mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-07-22 18:56:15 +02:00
Merge branch 'main' into gd/2354-handle-portfolio-edit-mode
This commit is contained in:
zandercymatics
commit
eb487bbc5e
16 changed files with 487 additions and 72 deletions
|
|
@ -74,20 +74,4 @@ jobs:
|
|||
cf_org: cisa-dotgov
|
||||
cf_space: ${{ env.ENVIRONMENT }}
|
||||
cf_manifest: ops/manifests/manifest-${{ env.ENVIRONMENT }}.yaml
|
||||
comment:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [deploy]
|
||||
steps:
|
||||
- uses: actions/github-script@v6
|
||||
env:
|
||||
ENVIRONMENT: ${{ github.event.inputs.environment }}
|
||||
with:
|
||||
github-token: ${{secrets.GITHUB_TOKEN}}
|
||||
script: |
|
||||
github.rest.issues.createComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
body: '🥳 Successfully deployed to developer sandbox **[${{ env.ENVIRONMENT }}](https://getgov-${{ env.ENVIRONMENT }}.app.cloud.gov/)**.'
|
||||
})
|
||||
|
||||
|
||||
|
|
@ -45,6 +45,8 @@ When deploying to your personal sandbox, you should make sure all of the USWDS a
|
|||
|
||||
For ease of use, you can run the `deploy.sh <sandbox name>` script in the `/src` directory to build the assets and deploy to your sandbox. Similarly, you could run `build.sh <sandbox name>` script to just compile and collect the assets without deploying.
|
||||
|
||||
You may also manually deploy to a sandbox using our [manual deploy workflow](https://github.com/cisagov/manage.get.gov/actions/workflows/deploy-manual.yaml) on GitHub Actions. Select Run workflow and enter the branch you want to deploy to your sandbox of choice.
|
||||
|
||||
Your sandbox space should've been setup as part of the onboarding process. If this was not the case, please have an admin follow the instructions below.
|
||||
|
||||
## Creating a sandbox or new environment
|
||||
|
|
|
|||
|
|
@ -116,6 +116,10 @@ sed -i '' '/ - development/ {a\
|
|||
- '"$1"'
|
||||
}' .github/workflows/migrate.yaml
|
||||
|
||||
sed -i '' '/ - backup/ {a\
|
||||
- '"$1"'
|
||||
}' .github/workflows/deploy-manual.yaml
|
||||
|
||||
sed -i '' '/${{startsWith(github.head_ref, / {a\
|
||||
|| startsWith(github.head_ref, '"'$1'"')
|
||||
}' .github/workflows/deploy-sandbox.yaml
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ rm ops/manifests/manifest-$1.yaml
|
|||
sed -i '' "/getgov-$1.app.cloud.gov/d" src/registrar/config/settings.py
|
||||
sed -i '' "/- $1/d" .github/workflows/reset-db.yaml
|
||||
sed -i '' "/- $1/d" .github/workflows/migrate.yaml
|
||||
sed -i '' "/- $1/d" .github/workflows/deploy-manual.yaml
|
||||
|
||||
echo "Cleaning up services, applications, and the Cloud.gov space for $1..."
|
||||
cf delete getgov-$1
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ from django.shortcuts import redirect
|
|||
from django_fsm import get_available_FIELD_transitions, FSMField
|
||||
from registrar.models.domain_group import DomainGroup
|
||||
from registrar.models.suborganization import Suborganization
|
||||
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
|
||||
from waffle.decorators import flag_is_active
|
||||
from django.contrib import admin, messages
|
||||
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
|
||||
|
|
@ -131,12 +132,12 @@ class MyUserAdminForm(UserChangeForm):
|
|||
"groups": NoAutocompleteFilteredSelectMultiple("groups", False),
|
||||
"user_permissions": NoAutocompleteFilteredSelectMultiple("user_permissions", False),
|
||||
"portfolio_roles": FilteredSelectMultipleArrayWidget(
|
||||
"portfolio_roles", is_stacked=False, choices=User.UserPortfolioRoleChoices.choices
|
||||
"portfolio_roles", is_stacked=False, choices=UserPortfolioRoleChoices.choices
|
||||
),
|
||||
"portfolio_additional_permissions": FilteredSelectMultipleArrayWidget(
|
||||
"portfolio_additional_permissions",
|
||||
is_stacked=False,
|
||||
choices=User.UserPortfolioPermissionChoices.choices,
|
||||
choices=UserPortfolioPermissionChoices.choices,
|
||||
),
|
||||
}
|
||||
|
||||
|
|
@ -169,6 +170,24 @@ class MyUserAdminForm(UserChangeForm):
|
|||
)
|
||||
|
||||
|
||||
class PortfolioInvitationAdminForm(UserChangeForm):
|
||||
"""This form utilizes the custom widget for its class's ManyToMany UIs."""
|
||||
|
||||
class Meta:
|
||||
model = models.PortfolioInvitation
|
||||
fields = "__all__"
|
||||
widgets = {
|
||||
"portfolio_roles": FilteredSelectMultipleArrayWidget(
|
||||
"portfolio_roles", is_stacked=False, choices=UserPortfolioRoleChoices.choices
|
||||
),
|
||||
"portfolio_additional_permissions": FilteredSelectMultipleArrayWidget(
|
||||
"portfolio_additional_permissions",
|
||||
is_stacked=False,
|
||||
choices=UserPortfolioPermissionChoices.choices,
|
||||
),
|
||||
}
|
||||
|
||||
|
||||
class DomainInformationAdminForm(forms.ModelForm):
|
||||
"""This form utilizes the custom widget for its class's ManyToMany UIs."""
|
||||
|
||||
|
|
@ -1299,6 +1318,56 @@ class DomainInvitationAdmin(ListHeaderAdmin):
|
|||
return super().changelist_view(request, extra_context=extra_context)
|
||||
|
||||
|
||||
class PortfolioInvitationAdmin(ListHeaderAdmin):
|
||||
"""Custom portfolio invitation admin class."""
|
||||
|
||||
form = PortfolioInvitationAdminForm
|
||||
|
||||
class Meta:
|
||||
model = models.PortfolioInvitation
|
||||
fields = "__all__"
|
||||
|
||||
_meta = Meta()
|
||||
|
||||
# Columns
|
||||
list_display = [
|
||||
"email",
|
||||
"portfolio",
|
||||
"portfolio_roles",
|
||||
"portfolio_additional_permissions",
|
||||
"status",
|
||||
]
|
||||
|
||||
# Search
|
||||
search_fields = [
|
||||
"email",
|
||||
"portfolio__name",
|
||||
]
|
||||
|
||||
# Filters
|
||||
list_filter = ("status",)
|
||||
|
||||
search_help_text = "Search by email or portfolio."
|
||||
|
||||
# Mark the FSM field 'status' as readonly
|
||||
# to allow admin users to create Domain Invitations
|
||||
# without triggering the FSM Transition Not Allowed
|
||||
# error.
|
||||
readonly_fields = ["status"]
|
||||
|
||||
autocomplete_fields = ["portfolio"]
|
||||
|
||||
change_form_template = "django/admin/email_clipboard_change_form.html"
|
||||
|
||||
# Select portfolio invitations to change -> Portfolio invitations
|
||||
def changelist_view(self, request, extra_context=None):
|
||||
if extra_context is None:
|
||||
extra_context = {}
|
||||
extra_context["tabtitle"] = "Portfolio invitations"
|
||||
# Get the filtered values
|
||||
return super().changelist_view(request, extra_context=extra_context)
|
||||
|
||||
|
||||
class DomainInformationResource(resources.ModelResource):
|
||||
"""defines how each field in the referenced model should be mapped to the corresponding fields in the
|
||||
import/export file"""
|
||||
|
|
@ -2900,6 +2969,7 @@ admin.site.register(models.PublicContact, PublicContactAdmin)
|
|||
admin.site.register(models.DomainRequest, DomainRequestAdmin)
|
||||
admin.site.register(models.TransitionDomain, TransitionDomainAdmin)
|
||||
admin.site.register(models.VerifiedByStaff, VerifiedByStaffAdmin)
|
||||
admin.site.register(models.PortfolioInvitation, PortfolioInvitationAdmin)
|
||||
admin.site.register(models.Portfolio, PortfolioAdmin)
|
||||
admin.site.register(models.DomainGroup, DomainGroupAdmin)
|
||||
admin.site.register(models.Suborganization, SuborganizationAdmin)
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ def add_has_profile_feature_flag_to_context(request):
|
|||
def portfolio_permissions(request):
|
||||
"""Make portfolio permissions for the request user available in global context"""
|
||||
try:
|
||||
if not request.user or not request.user.is_authenticated:
|
||||
if not request.user or not request.user.is_authenticated or not flag_is_active(request, "organization_feature"):
|
||||
return {
|
||||
"has_base_portfolio_permission": False,
|
||||
"has_domains_portfolio_permission": False,
|
||||
|
|
@ -74,7 +74,7 @@ def portfolio_permissions(request):
|
|||
"has_domains_portfolio_permission": request.user.has_domains_portfolio_permission(),
|
||||
"has_domain_requests_portfolio_permission": request.user.has_domain_requests_portfolio_permission(),
|
||||
"portfolio": request.user.portfolio,
|
||||
"has_organization_feature_flag": flag_is_active(request, "organization_feature"),
|
||||
"has_organization_feature_flag": True,
|
||||
}
|
||||
except AttributeError:
|
||||
# Handles cases where request.user might not exist
|
||||
|
|
|
|||
83
src/registrar/migrations/0115_portfolioinvitation.py
Normal file
83
src/registrar/migrations/0115_portfolioinvitation.py
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
# Generated by Django 4.2.10 on 2024-08-01 12:28
|
||||
|
||||
import django.contrib.postgres.fields
|
||||
from django.db import migrations, models
|
||||
import django.db.models.deletion
|
||||
import django_fsm
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("registrar", "0114_alter_user_portfolio_additional_permissions"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name="PortfolioInvitation",
|
||||
fields=[
|
||||
("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
|
||||
("created_at", models.DateTimeField(auto_now_add=True)),
|
||||
("updated_at", models.DateTimeField(auto_now=True)),
|
||||
("email", models.EmailField(max_length=254)),
|
||||
(
|
||||
"portfolio_roles",
|
||||
django.contrib.postgres.fields.ArrayField(
|
||||
base_field=models.CharField(
|
||||
choices=[
|
||||
("organization_admin", "Admin"),
|
||||
("organization_admin_read_only", "Admin read only"),
|
||||
("organization_member", "Member"),
|
||||
],
|
||||
max_length=50,
|
||||
),
|
||||
blank=True,
|
||||
help_text="Select one or more roles.",
|
||||
null=True,
|
||||
size=None,
|
||||
),
|
||||
),
|
||||
(
|
||||
"portfolio_additional_permissions",
|
||||
django.contrib.postgres.fields.ArrayField(
|
||||
base_field=models.CharField(
|
||||
choices=[
|
||||
("view_all_domains", "View all domains and domain reports"),
|
||||
("view_managed_domains", "View managed domains"),
|
||||
("view_member", "View members"),
|
||||
("edit_member", "Create and edit members"),
|
||||
("view_all_requests", "View all requests"),
|
||||
("view_created_requests", "View created requests"),
|
||||
("edit_requests", "Create and edit requests"),
|
||||
("view_portfolio", "View organization"),
|
||||
("edit_portfolio", "Edit organization"),
|
||||
],
|
||||
max_length=50,
|
||||
),
|
||||
blank=True,
|
||||
help_text="Select one or more additional permissions.",
|
||||
null=True,
|
||||
size=None,
|
||||
),
|
||||
),
|
||||
(
|
||||
"status",
|
||||
django_fsm.FSMField(
|
||||
choices=[("invited", "Invited"), ("retrieved", "Retrieved")],
|
||||
default="invited",
|
||||
max_length=50,
|
||||
protected=True,
|
||||
),
|
||||
),
|
||||
(
|
||||
"portfolio",
|
||||
models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.CASCADE, related_name="portfolios", to="registrar.portfolio"
|
||||
),
|
||||
),
|
||||
],
|
||||
options={
|
||||
"indexes": [models.Index(fields=["status"], name="registrar_p_status_aa4218_idx")],
|
||||
},
|
||||
),
|
||||
]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
from auditlog.registry import auditlog # type: ignore
|
||||
from auditlog.registry import auditlog
|
||||
from .contact import Contact
|
||||
from .domain_request import DomainRequest
|
||||
from .domain_information import DomainInformation
|
||||
|
|
@ -16,6 +16,7 @@ from .website import Website
|
|||
from .transition_domain import TransitionDomain
|
||||
from .verified_by_staff import VerifiedByStaff
|
||||
from .waffle_flag import WaffleFlag
|
||||
from .portfolio_invitation import PortfolioInvitation
|
||||
from .portfolio import Portfolio
|
||||
from .domain_group import DomainGroup
|
||||
from .suborganization import Suborganization
|
||||
|
|
@ -40,6 +41,7 @@ __all__ = [
|
|||
"TransitionDomain",
|
||||
"VerifiedByStaff",
|
||||
"WaffleFlag",
|
||||
"PortfolioInvitation",
|
||||
"Portfolio",
|
||||
"DomainGroup",
|
||||
"Suborganization",
|
||||
|
|
@ -63,6 +65,7 @@ auditlog.register(Website)
|
|||
auditlog.register(TransitionDomain)
|
||||
auditlog.register(VerifiedByStaff)
|
||||
auditlog.register(WaffleFlag)
|
||||
auditlog.register(PortfolioInvitation)
|
||||
auditlog.register(Portfolio)
|
||||
auditlog.register(DomainGroup)
|
||||
auditlog.register(Suborganization)
|
||||
|
|
|
|||
95
src/registrar/models/portfolio_invitation.py
Normal file
95
src/registrar/models/portfolio_invitation.py
Normal file
|
|
@ -0,0 +1,95 @@
|
|||
"""People are invited by email to administer domains."""
|
||||
|
||||
import logging
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.db import models
|
||||
|
||||
from django_fsm import FSMField, transition
|
||||
from .utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices # type: ignore
|
||||
|
||||
from .utility.time_stamped_model import TimeStampedModel
|
||||
from django.contrib.postgres.fields import ArrayField
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class PortfolioInvitation(TimeStampedModel):
|
||||
class Meta:
|
||||
"""Contains meta information about this class"""
|
||||
|
||||
indexes = [
|
||||
models.Index(fields=["status"]),
|
||||
]
|
||||
|
||||
# Constants for status field
|
||||
class PortfolioInvitationStatus(models.TextChoices):
|
||||
INVITED = "invited", "Invited"
|
||||
RETRIEVED = "retrieved", "Retrieved"
|
||||
|
||||
email = models.EmailField(
|
||||
null=False,
|
||||
blank=False,
|
||||
)
|
||||
|
||||
portfolio = models.ForeignKey(
|
||||
"registrar.Portfolio",
|
||||
on_delete=models.CASCADE, # delete portfolio, then get rid of invitations
|
||||
null=False,
|
||||
related_name="portfolios",
|
||||
)
|
||||
|
||||
portfolio_roles = ArrayField(
|
||||
models.CharField(
|
||||
max_length=50,
|
||||
choices=UserPortfolioRoleChoices.choices,
|
||||
),
|
||||
null=True,
|
||||
blank=True,
|
||||
help_text="Select one or more roles.",
|
||||
)
|
||||
|
||||
portfolio_additional_permissions = ArrayField(
|
||||
models.CharField(
|
||||
max_length=50,
|
||||
choices=UserPortfolioPermissionChoices.choices,
|
||||
),
|
||||
null=True,
|
||||
blank=True,
|
||||
help_text="Select one or more additional permissions.",
|
||||
)
|
||||
|
||||
status = FSMField(
|
||||
choices=PortfolioInvitationStatus.choices,
|
||||
default=PortfolioInvitationStatus.INVITED,
|
||||
protected=True, # can't alter state except through transition methods!
|
||||
)
|
||||
|
||||
def __str__(self):
|
||||
return f"Invitation for {self.email} on {self.portfolio} is {self.status}"
|
||||
|
||||
@transition(field="status", source=PortfolioInvitationStatus.INVITED, target=PortfolioInvitationStatus.RETRIEVED)
|
||||
def retrieve(self):
|
||||
"""When an invitation is retrieved, create the corresponding permission.
|
||||
|
||||
Raises:
|
||||
RuntimeError if no matching user can be found.
|
||||
"""
|
||||
|
||||
# get a user with this email address
|
||||
User = get_user_model()
|
||||
try:
|
||||
user = User.objects.get(email=self.email)
|
||||
except User.DoesNotExist:
|
||||
# should not happen because a matching user should exist before
|
||||
# we retrieve this invitation
|
||||
raise RuntimeError("Cannot find the user to retrieve this portfolio invitation.")
|
||||
|
||||
# and create a role for that user on this portfolio
|
||||
user.portfolio = self.portfolio
|
||||
if self.portfolio_roles and len(self.portfolio_roles) > 0:
|
||||
user.portfolio_roles = self.portfolio_roles
|
||||
if self.portfolio_additional_permissions and len(self.portfolio_additional_permissions) > 0:
|
||||
user.portfolio_additional_permissions = self.portfolio_additional_permissions
|
||||
user.save()
|
||||
|
|
@ -5,8 +5,10 @@ from django.db import models
|
|||
from django.db.models import Q
|
||||
|
||||
from registrar.models.user_domain_role import UserDomainRole
|
||||
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
|
||||
|
||||
from .domain_invitation import DomainInvitation
|
||||
from .portfolio_invitation import PortfolioInvitation
|
||||
from .transition_domain import TransitionDomain
|
||||
from .verified_by_staff import VerifiedByStaff
|
||||
from .domain import Domain
|
||||
|
|
@ -62,31 +64,6 @@ class User(AbstractUser):
|
|||
# after they login.
|
||||
FIXTURE_USER = "fixture_user", "Created by fixtures"
|
||||
|
||||
class UserPortfolioRoleChoices(models.TextChoices):
|
||||
"""
|
||||
Roles make it easier for admins to look at
|
||||
"""
|
||||
|
||||
ORGANIZATION_ADMIN = "organization_admin", "Admin"
|
||||
ORGANIZATION_ADMIN_READ_ONLY = "organization_admin_read_only", "Admin read only"
|
||||
ORGANIZATION_MEMBER = "organization_member", "Member"
|
||||
|
||||
class UserPortfolioPermissionChoices(models.TextChoices):
|
||||
""" """
|
||||
|
||||
VIEW_ALL_DOMAINS = "view_all_domains", "View all domains and domain reports"
|
||||
VIEW_MANAGED_DOMAINS = "view_managed_domains", "View managed domains"
|
||||
|
||||
VIEW_MEMBER = "view_member", "View members"
|
||||
EDIT_MEMBER = "edit_member", "Create and edit members"
|
||||
|
||||
VIEW_ALL_REQUESTS = "view_all_requests", "View all requests"
|
||||
VIEW_CREATED_REQUESTS = "view_created_requests", "View created requests"
|
||||
EDIT_REQUESTS = "edit_requests", "Create and edit requests"
|
||||
|
||||
VIEW_PORTFOLIO = "view_portfolio", "View organization"
|
||||
EDIT_PORTFOLIO = "edit_portfolio", "Edit organization"
|
||||
|
||||
PORTFOLIO_ROLE_PERMISSIONS = {
|
||||
UserPortfolioRoleChoices.ORGANIZATION_ADMIN: [
|
||||
UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
|
||||
|
|
@ -273,17 +250,17 @@ class User(AbstractUser):
|
|||
# the methods below are checks for individual portfolio permissions. they are defined here
|
||||
# to make them easier to call elsewhere throughout the application
|
||||
def has_base_portfolio_permission(self):
|
||||
return self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO)
|
||||
return self._has_portfolio_permission(UserPortfolioPermissionChoices.VIEW_PORTFOLIO)
|
||||
|
||||
def has_domains_portfolio_permission(self):
|
||||
return self._has_portfolio_permission(
|
||||
User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS
|
||||
) or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS)
|
||||
UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS
|
||||
) or self._has_portfolio_permission(UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS)
|
||||
|
||||
def has_domain_requests_portfolio_permission(self):
|
||||
return self._has_portfolio_permission(
|
||||
User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS
|
||||
) or self._has_portfolio_permission(User.UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)
|
||||
UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS
|
||||
) or self._has_portfolio_permission(UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS)
|
||||
|
||||
@classmethod
|
||||
def needs_identity_verification(cls, email, uuid):
|
||||
|
|
@ -392,6 +369,24 @@ class User(AbstractUser):
|
|||
new_domain_invitation = DomainInvitation(email=transition_domain_email.lower(), domain=new_domain)
|
||||
new_domain_invitation.save()
|
||||
|
||||
def check_portfolio_invitations_on_login(self):
|
||||
"""When a user first arrives on the site, we need to retrieve any portfolio
|
||||
invitations that match their email address."""
|
||||
for invitation in PortfolioInvitation.objects.filter(
|
||||
email__iexact=self.email, status=PortfolioInvitation.PortfolioInvitationStatus.INVITED
|
||||
):
|
||||
if self.portfolio is None:
|
||||
try:
|
||||
invitation.retrieve()
|
||||
invitation.save()
|
||||
except RuntimeError:
|
||||
# retrieving should not fail because of a missing user, but
|
||||
# if it does fail, log the error so a new user can continue
|
||||
# logging in
|
||||
logger.warn("Failed to retrieve invitation %s", invitation, exc_info=True)
|
||||
else:
|
||||
logger.warn("User already has a portfolio, did not retrieve invitation %s", invitation, exc_info=True)
|
||||
|
||||
def on_each_login(self):
|
||||
"""Callback each time the user is authenticated.
|
||||
|
||||
|
|
@ -403,6 +398,7 @@ class User(AbstractUser):
|
|||
"""
|
||||
|
||||
self.check_domain_invitations_on_login()
|
||||
self.check_portfolio_invitations_on_login()
|
||||
|
||||
def is_org_user(self, request):
|
||||
has_organization_feature_flag = flag_is_active(request, "organization_feature")
|
||||
|
|
|
|||
28
src/registrar/models/utility/portfolio_helper.py
Normal file
28
src/registrar/models/utility/portfolio_helper.py
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
from django.db import models
|
||||
|
||||
|
||||
class UserPortfolioRoleChoices(models.TextChoices):
|
||||
"""
|
||||
Roles make it easier for admins to look at
|
||||
"""
|
||||
|
||||
ORGANIZATION_ADMIN = "organization_admin", "Admin"
|
||||
ORGANIZATION_ADMIN_READ_ONLY = "organization_admin_read_only", "Admin read only"
|
||||
ORGANIZATION_MEMBER = "organization_member", "Member"
|
||||
|
||||
|
||||
class UserPortfolioPermissionChoices(models.TextChoices):
|
||||
""" """
|
||||
|
||||
VIEW_ALL_DOMAINS = "view_all_domains", "View all domains and domain reports"
|
||||
VIEW_MANAGED_DOMAINS = "view_managed_domains", "View managed domains"
|
||||
|
||||
VIEW_MEMBER = "view_member", "View members"
|
||||
EDIT_MEMBER = "edit_member", "Create and edit members"
|
||||
|
||||
VIEW_ALL_REQUESTS = "view_all_requests", "View all requests"
|
||||
VIEW_CREATED_REQUESTS = "view_created_requests", "View created requests"
|
||||
EDIT_REQUESTS = "edit_requests", "Create and edit requests"
|
||||
|
||||
VIEW_PORTFOLIO = "view_portfolio", "View organization"
|
||||
EDIT_PORTFOLIO = "edit_portfolio", "Edit organization"
|
||||
|
|
@ -30,6 +30,8 @@
|
|||
{% include "django/admin/includes/descriptions/verified_by_staff_description.html" %}
|
||||
{% elif opts.model_name == 'website' %}
|
||||
{% include "django/admin/includes/descriptions/website_description.html" %}
|
||||
{% elif opts.model_name == 'portfolioinvitation' %}
|
||||
{% include "django/admin/includes/descriptions/portfolio_invitation_description.html" %}
|
||||
{% else %}
|
||||
<p>This table does not have a description yet.</p>
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
<p>
|
||||
Portfolio invitations contain all individuals who have been invited to become members of an organization.
|
||||
Invitations are sent via email, and the recipient must log in to the registrar to officially
|
||||
accept and become a member.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
An “invited” status indicates that the recipient has not logged in to the registrar since the invitation was sent
|
||||
or that the recipient has logged in but is already a member of an organization.
|
||||
A “received” status indicates that the recipient has logged in.
|
||||
</p>
|
||||
|
|
@ -13,6 +13,7 @@ from registrar.admin import (
|
|||
ContactAdmin,
|
||||
DomainInformationAdmin,
|
||||
MyHostAdmin,
|
||||
PortfolioInvitationAdmin,
|
||||
UserDomainRoleAdmin,
|
||||
VerifiedByStaffAdmin,
|
||||
FsmModelResource,
|
||||
|
|
@ -38,6 +39,7 @@ from registrar.models import (
|
|||
UserGroup,
|
||||
TransitionDomain,
|
||||
)
|
||||
from registrar.models.portfolio_invitation import PortfolioInvitation
|
||||
from registrar.models.senior_official import SeniorOfficial
|
||||
from registrar.models.user_domain_role import UserDomainRole
|
||||
from registrar.models.verified_by_staff import VerifiedByStaff
|
||||
|
|
@ -177,6 +179,77 @@ class TestDomainInvitationAdmin(TestCase):
|
|||
self.assertContains(response, retrieved_html, count=1)
|
||||
|
||||
|
||||
class TestPortfolioInvitationAdmin(TestCase):
|
||||
"""Tests for the PortfolioInvitationAdmin class as super user
|
||||
|
||||
Notes:
|
||||
all tests share superuser; do not change this model in tests
|
||||
tests have available superuser, client, and admin
|
||||
"""
|
||||
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
cls.factory = RequestFactory()
|
||||
cls.admin = ListHeaderAdmin(model=PortfolioInvitationAdmin, admin_site=AdminSite())
|
||||
cls.superuser = create_superuser()
|
||||
|
||||
def setUp(self):
|
||||
"""Create a client object"""
|
||||
self.client = Client(HTTP_HOST="localhost:8080")
|
||||
|
||||
def tearDown(self):
|
||||
"""Delete all DomainInvitation objects"""
|
||||
PortfolioInvitation.objects.all().delete()
|
||||
Contact.objects.all().delete()
|
||||
|
||||
@classmethod
|
||||
def tearDownClass(self):
|
||||
User.objects.all().delete()
|
||||
|
||||
@less_console_noise_decorator
|
||||
def test_has_model_description(self):
|
||||
"""Tests if this model has a model description on the table view"""
|
||||
self.client.force_login(self.superuser)
|
||||
response = self.client.get(
|
||||
"/admin/registrar/portfolioinvitation/",
|
||||
follow=True,
|
||||
)
|
||||
|
||||
# Make sure that the page is loaded correctly
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
# Test for a description snippet
|
||||
self.assertContains(
|
||||
response,
|
||||
"Portfolio invitations contain all individuals who have been invited to become members of an organization.",
|
||||
)
|
||||
self.assertContains(response, "Show more")
|
||||
|
||||
def test_get_filters(self):
|
||||
"""Ensures that our filters are displaying correctly"""
|
||||
with less_console_noise():
|
||||
self.client.force_login(self.superuser)
|
||||
|
||||
response = self.client.get(
|
||||
"/admin/registrar/portfolioinvitation/",
|
||||
{},
|
||||
follow=True,
|
||||
)
|
||||
|
||||
# Assert that the filters are added
|
||||
self.assertContains(response, "invited", count=4)
|
||||
self.assertContains(response, "Invited", count=2)
|
||||
self.assertContains(response, "retrieved", count=2)
|
||||
self.assertContains(response, "Retrieved", count=2)
|
||||
|
||||
# Check for the HTML context specificially
|
||||
invited_html = '<a href="?status__exact=invited">Invited</a>'
|
||||
retrieved_html = '<a href="?status__exact=retrieved">Retrieved</a>'
|
||||
|
||||
self.assertContains(response, invited_html, count=1)
|
||||
self.assertContains(response, retrieved_html, count=1)
|
||||
|
||||
|
||||
class TestHostAdmin(TestCase):
|
||||
"""Tests for the HostAdmin class as super user
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,9 @@ from registrar.models import (
|
|||
|
||||
import boto3_mocking
|
||||
from registrar.models.portfolio import Portfolio
|
||||
from registrar.models.portfolio_invitation import PortfolioInvitation
|
||||
from registrar.models.transition_domain import TransitionDomain
|
||||
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
|
||||
from registrar.models.verified_by_staff import VerifiedByStaff # type: ignore
|
||||
from registrar.utility.constants import BranchChoices
|
||||
|
||||
|
|
@ -1071,8 +1073,8 @@ class TestDomainInformation(TestCase):
|
|||
return {k: v for k, v in dict_obj.items() if k not in bad_fields}
|
||||
|
||||
|
||||
class TestInvitations(TestCase):
|
||||
"""Test the retrieval of invitations."""
|
||||
class TestDomainInvitations(TestCase):
|
||||
"""Test the retrieval of domain invitations."""
|
||||
|
||||
@less_console_noise_decorator
|
||||
def setUp(self):
|
||||
|
|
@ -1116,6 +1118,65 @@ class TestInvitations(TestCase):
|
|||
self.assertTrue(UserDomainRole.objects.get(user=self.user, domain=self.domain))
|
||||
|
||||
|
||||
class TestPortfolioInvitations(TestCase):
|
||||
"""Test the retrieval of portfolio invitations."""
|
||||
|
||||
@less_console_noise_decorator
|
||||
def setUp(self):
|
||||
self.email = "mayor@igorville.gov"
|
||||
self.email2 = "creator@igorville.gov"
|
||||
self.user, _ = User.objects.get_or_create(email=self.email)
|
||||
self.user2, _ = User.objects.get_or_create(email=self.email2, username="creator")
|
||||
self.portfolio, _ = Portfolio.objects.get_or_create(creator=self.user2, organization_name="Hotel California")
|
||||
self.portfolio_role_base = UserPortfolioRoleChoices.ORGANIZATION_MEMBER
|
||||
self.portfolio_role_admin = UserPortfolioRoleChoices.ORGANIZATION_ADMIN
|
||||
self.portfolio_permission_1 = UserPortfolioPermissionChoices.VIEW_CREATED_REQUESTS
|
||||
self.portfolio_permission_2 = UserPortfolioPermissionChoices.EDIT_REQUESTS
|
||||
self.invitation, _ = PortfolioInvitation.objects.get_or_create(
|
||||
email=self.email,
|
||||
portfolio=self.portfolio,
|
||||
portfolio_roles=[self.portfolio_role_base, self.portfolio_role_admin],
|
||||
portfolio_additional_permissions=[self.portfolio_permission_1, self.portfolio_permission_2],
|
||||
)
|
||||
|
||||
def tearDown(self):
|
||||
super().tearDown()
|
||||
Portfolio.objects.all().delete()
|
||||
PortfolioInvitation.objects.all().delete()
|
||||
User.objects.all().delete()
|
||||
|
||||
@less_console_noise_decorator
|
||||
def test_retrieval(self):
|
||||
self.assertFalse(self.user.portfolio)
|
||||
self.invitation.retrieve()
|
||||
self.user.refresh_from_db()
|
||||
self.assertEqual(self.user.portfolio.organization_name, "Hotel California")
|
||||
self.assertEqual(self.user.portfolio_roles, [self.portfolio_role_base, self.portfolio_role_admin])
|
||||
self.assertEqual(
|
||||
self.user.portfolio_additional_permissions, [self.portfolio_permission_1, self.portfolio_permission_2]
|
||||
)
|
||||
self.assertEqual(self.invitation.status, PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
|
||||
|
||||
@less_console_noise_decorator
|
||||
def test_retrieve_missing_user_error(self):
|
||||
# get rid of matching users
|
||||
User.objects.filter(email=self.email).delete()
|
||||
with self.assertRaises(RuntimeError):
|
||||
self.invitation.retrieve()
|
||||
|
||||
@less_console_noise_decorator
|
||||
def test_retrieve_user_already_member_error(self):
|
||||
self.assertFalse(self.user.portfolio)
|
||||
portfolio2, _ = Portfolio.objects.get_or_create(creator=self.user2, organization_name="Tokyo Hotel")
|
||||
self.user.portfolio = portfolio2
|
||||
self.assertEqual(self.user.portfolio.organization_name, "Tokyo Hotel")
|
||||
self.user.save()
|
||||
self.user.check_portfolio_invitations_on_login()
|
||||
self.user.refresh_from_db()
|
||||
self.assertEqual(self.user.portfolio.organization_name, "Tokyo Hotel")
|
||||
self.assertEqual(self.invitation.status, PortfolioInvitation.PortfolioInvitationStatus.INVITED)
|
||||
|
||||
|
||||
class TestUser(TestCase):
|
||||
"""Test actions that occur on user login,
|
||||
test class method that controls how users get validated."""
|
||||
|
|
@ -1135,6 +1196,7 @@ class TestUser(TestCase):
|
|||
DomainRequest.objects.all().delete()
|
||||
DraftDomain.objects.all().delete()
|
||||
TransitionDomain.objects.all().delete()
|
||||
Portfolio.objects.all().delete()
|
||||
User.objects.all().delete()
|
||||
UserDomainRole.objects.all().delete()
|
||||
|
||||
|
|
@ -1297,7 +1359,7 @@ class TestUser(TestCase):
|
|||
"""
|
||||
portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Hotel California")
|
||||
|
||||
self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS]
|
||||
self.user.portfolio_additional_permissions = [UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
||||
|
|
@ -1317,7 +1379,7 @@ class TestUser(TestCase):
|
|||
self.assertTrue(user_can_view_all_domains)
|
||||
self.assertFalse(user_can_view_all_requests)
|
||||
|
||||
self.user.portfolio_roles = [User.UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
|
||||
self.user.portfolio_roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ from registrar.models import (
|
|||
UserDomainRole,
|
||||
User,
|
||||
)
|
||||
from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices
|
||||
from .common import create_test_user
|
||||
from waffle.testutils import override_flag
|
||||
|
||||
|
|
@ -55,7 +56,7 @@ class TestPortfolio(WebTest):
|
|||
def test_middleware_does_not_redirect_if_no_portfolio(self):
|
||||
"""Test that user with no assigned portfolio is not redirected when attempting to access home"""
|
||||
self.app.set_user(self.user.username)
|
||||
self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO]
|
||||
self.user.portfolio_additional_permissions = [UserPortfolioPermissionChoices.VIEW_PORTFOLIO]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
with override_flag("organization_feature", active=True):
|
||||
|
|
@ -70,7 +71,7 @@ class TestPortfolio(WebTest):
|
|||
"""Test that user with VIEW_PORTFOLIO is redirected to portfolio organization page"""
|
||||
self.app.set_user(self.user.username)
|
||||
self.user.portfolio = self.portfolio
|
||||
self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO]
|
||||
self.user.portfolio_additional_permissions = [UserPortfolioPermissionChoices.VIEW_PORTFOLIO]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
with override_flag("organization_feature", active=True):
|
||||
|
|
@ -87,8 +88,8 @@ class TestPortfolio(WebTest):
|
|||
self.app.set_user(self.user.username)
|
||||
self.user.portfolio = self.portfolio
|
||||
self.user.portfolio_additional_permissions = [
|
||||
User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
|
||||
UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
|
||||
]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
|
@ -149,9 +150,9 @@ class TestPortfolio(WebTest):
|
|||
self.app.set_user(self.user.username)
|
||||
self.user.portfolio = self.portfolio
|
||||
self.user.portfolio_additional_permissions = [
|
||||
User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
User.UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
|
||||
User.UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
|
||||
UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.VIEW_ALL_DOMAINS,
|
||||
UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS,
|
||||
]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
|
@ -168,7 +169,7 @@ class TestPortfolio(WebTest):
|
|||
|
||||
# reducing portfolio permissions to just VIEW_PORTFOLIO, which should remove domains
|
||||
# and domain requests from nav
|
||||
self.user.portfolio_additional_permissions = [User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO]
|
||||
self.user.portfolio_additional_permissions = [UserPortfolioPermissionChoices.VIEW_PORTFOLIO]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
||||
|
|
@ -180,17 +181,15 @@ class TestPortfolio(WebTest):
|
|||
self.assertNotContains(portfolio_page, reverse("domains"))
|
||||
self.assertNotContains(portfolio_page, reverse("domain-requests"))
|
||||
|
||||
|
||||
class TestPortfolioOrganization(TestPortfolio):
|
||||
|
||||
@less_console_noise_decorator
|
||||
def test_portfolio_org_name(self):
|
||||
"""Can load portfolio's org name page."""
|
||||
with override_flag("organization_feature", active=True):
|
||||
self.app.set_user(self.user.username)
|
||||
self.user.portfolio = self.portfolio
|
||||
self.user.portfolio_additional_permissions = [
|
||||
User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
User.UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
|
||||
]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
|
@ -200,14 +199,15 @@ class TestPortfolioOrganization(TestPortfolio):
|
|||
page, "The name of your federal agency will be publicly listed as the domain registrant."
|
||||
)
|
||||
|
||||
@less_console_noise_decorator
|
||||
def test_domain_org_name_address_content(self):
|
||||
"""Org name and address information appears on the page."""
|
||||
with override_flag("organization_feature", active=True):
|
||||
self.app.set_user(self.user.username)
|
||||
self.user.portfolio = self.portfolio
|
||||
self.user.portfolio_additional_permissions = [
|
||||
User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
User.UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
|
||||
]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
|
@ -218,14 +218,15 @@ class TestPortfolioOrganization(TestPortfolio):
|
|||
# Once in the sidenav, once in the main nav, once in the form
|
||||
self.assertContains(page, "Hotel California", count=3)
|
||||
|
||||
@less_console_noise_decorator
|
||||
def test_domain_org_name_address_form(self):
|
||||
"""Submitting changes works on the org name address page."""
|
||||
with override_flag("organization_feature", active=True):
|
||||
self.app.set_user(self.user.username)
|
||||
self.user.portfolio = self.portfolio
|
||||
self.user.portfolio_additional_permissions = [
|
||||
User.UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
User.UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
|
||||
UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
|
||||
]
|
||||
self.user.save()
|
||||
self.user.refresh_from_db()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue