mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-05-17 10:07:04 +02:00
small refactor
This commit is contained in:
parent
d51649dfba
commit
e9ba08f20a
6 changed files with 61 additions and 72 deletions
|
@ -92,6 +92,8 @@ class UserResource(resources.ModelResource):
|
||||||
|
|
||||||
|
|
||||||
class FilteredSelectMultipleArrayWidget(FilteredSelectMultiple):
|
class FilteredSelectMultipleArrayWidget(FilteredSelectMultiple):
|
||||||
|
"""Custom widget to allow for editing an ArrayField in a widget similar to filter_horizontal widget"""
|
||||||
|
|
||||||
def __init__(self, verbose_name, is_stacked=False, choices=(), **kwargs):
|
def __init__(self, verbose_name, is_stacked=False, choices=(), **kwargs):
|
||||||
super().__init__(verbose_name, is_stacked, **kwargs)
|
super().__init__(verbose_name, is_stacked, **kwargs)
|
||||||
self.choices = choices
|
self.choices = choices
|
||||||
|
@ -655,10 +657,6 @@ class MyUserAdmin(BaseUserAdmin, ImportExportModelAdmin):
|
||||||
"status",
|
"status",
|
||||||
)
|
)
|
||||||
|
|
||||||
# For each filter_horizontal, init in admin js extendFilterHorizontalWidgets
|
|
||||||
# to activate the edit/delete/view buttons
|
|
||||||
# filter_horizontal = ("portfolio_roles",)
|
|
||||||
|
|
||||||
# Renames inherited AbstractUser label 'email_address to 'email'
|
# Renames inherited AbstractUser label 'email_address to 'email'
|
||||||
def formfield_for_dbfield(self, dbfield, **kwargs):
|
def formfield_for_dbfield(self, dbfield, **kwargs):
|
||||||
field = super().formfield_for_dbfield(dbfield, **kwargs)
|
field = super().formfield_for_dbfield(dbfield, **kwargs)
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
from registrar.models.user import User
|
|
||||||
|
|
||||||
|
|
||||||
def language_code(request):
|
def language_code(request):
|
||||||
"""Add LANGUAGE_CODE to the template context.
|
"""Add LANGUAGE_CODE to the template context.
|
||||||
|
@ -50,15 +48,9 @@ def portfolio_permissions(request):
|
||||||
"has_domain_requests_portfolio_permission": False,
|
"has_domain_requests_portfolio_permission": False,
|
||||||
}
|
}
|
||||||
return {
|
return {
|
||||||
"has_base_portfolio_permission": request.user.has_portfolio_permission(
|
"has_base_portfolio_permission": request.user.has_base_portfolio_permission(),
|
||||||
User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO
|
"has_domains_portfolio_permission": request.user.has_domains_portfolio_permission(),
|
||||||
),
|
"has_domain_requests_portfolio_permission": request.user.has_domain_requests_portfolio_permission(),
|
||||||
"has_domains_portfolio_permission": request.user.has_portfolio_permission(
|
|
||||||
User.UserPortfolioPermissionChoices.VIEW_DOMAINS
|
|
||||||
),
|
|
||||||
"has_domain_requests_portfolio_permission": request.user.has_portfolio_permission(
|
|
||||||
User.UserPortfolioPermissionChoices.VIEW_REQUESTS
|
|
||||||
),
|
|
||||||
}
|
}
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
# Handles cases where request.user might not exist
|
# Handles cases where request.user might not exist
|
||||||
|
|
|
@ -247,7 +247,21 @@ class User(AbstractUser):
|
||||||
def has_contact_info(self):
|
def has_contact_info(self):
|
||||||
return bool(self.title or self.email or self.phone)
|
return bool(self.title or self.email or self.phone)
|
||||||
|
|
||||||
def has_portfolio_permission(self, portfolio_permission):
|
def _get_portfolio_permissions(self):
|
||||||
|
"""
|
||||||
|
Retrieve the permissions for the user's portfolio roles.
|
||||||
|
"""
|
||||||
|
portfolio_permissions = set() # Use a set to avoid duplicate permissions
|
||||||
|
|
||||||
|
if self.portfolio_roles:
|
||||||
|
for role in self.portfolio_roles:
|
||||||
|
if role in self.PORTFOLIO_ROLE_PERMISSIONS:
|
||||||
|
portfolio_permissions.update(self.PORTFOLIO_ROLE_PERMISSIONS[role])
|
||||||
|
if self.portfolio_additional_permissions:
|
||||||
|
portfolio_permissions.update(self.portfolio_additional_permissions)
|
||||||
|
return list(portfolio_permissions) # Convert back to list if necessary
|
||||||
|
|
||||||
|
def _has_portfolio_permission(self, portfolio_permission):
|
||||||
"""The views should only call this guy when testing for perms and not rely on roles"""
|
"""The views should only call this guy when testing for perms and not rely on roles"""
|
||||||
|
|
||||||
# EDIT_DOMAINS === user is a manager on a domain (has UserDomainRole)
|
# EDIT_DOMAINS === user is a manager on a domain (has UserDomainRole)
|
||||||
|
@ -262,19 +276,19 @@ class User(AbstractUser):
|
||||||
|
|
||||||
return portfolio_permission in portfolio_permissions
|
return portfolio_permission in portfolio_permissions
|
||||||
|
|
||||||
def _get_portfolio_permissions(self):
|
# the methods below are checks for individual portfolio permissions. they are defined here
|
||||||
"""
|
# to make them easier to call elsewhere throughout the application
|
||||||
Retrieve the permissions for the user's portfolio roles.
|
def has_base_portfolio_permission(self):
|
||||||
"""
|
return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO)
|
||||||
portfolio_permissions = set() # Use a set to avoid duplicate permissions
|
|
||||||
|
|
||||||
if self.portfolio_roles:
|
def has_domains_portfolio_permission(self):
|
||||||
for role in self.portfolio_roles:
|
return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_DOMAINS)
|
||||||
if role in self.PORTFOLIO_ROLE_PERMISSIONS:
|
|
||||||
portfolio_permissions.update(self.PORTFOLIO_ROLE_PERMISSIONS[role])
|
def has_edit_domains_portfolio_permission(self):
|
||||||
if self.portfolio_additional_permissions:
|
return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
|
||||||
portfolio_permissions.update(self.portfolio_additional_permissions)
|
|
||||||
return list(portfolio_permissions) # Convert back to list if necessary
|
def has_domain_requests_portfolio_permission(self):
|
||||||
|
return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_REQUESTS)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def needs_identity_verification(cls, email, uuid):
|
def needs_identity_verification(cls, email, uuid):
|
||||||
|
|
|
@ -6,7 +6,6 @@ import logging
|
||||||
from urllib.parse import parse_qs
|
from urllib.parse import parse_qs
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
from django.http import HttpResponseRedirect
|
from django.http import HttpResponseRedirect
|
||||||
from registrar.context_processors import portfolio_permissions
|
|
||||||
from registrar.models.user import User
|
from registrar.models.user import User
|
||||||
from waffle.decorators import flag_is_active
|
from waffle.decorators import flag_is_active
|
||||||
|
|
||||||
|
@ -146,18 +145,11 @@ class CheckPortfolioMiddleware:
|
||||||
if current_path == self.home:
|
if current_path == self.home:
|
||||||
if has_organization_feature_flag:
|
if has_organization_feature_flag:
|
||||||
if request.user.is_authenticated:
|
if request.user.is_authenticated:
|
||||||
# user_portfolios = Portfolio.objects.filter(creator=request.user)
|
|
||||||
|
|
||||||
permission_dict = portfolio_permissions(request)
|
if request.user.has_base_portfolio_permission():
|
||||||
has_portfolio_base_permission = permission_dict["has_base_portfolio_permission"]
|
|
||||||
|
|
||||||
if has_portfolio_base_permission:
|
|
||||||
portfolio = request.user.portfolio
|
portfolio = request.user.portfolio
|
||||||
|
|
||||||
permission_dict = portfolio_permissions(request)
|
if request.user.has_domains_portfolio_permission():
|
||||||
has_portfolio_domains_permission = permission_dict["has_domains_portfolio_permission"]
|
|
||||||
|
|
||||||
if has_portfolio_domains_permission:
|
|
||||||
portfolio_redirect = reverse("portfolio-domains", kwargs={"portfolio_id": portfolio.id})
|
portfolio_redirect = reverse("portfolio-domains", kwargs={"portfolio_id": portfolio.id})
|
||||||
else:
|
else:
|
||||||
# View organization is the lowest access
|
# View organization is the lowest access
|
||||||
|
|
|
@ -1231,9 +1231,9 @@ class TestUser(TestCase):
|
||||||
self.user.save()
|
self.user.save()
|
||||||
self.user.refresh_from_db()
|
self.user.refresh_from_db()
|
||||||
|
|
||||||
user_can_view_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_DOMAINS)
|
user_can_view_domains = self.user.has_domains_portfolio_permission()
|
||||||
user_can_view_requests = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_REQUESTS)
|
user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
|
||||||
user_can_edit_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
|
user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
|
||||||
|
|
||||||
self.assertFalse(user_can_view_domains)
|
self.assertFalse(user_can_view_domains)
|
||||||
self.assertFalse(user_can_view_requests)
|
self.assertFalse(user_can_view_requests)
|
||||||
|
@ -1243,9 +1243,9 @@ class TestUser(TestCase):
|
||||||
self.user.save()
|
self.user.save()
|
||||||
self.user.refresh_from_db()
|
self.user.refresh_from_db()
|
||||||
|
|
||||||
user_can_view_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_DOMAINS)
|
user_can_view_domains = self.user.has_domains_portfolio_permission()
|
||||||
user_can_view_requests = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_REQUESTS)
|
user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
|
||||||
user_can_edit_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
|
user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
|
||||||
|
|
||||||
self.assertTrue(user_can_view_domains)
|
self.assertTrue(user_can_view_domains)
|
||||||
self.assertFalse(user_can_view_requests)
|
self.assertFalse(user_can_view_requests)
|
||||||
|
@ -1255,9 +1255,9 @@ class TestUser(TestCase):
|
||||||
self.user.save()
|
self.user.save()
|
||||||
self.user.refresh_from_db()
|
self.user.refresh_from_db()
|
||||||
|
|
||||||
user_can_view_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_DOMAINS)
|
user_can_view_domains = self.user.has_domains_portfolio_permission()
|
||||||
user_can_view_requests = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_REQUESTS)
|
user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
|
||||||
user_can_edit_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
|
user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
|
||||||
|
|
||||||
self.assertTrue(user_can_view_domains)
|
self.assertTrue(user_can_view_domains)
|
||||||
self.assertTrue(user_can_view_requests)
|
self.assertTrue(user_can_view_requests)
|
||||||
|
@ -1267,9 +1267,9 @@ class TestUser(TestCase):
|
||||||
user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER
|
user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER
|
||||||
)
|
)
|
||||||
|
|
||||||
user_can_view_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_DOMAINS)
|
user_can_view_domains = self.user.has_domains_portfolio_permission()
|
||||||
user_can_view_requests = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_REQUESTS)
|
user_can_view_requests = self.user.has_domain_requests_portfolio_permission()
|
||||||
user_can_edit_domains = self.user.has_portfolio_permission(User.UserPortfolioPermissionChoices.EDIT_DOMAINS)
|
user_can_edit_domains = self.user.has_edit_domains_portfolio_permission()
|
||||||
|
|
||||||
self.assertTrue(user_can_view_domains)
|
self.assertTrue(user_can_view_domains)
|
||||||
self.assertTrue(user_can_view_requests)
|
self.assertTrue(user_can_view_requests)
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
from django.contrib.auth.mixins import PermissionRequiredMixin
|
from django.contrib.auth.mixins import PermissionRequiredMixin
|
||||||
|
|
||||||
from registrar.context_processors import portfolio_permissions
|
|
||||||
from registrar.models import (
|
from registrar.models import (
|
||||||
Domain,
|
Domain,
|
||||||
DomainRequest,
|
DomainRequest,
|
||||||
|
@ -414,40 +413,34 @@ class PortfolioBasePermission(PermissionsLoginMixin):
|
||||||
if not self.request.user.is_authenticated:
|
if not self.request.user.is_authenticated:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
permission_dict = portfolio_permissions(self.request)
|
return self.request.user.has_base_portfolio_permission()
|
||||||
has_permission = permission_dict["has_base_portfolio_permission"]
|
|
||||||
|
|
||||||
if not has_permission:
|
|
||||||
return False
|
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
class PortfolioDomainsPermission(PortfolioBasePermission):
|
class PortfolioDomainsPermission(PortfolioBasePermission):
|
||||||
""" """
|
"""Permission mixin that allows access to portfolio domain pages if user
|
||||||
|
has access, otherwise 403"""
|
||||||
|
|
||||||
def has_permission(self):
|
def has_permission(self):
|
||||||
""" """
|
"""Check if this user has access to domains for this portfolio.
|
||||||
|
|
||||||
permission_dict = portfolio_permissions(self.request)
|
The user is in self.request.user and the portfolio can be looked
|
||||||
has_permission = permission_dict["has_domains_portfolio_permission"]
|
up from the portfolio's primary key in self.kwargs["pk"]"""
|
||||||
|
|
||||||
if not has_permission:
|
if not self.request.user.is_authenticated:
|
||||||
return False
|
return False
|
||||||
|
return self.request.user.has_domains_portfolio_permission()
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
class PortfolioDomainRequestsPermission(PortfolioBasePermission):
|
class PortfolioDomainRequestsPermission(PortfolioBasePermission):
|
||||||
""" """
|
"""Permission mixin that allows access to portfolio domain request pages if user
|
||||||
|
has access, otherwise 403"""
|
||||||
|
|
||||||
def has_permission(self):
|
def has_permission(self):
|
||||||
""" """
|
"""Check if this user has access to domain requests for this portfolio.
|
||||||
|
|
||||||
permission_dict = portfolio_permissions(self.request)
|
The user is in self.request.user and the portfolio can be looked
|
||||||
has_permission = permission_dict["has_domain_requests_portfolio_permission"]
|
up from the portfolio's primary key in self.kwargs["pk"]"""
|
||||||
|
|
||||||
if not has_permission:
|
if not self.request.user.is_authenticated:
|
||||||
return False
|
return False
|
||||||
|
return self.request.user.has_domain_requests_portfolio_permission()
|
||||||
return True
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue