Merge pull request #1394 from cisagov/dk/872-prevent-multiple-applications

Issue #872 - Prevent user from submitting multiple applications (STAGED IN DK SANDBOX)

src/registrar/templates/application_form.html

@@ -22,6 +22,14 @@
           {% include "includes/form_messages.html" %}
 {% endblock %}
 
+{% if pending_requests_message %}
+<div class="usa-alert usa-alert--info margin-bottom-3">
+  <div class="usa-alert__body">
+    {{ pending_requests_message }}
+  </div>
+</div>
+{% endif %}
+
 {% block form_errors %}
         {% comment %}
            to make sense of this loop, consider that 
@@ -66,6 +74,13 @@
               value="next"
               class="usa-button"
             >Save and continue</button>
+            {% elif pending_requests_exist %}
+            <button
+              type="submit"
+              name="submit_button"
+              value="save_and_return"
+              class="usa-button usa-button--outline"
+            >Save and return to manage your domains</button>
             {% else %}
             <button
               type="submit"

src/registrar/templates/domain_dnssec.html

@@ -40,9 +40,9 @@
     >
     {% else %}
     <div id="enable-dnssec">
-      <div class="usa-alert usa-alert--info usa-alert--slim">
+      <div class="usa-alert usa-alert--info">
         <div class="usa-alert__body">
-          It is strongly recommended that you only enable DNSSEC if you know how to set it up properly at your hosting service. If you make a mistake, it could cause your domain name to stop working.
+          <p class="margin-y-0">It is strongly recommended that you only enable DNSSEC if you know how to set it up properly at your hosting service. If you make a mistake, it could cause your domain name to stop working.</p>
         </div>
       </div>
       <a href="{% url 'domain-dns-dnssec-dsdata' pk=domain.id %}" class="usa-button">Enable DNSSEC</a>

src/registrar/templates/domain_nameservers.html

@@ -15,7 +15,7 @@
 
   <p>Add a name server record by entering the address (e.g., ns1.nameserver.com) in the name server fields below. You must add at least two name servers (13 max).</p>
 
-  <div class="usa-alert usa-alert--slim usa-alert--info">
+  <div class="usa-alert usa-alert--info">
     <div class="usa-alert__body">
       <p class="margin-top-0">Add an IP address only when your name server's address includes your domain name (e.g., if your domain name is “example.gov” and your name server is “ns1.example.gov,” then an IP address is required). Multiple IP addresses must be separated with commas.</p>
       <p class="margin-bottom-0">This step is uncommon unless you self-host your DNS or use custom addresses for your nameserver.</p>

src/registrar/tests/test_views.py

@@ -144,6 +144,18 @@ class DomainApplicationTests(TestWithUser, WebTest):
         result = page.form.submit()
         self.assertIn("What kind of U.S.-based government organization do you represent?", result)
 
+    def test_application_multiple_applications_exist(self):
+        """Test that an info message appears when user has multiple applications already"""
+        # create and submit an application
+        application = completed_application(user=self.user)
+        application.submit()
+        application.save()
+
+        # now, attempt to create another one
+        with less_console_noise():
+            page = self.app.get("/register/").follow()
+            self.assertContains(page, "You cannot submit this request yet")
+
     @boto3_mocking.patching
     def test_application_form_submission(self):
         """

src/registrar/views/application.py

@@ -3,6 +3,7 @@ import logging
 from django.http import Http404, HttpResponse, HttpResponseRedirect
 from django.shortcuts import redirect, render
 from django.urls import resolve, reverse
+from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import TemplateView
 from django.contrib import messages
@@ -218,6 +219,23 @@ class ApplicationWizard(ApplicationWizardPermissionView, TemplateView):
         self.steps.current = current_url
         context = self.get_context_data()
         context["forms"] = self.get_forms()
+
+        # if pending requests exist and user does not have approved domains,
+        # present message that domain application cannot be submitted
+        pending_requests = self.pending_requests()
+        if len(pending_requests) > 0:
+            message_header = "You cannot submit this request yet"
+            message_content = (
+                f"<h4 class='usa-alert__heading'>{message_header}</h4> "
+                "<p class='margin-bottom-0'>New domain requests cannot be submitted until we have finished "
+                f"reviewing your pending request: <strong>{pending_requests[0].requested_domain}</strong>. "
+                "You can continue to fill out this request and save it as a draft to be submitted later. "
+                f"<a class='usa-link' href='{reverse('home')}'>View your pending requests.</a></p>"
+            )
+            context["pending_requests_message"] = mark_safe(message_content)  # nosec
+
+        context["pending_requests_exist"] = len(pending_requests) > 0
+
         return render(request, self.template_name, context)
 
     def get_all_forms(self, **kwargs) -> list:
@@ -266,6 +284,37 @@ class ApplicationWizard(ApplicationWizardPermissionView, TemplateView):
 
         return instantiated
 
+    def pending_requests(self):
+        """return an array of pending requests if user has pending requests
+        and no approved requests"""
+        if self.approved_applications_exist() or self.approved_domains_exist():
+            return []
+        else:
+            return self.pending_applications()
+
+    def approved_applications_exist(self):
+        """Checks if user is creator of applications with APPROVED status"""
+        approved_application_count = DomainApplication.objects.filter(
+            creator=self.request.user, status=DomainApplication.APPROVED
+        ).count()
+        return approved_application_count > 0
+
+    def approved_domains_exist(self):
+        """Checks if user has permissions on approved domains
+
+        This additional check is necessary to account for domains which were migrated
+        and do not have an application"""
+        return self.request.user.permissions.count() > 0
+
+    def pending_applications(self):
+        """Returns a List of user's applications with one of the following states:
+        SUBMITTED, IN_REVIEW, ACTION_NEEDED"""
+        # if the current application has ACTION_NEEDED status, this check should not be performed
+        if self.application.status == DomainApplication.ACTION_NEEDED:
+            return []
+        check_statuses = [DomainApplication.SUBMITTED, DomainApplication.IN_REVIEW, DomainApplication.ACTION_NEEDED]
+        return DomainApplication.objects.filter(creator=self.request.user, status__in=check_statuses)
+
     def get_context_data(self):
         """Define context for access on all wizard pages."""
         return {
@@ -328,6 +377,10 @@ class ApplicationWizard(ApplicationWizardPermissionView, TemplateView):
         if button == "save":
             messages.success(request, "Your progress has been saved!")
             return self.goto(self.steps.current)
+        # if user opted to save progress and return,
+        # return them to the home page
+        if button == "save_and_return":
+            return HttpResponseRedirect(reverse("home"))
         # otherwise, proceed as normal
         return self.goto_next_step()