there a more efficent way to do this?
         # It would be ideal if we didn't have to repeat this.
         if self.request.user.is_staff or self.request.user.is_superuser:
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes
             )
 
         # superclass has the redirect
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 86d6c681e..38d4233f9 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -49,7 +49,7 @@ class DomainPermission(PermissionsLoginMixin):
 
         # ticket 806
         requested_domain = None
-        if(DomainInformation.objects.filter(id=pk).exists()):
+        if DomainInformation.objects.filter(id=pk).exists():
             requested_domain = DomainInformation.objects.get(id=pk)
 
         # Analysts may manage domains, when they are in these statuses:
@@ -77,17 +77,14 @@ class DomainPermission(PermissionsLoginMixin):
         # a status or DomainInformation... aka a status of 'None'
         # This checks that it has a status, before checking if it does
         # Otherwise, analysts can edit these domains
-        if (requested_domain is not None):
+        if requested_domain is not None:
             can_do_action = (
-                can_do_action 
+                can_do_action
                 and requested_domain.domain_application.status in valid_domain_statuses
             )
         # If the valid session keys exist, if the user is permissioned,
         # and if its in a valid status
-        if (
-            can_do_action
-            and user_is_analyst_or_superuser
-        ):
+        if can_do_action and user_is_analyst_or_superuser:
             return True
 
         # ticket 796
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index f5a8365d4..0d88d8e06 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -46,10 +46,17 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
         return context
 
-    def log_analyst_form_actions(self, form_class_name, printable_object_info):
+    def log_analyst_form_actions(
+        self, form_class_name, printable_object_info, changes=None
+    ):
         """Generates a log for when key 'analyst_action' exists on the session.
-        Follows this format: f"{user_type} {self.request.user}
-        edited {form_class_name} in {printable_object_info}"
+        Follows this format:
+
+        for field, new_value in changes.items():
+                "{user_type} '{self.request.user}'
+                set field '{field}': '{new_value}'
+                under class '{form_class_name}'
+                in domain '{printable_object_info}'"
         """
         if "analyst_action" in self.request.session:
             action = self.request.session["analyst_action"]
@@ -67,11 +74,24 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
                     # Q: do we want to be logging on every changed field?
                     # I could see that becoming spammy log-wise,
                     # but it may also be important.
-
-                    # noqa here as breaking this up further leaves it hard to read
-                    logger.info(
-                        f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
-                    )
+                    if changes is not None:
+                        # Logs every change made to the domain field
+                        # noqa for readability/format
+                        for field, new_value in changes.items():
+                            logger.info(
+                                f"""
+                                An analyst or superuser made alterations to a domain: 
+                                {user_type} '{self.request.user}' 
+                                set field '{field}': '{new_value}' 
+                                under class '{form_class_name}' 
+                                in domain '{printable_object_info}'
+                                """  # noqa
+                            )
+                    else:
+                        # noqa here as breaking this up further leaves it hard to read
+                        logger.info(
+                            f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
+                        )
 
     # Abstract property enforces NotImplementedError on an attribute.
     @property

From 88f5eb96e96d2bcf317bd766ae804d5be7b79b52 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 09:08:48 -0600
Subject: [PATCH 21/40] Logger for sandbox

---
 src/registrar/tests/test_admin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index f4e7dae3a..cc3b422d6 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -725,11 +725,11 @@ class DomainSessionVariableTest(TestCase):
         )
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
-            logger.debug(
+            logger.info(
                 f"Before populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
             )
             self.populate_session_values(request, item)
-            logger.debug(
+            logger.info(
                 f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
             )
             self.assertEqual(request.session["analyst_action"], "edit")

From 5384bb1fe706419a8096a913bf7a911e8a80068a Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 10:00:36 -0600
Subject: [PATCH 22/40] Snake case

---
 src/registrar/tests/test_admin.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index cc3b422d6..637d86718 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -689,7 +689,7 @@ class DomainSessionVariableTest(TestCase):
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
 
         self.populate_session_values(
-            request, dummy_domain_information.domain, preloadBadData=True
+            request, dummy_domain_information.domain, preload_bad_data=True
         )
 
         self.assertEqual(request.session["analyst_action"], "edit")
@@ -747,8 +747,8 @@ class DomainSessionVariableTest(TestCase):
         request_first = self.get_factory_post_edit_domain(info_first.domain.pk)
         request_second = self.get_factory_post_edit_domain(info_second.domain.pk)
 
-        self.populate_session_values(request_first, info_first.domain)
-        self.populate_session_values(request_second, info_second.domain)
+        self.populate_session_values(request_first, info_first.domain, True)
+        self.populate_session_values(request_second, info_second.domain, True)
 
         # Check if anything got nulled out
         self.assertNotEqual(request_first.session["analyst_action"], None)
@@ -766,12 +766,12 @@ class DomainSessionVariableTest(TestCase):
             request_second.session["analyst_action_location"],
         )
 
-    def populate_session_values(self, request, domain_object, preloadBadData=False):
+    def populate_session_values(self, request, domain_object, preload_bad_data=False):
         """Boilerplate for creating mock sessions"""
         request.user = self.client
         request.session = SessionStore()
         request.session.create()
-        if preloadBadData:
+        if preload_bad_data:
             request.session["analyst_action"] = "invalid"
             request.session["analyst_action_location"] = "bad location"
         self.admin.response_change(request, domain_object)

From b1f2b4a6633932e845cfb65295c83c680785f216 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 10:22:43 -0600
Subject: [PATCH 23/40] Sandbox unit test fix attempt

---
 src/registrar/tests/test_admin.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 637d86718..ea4eaeb62 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -649,6 +649,11 @@ class DomainSessionVariableTest(TestCase):
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
 
+        # Test data seems to linger in the sandbox for tests.
+        # We delete this here for these tests.
+        DomainInformation.objects.all().delete()
+        Domain.objects.all().delete()
+
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 

From 7d404d54945b6d6c753ab93c97d4b458c2e147d2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 14:43:40 -0600
Subject: [PATCH 24/40] Logging test

Temporarily removed assertEqual to log weird values
---
 src/registrar/tests/test_admin.py | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index ea4eaeb62..fadff2393 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -649,11 +649,6 @@ class DomainSessionVariableTest(TestCase):
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
 
-        # Test data seems to linger in the sandbox for tests.
-        # We delete this here for these tests.
-        DomainInformation.objects.all().delete()
-        Domain.objects.all().delete()
-
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 
@@ -737,8 +732,8 @@ class DomainSessionVariableTest(TestCase):
             logger.info(
                 f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
             )
-            self.assertEqual(request.session["analyst_action"], "edit")
-            self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
+            #self.assertEqual(request.session["analyst_action"], "edit")
+            #self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
         """Simulates two requests at once"""

From 31d4bfb5a7f04a9858d8181eda086bc39fa83180 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 15:23:27 -0600
Subject: [PATCH 25/40] Test case fix / remove redundant

---
 src/registrar/tests/test_admin.py | 31 +++++--------------------------
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index fadff2393..5cad9c646 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -648,7 +648,7 @@ class DomainSessionVariableTest(TestCase):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
-
+        
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 
@@ -698,22 +698,6 @@ class DomainSessionVariableTest(TestCase):
             dummy_domain_information.domain.pk,
         )
 
-    def test_unauthorized_user(self):
-        """Checks for when a user has invalid perms"""
-
-        p = "userpass"
-        self.client.login(username="staffuser", password=p)
-
-        dummy_domain_information = generic_domain_object("information", "session")
-        request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
-        self.populate_session_values(request, dummy_domain_information.domain)
-
-        self.assertEqual(request.session["analyst_action"], "edit")
-        self.assertEqual(
-            request.session["analyst_action_location"],
-            dummy_domain_information.domain.pk,
-        )
-
     def test_session_variables_retain_information(self):
         """Checks to see if session variables retain old information"""
 
@@ -725,15 +709,10 @@ class DomainSessionVariableTest(TestCase):
         )
         for item in dummy_domain_information_list:
             request = self.get_factory_post_edit_domain(item.domain.pk)
-            logger.info(
-                f"Before populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
-            )
-            self.populate_session_values(request, item)
-            logger.info(
-                f"After populate - Domain Pk: {item.domain.pk} obj pk: {item.pk}"
-            )
-            #self.assertEqual(request.session["analyst_action"], "edit")
-            #self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
+            self.populate_session_values(request, item.domain)
+
+            self.assertEqual(request.session["analyst_action"], "edit")
+            self.assertEqual(request.session["analyst_action_location"], item.domain.pk)
 
     def test_session_variables_concurrent_requests(self):
         """Simulates two requests at once"""

From 6ac58525465671955ac57df2161536ca3edf8286 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 28 Aug 2023 15:31:14 -0600
Subject: [PATCH 26/40] Linter

---
 src/registrar/tests/test_admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 5cad9c646..df967414b 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -648,7 +648,7 @@ class DomainSessionVariableTest(TestCase):
         self.factory = RequestFactory()
         self.admin = DomainAdmin(Domain, None)
         self.client = Client(HTTP_HOST="localhost:8080")
-        
+
     def test_session_vars_set_correctly(self):
         """Checks if session variables are being set correctly"""
 

From df090b06f4058436a9cc9eb148616c2d7f5e90e4 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 29 Aug 2023 10:49:40 -0600
Subject: [PATCH 27/40] Added get-gov-admin.js

---
 src/registrar/assets/js/get-gov-admin.js | 37 ++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 src/registrar/assets/js/get-gov-admin.js

diff --git a/src/registrar/assets/js/get-gov-admin.js b/src/registrar/assets/js/get-gov-admin.js
new file mode 100644
index 000000000..d7d589214
--- /dev/null
+++ b/src/registrar/assets/js/get-gov-admin.js
@@ -0,0 +1,37 @@
+/**
+ * @file get-gov-admin.js includes custom code for the .gov registrar admin portal.
+ *
+ * Constants and helper functions are at the top.
+ * Event handlers are in the middle.
+ * Initialization (run-on-load) stuff goes at the bottom.
+ */
+
+// <<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
+// Helper functions.
+/** Either sets attribute target="_blank" to a given element, or removes it */
+function openInNewTab(el, removeAttribute = false){
+    if(removeAttribute){
+        el.setAttribute("target", "_blank");
+    }else{
+        el.removeAttribute("target", "_blank");
+    }
+};
+
+// <<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
+// Event handlers.
+
+// <<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
+// Initialization code.
+
+/** An IIFE for pages in DjangoAdmin which may need custom JS implementation.
+ * Currently only appends target="_blank" to the domain_form object,
+ * but this can be expanded.
+*/
+(function prepareDjangoAdmin(){
+    let domainFormElement = document.getElementById("domain_form");
+    let domainSubmitButton = document.getElementById("manageDomainSubmitButton");
+    if(domainSubmitButton && domainFormElement){
+      domainSubmitButton.addEventListener("mouseover", () => openInNewTab(domainFormElement, true));
+      domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false));
+    }
+})();
\ No newline at end of file

From 4dd175f2a06f6ce6b2825669aab50ec65dfc1882 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 07:43:26 -0600
Subject: [PATCH 28/40] Rebuild sandbox

---
 src/registrar/tests/test_admin.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index df967414b..7d9b1d9ae 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -674,6 +674,7 @@ class DomainSessionVariableTest(TestCase):
             "information", "session"
         )
         dummy_domain_information.domain.pk = 1
+
         request = self.get_factory_post_edit_domain(dummy_domain_information.domain.pk)
         self.populate_session_values(request, dummy_domain_information.domain)
         self.assertEqual(request.session["analyst_action"], "edit")

From 19d173efd4496dd34ccbe65c066b2df4b3bd0a39 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 09:32:08 -0600
Subject: [PATCH 29/40] Fixed merge issues

---
 src/registrar/views/utility/mixins.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 8617f8acb..1fd21b18e 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -41,11 +41,15 @@ class DomainPermission(PermissionsLoginMixin):
         if pk is None:
             raise ValueError("Primary key is None")
 
-        # user needs to have a role on the domain
+        # user needs to have a role on the domain,
+        # and user cannot be restricted
         if UserDomainRole.objects.filter(
             user=self.request.user, domain__id=pk
-        ).exists():
+        ).exists() and not self.request.user.is_restricted():
             return True
+        elif self.request.user.is_restricted():
+            return False
+
 
         # ticket 806
         requested_domain = None
@@ -87,10 +91,6 @@ class DomainPermission(PermissionsLoginMixin):
         if can_do_action and user_is_analyst_or_superuser:
             return True
 
-        # The user has an ineligible flag
-        if self.request.user.is_restricted():
-            return False
-
         # if we need to check more about the nature of role, do it here.
         return False
 

From 98ab0180a4862a30458821f83a09bc82204954c1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 13:14:53 -0600
Subject: [PATCH 30/40] Updated Pauls userid

---
 src/registrar/fixtures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/fixtures.py b/src/registrar/fixtures.py
index f7168dbf3..58a03045b 100644
--- a/src/registrar/fixtures.py
+++ b/src/registrar/fixtures.py
@@ -63,7 +63,7 @@ class UserFixture:
             "last_name": "Adkinson",
         },
         {
-            "username": "bb21f687-c773-4df3-9243-111cfd4c0be4",
+            "username": "2bf518c2-485a-4c42-ab1a-f5a8b0a08484",
             "first_name": "Paul",
             "last_name": "Kuykendall",
         },

From 56eda2922563a01109182454455d560861f4f4a8 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 30 Aug 2023 13:25:21 -0600
Subject: [PATCH 31/40] Linting for recent changes

---
 src/registrar/views/utility/mixins.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 1fd21b18e..aff82699a 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -43,14 +43,16 @@ class DomainPermission(PermissionsLoginMixin):
 
         # user needs to have a role on the domain,
         # and user cannot be restricted
-        if UserDomainRole.objects.filter(
-            user=self.request.user, domain__id=pk
-        ).exists() and not self.request.user.is_restricted():
+        if (
+            UserDomainRole.objects.filter(
+                user=self.request.user, domain__id=pk
+            ).exists()
+            and not self.request.user.is_restricted()
+        ):
             return True
         elif self.request.user.is_restricted():
             return False
 
-
         # ticket 806
         requested_domain = None
         if DomainInformation.objects.filter(id=pk).exists():

From c94458dcd7c4cf0214a21609aac166efc57c40c7 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 31 Aug 2023 08:23:16 -0600
Subject: [PATCH 32/40] Added missing comma

---
 src/registrar/templates/domain_base.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 78c493a9c..d2870a82c 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -27,7 +27,7 @@
         <div class="usa-alert__body">
           <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
           <p class="usa-alert__text ">
-            You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates
+            You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates.
           </p>
         </div>
       </div>

From 3cfa7f8b034854ed529f1da8d9809138328ebd0d Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 31 Aug 2023 13:15:40 -0600
Subject: [PATCH 33/40] Changed permission flow for mixins / Made logging a bit
 more detailed

---
 src/registrar/views/domain.py                 | 21 +++--
 src/registrar/views/utility/mixins.py         | 92 +++++++++++--------
 .../views/utility/permission_views.py         | 24 +++--
 3 files changed, 82 insertions(+), 55 deletions(-)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 559ea4517..dd4b9d791 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -83,10 +83,10 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
         # Q: Is there a more efficent way to do this?
         # It would be ideal if we didn't have to repeat this.
         if self.request.user.is_staff or self.request.user.is_superuser:
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -134,8 +134,9 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -207,8 +208,9 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: formset.cleaned_data[field] for field in formset.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -254,8 +256,9 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -306,8 +309,9 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         # superclass has the redirect
@@ -388,7 +392,7 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, obj=self.get_object()
             )
         return redirect(self.get_success_url())
 
@@ -414,8 +418,9 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         if self.request.user.is_staff or self.request.user.is_superuser:
             # if they are editing from an '/admin' redirect, log their actions
+            changes = {field: form.cleaned_data[field] for field in form.changed_data}
             self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info
+                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
             )
 
         return redirect(self.get_success_url())
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index aff82699a..9a19d78d1 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -36,27 +36,55 @@ class DomainPermission(PermissionsLoginMixin):
         if not self.request.user.is_authenticated:
             return False
 
+        if self.request.user.is_restricted():
+            return False
+
         pk = self.kwargs["pk"]
         # If pk is none then something went very wrong...
         if pk is None:
             raise ValueError("Primary key is None")
 
+        # ticket 806
+        if self.can_access_other_user_domains(pk):
+            return True
+
         # user needs to have a role on the domain,
         # and user cannot be restricted
-        if (
-            UserDomainRole.objects.filter(
-                user=self.request.user, domain__id=pk
-            ).exists()
-            and not self.request.user.is_restricted()
-        ):
-            return True
-        elif self.request.user.is_restricted():
+        if not UserDomainRole.objects.filter(
+            user=self.request.user, domain__id=pk
+        ).exists():
             return False
 
-        # ticket 806
-        requested_domain = None
-        if DomainInformation.objects.filter(id=pk).exists():
-            requested_domain = DomainInformation.objects.get(id=pk)
+        # if we need to check more about the nature of role, do it here.
+        return True
+
+    def can_access_other_user_domains(self, pk):
+        """Checks to see if an authorized user (staff or superuser)
+        can access a domain that they did not create or was invited to.
+        """
+
+        # Check if the user is permissioned...
+        user_is_analyst_or_superuser = (
+            self.request.user.is_staff or self.request.user.is_superuser
+        )
+        logger.debug(f"is auth {user_is_analyst_or_superuser}")
+
+        if not user_is_analyst_or_superuser:
+            return False
+
+        # Check if the user is attempting a valid edit action.
+        # In other words, if the analyst/admin did not click
+        # the 'Manage Domain' button in /admin,
+        # then they cannot access this page.
+        session = self.request.session
+        can_do_action = (
+            "analyst_action" in session
+            and "analyst_action_location" in session
+            and session["analyst_action_location"] == pk
+        )
+        logger.debug(f"can do {can_do_action}")
+        if not can_do_action:
+            return False
 
         # Analysts may manage domains, when they are in these statuses:
         valid_domain_statuses = [
@@ -64,37 +92,23 @@ class DomainPermission(PermissionsLoginMixin):
             DomainApplication.IN_REVIEW,
             DomainApplication.REJECTED,
             DomainApplication.ACTION_NEEDED,
+            # Edge case - some domains do not have
+            # a status or DomainInformation... aka a status of 'None'.
+            # It is necessary to access those to correct errors.
+            None,
         ]
 
-        # Check if the user is permissioned...
-        user_is_analyst_or_superuser = (
-            self.request.user.is_staff or self.request.user.is_superuser
-        )
+        requested_domain = None
+        if DomainInformation.objects.filter(id=pk).exists():
+            requested_domain = DomainInformation.objects.get(id=pk)
 
-        session = self.request.session
-        # Check if the user is attempting a valid edit action.
-        can_do_action = (
-            "analyst_action" in session
-            and "analyst_action_location" in session
-            and session["analyst_action_location"] == pk
-        )
+        if not requested_domain.domain_application.status in valid_domain_statuses:
+            return False
 
-        # Edge case - some domains do not have
-        # a status or DomainInformation... aka a status of 'None'
-        # This checks that it has a status, before checking if it does
-        # Otherwise, analysts can edit these domains
-        if requested_domain is not None:
-            can_do_action = (
-                can_do_action
-                and requested_domain.domain_application.status in valid_domain_statuses
-            )
-        # If the valid session keys exist, if the user is permissioned,
-        # and if its in a valid status
-        if can_do_action and user_is_analyst_or_superuser:
-            return True
-
-        # if we need to check more about the nature of role, do it here.
-        return False
+        # Valid session keys exist,
+        # the user is permissioned,
+        # and it is in a valid status
+        return True
 
 
 class DomainApplicationPermission(PermissionsLoginMixin):
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index a42238150..920ec6212 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -3,9 +3,9 @@
 import abc  # abstract base class
 
 from django.views.generic import DetailView, DeleteView, TemplateView
-
+from django.contrib.contenttypes.models import ContentType
 from registrar.models import Domain, DomainApplication, DomainInvitation
-
+from django.contrib.admin.models import LogEntry, CHANGE
 
 from .mixins import (
     DomainPermission,
@@ -48,7 +48,7 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
         return context
 
     def log_analyst_form_actions(
-        self, form_class_name, printable_object_info, changes=None
+        self, form_class_name, printable_object_info, changes=None, obj=None
     ):
         """Generates a log for when key 'analyst_action' exists on the session.
         Follows this format:
@@ -72,12 +72,20 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
             # or 'copy', for instance.
             match action:
                 case "edit":
-                    # Q: do we want to be logging on every changed field?
-                    # I could see that becoming spammy log-wise,
-                    # but it may also be important.
+                    if obj is not None:
+                        content_type = ContentType.objects.get_for_model(obj)
+                        LogEntry.objects.log_action(
+                            user_id=self.request.user.id,
+                            content_type_id=content_type.pk,
+                            object_id=obj.id,
+                            object_repr=str(obj),
+                            action_flag=CHANGE,
+                        )
+
                     if changes is not None:
-                        # Logs every change made to the domain field
-                        # noqa for readability/format
+                        # Logs every change made to the domain field.
+                        # noqa for readability/format.
+                        # Used to manually capture changes, if need be.
                         for field, new_value in changes.items():
                             logger.info(
                                 f"""

From 11bed39dd8a0e2d2d209027d755dc005f75f0ca5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 1 Sep 2023 14:16:44 -0600
Subject: [PATCH 34/40] Remove custom logging / cleanup

---
 src/registrar/assets/js/get-gov-admin.js      | 17 ++++--
 src/registrar/views/domain.py                 | 49 +----------------
 src/registrar/views/utility/mixins.py         |  8 +--
 .../views/utility/permission_views.py         | 55 -------------------
 4 files changed, 16 insertions(+), 113 deletions(-)

diff --git a/src/registrar/assets/js/get-gov-admin.js b/src/registrar/assets/js/get-gov-admin.js
index d7d589214..d193b2fb6 100644
--- a/src/registrar/assets/js/get-gov-admin.js
+++ b/src/registrar/assets/js/get-gov-admin.js
@@ -27,11 +27,16 @@ function openInNewTab(el, removeAttribute = false){
  * Currently only appends target="_blank" to the domain_form object,
  * but this can be expanded.
 */
-(function prepareDjangoAdmin(){
-    let domainFormElement = document.getElementById("domain_form");
-    let domainSubmitButton = document.getElementById("manageDomainSubmitButton");
-    if(domainSubmitButton && domainFormElement){
-      domainSubmitButton.addEventListener("mouseover", () => openInNewTab(domainFormElement, true));
-      domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false));
+(function (){
+    // Keep scope tight and allow for scalability
+    function prepareDjangoAdmin() {
+        let domainFormElement = document.getElementById("domain_form");
+        let domainSubmitButton = document.getElementById("manageDomainSubmitButton");
+        if(domainSubmitButton && domainFormElement){
+          domainSubmitButton.addEventListener("mouseover", () => openInNewTab(domainFormElement, true));
+          domainSubmitButton.addEventListener("mouseout", () => openInNewTab(domainFormElement, false));
+        }
     }
+
+    prepareDjangoAdmin();
 })();
\ No newline at end of file
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index dd4b9d791..29d06da39 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -80,15 +80,6 @@ class DomainOrgNameAddressView(DomainPermissionView, FormMixin):
             self.request, "The organization name and mailing address has been updated."
         )
 
-        # Q: Is there a more efficent way to do this?
-        # It would be ideal if we didn't have to repeat this.
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -132,12 +123,7 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
             self.request, "The authorizing official for this domain has been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
+
 
         # superclass has the redirect
         return super().form_valid(form)
@@ -206,13 +192,6 @@ class DomainNameserversView(DomainPermissionView, FormMixin):
             self.request, "The name servers for this domain have been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: formset.cleaned_data[field] for field in formset.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return super().form_valid(formset)
 
@@ -254,13 +233,6 @@ class DomainYourContactInformationView(DomainPermissionView, FormMixin):
             self.request, "Your contact information for this domain has been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -307,13 +279,6 @@ class DomainSecurityEmailView(DomainPermissionView, FormMixin):
             self.request, "The security email for this domain have been updated."
         )
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
-
         # superclass has the redirect
         return redirect(self.get_success_url())
 
@@ -389,11 +354,7 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
                 messages.success(
                     self.request, f"Invited {email_address} to this domain."
                 )
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, obj=self.get_object()
-            )
+
         return redirect(self.get_success_url())
 
     def form_valid(self, form):
@@ -416,12 +377,6 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         messages.success(self.request, f"Added user {requested_email}.")
 
-        if self.request.user.is_staff or self.request.user.is_superuser:
-            # if they are editing from an '/admin' redirect, log their actions
-            changes = {field: form.cleaned_data[field] for field in form.changed_data}
-            self.log_analyst_form_actions(
-                self.form_class.__name__, self.get_object().domain_info, changes, obj=self.get_object()
-            )
 
         return redirect(self.get_success_url())
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 9a19d78d1..57bb97be6 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -10,6 +10,7 @@ from registrar.models import (
 )
 import logging
 
+
 logger = logging.getLogger(__name__)
 
 
@@ -44,12 +45,10 @@ class DomainPermission(PermissionsLoginMixin):
         if pk is None:
             raise ValueError("Primary key is None")
 
-        # ticket 806
         if self.can_access_other_user_domains(pk):
             return True
 
-        # user needs to have a role on the domain,
-        # and user cannot be restricted
+        # user needs to have a role on the domain
         if not UserDomainRole.objects.filter(
             user=self.request.user, domain__id=pk
         ).exists():
@@ -67,7 +66,6 @@ class DomainPermission(PermissionsLoginMixin):
         user_is_analyst_or_superuser = (
             self.request.user.is_staff or self.request.user.is_superuser
         )
-        logger.debug(f"is auth {user_is_analyst_or_superuser}")
 
         if not user_is_analyst_or_superuser:
             return False
@@ -82,7 +80,7 @@ class DomainPermission(PermissionsLoginMixin):
             and "analyst_action_location" in session
             and session["analyst_action_location"] == pk
         )
-        logger.debug(f"can do {can_do_action}")
+
         if not can_do_action:
             return False
 
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index 920ec6212..aa4c79690 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -47,61 +47,6 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
 
         return context
 
-    def log_analyst_form_actions(
-        self, form_class_name, printable_object_info, changes=None, obj=None
-    ):
-        """Generates a log for when key 'analyst_action' exists on the session.
-        Follows this format:
-
-        for field, new_value in changes.items():
-                "{user_type} '{self.request.user}'
-                set field '{field}': '{new_value}'
-                under class '{form_class_name}'
-                in domain '{printable_object_info}'"
-        """
-        if "analyst_action" in self.request.session:
-            action = self.request.session["analyst_action"]
-
-            user_type = "Analyst"
-            if self.request.user.is_superuser:
-                user_type = "Superuser"
-
-            # Template for potential future expansion,
-            # in the event we want more logging granularity.
-            # Could include things such as 'view'
-            # or 'copy', for instance.
-            match action:
-                case "edit":
-                    if obj is not None:
-                        content_type = ContentType.objects.get_for_model(obj)
-                        LogEntry.objects.log_action(
-                            user_id=self.request.user.id,
-                            content_type_id=content_type.pk,
-                            object_id=obj.id,
-                            object_repr=str(obj),
-                            action_flag=CHANGE,
-                        )
-
-                    if changes is not None:
-                        # Logs every change made to the domain field.
-                        # noqa for readability/format.
-                        # Used to manually capture changes, if need be.
-                        for field, new_value in changes.items():
-                            logger.info(
-                                f"""
-                                An analyst or superuser made alterations to a domain: 
-                                {user_type} '{self.request.user}' 
-                                set field '{field}': '{new_value}' 
-                                under class '{form_class_name}' 
-                                in domain '{printable_object_info}'
-                                """  # noqa
-                            )
-                    else:
-                        # noqa here as breaking this up further leaves it hard to read
-                        logger.info(
-                            f"{user_type} {self.request.user} edited {form_class_name} in {printable_object_info}"  # noqa
-                        )
-
     # Abstract property enforces NotImplementedError on an attribute.
     @property
     @abc.abstractmethod

From 6617ecb8a0cb4901458d67ee6583d0e7d5a0a985 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 1 Sep 2023 17:39:58 -0400
Subject: [PATCH 35/40] concatenate the value + extracted text for both label
 for attribute and checkbox id attribute

---
 src/registrar/templates/admin/change_list_results.html | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/registrar/templates/admin/change_list_results.html b/src/registrar/templates/admin/change_list_results.html
index 831350888..1d0c70c30 100644
--- a/src/registrar/templates/admin/change_list_results.html
+++ b/src/registrar/templates/admin/change_list_results.html
@@ -60,12 +60,11 @@ Load our custom filters to extract info from the django generated markup.
         <tr><td colspan="{{ result|length }}">{{ result.form.non_field_errors }}</td></tr>
     {% endif %}
     <tr>
-
         {% with result_value=result.0|extract_value %}
             {% with result_label=result.1|extract_a_text %}
                 <td>
-                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_label|default:result_value }}" class="action-select">
-                    <label class="usa-sr-only" for="{{ result_label|default:result_value }}">{{ result_label|default:'label' }}</label>
+                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_value|default:'value' }} {{ result_label|default:'label' }}" class="action-select">
+                    <label class="usa-sr-only" for="{{ result_value|default:'value' }} {{ result_label|default:'label' }}">{{ result_label|default:'label' }}</label>
                 </td>
                 {% endwith %}
         {% endwith %}

From 7a5438e3d000834952241fec2d32e019e7a7b6ce Mon Sep 17 00:00:00 2001
From: rachidatecs <107004823+rachidatecs@users.noreply.github.com>
Date: Tue, 5 Sep 2023 11:59:33 -0400
Subject: [PATCH 36/40] Update
 src/registrar/templates/admin/change_list_results.html

Co-authored-by: Neil MartinsenBurrell <neil.martinsen-burrell@gsa.gov>
---
 src/registrar/templates/admin/change_list_results.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/admin/change_list_results.html b/src/registrar/templates/admin/change_list_results.html
index 1d0c70c30..4ced73eb3 100644
--- a/src/registrar/templates/admin/change_list_results.html
+++ b/src/registrar/templates/admin/change_list_results.html
@@ -63,8 +63,8 @@ Load our custom filters to extract info from the django generated markup.
         {% with result_value=result.0|extract_value %}
             {% with result_label=result.1|extract_a_text %}
                 <td>
-                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_value|default:'value' }} {{ result_label|default:'label' }}" class="action-select">
-                    <label class="usa-sr-only" for="{{ result_value|default:'value' }} {{ result_label|default:'label' }}">{{ result_label|default:'label' }}</label>
+                    <input type="checkbox" name="_selected_action" value="{{ result_value|default:'value' }}" id="{{ result_value|default:'value' }}-{{ result_label|default:'label' }}" class="action-select">
+                    <label class="usa-sr-only" for="{{ result_value|default:'value' }}-{{ result_label|default:'label' }}">{{ result_label|default:'label' }}</label>
                 </td>
                 {% endwith %}
         {% endwith %}

From 6d2b397a1bf71be3695c80003a07909e7b3428b5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 5 Sep 2023 14:07:35 -0600
Subject: [PATCH 37/40] Linter fixes

---
 src/registrar/views/domain.py                   | 3 ---
 src/registrar/views/utility/mixins.py           | 2 +-
 src/registrar/views/utility/permission_views.py | 2 --
 3 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 29d06da39..f945bc443 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -123,8 +123,6 @@ class DomainAuthorizingOfficialView(DomainPermissionView, FormMixin):
             self.request, "The authorizing official for this domain has been updated."
         )
 
-
-
         # superclass has the redirect
         return super().form_valid(form)
 
@@ -377,7 +375,6 @@ class DomainAddUserView(DomainPermissionView, FormMixin):
 
         messages.success(self.request, f"Added user {requested_email}.")
 
-
         return redirect(self.get_success_url())
 
 
diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py
index 57bb97be6..fd58b3475 100644
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@@ -100,7 +100,7 @@ class DomainPermission(PermissionsLoginMixin):
         if DomainInformation.objects.filter(id=pk).exists():
             requested_domain = DomainInformation.objects.get(id=pk)
 
-        if not requested_domain.domain_application.status in valid_domain_statuses:
+        if requested_domain.domain_application.status not in valid_domain_statuses:
             return False
 
         # Valid session keys exist,
diff --git a/src/registrar/views/utility/permission_views.py b/src/registrar/views/utility/permission_views.py
index aa4c79690..417ee8417 100644
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@@ -3,9 +3,7 @@
 import abc  # abstract base class
 
 from django.views.generic import DetailView, DeleteView, TemplateView
-from django.contrib.contenttypes.models import ContentType
 from registrar.models import Domain, DomainApplication, DomainInvitation
-from django.contrib.admin.models import LogEntry, CHANGE
 
 from .mixins import (
     DomainPermission,

From 48e56724acbe5ccb544d2b776c4142818b9b0aae Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 6 Sep 2023 10:00:37 -0600
Subject: [PATCH 38/40] Added comments on get-gov-admin.js

---
 src/registrar/assets/js/get-gov-admin.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/registrar/assets/js/get-gov-admin.js b/src/registrar/assets/js/get-gov-admin.js
index d193b2fb6..3b9f19a49 100644
--- a/src/registrar/assets/js/get-gov-admin.js
+++ b/src/registrar/assets/js/get-gov-admin.js
@@ -28,7 +28,15 @@ function openInNewTab(el, removeAttribute = false){
  * but this can be expanded.
 */
 (function (){
-    // Keep scope tight and allow for scalability
+    /*
+    On mouseover, appends target="_blank" on domain_form under the Domain page.
+    The reason for this is that the template has a form that contains multiple buttons.
+    The structure of that template complicates seperating those buttons 
+    out of the form (while maintaining the same position on the page).
+    However, if we want to open one of those submit actions to a new tab - 
+    such as the manage domain button - we need to dynamically append target.
+    As there is no built-in django method which handles this, we do it here. 
+    */
     function prepareDjangoAdmin() {
         let domainFormElement = document.getElementById("domain_form");
         let domainSubmitButton = document.getElementById("manageDomainSubmitButton");

From d663e46fbbcd9678e5f531cab3418546474e4b17 Mon Sep 17 00:00:00 2001
From: Gaby Disarli <gaby@truss.works>
Date: Wed, 6 Sep 2023 17:12:28 -0700
Subject: [PATCH 39/40] changes to domain contact information

---
 src/registrar/templates/domain_your_contact_information.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_your_contact_information.html b/src/registrar/templates/domain_your_contact_information.html
index e18deeb50..1976a6def 100644
--- a/src/registrar/templates/domain_your_contact_information.html
+++ b/src/registrar/templates/domain_your_contact_information.html
@@ -7,7 +7,8 @@
 
   <h1>Domain contact information</h1>
 
-  <p>If you’d like us to use a different name, email, or phone number you can make those changes below. Changing your contact information here won’t affect your Login.gov account information.</p>
+<p>If you’d like us to use a different name, email, or phone number you can make those changes below. <strong>Please note that updating your contact information here will update the contact information for all domains in your account.</strong> However, it won’t affect your Login.gov account information.
+</p>
 
   {% include "includes/required_fields.html" %}
 

From b77bffd4835cf263dfc384dc571120dd987a5ed8 Mon Sep 17 00:00:00 2001
From: Gaby Disarli <gaby@truss.works>
Date: Thu, 7 Sep 2023 08:56:02 -0700
Subject: [PATCH 40/40] remove  'please note that'

---
 src/registrar/templates/domain_your_contact_information.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_your_contact_information.html b/src/registrar/templates/domain_your_contact_information.html
index 1976a6def..81c62584c 100644
--- a/src/registrar/templates/domain_your_contact_information.html
+++ b/src/registrar/templates/domain_your_contact_information.html
@@ -7,7 +7,7 @@
 
   <h1>Domain contact information</h1>
 
-<p>If you’d like us to use a different name, email, or phone number you can make those changes below. <strong>Please note that updating your contact information here will update the contact information for all domains in your account.</strong> However, it won’t affect your Login.gov account information.
+<p>If you’d like us to use a different name, email, or phone number you can make those changes below. <strong>Updating your contact information here will update the contact information for all domains in your account.</strong> However, it won’t affect your Login.gov account information.
 </p>
 
   {% include "includes/required_fields.html" %}