Django admin portfolio members section

2025-05-17 01:57:03 +02:00 · 2024-08-21 12:25:27 -04:00 · 2024-08-21 12:25:27 -04:00 · eb061be71b
commit eb061be71b
parent eb5623987a
6 changed files with 288 additions and 14 deletions
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@ -2867,11 +2867,7 @@ class PortfolioAdmin(ListHeaderAdmin):
    fieldsets = [
        # created_on is the created_at field, and portfolio_type is f"{organization_type} - {federal_type}"
        (None, {"fields": ["portfolio_type", "organization_name", "creator", "created_on", "notes"]}),
-        # TODO - uncomment in #2521
+        ("Portfolio members", {"fields": ["display_admins", "display_members"]}),
        # ("Portfolio members", {
        #     "classes": ("collapse", "closed"),
        #     "fields": ["administrators", "members"]}
        # ),
        ("Portfolio domains", {"classes": ("collapse", "closed"), "fields": ["domains", "domain_requests"]}),
        ("Type of organization", {"fields": ["organization_type", "federal_type"]}),
        (
@ -2925,8 +2921,94 @@ class PortfolioAdmin(ListHeaderAdmin):
        "domain_requests",
        "suborganizations",
        "portfolio_type",
        # Django admin doesn't allow methods to be directly listed in fieldsets. We can
        # display the custom methods display_admins amd display_members in the admin form if
        # they are readonly.
        "display_admins",
        "display_members",
    ]
    def display_admins(self, obj):
        """Get joined users who are Admin, unpack and return an HTML block.
        'DJA readonly can't handle querysets, so we need to unpack and return html here.
        Alternatively, we could return querysets in context but that would limit where this
        data would display in a custom change form without extensive template customization.
        Will be used in the field_readonly block"""
        admins = [user for user in obj.user.all() if "Admin" in user.portfolio_role_summary]
        if not admins:
            return format_html("<p>No admins found.</p>")
        admin_details = ""
        for portfolio_admin in admins:
            change_url = reverse("admin:registrar_user_change", args=[portfolio_admin.pk])
            admin_details += "<address class='margin-bottom-2 dja-address-contact-list'>"
            admin_details += f'<a href="{change_url}">{portfolio_admin}</a><br>'
            admin_details += f"{portfolio_admin.title}<br>"
            admin_details += f"{portfolio_admin.email}"
            admin_details += "<div class='admin-icon-group admin-icon-group__clipboard-link'>"
            admin_details += f"<input aria-hidden='true' class='display-none' value='{portfolio_admin.email}'>"
            admin_details += (
                "<button class='usa-button usa-button--unstyled padding-right-1 usa-button--icon"
                + "button--clipboard copy-to-clipboard text-no-underline' type='button'>"
            )
            admin_details += "<svg class='usa-icon'>"
            admin_details += "<use aria-hidden='true' xlink:href='/public/img/sprite.svg#content_copy'></use>"
            admin_details += "</svg>"
            admin_details += "<span class='padding-left-05'>Copy</span>"
            admin_details += "</button>"
            admin_details += "</div><br>"
            admin_details += f"{portfolio_admin.phone}"
            admin_details += "</address>"
        return format_html(admin_details)
    display_admins.short_description = "Administrators"  # type: ignore
    def display_members(self, obj):
        """Get joined users who have roles/perms that are not Admin, unpack and return an HTML block.
        DJA readonly can't handle querysets, so we need to unpack and return html here.
        Alternatively, we could return querysets in context but that would limit where this
        data would display in a custom change form without extensive template customization.
        Will be used in the after_help_text block."""
        members = [user for user in obj.user.all() if "Admin" not in user.portfolio_role_summary]
        if not members:
            return format_html("<p>No members found.</p>")
        member_details = (
            "<table><thead><tr><th>Name</th><th>Title</th><th>Email</th>"
            + "<th>Phone</th><th>Roles</th></tr></thead><tbody>"
        )
        for member in members:
            full_name = (
                f"{member.first_name} {member.middle_name} {member.last_name}"
                if member.middle_name
                else f"{member.first_name} {member.last_name}"
            )
            member_details += "<tr>"
            member_details += f"<td>{full_name}</td>"
            member_details += f"<td>{member.title}</td>"
            member_details += f"<td>{member.email}</td>"
            member_details += f"<td>{member.phone}</td>"
            member_details += "<td>"
            for role in member.portfolio_role_summary:
                member_details += f"<span class='usa-tag'>{role}</span> "
            member_details += "</td></tr>"
        member_details += "</tbody></table>"
        return format_html(member_details)
    display_members.short_description = "Members"  # type: ignore
    def display_members_summary(self, obj):
        """Will be passed as context and used in the field_readonly block."""
        members = [user for user in obj.user.all() if "Admin" not in user.portfolio_role_summary]
        if not members:
            return {}
        return self.get_field_links_as_list(members, "user", separator=", ")
    def federal_type(self, obj: models.Portfolio):
        """Returns the federal_type field"""
        return BranchChoices.get_branch_label(obj.federal_type) if obj.federal_type else "-"
@ -2977,7 +3059,7 @@ class PortfolioAdmin(ListHeaderAdmin):
    ]
    def get_field_links_as_list(
-        self, queryset, model_name, attribute_name=None, link_info_attribute=None, seperator=None
+        self, queryset, model_name, attribute_name=None, link_info_attribute=None, separator=None
    ):
        """
        Generate HTML links for items in a queryset, using a specified attribute for link text.
@ -3009,14 +3091,14 @@ class PortfolioAdmin(ListHeaderAdmin):
                if link_info_attribute:
                    link += f" ({self.value_of_attribute(item, link_info_attribute)})"
-                if seperator:
+                if separator:
                    links.append(link)
                else:
                    links.append(f"<li>{link}</li>")
-        # If no seperator is specified, just return an unordered list.
+        # If no separator is specified, just return an unordered list.
-        if seperator:
+        if separator:
-            return format_html(seperator.join(links)) if links else "-"
+            return format_html(separator.join(links)) if links else "-"
        else:
            links = "".join(links)
            return format_html(f'<ul class="add-list-reset">{links}</ul>') if links else "-"
@ -3059,8 +3141,12 @@ class PortfolioAdmin(ListHeaderAdmin):
        return readonly_fields
    def change_view(self, request, object_id, form_url="", extra_context=None):
-        """Add related suborganizations and domain groups"""
+        """Add related suborganizations and domain groups.
-        extra_context = {"skip_additional_contact_info": True}
+        Add the summary for the portfolio members field (list of members that link to change_forms)."""
        obj = self.get_object(request, object_id)
        extra_context = extra_context or {}
        extra_context["skip_additional_contact_info"] = True
        extra_context["display_members_summary"] = self.display_members_summary(obj)
        return super().change_view(request, object_id, form_url, extra_context)
    def save_model(self, request, obj, form, change):
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@ -293,6 +293,49 @@ class User(AbstractUser):
    def has_edit_suborganization(self):
        return self._has_portfolio_permission(UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION)
    def has_edit_requests(self):
        return self._has_portfolio_permission(UserPortfolioPermissionChoices.EDIT_REQUESTS)
    @property
    def portfolio_role_summary(self):
        """Returns a list of roles based on the user's permissions."""
        roles = []
        # Define the conditions and their corresponding roles
        conditions_roles = [
            (self.has_edit_suborganization(), ["Admin"]),
            (
                self.has_view_all_domains_permission()
                and self.has_domain_requests_portfolio_permission()
                and self.has_edit_requests(),
                ["View-only admin", "Domain requestor"],
            ),
            (
                self.has_view_all_domains_permission() and self.has_domain_requests_portfolio_permission(),
                ["View-only admin"],
            ),
            (
                self.has_base_portfolio_permission()
                and self.has_edit_requests()
                and self.has_domains_portfolio_permission(),
                ["Member", "Domain requestor", "Domain manager"],
            ),
            (self.has_base_portfolio_permission() and self.has_edit_requests(), ["Member", "Domain requestor"]),
            (
                self.has_base_portfolio_permission() and self.has_domains_portfolio_permission(),
                ["Member", "Domain manager"],
            ),
            (self.has_base_portfolio_permission(), ["Member"]),
        ]
        # Evaluate conditions and add roles
        for condition, role_list in conditions_roles:
            if condition:
                roles.extend(role_list)
                break
        return roles
    @classmethod
    def needs_identity_verification(cls, email, uuid):
        """A method used by our oidc classes to test whether a user needs email/uuid verification
--- a/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
+++ b/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
@ -137,6 +137,10 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
            {% endfor %}
            {% endwith %}
        </div>
    {% elif field.field.name == "display_admins" %}
        <div class="readonly">{{ field.contents|safe }}</div>
    {% elif field.field.name == "display_members" %}
        <div class="readonly">{{ display_members_summary }}</div>
    {% else %}
        <div class="readonly">{{ field.contents }}</div>
    {% endif %}
@ -240,6 +244,13 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
            </details>
        {% endif %}
        {% endwith %}
    {% elif field.field.name == "display_members" %}
        <details class="margin-top-1 dja-detail-table" aria-role="button" open>
            <summary class="padding-1 padding-left-0 dja-details-summary">Details</summary>
            <div class="grid-container margin-left-0 padding-left-0 padding-right-0 dja-details-contents">
                {{ field.contents|safe }}
            </div>
        </details>
    {% elif field.field.name == "state_territory" %}
        <div class="flex-container margin-top-2">
            <span>
--- a/src/registrar/templates/django/admin/portfolio_change_form.html
+++ b/src/registrar/templates/django/admin/portfolio_change_form.html
@ -14,8 +14,7 @@
        This is a placeholder for now.
        Disclaimer:
-        When extending the fieldset view - *make a new one* that extends from detail_table_fieldset.
+        When extending the fieldset view consider whether you need to make a new one that extends from detail_table_fieldset.
        For instance, "portfolio_fieldset.html".
        detail_table_fieldset is used on multiple admin pages, so a change there can have unintended consequences.
        {% endcomment %}
        {% include "django/admin/includes/detail_table_fieldset.html" with original_object=original %}
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@ -45,6 +45,7 @@ from registrar.models import (
 from registrar.models.portfolio_invitation import PortfolioInvitation
 from registrar.models.senior_official import SeniorOfficial
 from registrar.models.user_domain_role import UserDomainRole
 from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
 from registrar.models.verified_by_staff import VerifiedByStaff
 from .common import (
    MockDbForSharedTests,
@ -2066,6 +2067,7 @@ class TestPortfolioAdmin(TestCase):
        DomainRequest.objects.all().delete()
        Domain.objects.all().delete()
        Portfolio.objects.all().delete()
        User.objects.all().delete()
    @less_console_noise_decorator
    def test_created_on_display(self):
@ -2121,3 +2123,81 @@ class TestPortfolioAdmin(TestCase):
        self.assertIn("request1.gov", domain_requests)
        self.assertIn("request2.gov", domain_requests)
        self.assertIn('<ul class="add-list-reset">', domain_requests)
    @less_console_noise_decorator
    def test_portfolio_members_display(self):
        """Tests the custom portfolio members field, admin and member sections"""
        admin_user_1 = User.objects.create(
            username="testuser1",
            first_name="Gerald",
            last_name="Meoward",
            title="Captain",
            email="meaoward@gov.gov",
            portfolio=self.portfolio,
            portfolio_roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
        )
        admin_user_2 = User.objects.create(
            username="testuser2",
            first_name="Arnold",
            last_name="Poopy",
            title="Major",
            email="poopy@gov.gov",
            portfolio=self.portfolio,
            portfolio_roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
        )
        admin_user_3 = User.objects.create(
            username="testuser3",
            first_name="Mad",
            last_name="Max",
            title="Road warrior",
            email="madmax@gov.gov",
            portfolio=self.portfolio,
            portfolio_roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
        )
        admin_user_4 = User.objects.create(
            username="testuser4",
            first_name="Agent",
            last_name="Smith",
            title="Program",
            email="thematrix@gov.gov",
            portfolio=self.portfolio,
            portfolio_additional_permissions=[
                UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
                UserPortfolioPermissionChoices.EDIT_REQUESTS,
            ],
        )
        display_admins = self.admin.display_admins(self.portfolio)
        self.assertIn(
            f'<a href="/admin/registrar/user/{admin_user_1.pk}/change/">Gerald Meoward meaoward@gov.gov</a>',
            display_admins,
        )
        self.assertIn("Captain", display_admins)
        self.assertIn(
            f'<a href="/admin/registrar/user/{admin_user_2.pk}/change/">Arnold Poopy poopy@gov.gov</a>', display_admins
        )
        self.assertIn("Major", display_admins)
        display_members_summary = self.admin.display_members_summary(self.portfolio)
        self.assertIn(
            f'<a href="/admin/registrar/user/{admin_user_3.pk}/change/">Mad Max madmax@gov.gov</a>',
            display_members_summary,
        )
        self.assertIn(
            f'<a href="/admin/registrar/user/{admin_user_4.pk}/change/">Agent Smith thematrix@gov.gov</a>',
            display_members_summary,
        )
        display_members = self.admin.display_members(self.portfolio)
        self.assertIn("Mad Max", display_members)
        self.assertIn("<span class='usa-tag'>Member</span>", display_members)
        self.assertIn("Road warrior", display_members)
        self.assertIn("Agent Smith", display_members)
        self.assertIn("<span class='usa-tag'>Domain requestor</span>", display_members)
        self.assertIn("Program", display_members)
--- a/src/registrar/tests/test_models.py
+++ b/src/registrar/tests/test_models.py
@ -1201,6 +1201,61 @@ class TestUser(TestCase):
        User.objects.all().delete()
        UserDomainRole.objects.all().delete()
    @patch.object(User, "has_edit_suborganization", return_value=True)
    def test_portfolio_role_summary_admin(self, mock_edit_suborganization):
        # Test if the user is recognized as an Admin
        self.assertEqual(self.user.portfolio_role_summary, ["Admin"])
    @patch.multiple(
        User,
        has_view_all_domains_permission=lambda self: True,
        has_domain_requests_portfolio_permission=lambda self: True,
        has_edit_requests=lambda self: True,
    )
    def test_portfolio_role_summary_view_only_admin_and_domain_requestor(self):
        # Test if the user has both 'View-only admin' and 'Domain requestor' roles
        self.assertEqual(self.user.portfolio_role_summary, ["View-only admin", "Domain requestor"])
    @patch.multiple(
        User,
        has_view_all_domains_permission=lambda self: True,
        has_domain_requests_portfolio_permission=lambda self: True,
    )
    def test_portfolio_role_summary_view_only_admin(self):
        # Test if the user is recognized as a View-only admin
        self.assertEqual(self.user.portfolio_role_summary, ["View-only admin"])
    @patch.multiple(
        User,
        has_base_portfolio_permission=lambda self: True,
        has_edit_requests=lambda self: True,
        has_domains_portfolio_permission=lambda self: True,
    )
    def test_portfolio_role_summary_member_domain_requestor_domain_manager(self):
        # Test if the user has 'Member', 'Domain requestor', and 'Domain manager' roles
        self.assertEqual(self.user.portfolio_role_summary, ["Member", "Domain requestor", "Domain manager"])
    @patch.multiple(User, has_base_portfolio_permission=lambda self: True, has_edit_requests=lambda self: True)
    def test_portfolio_role_summary_member_domain_requestor(self):
        # Test if the user has 'Member' and 'Domain requestor' roles
        self.assertEqual(self.user.portfolio_role_summary, ["Member", "Domain requestor"])
    @patch.multiple(
        User, has_base_portfolio_permission=lambda self: True, has_domains_portfolio_permission=lambda self: True
    )
    def test_portfolio_role_summary_member_domain_manager(self):
        # Test if the user has 'Member' and 'Domain manager' roles
        self.assertEqual(self.user.portfolio_role_summary, ["Member", "Domain manager"])
    @patch.multiple(User, has_base_portfolio_permission=lambda self: True)
    def test_portfolio_role_summary_member(self):
        # Test if the user is recognized as a Member
        self.assertEqual(self.user.portfolio_role_summary, ["Member"])
    def test_portfolio_role_summary_empty(self):
        # Test if the user has no roles
        self.assertEqual(self.user.portfolio_role_summary, [])
    @less_console_noise_decorator
    def test_check_transition_domains_without_domains_on_login(self):
        """A user's on_each_login callback does not check transition domains.