fix unit tests

src/registrar/config/urls.py

@@ -86,6 +86,11 @@ urlpatterns = [
         views.PortfolioMemberView.as_view(),
         name="member",
     ),
+    path(
+        "invitedmember/<int:pk>",
+        views.PortfolioInvitedMemberView.as_view(),
+        name="invitedmember",
+    ),
     # path(
     #     "no-organization-members/",
     #     views.PortfolioNoMembersView.as_view(),

src/registrar/forms/portfolio.py

@@ -4,6 +4,7 @@ import logging
 from django import forms
 from django.core.validators import RegexValidator
 
+from registrar.models.portfolio_invitation import PortfolioInvitation
 from registrar.models.user_portfolio_permission import UserPortfolioPermission
 from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
 
@@ -126,3 +127,30 @@ class PortfolioMemberForm(forms.ModelForm):
             "additional_permissions",
         ]
 
+
+class PortfolioInvitedMemberForm(forms.ModelForm):
+    """
+    Form for updating a portfolio invited member.
+    """
+
+    portfolio_roles = forms.MultipleChoiceField(
+        choices=UserPortfolioRoleChoices.choices,
+        widget=forms.SelectMultiple(attrs={'class': 'usa-select'}),
+        required=False,
+        label="Roles",
+    )
+
+    portfolio_additional_permissions = forms.MultipleChoiceField(
+        choices=UserPortfolioPermissionChoices.choices,
+        widget=forms.SelectMultiple(attrs={'class': 'usa-select'}),
+        required=False,
+        label="Additional Permissions",
+    )
+    
+    class Meta:
+        model = PortfolioInvitation
+        fields = [
+            "portfolio_roles",
+            "portfolio_additional_permissions",
+        ]
+

src/registrar/templates/portfolio_member.html

@@ -15,17 +15,22 @@
 
         <h1>Member</h1>
 
-        <p>{{ user.first_name }}</p>
+        <p>{{ member.first_name }}</p>
 
 
         <hr>
 
         <form class="usa-form usa-form--large" method="post" novalidate>
             {% csrf_token %}
-        
+            {% if form.roles %}
-            {% input_with_errors form.roles %}
+              {% comment - handling form fields for member %}
-            {% input_with_errors form.additional_permissions %}
+              {% input_with_errors form.roles %}
-        
+              {% input_with_errors form.additional_permissions %}
+            {% elif form.portfolio_roles %}
+              {% comment - handling form fields for invited member %}
+              {% input_with_errors form.portfolio_roles %}
+              {% input_with_errors form.portfolio_additional_permissions %}
+            {% endif %}
             <button
               type="submit"
               class="usa-button"

src/registrar/tests/test_views_portfolio.py

@@ -817,7 +817,6 @@ class TestPortfolio(WebTest):
 
         # Verify that view-only settings are sent in the dynamic HTML
         response = self.client.get(reverse("get_portfolio_members_json") + f"?portfolio={self.portfolio.pk}")
-        print(response.content)
         self.assertContains(response, '"action_label": "View"')
         self.assertContains(response, '"svg_icon": "visibility"')
 

src/registrar/views/portfolio_members_json.py

@@ -86,14 +86,6 @@ def get_portfolio_members_json(request):
     )
 
 
-# def get_member_ids_from_request(request, portfolio):
-#     """Given the current request,
-#     get all members that are associated with the given portfolio"""
-#     member_ids = []
-#     if portfolio:
-#         member_ids = UserPortfolioPermission.objects.filter(portfolio=portfolio).values_list("user__id", flat=True)
-#     return member_ids
-
 def apply_search(data_list, request):
     search_term = request.GET.get("search_term", "").lower()
 
@@ -153,11 +145,15 @@ def serialize_members(request, portfolio, item, user):
     view_only = not user.has_edit_members_portfolio_permission(portfolio) or not user_can_edit_other_users
 
     # ------- USER STATUSES
-    is_admin = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in item['roles']
+    is_admin = False
+    if item['roles']:
+        is_admin = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in item['roles']
 
     action_url = '#'
     if item['source'] == 'permission':
         action_url = reverse("member", kwargs={"pk": item['id']})
+    elif item['source'] == 'invitation':
+        action_url = reverse("invitedmember", kwargs={"pk": item['id']})
 
     # ------- SERIALIZE
     member_json = {

src/registrar/views/portfolios.py

@@ -3,8 +3,9 @@ from django.http import Http404
 from django.shortcuts import render
 from django.urls import reverse
 from django.contrib import messages
-from registrar.forms.portfolio import PortfolioMemberForm, PortfolioOrgAddressForm, PortfolioSeniorOfficialForm
+from registrar.forms.portfolio import PortfolioInvitedMemberForm, PortfolioMemberForm, PortfolioOrgAddressForm, PortfolioSeniorOfficialForm
 from registrar.models import Portfolio, User
+from registrar.models.portfolio_invitation import PortfolioInvitation
 from registrar.models.user_portfolio_permission import UserPortfolioPermission
 from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
 from registrar.views.utility.permission_views import (
@@ -12,6 +13,7 @@ from registrar.views.utility.permission_views import (
     PortfolioDomainsPermissionView,
     PortfolioBasePermissionView,
     NoPortfolioDomainsPermissionView,
+    PortfolioInvitedMemberPermissionView,
     PortfolioMemberPermissionView,
     PortfolioMembersPermissionView,
 )
@@ -65,7 +67,7 @@ class PortfolioMemberView(PortfolioMemberPermissionView, View):
         
         return render(request, self.template_name, {
             'form': form,
-            'user': user,
+            'member': user,
         })
 
     def post(self, request, pk):
@@ -76,15 +78,41 @@ class PortfolioMemberView(PortfolioMemberPermissionView, View):
         
         if form.is_valid():
             form.save()
-            return redirect('home')
+            return redirect('members')
         
         return render(request, self.template_name, {
             'form': form,
-            'user': user,  # Pass the user object again to the template
+            'member': user,  # Pass the user object again to the template
         })
     
 
 
+class PortfolioInvitedMemberView(PortfolioInvitedMemberPermissionView, View):
+
+    template_name = "portfolio_member.html"
+    form_class = PortfolioInvitedMemberForm
+
+    def get(self, request, pk):
+        portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
+        form = self.form_class(instance=portfolio_invitation)
+        return render(request, self.template_name, {
+            'form': form,
+            'member': None,
+        })
+
+    def post(self, request, pk):
+        portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
+        form = self.form_class(request.POST, instance=portfolio_invitation)
+        if form.is_valid():
+            form.save()
+            return redirect('members')
+        
+        return render(request, self.template_name, {
+            'form': form,
+            'member': None,  # Pass the user object again to the template
+        })
+    
+
 
 class PortfolioNoDomainsView(NoPortfolioDomainsPermissionView, View):
     """Some users have access to the underlying portfolio, but not any domains.

src/registrar/views/utility/mixins.py

@@ -515,3 +515,22 @@ class PortfolioMemberPermission(PortfolioBasePermission):
             return False
 
         return super().has_permission()
+
+
+class PortfolioInvitedMemberPermission(PortfolioBasePermission):
+    """Permission mixin that allows access to portfolio invited member pages if user
+    has access, otherwise 403"""
+
+    def has_permission(self):
+        """Check if this user has access to members for this portfolio.
+
+        The user is in self.request.user and the portfolio can be looked
+        up from the portfolio's primary key in self.kwargs["pk"]"""
+
+        portfolio = self.request.session.get("portfolio")
+        if not self.request.user.has_view_members_portfolio_permission(
+            portfolio
+        ) and not self.request.user.has_edit_members_portfolio_permission(portfolio):
+            return False
+
+        return super().has_permission()

src/registrar/views/utility/permission_views.py

@@ -15,6 +15,7 @@ from .mixins import (
     DomainRequestWizardPermission,
     PortfolioDomainRequestsPermission,
     PortfolioDomainsPermission,
+    PortfolioInvitedMemberPermission,
     UserDeleteDomainRolePermission,
     UserProfilePermission,
     PortfolioBasePermission,
@@ -267,3 +268,11 @@ class PortfolioMemberPermissionView(PortfolioMemberPermission, PortfolioBasePerm
     This abstract view cannot be instantiated. Actual views must specify
     `template_name`.
     """
+
+
+class PortfolioInvitedMemberPermissionView(PortfolioInvitedMemberPermission, PortfolioBasePermissionView, abc.ABC):
+    """Abstract base view for portfolio member views that enforces permissions.
+
+    This abstract view cannot be instantiated. Actual views must specify
+    `template_name`.
+    """