diff --git a/docs/django-admin/roles.md b/docs/django-admin/roles.md index 91c2949eb..458029e07 100644 --- a/docs/django-admin/roles.md +++ b/docs/django-admin/roles.md @@ -13,7 +13,8 @@ For more details, refer to the [user group model](../../src/registrar/models/use We can edit and deploy new group permissions by: -1. editing `user_group` then: +1. Editing `user_group` then: 2. Duplicating migration `0036_create_groups_01` and running migrations (append the name with a version number -to help django detect the migration eg 0037_create_groups_02) \ No newline at end of file +to help django detect the migration eg 0037_create_groups_02) +3. Making sure to update the dependency on the new migration with the previous migration \ No newline at end of file diff --git a/src/registrar/migrations/0038_create_groups_v02.py b/src/registrar/migrations/0038_create_groups_v02.py new file mode 100644 index 000000000..80752f31a --- /dev/null +++ b/src/registrar/migrations/0038_create_groups_v02.py @@ -0,0 +1,36 @@ +# This migration creates the create_full_access_group and create_cisa_analyst_group groups +# It is dependent on 0035 (which populates ContentType and Permissions) +# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS +# in the user_group model then: +# [NOT RECOMMENDED] +# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions +# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups +# step 3: fake run the latest migration in the migrations list +# [RECOMMENDED] +# Alternatively: +# Only step: duplicate the migration that loads data and run: docker-compose exec app ./manage.py migrate + +from django.db import migrations +from registrar.models import UserGroup +from typing import Any + + +# For linting: RunPython expects a function reference, +# so let's give it one +def create_groups(apps, schema_editor) -> Any: + UserGroup.create_cisa_analyst_group(apps, schema_editor) + UserGroup.create_full_access_group(apps, schema_editor) + + +class Migration(migrations.Migration): + dependencies = [ + ("registrar", "0037_create_groups_v01"), + ] + + operations = [ + migrations.RunPython( + create_groups, + reverse_code=migrations.RunPython.noop, + atomic=True, + ), + ] diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py index b6f5b41b2..5cdb1f2ec 100644 --- a/src/registrar/models/user_group.py +++ b/src/registrar/models/user_group.py @@ -51,6 +51,11 @@ class UserGroup(Group): "model": "user", "permissions": ["analyst_access_permission", "change_user"], }, + { + "app_label": "registrar", + "model": "domaininvitation", + "permissions": ["add_domaininvitation", "view_domaininvitation"], + }, ] # Avoid error: You can't execute queries until the end diff --git a/src/registrar/tests/test_migrations.py b/src/registrar/tests/test_migrations.py index f98e876d7..14ab36e70 100644 --- a/src/registrar/tests/test_migrations.py +++ b/src/registrar/tests/test_migrations.py @@ -31,7 +31,7 @@ class TestGroups(TestCase): UserGroup.objects.filter(name="full_access_group"), [full_access_group] ) - # Test permissions for cisa_analysts_group + # Test permissions data migrations for cisa_analysts_group ran as expected # Define the expected permission codenames expected_permissions = [ "view_logentry", @@ -42,6 +42,8 @@ class TestGroups(TestCase): "change_draftdomain", "analyst_access_permission", "change_user", + "add_domaininvitation", + "view_domaininvitation" ] # Get the codenames of actual permissions associated with the group