updating to main

2025-07-23 11:16:07 +02:00 · 2025-02-07 09:51:21 -05:00 · 2025-02-07 09:51:21 -05:00 · f7cb7666ea
commit f7cb7666ea
parent 5247bc3c87 546d978d32
63 changed files with 2289 additions and 394 deletions
--- a/.github/ISSUE_TEMPLATE/story.yml
+++ b/.github/ISSUE_TEMPLATE/story.yml
@ -1,61 +0,0 @@
 name: Story
 description: Capture actionable sprint work
 labels: ["story"]
 body:
  - type: markdown
    id: help
    attributes:
      value: |
        > **Note**
        > GitHub Issues use [GitHub Flavored Markdown](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) for formatting.
  - type: textarea
    id: story
    attributes:
      label: Story
      description: |
        Please add the "as a, I want, so that" details that describe the story.
        If more than one "as a, I want, so that" describes the story, add multiple. 
        Example:
        As an analyst
        I want the ability to approve a domain request
        so that a request can be fulfilled and a new .gov domain can be provisioned
      value: |
        As a 
        I want
        so that
    validations:
      required: true
  - type: textarea
    id: acceptance-criteria
    attributes:
      label: Acceptance Criteria
      description: |
        Please add the acceptance criteria that best describe the desired outcomes when this work is completed 
        Example:
        - Application sends an email when analysts approve domain requests
        - Domain request status is "approved"
        Example ("given, when, then" format):
        Given that I am an analyst who has finished reviewing a domain request
        When I click to approve a domain request
        Then the domain provisioning process should be initiated, and the applicant should receive an email update.
    validations:
      required: true
  - type: textarea
    id: additional-context
    attributes:
      label: Additional Context
      description: "Please include additional references (screenshots, design links, documentation, etc.) that are relevant"
  - type: textarea
    id: issue-links
    attributes:
      label: Issue Links
      description: |
        What other issues does this story relate to and how?
        Example:
        - 🚧 Blocked by: #123
        - 🔄 Relates to: #234
--- a/ops/manifests/manifest-ab.yaml
+++ b/ops/manifests/manifest-ab.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-ab.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-ad.yaml
+++ b/ops/manifests/manifest-ad.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-ad.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-ag.yaml
+++ b/ops/manifests/manifest-ag.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-ag.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-backup.yaml
+++ b/ops/manifests/manifest-backup.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-backup.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-bob.yaml
+++ b/ops/manifests/manifest-bob.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-bob.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-cb.yaml
+++ b/ops/manifests/manifest-cb.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-cb.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-development.yaml
+++ b/ops/manifests/manifest-development.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-development.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-dk.yaml
+++ b/ops/manifests/manifest-dk.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-dk.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-el.yaml
+++ b/ops/manifests/manifest-el.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-el.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-es.yaml
+++ b/ops/manifests/manifest-es.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-es.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-gd.yaml
+++ b/ops/manifests/manifest-gd.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-gd.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-hotgov.yaml
+++ b/ops/manifests/manifest-hotgov.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-hotgov.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-ko.yaml
+++ b/ops/manifests/manifest-ko.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-ko.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-ky.yaml
+++ b/ops/manifests/manifest-ky.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-ky.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-litterbox.yaml
+++ b/ops/manifests/manifest-litterbox.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-litterbox.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-meoward.yaml
+++ b/ops/manifests/manifest-meoward.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-meoward.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-ms.yaml
+++ b/ops/manifests/manifest-ms.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-ms.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: DEBUG
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-nl.yaml
+++ b/ops/manifests/manifest-nl.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-nl.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-rb.yaml
+++ b/ops/manifests/manifest-rb.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-rb.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-rh.yaml
+++ b/ops/manifests/manifest-rh.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-rh.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-rjm.yaml
+++ b/ops/manifests/manifest-rjm.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-rjm.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console    
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/manifests/manifest-stable.yaml
+++ b/ops/manifests/manifest-stable.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://manage.get.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: json
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Which OIDC provider to use
--- a/ops/manifests/manifest-staging.yaml
+++ b/ops/manifests/manifest-staging.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-staging.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: json
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/ops/scripts/manifest-sandbox-template.yaml
+++ b/ops/scripts/manifest-sandbox-template.yaml
@ -21,6 +21,8 @@ applications:
    DJANGO_BASE_URL: https://getgov-ENVIRONMENT.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # tell django what log format to use: console or json. See settings.py for more details.
    DJANGO_LOG_FORMAT: console 
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://get.gov
    # Flag to disable/enable features in prod environments
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@ -28,7 +28,11 @@ from django.shortcuts import redirect
 from django_fsm import get_available_FIELD_transitions, FSMField
 from registrar.models import DomainInformation, Portfolio, UserPortfolioPermission, DomainInvitation
 from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
-from registrar.utility.email_invitations import send_domain_invitation_email, send_portfolio_invitation_email
+from registrar.utility.email_invitations import (
    send_domain_invitation_email,
    send_portfolio_admin_addition_emails,
    send_portfolio_invitation_email,
 )
 from registrar.views.utility.invitation_helper import (
    get_org_membership,
    get_requested_user,
@ -1551,7 +1555,9 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
                    and not member_of_this_org
                    and not member_of_a_different_org
                ):
-                    send_portfolio_invitation_email(email=requested_email, requestor=requestor, portfolio=domain_org)
+                    send_portfolio_invitation_email(
                        email=requested_email, requestor=requestor, portfolio=domain_org, is_admin_invitation=False
                    )
                    portfolio_invitation, _ = PortfolioInvitation.objects.get_or_create(
                        email=requested_email,
                        portfolio=domain_org,
@ -1642,30 +1648,57 @@ class PortfolioInvitationAdmin(BaseInvitationAdmin):
        Emails sent to requested user / email.
        When exceptions are raised, return without saving model.
        """
-        if not change:  # Only send email if this is a new PortfolioInvitation (creation)
+        try:
            portfolio = obj.portfolio
            requested_email = obj.email
            requestor = request.user
-            # Look up a user with that email
+            is_admin_invitation = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in obj.roles
-            requested_user = get_requested_user(requested_email)
+            if not change:  # Only send email if this is a new PortfolioInvitation (creation)
                # Look up a user with that email
                requested_user = get_requested_user(requested_email)
-            permission_exists = UserPortfolioPermission.objects.filter(
+                permission_exists = UserPortfolioPermission.objects.filter(
-                user__email=requested_email, portfolio=portfolio, user__email__isnull=False
+                    user__email=requested_email, portfolio=portfolio, user__email__isnull=False
-            ).exists()
+                ).exists()
            try:
                if not permission_exists:
                    # if permission does not exist for a user with requested_email, send email
-                    send_portfolio_invitation_email(email=requested_email, requestor=requestor, portfolio=portfolio)
+                    if not send_portfolio_invitation_email(
                        email=requested_email,
                        requestor=requestor,
                        portfolio=portfolio,
                        is_admin_invitation=is_admin_invitation,
                    ):
                        messages.warning(
                            self.request, "Could not send email notification to existing organization admins."
                        )
                    # if user exists for email, immediately retrieve portfolio invitation upon creation
                    if requested_user is not None:
                        obj.retrieve()
                    messages.success(request, f"{requested_email} has been invited.")
                else:
                    messages.warning(request, "User is already a member of this portfolio.")
-            except Exception as e:
+            else:  # Handle the case when updating an existing PortfolioInvitation
-                # when exception is raised, handle and do not save the model
+                # Retrieve the existing object from the database
-                handle_invitation_exceptions(request, e, requested_email)
+                existing_obj = PortfolioInvitation.objects.get(pk=obj.pk)
-                return
+
                # Check if the previous roles did NOT include ORGANIZATION_ADMIN
                # and the new roles DO include ORGANIZATION_ADMIN
                was_not_admin = UserPortfolioRoleChoices.ORGANIZATION_ADMIN not in existing_obj.roles
                # Check also if status is INVITED, ignore role changes for other statuses
                is_invited = obj.status == PortfolioInvitation.PortfolioInvitationStatus.INVITED
                if was_not_admin and is_admin_invitation and is_invited:
                    # send email to existing portfolio admins if new admin
                    if not send_portfolio_admin_addition_emails(
                        email=requested_email,
                        requestor=requestor,
                        portfolio=portfolio,
                    ):
                        messages.warning(request, "Could not send email notification to existing organization admins.")
        except Exception as e:
            # when exception is raised, handle and do not save the model
            handle_invitation_exceptions(request, e, requested_email)
            return
        # Call the parent save method to save the object
        super().save_model(request, obj, form, change)
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@ -61,6 +61,7 @@ env_db_url = env.dj_db_url("DATABASE_URL")
 env_debug = env.bool("DJANGO_DEBUG", default=False)
 env_is_production = env.bool("IS_PRODUCTION", default=False)
 env_log_level = env.str("DJANGO_LOG_LEVEL", "DEBUG")
 env_log_format = env.str("DJANGO_LOG_FORMAT", "console")
 env_base_url: str = env.str("DJANGO_BASE_URL")
 env_getgov_public_site_url = env.str("GETGOV_PUBLIC_SITE_URL", "")
 env_oidc_active_provider = env.str("OIDC_ACTIVE_PROVIDER", "identity sandbox")
@ -492,12 +493,18 @@ class JsonServerFormatter(ServerFormatter):
        return json.dumps(log_entry)
-# default to json formatted logs
+# If we're running locally we don't want json formatting
 server_formatter, console_formatter = "json.server", "json"
 # don't use json format locally, it makes logs hard to read in console
 if "localhost" in env_base_url:
-    server_formatter, console_formatter = "django.server", "verbose"
+    django_handlers = ["console"]
 elif env_log_format == "json":
    # in production we need everything to be logged as json so that log levels are parsed correctly
    django_handlers = ["json"]
 else:
    # for non-production non-local environments:
    # - send ERROR and above to json handler
    # - send below ERROR to console handler with verbose formatting
    # yes this is janky but it's the best we can do for now
    django_handlers = ["split_console", "split_json"]
 LOGGING = {
    "version": 1,
@ -531,29 +538,52 @@ LOGGING = {
        "console": {
            "level": env_log_level,
            "class": "logging.StreamHandler",
-            "formatter": console_formatter,
+            "formatter": "verbose",
        },
        # Special handlers for split logging case
        "split_console": {
            "level": env_log_level,
            "class": "logging.StreamHandler",
            "formatter": "verbose",
            "filters": ["below_error"],
        },
        "split_json": {
            "level": "ERROR",
            "class": "logging.StreamHandler",
            "formatter": "json",
        },
        "django.server": {
            "level": "INFO",
            "class": "logging.StreamHandler",
-            "formatter": server_formatter,
+            "formatter": "django.server",
        },
        "json": {
            "level": env_log_level,
            "class": "logging.StreamHandler",
            "formatter": "json",
        },
        # No file logger is configured,
        # because containerized apps
        # do not log to the file system.
    },
    "filters": {
        "below_error": {
            "()": "django.utils.log.CallbackFilter",
            "callback": lambda record: record.levelno < logging.ERROR,
        }
    },
    # define loggers: these are "sinks" into which
    # messages are sent for processing
    "loggers": {
        # Django's generic logger
        "django": {
-            "handlers": ["console"],
+            "handlers": django_handlers,
            "level": "INFO",
            "propagate": False,
        },
        # Django's template processor
        "django.template": {
-            "handlers": ["console"],
+            "handlers": django_handlers,
            "level": "INFO",
            "propagate": False,
        },
@ -571,19 +601,19 @@ LOGGING = {
        },
        # OpenID Connect logger
        "oic": {
-            "handlers": ["console"],
+            "handlers": django_handlers,
            "level": "INFO",
            "propagate": False,
        },
        # Django wrapper for OpenID Connect
        "djangooidc": {
-            "handlers": ["console"],
+            "handlers": django_handlers,
            "level": "INFO",
            "propagate": False,
        },
        # Our app!
        "registrar": {
-            "handlers": ["console"],
+            "handlers": django_handlers,
            "level": "DEBUG",
            "propagate": False,
        },
@ -591,7 +621,7 @@ LOGGING = {
    # root logger catches anything, unless
    # defined by a more specific logger
    "root": {
-        "handlers": ["console"],
+        "handlers": django_handlers,
        "level": "INFO",
    },
 }
--- a/src/registrar/context_processors.py
+++ b/src/registrar/context_processors.py
@ -56,12 +56,11 @@ def add_path_to_context(request):
 def portfolio_permissions(request):
    """Make portfolio permissions for the request user available in global context"""
    portfolio_context = {
-        "has_base_portfolio_permission": False,
+        "has_view_portfolio_permission": False,
        "has_edit_portfolio_permission": False,
        "has_any_domains_portfolio_permission": False,
        "has_any_requests_portfolio_permission": False,
        "has_edit_request_portfolio_permission": False,
        "has_view_suborganization_portfolio_permission": False,
        "has_edit_suborganization_portfolio_permission": False,
        "has_view_members_portfolio_permission": False,
        "has_edit_members_portfolio_permission": False,
        "portfolio": None,
@ -82,15 +81,11 @@ def portfolio_permissions(request):
            }
        )
        # Linting: line too long
        view_suborg = request.user.has_view_suborganization_portfolio_permission(portfolio)
        edit_suborg = request.user.has_edit_suborganization_portfolio_permission(portfolio)
        if portfolio:
            return {
-                "has_base_portfolio_permission": request.user.has_base_portfolio_permission(portfolio),
+                "has_view_portfolio_permission": request.user.has_view_portfolio_permission(portfolio),
                "has_edit_portfolio_permission": request.user.has_edit_portfolio_permission(portfolio),
                "has_edit_request_portfolio_permission": request.user.has_edit_request_portfolio_permission(portfolio),
                "has_view_suborganization_portfolio_permission": view_suborg,
                "has_edit_suborganization_portfolio_permission": edit_suborg,
                "has_any_domains_portfolio_permission": request.user.has_any_domains_portfolio_permission(portfolio),
                "has_any_requests_portfolio_permission": request.user.has_any_requests_portfolio_permission(portfolio),
                "has_view_members_portfolio_permission": request.user.has_view_members_portfolio_permission(portfolio),
--- a/src/registrar/fixtures/fixtures_domains.py
+++ b/src/registrar/fixtures/fixtures_domains.py
@ -3,7 +3,6 @@ from django.utils import timezone
 import logging
 import random
 from faker import Faker
 from django.db import transaction
 from registrar.fixtures.fixtures_requests import DomainRequestFixture
 from registrar.fixtures.fixtures_users import UserFixture
@ -29,19 +28,18 @@ class DomainFixture(DomainRequestFixture):
    def load(cls):
        # Lumped under .atomic to ensure we don't make redundant DB calls.
        # This bundles them all together, and then saves it in a single call.
-        with transaction.atomic():
+        try:
-            try:
+            # Get the usernames of users created in the UserFixture
-                # Get the usernames of users created in the UserFixture
+            created_usernames = [user_data["username"] for user_data in UserFixture.ADMINS + UserFixture.STAFF]
                created_usernames = [user_data["username"] for user_data in UserFixture.ADMINS + UserFixture.STAFF]
-                # Filter users to only include those created by the fixture
+            # Filter users to only include those created by the fixture
-                users = list(User.objects.filter(username__in=created_usernames))
+            users = list(User.objects.filter(username__in=created_usernames))
-            except Exception as e:
+        except Exception as e:
-                logger.warning(e)
+            logger.warning(e)
-                return
+            return
-            # Approve each user associated with `in review` status domains
+        # Approve each user associated with `in review` status domains
-            cls._approve_domain_requests(users)
+        cls._approve_domain_requests(users)
    @staticmethod
    def _generate_fake_expiration_date(days_in_future=365):
--- a/src/registrar/fixtures/fixtures_portfolios.py
+++ b/src/registrar/fixtures/fixtures_portfolios.py
@ -1,7 +1,6 @@
 import logging
 import random
 from faker import Faker
 from django.db import transaction
 from registrar.models import User, DomainRequest, FederalAgency
 from registrar.models.portfolio import Portfolio
@ -84,42 +83,38 @@ class PortfolioFixture:
    def load(cls):
        """Creates portfolios."""
        logger.info("Going to load %s portfolios" % len(cls.PORTFOLIOS))
        try:
            user = User.objects.all().last()
        except Exception as e:
            logger.warning(e)
            return
-        # Lumped under .atomic to ensure we don't make redundant DB calls.
+        portfolios_to_create = []
-        # This bundles them all together, and then saves it in a single call.
+        for portfolio_data in cls.PORTFOLIOS:
-        with transaction.atomic():
+            organization_name = portfolio_data["organization_name"]
            # Check if portfolio with the organization name already exists
            if Portfolio.objects.filter(organization_name=organization_name).exists():
                logger.info(
                    f"Portfolio with organization name '{organization_name}' already exists, skipping creation."
                )
                continue
        try:
            portfolio = Portfolio(
                creator=user,
                organization_name=portfolio_data["organization_name"],
            )
            cls._set_non_foreign_key_fields(portfolio, portfolio_data)
            cls._set_foreign_key_fields(portfolio, portfolio_data, user)
            portfolios_to_create.append(portfolio)
        except Exception as e:
            logger.warning(e)
        # Bulk create portfolios
        if len(portfolios_to_create) > 0:
            try:
-                user = User.objects.all().last()
+                Portfolio.objects.bulk_create(portfolios_to_create)
                logger.info(f"Successfully created {len(portfolios_to_create)} portfolios")
            except Exception as e:
-                logger.warning(e)
+                logger.warning(f"Error bulk creating portfolios: {e}")
                return
            portfolios_to_create = []
            for portfolio_data in cls.PORTFOLIOS:
                organization_name = portfolio_data["organization_name"]
                # Check if portfolio with the organization name already exists
                if Portfolio.objects.filter(organization_name=organization_name).exists():
                    logger.info(
                        f"Portfolio with organization name '{organization_name}' already exists, skipping creation."
                    )
                    continue
                try:
                    portfolio = Portfolio(
                        creator=user,
                        organization_name=portfolio_data["organization_name"],
                    )
                    cls._set_non_foreign_key_fields(portfolio, portfolio_data)
                    cls._set_foreign_key_fields(portfolio, portfolio_data, user)
                    portfolios_to_create.append(portfolio)
                except Exception as e:
                    logger.warning(e)
            # Bulk create domain requests
            if len(portfolios_to_create) > 0:
                try:
                    Portfolio.objects.bulk_create(portfolios_to_create)
                    logger.info(f"Successfully created {len(portfolios_to_create)} portfolios")
                except Exception as e:
                    logger.warning(f"Error bulk creating portfolios: {e}")
--- a/src/registrar/fixtures/fixtures_requests.py
+++ b/src/registrar/fixtures/fixtures_requests.py
@ -3,7 +3,6 @@ from django.utils import timezone
 import logging
 import random
 from faker import Faker
 from django.db import transaction
 from registrar.fixtures.fixtures_portfolios import PortfolioFixture
 from registrar.fixtures.fixtures_suborganizations import SuborganizationFixture
@ -303,24 +302,17 @@ class DomainRequestFixture:
    def load(cls):
        """Creates domain requests for each user in the database."""
        logger.info("Going to load %s domain requests" % len(cls.DOMAINREQUESTS))
        try:
            # Get the usernames of users created in the UserFixture
            created_usernames = [user_data["username"] for user_data in UserFixture.ADMINS + UserFixture.STAFF]
-        # Lumped under .atomic to ensure we don't make redundant DB calls.
+            # Filter users to only include those created by the fixture
-        # This bundles them all together, and then saves it in a single call.
+            users = list(User.objects.filter(username__in=created_usernames))
-        # The atomic block will cause the code to stop executing if one instance in the
+        except Exception as e:
-        # nested iteration fails, which will cause an early exit and make it hard to debug.
+            logger.warning(e)
-        # Comment out with transaction.atomic() when debugging.
+            return
        with transaction.atomic():
            try:
                # Get the usernames of users created in the UserFixture
                created_usernames = [user_data["username"] for user_data in UserFixture.ADMINS + UserFixture.STAFF]
-                # Filter users to only include those created by the fixture
+        cls._create_domain_requests(users)
                users = list(User.objects.filter(username__in=created_usernames))
            except Exception as e:
                logger.warning(e)
                return
            cls._create_domain_requests(users)
    @classmethod
    def _create_domain_requests(cls, users):  # noqa: C901
--- a/src/registrar/fixtures/fixtures_suborganizations.py
+++ b/src/registrar/fixtures/fixtures_suborganizations.py
@ -1,6 +1,5 @@
 import logging
 from faker import Faker
 from django.db import transaction
 from registrar.models.portfolio import Portfolio
 from registrar.models.suborganization import Suborganization
@ -34,14 +33,12 @@ class SuborganizationFixture:
    def load(cls):
        """Creates suborganizations."""
        logger.info(f"Going to load {len(cls.SUBORGS)} suborgs")
        portfolios = cls._get_portfolios()
        if not portfolios:
            return
-        with transaction.atomic():
+        suborgs_to_create = cls._prepare_suborgs_to_create(portfolios)
-            portfolios = cls._get_portfolios()
+        cls._bulk_create_suborgs(suborgs_to_create)
            if not portfolios:
                return
            suborgs_to_create = cls._prepare_suborgs_to_create(portfolios)
            cls._bulk_create_suborgs(suborgs_to_create)
    @classmethod
    def _get_portfolios(cls):
--- a/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
+++ b/src/registrar/fixtures/fixtures_user_portfolio_permissions.py
@ -1,7 +1,6 @@
 import logging
 import random
 from faker import Faker
 from django.db import transaction
 from registrar.fixtures.fixtures_portfolios import PortfolioFixture
 from registrar.fixtures.fixtures_users import UserFixture
@ -26,56 +25,55 @@ class UserPortfolioPermissionFixture:
        # Lumped under .atomic to ensure we don't make redundant DB calls.
        # This bundles them all together, and then saves it in a single call.
-        with transaction.atomic():
+        try:
-            try:
+            # Get the usernames of users created in the UserFixture
-                # Get the usernames of users created in the UserFixture
+            created_usernames = [user_data["username"] for user_data in UserFixture.ADMINS + UserFixture.STAFF]
                created_usernames = [user_data["username"] for user_data in UserFixture.ADMINS + UserFixture.STAFF]
-                # Filter users to only include those created by the fixture
+            # Filter users to only include those created by the fixture
-                users = list(User.objects.filter(username__in=created_usernames))
+            users = list(User.objects.filter(username__in=created_usernames))
-                organization_names = [portfolio["organization_name"] for portfolio in PortfolioFixture.PORTFOLIOS]
+            organization_names = [portfolio["organization_name"] for portfolio in PortfolioFixture.PORTFOLIOS]
-                portfolios = list(Portfolio.objects.filter(organization_name__in=organization_names))
+            portfolios = list(Portfolio.objects.filter(organization_name__in=organization_names))
-                if not users:
+            if not users:
-                    logger.warning("User fixtures missing.")
+                logger.warning("User fixtures missing.")
                    return
                if not portfolios:
                    logger.warning("Portfolio fixtures missing.")
                    return
            except Exception as e:
                logger.warning(e)
                return
-            user_portfolio_permissions_to_create = []
+            if not portfolios:
-            for user in users:
+                logger.warning("Portfolio fixtures missing.")
-                # Assign a random portfolio to a user
+                return
                portfolio = random.choice(portfolios)  # nosec
                try:
                    if not UserPortfolioPermission.objects.filter(user=user, portfolio=portfolio).exists():
                        user_portfolio_permission = UserPortfolioPermission(
                            user=user,
                            portfolio=portfolio,
                            roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
                            additional_permissions=[
                                UserPortfolioPermissionChoices.EDIT_MEMBERS,
                                UserPortfolioPermissionChoices.EDIT_REQUESTS,
                            ],
                        )
                        user_portfolio_permissions_to_create.append(user_portfolio_permission)
                    else:
                        logger.info(
                            f"Permission exists for user '{user.username}' "
                            f"on portfolio '{portfolio.organization_name}'."
                        )
                except Exception as e:
                    logger.warning(e)
-            # Bulk create permissions
+        except Exception as e:
-            cls._bulk_create_permissions(user_portfolio_permissions_to_create)
+            logger.warning(e)
            return
        user_portfolio_permissions_to_create = []
        for user in users:
            # Assign a random portfolio to a user
            portfolio = random.choice(portfolios)  # nosec
            try:
                if not UserPortfolioPermission.objects.filter(user=user, portfolio=portfolio).exists():
                    user_portfolio_permission = UserPortfolioPermission(
                        user=user,
                        portfolio=portfolio,
                        roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
                        additional_permissions=[
                            UserPortfolioPermissionChoices.EDIT_MEMBERS,
                            UserPortfolioPermissionChoices.EDIT_REQUESTS,
                        ],
                    )
                    user_portfolio_permissions_to_create.append(user_portfolio_permission)
                else:
                    logger.info(
                        f"Permission exists for user '{user.username}' "
                        f"on portfolio '{portfolio.organization_name}'."
                    )
            except Exception as e:
                logger.warning(e)
        # Bulk create permissions
        cls._bulk_create_permissions(user_portfolio_permissions_to_create)
    @classmethod
    def _bulk_create_permissions(cls, user_portfolio_permissions_to_create):
--- a/src/registrar/fixtures/fixtures_users.py
+++ b/src/registrar/fixtures/fixtures_users.py
@ -1,6 +1,5 @@
 import logging
 from faker import Faker
 from django.db import transaction
 from registrar.models import (
    User,
@ -455,10 +454,9 @@ class UserFixture:
    @classmethod
    def load(cls):
-        with transaction.atomic():
+        cls.load_users(cls.ADMINS, "full_access_group", are_superusers=True)
-            cls.load_users(cls.ADMINS, "full_access_group", are_superusers=True)
+        cls.load_users(cls.STAFF, "cisa_analysts_group")
            cls.load_users(cls.STAFF, "cisa_analysts_group")
-            # Combine ADMINS and STAFF lists
+        # Combine ADMINS and STAFF lists
-            all_users = cls.ADMINS + cls.STAFF
+        all_users = cls.ADMINS + cls.STAFF
-            cls.load_allowed_emails(cls, all_users, additional_emails=cls.ADDITIONAL_ALLOWED_EMAILS)
+        cls.load_allowed_emails(cls, all_users, additional_emails=cls.ADDITIONAL_ALLOWED_EMAILS)
--- a/src/registrar/forms/portfolio.py
+++ b/src/registrar/forms/portfolio.py
@ -312,6 +312,32 @@ class BasePortfolioMemberForm(forms.ModelForm):
            self.initial["domain_permissions"] = selected_domain_permission
            self.initial["member_permissions"] = selected_member_permission
    def is_change_from_member_to_admin(self) -> bool:
        """
        Checks if the roles have changed from not containing ORGANIZATION_ADMIN
        to containing ORGANIZATION_ADMIN.
        """
        previous_roles = set(self.initial.get("roles", []))  # Initial roles before change
        new_roles = set(self.cleaned_data.get("roles", []))  # New roles after change
        return (
            UserPortfolioRoleChoices.ORGANIZATION_ADMIN not in previous_roles
            and UserPortfolioRoleChoices.ORGANIZATION_ADMIN in new_roles
        )
    def is_change_from_admin_to_member(self) -> bool:
        """
        Checks if the roles have changed from containing ORGANIZATION_ADMIN
        to not containing ORGANIZATION_ADMIN.
        """
        previous_roles = set(self.initial.get("roles", []))  # Initial roles before change
        new_roles = set(self.cleaned_data.get("roles", []))  # New roles after change
        return (
            UserPortfolioRoleChoices.ORGANIZATION_ADMIN in previous_roles
            and UserPortfolioRoleChoices.ORGANIZATION_ADMIN not in new_roles
        )
 class PortfolioMemberForm(BasePortfolioMemberForm):
    """
--- a/src/registrar/management/commands/remove_unused_portfolios.py
+++ b/src/registrar/management/commands/remove_unused_portfolios.py
@ -149,9 +149,9 @@ class Command(BaseCommand):
                )
                return
-        with transaction.atomic():
+        # Try to delete the portfolios
-            # Try to delete the portfolios
+        try:
-            try:
+            with transaction.atomic():
                summary = []
                for portfolio in portfolios_to_delete:
                    portfolio_summary = [f"---- CASCADE SUMMARY for {portfolio.organization_name} -----"]
@ -222,14 +222,14 @@ class Command(BaseCommand):
                    """
                )
-            except IntegrityError as e:
+        except IntegrityError as e:
-                logger.info(
+            logger.info(
-                    f"""{TerminalColors.FAIL}
+                f"""{TerminalColors.FAIL}
-                    Could not delete some portfolios due to integrity constraints:
+                Could not delete some portfolios due to integrity constraints:
-                    {e}
+                {e}
-                    {TerminalColors.ENDC}
+                {TerminalColors.ENDC}
-                    """
+                """
-                )
+            )
    def handle(self, *args, **options):
        # Get all Portfolio entries not in the allowed portfolios list
--- a/src/registrar/migrations/0140_alter_portfolioinvitation_additional_permissions_and_more.py
+++ b/src/registrar/migrations/0140_alter_portfolioinvitation_additional_permissions_and_more.py
@ -0,0 +1,60 @@
 # Generated by Django 4.2.10 on 2025-02-04 11:18
 import django.contrib.postgres.fields
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ("registrar", "0139_alter_domainrequest_action_needed_reason"),
    ]
    operations = [
        migrations.AlterField(
            model_name="portfolioinvitation",
            name="additional_permissions",
            field=django.contrib.postgres.fields.ArrayField(
                base_field=models.CharField(
                    choices=[
                        ("view_all_domains", "View all domains and domain reports"),
                        ("view_managed_domains", "View managed domains"),
                        ("view_members", "View members"),
                        ("edit_members", "Create and edit members"),
                        ("view_all_requests", "View all requests"),
                        ("edit_requests", "Create and edit requests"),
                        ("view_portfolio", "View organization"),
                        ("edit_portfolio", "Edit organization"),
                    ],
                    max_length=50,
                ),
                blank=True,
                help_text="Select one or more additional permissions.",
                null=True,
                size=None,
            ),
        ),
        migrations.AlterField(
            model_name="userportfoliopermission",
            name="additional_permissions",
            field=django.contrib.postgres.fields.ArrayField(
                base_field=models.CharField(
                    choices=[
                        ("view_all_domains", "View all domains and domain reports"),
                        ("view_managed_domains", "View managed domains"),
                        ("view_members", "View members"),
                        ("edit_members", "Create and edit members"),
                        ("view_all_requests", "View all requests"),
                        ("edit_requests", "Create and edit requests"),
                        ("view_portfolio", "View organization"),
                        ("edit_portfolio", "Edit organization"),
                    ],
                    max_length=50,
                ),
                blank=True,
                help_text="Select one or more additional permissions.",
                null=True,
                size=None,
            ),
        ),
    ]
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@ -9,6 +9,7 @@ from django_fsm import FSMField, transition, TransitionNotAllowed  # type: ignor
 from django.db import models, IntegrityError
 from django.utils import timezone
 from typing import Any
 from registrar.models.domain_invitation import DomainInvitation
 from registrar.models.host import Host
 from registrar.models.host_ip import HostIP
 from registrar.utility.enums import DefaultEmail
@ -1177,6 +1178,10 @@ class Domain(TimeStampedModel, DomainHelper):
            return "DNS needed"
        return self.state.capitalize()
    def active_invitations(self):
        """Returns only the active invitations (those with status 'invited')."""
        return self.invitations.filter(status=DomainInvitation.DomainInvitationStatus.INVITED)
    def map_epp_contact_to_public_contact(self, contact: eppInfo.InfoContactResultData, contact_id, contact_type):
        """Maps the Epp contact representation to a PublicContact object.
--- a/src/registrar/models/domain_request.py
+++ b/src/registrar/models/domain_request.py
@ -946,7 +946,7 @@ class DomainRequest(TimeStampedModel):
        try:
            if not context:
                has_organization_feature_flag = flag_is_active_for_user(recipient, "organization_feature")
-                is_org_user = has_organization_feature_flag and recipient.has_base_portfolio_permission(self.portfolio)
+                is_org_user = has_organization_feature_flag and recipient.has_view_portfolio_permission(self.portfolio)
                context = {
                    "domain_request": self,
                    # This is the user that we refer to in the email
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@ -210,10 +210,10 @@ class User(AbstractUser):
        return portfolio_permission in user_portfolio_perms._get_portfolio_permissions()
-    def has_base_portfolio_permission(self, portfolio):
+    def has_view_portfolio_permission(self, portfolio):
        return self._has_portfolio_permission(portfolio, UserPortfolioPermissionChoices.VIEW_PORTFOLIO)
-    def has_edit_org_portfolio_permission(self, portfolio):
+    def has_edit_portfolio_permission(self, portfolio):
        return self._has_portfolio_permission(portfolio, UserPortfolioPermissionChoices.EDIT_PORTFOLIO)
    def has_any_domains_portfolio_permission(self, portfolio):
@ -268,13 +268,6 @@ class User(AbstractUser):
    def has_edit_request_portfolio_permission(self, portfolio):
        return self._has_portfolio_permission(portfolio, UserPortfolioPermissionChoices.EDIT_REQUESTS)
    # Field specific permission checks
    def has_view_suborganization_portfolio_permission(self, portfolio):
        return self._has_portfolio_permission(portfolio, UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION)
    def has_edit_suborganization_portfolio_permission(self, portfolio):
        return self._has_portfolio_permission(portfolio, UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION)
    def is_portfolio_admin(self, portfolio):
        return "Admin" in self.portfolio_role_summary(portfolio)
@ -293,7 +286,7 @@ class User(AbstractUser):
        # Define the conditions and their corresponding roles
        conditions_roles = [
-            (self.has_edit_suborganization_portfolio_permission(portfolio), ["Admin"]),
+            (self.has_edit_portfolio_permission(portfolio), ["Admin"]),
            (
                self.has_view_all_domains_portfolio_permission(portfolio)
                and self.has_any_requests_portfolio_permission(portfolio)
@ -306,20 +299,20 @@ class User(AbstractUser):
                ["View-only admin"],
            ),
            (
-                self.has_base_portfolio_permission(portfolio)
+                self.has_view_portfolio_permission(portfolio)
                and self.has_edit_request_portfolio_permission(portfolio)
                and self.has_any_domains_portfolio_permission(portfolio),
                ["Domain requestor", "Domain manager"],
            ),
            (
-                self.has_base_portfolio_permission(portfolio) and self.has_edit_request_portfolio_permission(portfolio),
+                self.has_view_portfolio_permission(portfolio) and self.has_edit_request_portfolio_permission(portfolio),
                ["Domain requestor"],
            ),
            (
-                self.has_base_portfolio_permission(portfolio) and self.has_any_domains_portfolio_permission(portfolio),
+                self.has_view_portfolio_permission(portfolio) and self.has_any_domains_portfolio_permission(portfolio),
                ["Domain manager"],
            ),
-            (self.has_base_portfolio_permission(portfolio), ["Member"]),
+            (self.has_view_portfolio_permission(portfolio), ["Member"]),
        ]
        # Evaluate conditions and add roles
@ -477,7 +470,7 @@ class User(AbstractUser):
    def is_org_user(self, request):
        has_organization_feature_flag = flag_is_active(request, "organization_feature")
        portfolio = request.session.get("portfolio")
-        return has_organization_feature_flag and self.has_base_portfolio_permission(portfolio)
+        return has_organization_feature_flag and self.has_view_portfolio_permission(portfolio)
    def get_user_domain_ids(self, request):
        """Returns either the domains ids associated with this user on UserDomainRole or Portfolio"""
--- a/src/registrar/models/user_portfolio_permission.py
+++ b/src/registrar/models/user_portfolio_permission.py
@ -27,13 +27,10 @@ class UserPortfolioPermission(TimeStampedModel):
            UserPortfolioPermissionChoices.EDIT_MEMBERS,
            UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
            UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
            UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION,
            UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION,
        ],
        # NOTE: Check FORBIDDEN_PORTFOLIO_ROLE_PERMISSIONS before adding roles here.
        UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
            UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
            UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION,
        ],
    }
@ -43,7 +40,6 @@ class UserPortfolioPermission(TimeStampedModel):
        UserPortfolioRoleChoices.ORGANIZATION_MEMBER: [
            UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
            UserPortfolioPermissionChoices.EDIT_MEMBERS,
            UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION,
        ],
    }
--- a/src/registrar/models/utility/portfolio_helper.py
+++ b/src/registrar/models/utility/portfolio_helper.py
@ -1,5 +1,6 @@
 from registrar.utility import StrEnum
 from django.db import models
 from django.db.models import Q
 from django.apps import apps
 from django.forms import ValidationError
 from registrar.utility.waffle import flag_is_active_for_user
@ -41,10 +42,6 @@ class UserPortfolioPermissionChoices(models.TextChoices):
    VIEW_PORTFOLIO = "view_portfolio", "View organization"
    EDIT_PORTFOLIO = "edit_portfolio", "Edit organization"
    # Domain: field specific permissions
    VIEW_SUBORGANIZATION = "view_suborganization", "View suborganization"
    EDIT_SUBORGANIZATION = "edit_suborganization", "Edit suborganization"
    @classmethod
    def get_user_portfolio_permission_label(cls, user_portfolio_permission):
        return cls(user_portfolio_permission).label if user_portfolio_permission else None
@ -136,9 +133,10 @@ def validate_user_portfolio_permission(user_portfolio_permission):
                "Based on current waffle flag settings, users cannot be assigned to multiple portfolios."
            )
-        existing_invitations = PortfolioInvitation.objects.exclude(
+        existing_invitations = PortfolioInvitation.objects.filter(email=user_portfolio_permission.user.email).exclude(
-            portfolio=user_portfolio_permission.portfolio
+            Q(portfolio=user_portfolio_permission.portfolio)
-        ).filter(email=user_portfolio_permission.user.email)
+            | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
        )
        if existing_invitations.exists():
            raise ValidationError(
                "This user is already assigned to a portfolio invitation. "
@ -195,8 +193,8 @@ def validate_portfolio_invitation(portfolio_invitation):
    if not flag_is_active_for_user(user, "multiple_portfolios"):
        existing_permissions = UserPortfolioPermission.objects.filter(user=user)
-        existing_invitations = PortfolioInvitation.objects.exclude(id=portfolio_invitation.id).filter(
+        existing_invitations = PortfolioInvitation.objects.filter(email=portfolio_invitation.email).exclude(
-            email=portfolio_invitation.email
+            Q(id=portfolio_invitation.id) | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
        )
        if existing_permissions.exists():
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@ -103,12 +103,12 @@
    {% endif %}
    {% if portfolio %}
-      {% if has_any_domains_portfolio_permission and has_edit_suborganization_portfolio_permission %}
+      {% if has_any_domains_portfolio_permission and has_edit_portfolio_permission %}
        {% url 'domain-suborganization' pk=domain.id as url %}
-        {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable|and:has_edit_suborganization_portfolio_permission %}
+        {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable|and:has_edit_portfolio_permission %}
-    {% elif has_any_domains_portfolio_permission and has_view_suborganization_portfolio_permission %}
+    {% elif has_any_domains_portfolio_permission and has_view_portfolio_permission %}
        {% url 'domain-suborganization' pk=domain.id as url %}
-        {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable|and:has_view_suborganization_portfolio_permission view_button=True %}
+        {% include "includes/summary_item.html" with title='Suborganization' value=domain.domain_info.sub_organization edit_link=url editable=is_editable|and:has_view_portfolio_permission view_button=True %}
        {% endif %}
    {% else %}
      {% url 'domain-org-name-address' pk=domain.id as url %}
--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@ -61,7 +61,7 @@
      {% if portfolio %}
          {% comment %} Only show this menu option if the user has the perms to do so {% endcomment %}
-          {% if has_any_domains_portfolio_permission and has_view_suborganization_portfolio_permission %}
+          {% if has_any_domains_portfolio_permission and has_view_portfolio_permission %}
            {% with url_name="domain-suborganization" %}
              {% include "includes/domain_sidenav_item.html" with item_text="Suborganization" %}
            {% endwith %}
--- a/src/registrar/templates/domain_suborganization.html
+++ b/src/registrar/templates/domain_suborganization.html
@ -39,7 +39,7 @@
        please contact <a href="mailto:help@get.gov" class="usa-link">help@get.gov</a>.
    </p>
-    {% if has_any_domains_portfolio_permission and has_edit_suborganization_portfolio_permission %}
+    {% if has_any_domains_portfolio_permission and has_edit_portfolio_permission %}
        <form class="usa-form usa-form--large" method="post" novalidate id="form-container">
            {% csrf_token %}
            {% input_with_errors form.sub_organization %}
--- a/src/registrar/templates/emails/portfolio_admin_addition_notification.txt
+++ b/src/registrar/templates/emails/portfolio_admin_addition_notification.txt
@ -0,0 +1,40 @@
 {% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
 Hi,{% if portfolio_admin and portfolio_admin.first_name %} {{ portfolio_admin.first_name }}.{% endif %}
 An admin was invited to your .gov organization.
 ORGANIZATION: {{ portfolio.organization_name }} 
 INVITED BY: {{ requestor_email }}
 INVITED ON: {{date}}
 ADMIN INVITED: {{ invited_email_address }}
 ----------------------------------------------------------------
 NEXT STEPS
 The person who received the invitation will become an admin once they log in to the
 .gov registrar. They'll need to access the registrar using a Login.gov account that's
 associated with the invited email address.
 If you need to cancel this invitation or remove the admin, you can do that by going to 
 the Members section for your organization <https://manage.get.gov/>.
 WHY DID YOU RECEIVE THIS EMAIL? 
 You’re listed as an admin for {{ portfolio.organization_name }}. That means you'll receive a notification
 whenever a new admin is invited to that organization.
 If you have questions or concerns, reach out to the person who sent the invitation or reply to this email.
 THANK YOU
 .Gov helps the public identify official, trusted information. Thank you for using a .gov domain.
 ----------------------------------------------------------------
 The .gov team
 Contact us: <https://get.gov/contact/>
 Learn about .gov <https://get.gov>
 The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency
 (CISA) <https://cisa.gov/>
 {% endautoescape %}
--- a/src/registrar/templates/emails/portfolio_admin_addition_notification_subject.txt
+++ b/src/registrar/templates/emails/portfolio_admin_addition_notification_subject.txt
@ -0,0 +1 @@
 An admin was invited to your .gov organization
--- a/src/registrar/templates/emails/portfolio_admin_removal_notification.txt
+++ b/src/registrar/templates/emails/portfolio_admin_removal_notification.txt
@ -0,0 +1,33 @@
 {% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
 Hi,{% if portfolio_admin and portfolio_admin.first_name %} {{ portfolio_admin.first_name }}.{% endif %}
 An admin was removed from your .gov organization.
 ORGANIZATION: {{ portfolio.organization_name }} 
 REMOVED BY: {{ requestor_email }}
 REMOVED ON: {{date}}
 ADMIN REMOVED: {{ removed_email_address }}
 You can view this update by going to the Members section for your .gov organization <https://manage.get.gov/>.
 ----------------------------------------------------------------
 WHY DID YOU RECEIVE THIS EMAIL? 
 You’re listed as an admin for {{ portfolio.organization_name }}. That means you'll receive a notification
 whenever an admin is removed from that organization.
 If you have questions or concerns, reach out to the person who removed the admin or reply to this email.
 THANK YOU
 .Gov helps the public identify official, trusted information. Thank you for using a .gov domain.
 ----------------------------------------------------------------
 The .gov team
 Contact us: <https://get.gov/contact/>
 Learn about .gov <https://get.gov>
 The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency
 (CISA) <https://cisa.gov/>
 {% endautoescape %}
--- a/src/registrar/templates/emails/portfolio_admin_removal_notification_subject.txt
+++ b/src/registrar/templates/emails/portfolio_admin_removal_notification_subject.txt
@ -0,0 +1 @@
 An admin was removed from your .gov organization
--- a/src/registrar/templates/includes/domains_table.html
+++ b/src/registrar/templates/includes/domains_table.html
@ -208,7 +208,7 @@
          <th data-sortable="name" scope="col" role="columnheader">Domain name</th>
          <th data-sortable="expiration_date" scope="col" role="columnheader">Expires</th>
          <th data-sortable="state_display" scope="col" role="columnheader">Status</th>
-          {% if portfolio and has_view_suborganization_portfolio_permission %}
+          {% if portfolio and has_view_portfolio_permission %}
            <th data-sortable="domain_info__sub_organization" scope="col" role="columnheader">Suborganization</th>
          {% endif %}
          <th 
--- a/src/registrar/templates/includes/summary_item.html
+++ b/src/registrar/templates/includes/summary_item.html
@ -113,10 +113,10 @@
            </ul>
          {% endif %}
        {% endif %}
-        {% if value.invitations.all %}
+        {% if value.active_invitations.all %}
          <h4 class="margin-bottom-05">Invited domain managers</h4>
          <ul class="usa-list usa-list--unstyled margin-top-0">
-          {% for item in value.invitations.all %}
+          {% for item in value.active_invitations.all %}
            <li>{{ item.email }}</li>
          {% endfor %}
          </ul>
--- a/src/registrar/templates/portfolio_organization.html
+++ b/src/registrar/templates/portfolio_organization.html
@ -28,7 +28,7 @@
        <p>The name of your organization will be publicly listed as the domain registrant.</p>
-        {% if has_edit_org_portfolio_permission %}
+        {% if has_edit_portfolio_permission %}
            <p>
                Your organization name can’t be updated here.
                To suggest an update, email <a href="mailto:help@get.gov" class="usa-link">help@get.gov</a>.
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@ -254,6 +254,7 @@ class TestDomainInvitationAdmin(TestCase):
            email="test@example.com",
            requestor=self.superuser,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        # Assert success message
@ -504,6 +505,7 @@ class TestDomainInvitationAdmin(TestCase):
            email="test@example.com",
            requestor=self.superuser,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        # Assert retrieve on domain invite only was called
@ -567,6 +569,7 @@ class TestDomainInvitationAdmin(TestCase):
            email="test@example.com",
            requestor=self.superuser,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        # Assert retrieve on domain invite only was called
@ -693,6 +696,7 @@ class TestDomainInvitationAdmin(TestCase):
            email="nonexistent@example.com",
            requestor=self.superuser,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        # Assert retrieve was not called
@ -918,6 +922,7 @@ class TestDomainInvitationAdmin(TestCase):
            email="nonexistent@example.com",
            requestor=self.superuser,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        # Assert retrieve on domain invite only was called
@ -979,6 +984,7 @@ class TestDomainInvitationAdmin(TestCase):
            email="nonexistent@example.com",
            requestor=self.superuser,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        # Assert retrieve on domain invite only was called
@ -1204,7 +1210,7 @@ class TestPortfolioInvitationAdmin(TestCase):
    @less_console_noise_decorator
    @patch("registrar.admin.send_portfolio_invitation_email")
-    @patch("django.contrib.messages.success")  # Mock the `messages.warning` call
+    @patch("django.contrib.messages.success")  # Mock the `messages.success` call
    def test_save_sends_email(self, mock_messages_success, mock_send_email):
        """On save_model, an email is sent if an invitation already exists."""
@ -1455,6 +1461,94 @@ class TestPortfolioInvitationAdmin(TestCase):
        # Assert that messages.error was called with the correct message
        mock_messages_error.assert_called_once_with(request, "Could not send email invitation.")
    @less_console_noise_decorator
    @patch("registrar.admin.send_portfolio_admin_addition_emails")
    def test_save_existing_sends_email_notification(self, mock_send_email):
        """On save_model to an existing invitation, an email is set to notify existing
        admins, if the invitation changes from member to admin."""
        # Create an instance of the admin class
        admin_instance = PortfolioInvitationAdmin(PortfolioInvitation, admin_site=None)
        # Mock the response value of the email send
        mock_send_email.return_value = True
        # Create and save a PortfolioInvitation instance
        portfolio_invitation = PortfolioInvitation.objects.create(
            email="james.gordon@gotham.gov",
            portfolio=self.portfolio,
            roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],  # Initially NOT an admin
            status=PortfolioInvitation.PortfolioInvitationStatus.INVITED,  # Must be "INVITED"
        )
        # Create a request object
        request = self.factory.post(f"/admin/registrar/PortfolioInvitation/{portfolio_invitation.pk}/change/")
        request.user = self.superuser
        # Change roles from MEMBER to ADMIN
        portfolio_invitation.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        # Call the save_model method
        admin_instance.save_model(request, portfolio_invitation, None, True)
        # Assert that send_portfolio_admin_addition_emails is called
        mock_send_email.assert_called_once()
        # Get the arguments passed to send_portfolio_admin_addition_emails
        _, called_kwargs = mock_send_email.call_args
        # Assert the email content
        self.assertEqual(called_kwargs["email"], "james.gordon@gotham.gov")
        self.assertEqual(called_kwargs["requestor"], self.superuser)
        self.assertEqual(called_kwargs["portfolio"], self.portfolio)
    @less_console_noise_decorator
    @patch("registrar.admin.send_portfolio_admin_addition_emails")
    @patch("django.contrib.messages.warning")  # Mock the `messages.warning` call
    def test_save_existing_email_notification_warning(self, mock_messages_warning, mock_send_email):
        """On save_model for an existing invitation, a warning is displayed if method to
        send email to notify admins returns False."""
        # Create an instance of the admin class
        admin_instance = PortfolioInvitationAdmin(PortfolioInvitation, admin_site=None)
        # Mock the response value of the email send
        mock_send_email.return_value = False
        # Create and save a PortfolioInvitation instance
        portfolio_invitation = PortfolioInvitation.objects.create(
            email="james.gordon@gotham.gov",
            portfolio=self.portfolio,
            roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],  # Initially NOT an admin
            status=PortfolioInvitation.PortfolioInvitationStatus.INVITED,  # Must be "INVITED"
        )
        # Create a request object
        request = self.factory.post(f"/admin/registrar/PortfolioInvitation/{portfolio_invitation.pk}/change/")
        request.user = self.superuser
        # Change roles from MEMBER to ADMIN
        portfolio_invitation.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        # Call the save_model method
        admin_instance.save_model(request, portfolio_invitation, None, True)
        # Assert that send_portfolio_admin_addition_emails is called
        mock_send_email.assert_called_once()
        # Get the arguments passed to send_portfolio_admin_addition_emails
        _, called_kwargs = mock_send_email.call_args
        # Assert the email content
        self.assertEqual(called_kwargs["email"], "james.gordon@gotham.gov")
        self.assertEqual(called_kwargs["requestor"], self.superuser)
        self.assertEqual(called_kwargs["portfolio"], self.portfolio)
        # Assert that messages.error was called with the correct message
        mock_messages_warning.assert_called_once_with(
            request, "Could not send email notification to existing organization admins."
        )
 class TestHostAdmin(TestCase):
    """Tests for the HostAdmin class as super user
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@ -2,12 +2,24 @@ import unittest
 from unittest.mock import patch, MagicMock
 from datetime import date
 from registrar.models.domain import Domain
 from registrar.models.portfolio import Portfolio
 from registrar.models.user import User
 from registrar.models.user_domain_role import UserDomainRole
 from registrar.models.user_portfolio_permission import UserPortfolioPermission
 from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
 from registrar.utility.email import EmailSendingError
-from registrar.utility.email_invitations import send_domain_invitation_email, send_emails_to_domain_managers
+from registrar.utility.email_invitations import (
    _send_portfolio_admin_addition_emails_to_portfolio_admins,
    _send_portfolio_admin_removal_emails_to_portfolio_admins,
    send_domain_invitation_email,
    send_emails_to_domain_managers,
    send_portfolio_admin_addition_emails,
    send_portfolio_admin_removal_emails,
    send_portfolio_invitation_email,
 )
 from api.tests.common import less_console_noise_decorator
 from registrar.utility.errors import MissingEmailError
 class DomainInvitationEmail(unittest.TestCase):
@ -16,9 +28,9 @@ class DomainInvitationEmail(unittest.TestCase):
    @patch("registrar.utility.email_invitations.send_templated_email")
    @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
    @patch("registrar.utility.email_invitations._validate_invitation")
-    @patch("registrar.utility.email_invitations.get_requestor_email")
+    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch("registrar.utility.email_invitations.send_invitation_email")
-    @patch("registrar.utility.email_invitations.normalize_domains")
+    @patch("registrar.utility.email_invitations._normalize_domains")
    def test_send_domain_invitation_email(
        self,
        mock_normalize_domains,
@ -58,7 +70,7 @@ class DomainInvitationEmail(unittest.TestCase):
        # Assertions
        mock_normalize_domains.assert_called_once_with(mock_domain)
-        mock_get_requestor_email.assert_called_once_with(mock_requestor, [mock_domain])
+        mock_get_requestor_email.assert_called_once_with(mock_requestor, domains=[mock_domain])
        mock_validate_invitation.assert_called_once_with(
            email, None, [mock_domain], mock_requestor, is_member_of_different_org
        )
@ -81,9 +93,9 @@ class DomainInvitationEmail(unittest.TestCase):
    @patch("registrar.utility.email_invitations.send_templated_email")
    @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
    @patch("registrar.utility.email_invitations._validate_invitation")
-    @patch("registrar.utility.email_invitations.get_requestor_email")
+    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch("registrar.utility.email_invitations.send_invitation_email")
-    @patch("registrar.utility.email_invitations.normalize_domains")
+    @patch("registrar.utility.email_invitations._normalize_domains")
    def test_send_domain_invitation_email_multiple_domains(
        self,
        mock_normalize_domains,
@ -137,7 +149,7 @@ class DomainInvitationEmail(unittest.TestCase):
        # Assertions
        mock_normalize_domains.assert_called_once_with([mock_domain1, mock_domain2])
-        mock_get_requestor_email.assert_called_once_with(mock_requestor, [mock_domain1, mock_domain2])
+        mock_get_requestor_email.assert_called_once_with(mock_requestor, domains=[mock_domain1, mock_domain2])
        mock_validate_invitation.assert_called_once_with(
            email, None, [mock_domain1, mock_domain2], mock_requestor, is_member_of_different_org
        )
@ -197,7 +209,7 @@ class DomainInvitationEmail(unittest.TestCase):
        mock_validate_invitation.assert_called_once()
    @less_console_noise_decorator
-    @patch("registrar.utility.email_invitations.get_requestor_email")
+    @patch("registrar.utility.email_invitations._get_requestor_email")
    def test_send_domain_invitation_email_raises_get_requestor_email_exception(self, mock_get_requestor_email):
        """Test sending domain invitation email for one domain and assert exception
        when get_requestor_email fails.
@ -217,9 +229,9 @@ class DomainInvitationEmail(unittest.TestCase):
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations._validate_invitation")
-    @patch("registrar.utility.email_invitations.get_requestor_email")
+    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch("registrar.utility.email_invitations.send_invitation_email")
-    @patch("registrar.utility.email_invitations.normalize_domains")
+    @patch("registrar.utility.email_invitations._normalize_domains")
    def test_send_domain_invitation_email_raises_sending_email_exception(
        self,
        mock_normalize_domains,
@ -258,7 +270,7 @@ class DomainInvitationEmail(unittest.TestCase):
        # Assertions
        mock_normalize_domains.assert_called_once_with(mock_domain)
-        mock_get_requestor_email.assert_called_once_with(mock_requestor, [mock_domain])
+        mock_get_requestor_email.assert_called_once_with(mock_requestor, domains=[mock_domain])
        mock_validate_invitation.assert_called_once_with(
            email, None, [mock_domain], mock_requestor, is_member_of_different_org
        )
@ -267,9 +279,9 @@ class DomainInvitationEmail(unittest.TestCase):
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.send_emails_to_domain_managers")
    @patch("registrar.utility.email_invitations._validate_invitation")
-    @patch("registrar.utility.email_invitations.get_requestor_email")
+    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch("registrar.utility.email_invitations.send_invitation_email")
-    @patch("registrar.utility.email_invitations.normalize_domains")
+    @patch("registrar.utility.email_invitations._normalize_domains")
    def test_send_domain_invitation_email_manager_emails_send_mail_exception(
        self,
        mock_normalize_domains,
@ -306,7 +318,7 @@ class DomainInvitationEmail(unittest.TestCase):
        # Assertions
        mock_normalize_domains.assert_called_once_with(mock_domain)
-        mock_get_requestor_email.assert_called_once_with(mock_requestor, [mock_domain])
+        mock_get_requestor_email.assert_called_once_with(mock_requestor, domains=[mock_domain])
        mock_validate_invitation.assert_called_once_with(
            email, None, [mock_domain], mock_requestor, is_member_of_different_org
        )
@ -469,3 +481,410 @@ class DomainInvitationEmail(unittest.TestCase):
                "date": date.today(),
            },
        )
 class PortfolioInvitationEmailTests(unittest.TestCase):
    def setUp(self):
        """Setup common test data for all test cases"""
        self.email = "invitee@example.com"
        self.requestor = MagicMock(name="User")
        self.requestor.email = "requestor@example.com"
        self.portfolio = MagicMock(name="Portfolio")
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.send_templated_email")
    def test_send_portfolio_invitation_email_success(self, mock_send_templated_email):
        """Test successful email sending"""
        is_admin_invitation = False
        result = send_portfolio_invitation_email(self.email, self.requestor, self.portfolio, is_admin_invitation)
        self.assertTrue(result)
        mock_send_templated_email.assert_called_once()
    @less_console_noise_decorator
    @patch(
        "registrar.utility.email_invitations.send_templated_email",
        side_effect=EmailSendingError("Failed to send email"),
    )
    def test_send_portfolio_invitation_email_failure(self, mock_send_templated_email):
        """Test failure when sending email"""
        is_admin_invitation = False
        with self.assertRaises(EmailSendingError) as context:
            send_portfolio_invitation_email(self.email, self.requestor, self.portfolio, is_admin_invitation)
        self.assertIn("Could not sent email invitation to", str(context.exception))
    @less_console_noise_decorator
    @patch(
        "registrar.utility.email_invitations._get_requestor_email",
        side_effect=MissingEmailError("Requestor has no email"),
    )
    @less_console_noise_decorator
    def test_send_portfolio_invitation_email_missing_requestor_email(self, mock_get_email):
        """Test when requestor has no email"""
        is_admin_invitation = False
        with self.assertRaises(MissingEmailError) as context:
            send_portfolio_invitation_email(self.email, self.requestor, self.portfolio, is_admin_invitation)
        self.assertIn(
            "Can't send invitation email. No email is associated with your user account.", str(context.exception)
        )
    @less_console_noise_decorator
    @patch(
        "registrar.utility.email_invitations._send_portfolio_admin_addition_emails_to_portfolio_admins",
        return_value=False,
    )
    @patch("registrar.utility.email_invitations.send_templated_email")
    def test_send_portfolio_invitation_email_admin_invitation(self, mock_send_templated_email, mock_admin_email):
        """Test admin invitation email logic"""
        is_admin_invitation = True
        result = send_portfolio_invitation_email(self.email, self.requestor, self.portfolio, is_admin_invitation)
        self.assertFalse(result)  # Admin email sending failed
        mock_send_templated_email.assert_called_once()
        mock_admin_email.assert_called_once()
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch("registrar.utility.email_invitations._send_portfolio_admin_addition_emails_to_portfolio_admins")
    def test_send_email_success(self, mock_send_admin_emails, mock_get_requestor_email):
        """Test successful sending of admin addition emails."""
        mock_get_requestor_email.return_value = "requestor@example.com"
        mock_send_admin_emails.return_value = True
        result = send_portfolio_admin_addition_emails(self.email, self.requestor, self.portfolio)
        mock_get_requestor_email.assert_called_once_with(self.requestor, portfolio=self.portfolio)
        mock_send_admin_emails.assert_called_once_with(self.email, "requestor@example.com", self.portfolio)
        self.assertTrue(result)
    @less_console_noise_decorator
    @patch(
        "registrar.utility.email_invitations._get_requestor_email",
        side_effect=MissingEmailError("Requestor email missing"),
    )
    def test_missing_requestor_email_raises_exception(self, mock_get_requestor_email):
        """Test exception raised if requestor email is missing."""
        with self.assertRaises(MissingEmailError):
            send_portfolio_admin_addition_emails(self.email, self.requestor, self.portfolio)
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch("registrar.utility.email_invitations._send_portfolio_admin_addition_emails_to_portfolio_admins")
    def test_send_email_failure(self, mock_send_admin_emails, mock_get_requestor_email):
        """Test handling of failure in sending admin addition emails."""
        mock_get_requestor_email.return_value = "requestor@example.com"
        mock_send_admin_emails.return_value = False  # Simulate failure
        result = send_portfolio_admin_addition_emails(self.email, self.requestor, self.portfolio)
        self.assertFalse(result)
        mock_get_requestor_email.assert_called_once_with(self.requestor, portfolio=self.portfolio)
        mock_send_admin_emails.assert_called_once_with(self.email, "requestor@example.com", self.portfolio)
 class SendPortfolioAdminAdditionEmailsTests(unittest.TestCase):
    """Unit tests for _send_portfolio_admin_addition_emails_to_portfolio_admins function."""
    def setUp(self):
        """Set up test data."""
        self.email = "new.admin@example.com"
        self.requestor_email = "requestor@example.com"
        self.portfolio = MagicMock(spec=Portfolio)
        self.portfolio.organization_name = "Test Organization"
        # Mock portfolio admin users
        self.admin_user1 = MagicMock(spec=User)
        self.admin_user1.email = "admin1@example.com"
        self.admin_user2 = MagicMock(spec=User)
        self.admin_user2.email = "admin2@example.com"
        self.portfolio_admin1 = MagicMock(spec=UserPortfolioPermission)
        self.portfolio_admin1.user = self.admin_user1
        self.portfolio_admin1.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        self.portfolio_admin2 = MagicMock(spec=UserPortfolioPermission)
        self.portfolio_admin2.user = self.admin_user2
        self.portfolio_admin2.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.send_templated_email")
    @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
    def test_send_email_success(self, mock_filter, mock_send_templated_email):
        """Test successful sending of admin addition emails."""
        mock_filter.return_value.exclude.return_value = [self.portfolio_admin1, self.portfolio_admin2]
        mock_send_templated_email.return_value = None  # No exception means success
        result = _send_portfolio_admin_addition_emails_to_portfolio_admins(
            self.email, self.requestor_email, self.portfolio
        )
        mock_filter.assert_called_once_with(
            portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_addition_notification.txt",
            "emails/portfolio_admin_addition_notification_subject.txt",
            to_address=self.admin_user1.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "invited_email_address": self.email,
                "portfolio_admin": self.admin_user1,
                "date": date.today(),
            },
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_addition_notification.txt",
            "emails/portfolio_admin_addition_notification_subject.txt",
            to_address=self.admin_user2.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "invited_email_address": self.email,
                "portfolio_admin": self.admin_user2,
                "date": date.today(),
            },
        )
        self.assertTrue(result)
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.send_templated_email", side_effect=EmailSendingError)
    @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
    def test_send_email_failure(self, mock_filter, mock_send_templated_email):
        """Test handling of failure in sending admin addition emails."""
        mock_filter.return_value.exclude.return_value = [self.portfolio_admin1, self.portfolio_admin2]
        result = _send_portfolio_admin_addition_emails_to_portfolio_admins(
            self.email, self.requestor_email, self.portfolio
        )
        self.assertFalse(result)
        mock_filter.assert_called_once_with(
            portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_addition_notification.txt",
            "emails/portfolio_admin_addition_notification_subject.txt",
            to_address=self.admin_user1.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "invited_email_address": self.email,
                "portfolio_admin": self.admin_user1,
                "date": date.today(),
            },
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_addition_notification.txt",
            "emails/portfolio_admin_addition_notification_subject.txt",
            to_address=self.admin_user2.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "invited_email_address": self.email,
                "portfolio_admin": self.admin_user2,
                "date": date.today(),
            },
        )
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
    def test_no_admins_to_notify(self, mock_filter):
        """Test case where there are no portfolio admins to notify."""
        mock_filter.return_value.exclude.return_value = []  # No admins
        result = _send_portfolio_admin_addition_emails_to_portfolio_admins(
            self.email, self.requestor_email, self.portfolio
        )
        self.assertTrue(result)  # No emails sent, but also no failures
        mock_filter.assert_called_once_with(
            portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        )
 class SendPortfolioAdminRemovalEmailsToAdminsTests(unittest.TestCase):
    """Unit tests for _send_portfolio_admin_removal_emails_to_portfolio_admins function."""
    def setUp(self):
        """Set up test data."""
        self.email = "removed.admin@example.com"
        self.requestor_email = "requestor@example.com"
        self.portfolio = MagicMock(spec=Portfolio)
        self.portfolio.organization_name = "Test Organization"
        # Mock portfolio admin users
        self.admin_user1 = MagicMock(spec=User)
        self.admin_user1.email = "admin1@example.com"
        self.admin_user2 = MagicMock(spec=User)
        self.admin_user2.email = "admin2@example.com"
        self.portfolio_admin1 = MagicMock(spec=UserPortfolioPermission)
        self.portfolio_admin1.user = self.admin_user1
        self.portfolio_admin1.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        self.portfolio_admin2 = MagicMock(spec=UserPortfolioPermission)
        self.portfolio_admin2.user = self.admin_user2
        self.portfolio_admin2.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.send_templated_email")
    @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
    def test_send_email_success(self, mock_filter, mock_send_templated_email):
        """Test successful sending of admin removal emails."""
        mock_filter.return_value.exclude.return_value = [self.portfolio_admin1, self.portfolio_admin2]
        mock_send_templated_email.return_value = None  # No exception means success
        result = _send_portfolio_admin_removal_emails_to_portfolio_admins(
            self.email, self.requestor_email, self.portfolio
        )
        mock_filter.assert_called_once_with(
            portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_removal_notification.txt",
            "emails/portfolio_admin_removal_notification_subject.txt",
            to_address=self.admin_user1.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "removed_email_address": self.email,
                "portfolio_admin": self.admin_user1,
                "date": date.today(),
            },
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_removal_notification.txt",
            "emails/portfolio_admin_removal_notification_subject.txt",
            to_address=self.admin_user2.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "removed_email_address": self.email,
                "portfolio_admin": self.admin_user2,
                "date": date.today(),
            },
        )
        self.assertTrue(result)
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.send_templated_email", side_effect=EmailSendingError)
    @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
    def test_send_email_failure(self, mock_filter, mock_send_templated_email):
        """Test handling of failure in sending admin removal emails."""
        mock_filter.return_value.exclude.return_value = [self.portfolio_admin1, self.portfolio_admin2]
        result = _send_portfolio_admin_removal_emails_to_portfolio_admins(
            self.email, self.requestor_email, self.portfolio
        )
        self.assertFalse(result)
        mock_filter.assert_called_once_with(
            portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_removal_notification.txt",
            "emails/portfolio_admin_removal_notification_subject.txt",
            to_address=self.admin_user1.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "removed_email_address": self.email,
                "portfolio_admin": self.admin_user1,
                "date": date.today(),
            },
        )
        mock_send_templated_email.assert_any_call(
            "emails/portfolio_admin_removal_notification.txt",
            "emails/portfolio_admin_removal_notification_subject.txt",
            to_address=self.admin_user2.email,
            context={
                "portfolio": self.portfolio,
                "requestor_email": self.requestor_email,
                "removed_email_address": self.email,
                "portfolio_admin": self.admin_user2,
                "date": date.today(),
            },
        )
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
    def test_no_admins_to_notify(self, mock_filter):
        """Test case where there are no portfolio admins to notify."""
        mock_filter.return_value.exclude.return_value = []  # No admins
        result = _send_portfolio_admin_removal_emails_to_portfolio_admins(
            self.email, self.requestor_email, self.portfolio
        )
        self.assertTrue(result)  # No emails sent, but also no failures
        mock_filter.assert_called_once_with(
            portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        )
 class SendPortfolioAdminRemovalEmailsTests(unittest.TestCase):
    """Unit tests for send_portfolio_admin_removal_emails function."""
    def setUp(self):
        """Set up test data."""
        self.email = "removed.admin@example.com"
        self.requestor = MagicMock(spec=User)
        self.requestor.email = "requestor@example.com"
        self.portfolio = MagicMock(spec=Portfolio)
        self.portfolio.organization_name = "Test Organization"
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch("registrar.utility.email_invitations._send_portfolio_admin_removal_emails_to_portfolio_admins")
    def test_send_email_success(self, mock_send_removal_emails, mock_get_requestor_email):
        """Test successful execution of send_portfolio_admin_removal_emails."""
        mock_get_requestor_email.return_value = self.requestor.email
        mock_send_removal_emails.return_value = True  # Simulating success
        result = send_portfolio_admin_removal_emails(self.email, self.requestor, self.portfolio)
        mock_get_requestor_email.assert_called_once_with(self.requestor, portfolio=self.portfolio)
        mock_send_removal_emails.assert_called_once_with(self.email, self.requestor.email, self.portfolio)
        self.assertTrue(result)
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations._get_requestor_email", side_effect=MissingEmailError("No email found"))
    @patch("registrar.utility.email_invitations._send_portfolio_admin_removal_emails_to_portfolio_admins")
    def test_missing_email_error(self, mock_send_removal_emails, mock_get_requestor_email):
        """Test handling of MissingEmailError when requestor has no email."""
        with self.assertRaises(MissingEmailError) as context:
            send_portfolio_admin_removal_emails(self.email, self.requestor, self.portfolio)
        mock_get_requestor_email.assert_called_once_with(self.requestor, portfolio=self.portfolio)
        mock_send_removal_emails.assert_not_called()  # Should not proceed if email retrieval fails
        self.assertEqual(
            str(context.exception), "Can't send invitation email. No email is associated with your user account."
        )
    @less_console_noise_decorator
    @patch("registrar.utility.email_invitations._get_requestor_email")
    @patch(
        "registrar.utility.email_invitations._send_portfolio_admin_removal_emails_to_portfolio_admins",
        return_value=False,
    )
    def test_send_email_failure(self, mock_send_removal_emails, mock_get_requestor_email):
        """Test handling of failure when admin removal emails fail to send."""
        mock_get_requestor_email.return_value = self.requestor.email
        mock_send_removal_emails.return_value = False  # Simulating failure
        result = send_portfolio_admin_removal_emails(self.email, self.requestor, self.portfolio)
        mock_get_requestor_email.assert_called_once_with(self.requestor, portfolio=self.portfolio)
        mock_send_removal_emails.assert_called_once_with(self.email, self.requestor.email, self.portfolio)
        self.assertFalse(result)
--- a/src/registrar/tests/test_models.py
+++ b/src/registrar/tests/test_models.py
@ -1191,8 +1191,8 @@ class TestUser(TestCase):
        User.objects.all().delete()
        UserDomainRole.objects.all().delete()
-    @patch.object(User, "has_edit_suborganization_portfolio_permission", return_value=True)
+    @patch.object(User, "has_edit_portfolio_permission", return_value=True)
-    def test_portfolio_role_summary_admin(self, mock_edit_suborganization):
+    def test_portfolio_role_summary_admin(self, mock_edit_org):
        # Test if the user is recognized as an Admin
        self.assertEqual(self.user.portfolio_role_summary(self.portfolio), ["Admin"])
@ -1217,7 +1217,7 @@ class TestUser(TestCase):
    @patch.multiple(
        User,
-        has_base_portfolio_permission=lambda self, portfolio: True,
+        has_view_portfolio_permission=lambda self, portfolio: True,
        has_edit_request_portfolio_permission=lambda self, portfolio: True,
        has_any_domains_portfolio_permission=lambda self, portfolio: True,
    )
@ -1227,7 +1227,7 @@ class TestUser(TestCase):
    @patch.multiple(
        User,
-        has_base_portfolio_permission=lambda self, portfolio: True,
+        has_view_portfolio_permission=lambda self, portfolio: True,
        has_edit_request_portfolio_permission=lambda self, portfolio: True,
    )
    def test_portfolio_role_summary_member_domain_requestor(self):
@ -1236,14 +1236,14 @@ class TestUser(TestCase):
    @patch.multiple(
        User,
-        has_base_portfolio_permission=lambda self, portfolio: True,
+        has_view_portfolio_permission=lambda self, portfolio: True,
        has_any_domains_portfolio_permission=lambda self, portfolio: True,
    )
    def test_portfolio_role_summary_member_domain_manager(self):
        # Test if the user has 'Member' and 'Domain manager' roles
        self.assertEqual(self.user.portfolio_role_summary(self.portfolio), ["Domain manager"])
-    @patch.multiple(User, has_base_portfolio_permission=lambda self, portfolio: True)
+    @patch.multiple(User, has_view_portfolio_permission=lambda self, portfolio: True)
    def test_portfolio_role_summary_member(self):
        # Test if the user is recognized as a Member
        self.assertEqual(self.user.portfolio_role_summary(self.portfolio), ["Member"])
@ -1253,17 +1253,17 @@ class TestUser(TestCase):
        self.assertEqual(self.user.portfolio_role_summary(self.portfolio), [])
    @patch("registrar.models.User._has_portfolio_permission")
-    def test_has_base_portfolio_permission(self, mock_has_permission):
+    def test_has_view_portfolio_permission(self, mock_has_permission):
        mock_has_permission.return_value = True
-        self.assertTrue(self.user.has_base_portfolio_permission(self.portfolio))
+        self.assertTrue(self.user.has_view_portfolio_permission(self.portfolio))
        mock_has_permission.assert_called_once_with(self.portfolio, UserPortfolioPermissionChoices.VIEW_PORTFOLIO)
    @patch("registrar.models.User._has_portfolio_permission")
-    def test_has_edit_org_portfolio_permission(self, mock_has_permission):
+    def test_has_edit_portfolio_permission(self, mock_has_permission):
        mock_has_permission.return_value = True
-        self.assertTrue(self.user.has_edit_org_portfolio_permission(self.portfolio))
+        self.assertTrue(self.user.has_edit_portfolio_permission(self.portfolio))
        mock_has_permission.assert_called_once_with(self.portfolio, UserPortfolioPermissionChoices.EDIT_PORTFOLIO)
    @patch("registrar.models.User._has_portfolio_permission")
@ -1306,20 +1306,6 @@ class TestUser(TestCase):
        self.assertTrue(self.user.has_edit_request_portfolio_permission(self.portfolio))
        mock_has_permission.assert_called_once_with(self.portfolio, UserPortfolioPermissionChoices.EDIT_REQUESTS)
    @patch("registrar.models.User._has_portfolio_permission")
    def test_has_view_suborganization_portfolio_permission(self, mock_has_permission):
        mock_has_permission.return_value = True
        self.assertTrue(self.user.has_view_suborganization_portfolio_permission(self.portfolio))
        mock_has_permission.assert_called_once_with(self.portfolio, UserPortfolioPermissionChoices.VIEW_SUBORGANIZATION)
    @patch("registrar.models.User._has_portfolio_permission")
    def test_has_edit_suborganization_portfolio_permission(self, mock_has_permission):
        mock_has_permission.return_value = True
        self.assertTrue(self.user.has_edit_suborganization_portfolio_permission(self.portfolio))
        mock_has_permission.assert_called_once_with(self.portfolio, UserPortfolioPermissionChoices.EDIT_SUBORGANIZATION)
    @less_console_noise_decorator
    def test_check_transition_domains_without_domains_on_login(self):
        """A user's on_each_login callback does not check transition domains.
--- a/src/registrar/tests/test_reports.py
+++ b/src/registrar/tests/test_reports.py
@ -725,7 +725,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
            expected_content = expected_content.replace(",,", "").replace(",", "").replace(" ", "").strip()
            self.assertEqual(csv_content, expected_content)
-    # @less_console_noise_decorator
+    @less_console_noise_decorator
    def test_domain_request_data_full(self):
        """Tests the full domain request report."""
        # Remove "Submitted at" because we can't guess this immutable, dynamically generated test data
--- a/src/registrar/tests/test_views_domain.py
+++ b/src/registrar/tests/test_views_domain.py
@ -849,7 +849,10 @@ class TestDomainManagers(TestDomainOverview):
        # Verify that the invitation emails were sent
        mock_send_portfolio_email.assert_called_once_with(
-            email="mayor@igorville.gov", requestor=self.user, portfolio=self.portfolio
+            email="mayor@igorville.gov",
            requestor=self.user,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        mock_send_domain_email.assert_called_once()
        call_args = mock_send_domain_email.call_args.kwargs
@ -903,7 +906,10 @@ class TestDomainManagers(TestDomainOverview):
        # Verify that the invitation emails were sent
        mock_send_portfolio_email.assert_called_once_with(
-            email="notauser@igorville.gov", requestor=self.user, portfolio=self.portfolio
+            email="notauser@igorville.gov",
            requestor=self.user,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        mock_send_domain_email.assert_called_once()
        call_args = mock_send_domain_email.call_args.kwargs
@ -1038,7 +1044,10 @@ class TestDomainManagers(TestDomainOverview):
        # Verify that the invitation emails were sent
        mock_send_portfolio_email.assert_called_once_with(
-            email="mayor@igorville.gov", requestor=self.user, portfolio=self.portfolio
+            email="mayor@igorville.gov",
            requestor=self.user,
            portfolio=self.portfolio,
            is_admin_invitation=False,
        )
        mock_send_domain_email.assert_not_called()
@ -2181,7 +2190,7 @@ class TestDomainSuborganization(TestDomainOverview):
        self.domain_information.refresh_from_db()
        # Add portfolio perms to the user object
-        portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
+        UserPortfolioPermission.objects.get_or_create(
            user=self.user, portfolio=portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
        )
--- a/src/registrar/tests/test_views_members_json.py
+++ b/src/registrar/tests/test_views_members_json.py
@ -372,6 +372,21 @@ class GetPortfolioMembersJsonTest(MockEppLib, WebTest):
            domain=domain3,
        )
        # create another domain in the portfolio
        # but make sure the domain invitation is canceled
        domain4 = Domain.objects.create(
            name="somedomain4.com",
        )
        DomainInformation.objects.create(
            creator=self.user,
            domain=domain4,
        )
        DomainInvitation.objects.create(
            email=self.email6,
            domain=domain4,
            status=DomainInvitation.DomainInvitationStatus.CANCELED,
        )
        response = self.app.get(reverse("get_portfolio_members_json"), params={"portfolio": self.portfolio.id})
        self.assertEqual(response.status_code, 200)
        data = response.json
@ -381,6 +396,7 @@ class GetPortfolioMembersJsonTest(MockEppLib, WebTest):
        self.assertIn("somedomain1.com", domain_names)
        self.assertIn("thissecondinvitetestsasubqueryinjson@lets.notbreak", domain_names)
        self.assertNotIn("somedomain3.com", domain_names)
        self.assertNotIn("somedomain4.com", domain_names)
    @less_console_noise_decorator
    @override_flag("organization_feature", active=True)
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@ -1,6 +1,9 @@
 from datetime import date
 from django.conf import settings
 from registrar.models import Domain, DomainInvitation, UserDomainRole
 from registrar.models.portfolio import Portfolio
 from registrar.models.user_portfolio_permission import UserPortfolioPermission
 from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
 from registrar.utility.errors import (
    AlreadyDomainInvitedError,
    AlreadyDomainManagerError,
@ -37,8 +40,8 @@ def send_domain_invitation_email(
        OutsideOrgMemberError: If the requested_user is part of a different organization.
        EmailSendingError: If there is an error while sending the email.
    """
-    domains = normalize_domains(domains)
+    domains = _normalize_domains(domains)
-    requestor_email = get_requestor_email(requestor, domains)
+    requestor_email = _get_requestor_email(requestor, domains=domains)
    _validate_invitation(email, requested_user, domains, requestor, is_member_of_different_org)
@ -92,22 +95,27 @@ def send_emails_to_domain_managers(email: str, requestor_email, domain: Domain,
    return all_emails_sent
-def normalize_domains(domains: Domain | list[Domain]) -> list[Domain]:
+def _normalize_domains(domains: Domain | list[Domain]) -> list[Domain]:
    """Ensures domains is always a list."""
    return [domains] if isinstance(domains, Domain) else domains
-def get_requestor_email(requestor, domains):
+def _get_requestor_email(requestor, domains=None, portfolio=None):
    """Get the requestor's email or raise an error if it's missing.
    If the requestor is staff, default email is returned.
    Raises:
        MissingEmailError
    """
    if requestor.is_staff:
        return settings.DEFAULT_FROM_EMAIL
    if not requestor.email or requestor.email.strip() == "":
-        domain_names = ", ".join([domain.name for domain in domains])
+        domain_names = None
-        raise MissingEmailError(email=requestor.email, domain=domain_names)
+        if domains:
            domain_names = ", ".join([domain.name for domain in domains])
        raise MissingEmailError(email=requestor.email, domain=domain_names, portfolio=portfolio)
    return requestor.email
@ -169,7 +177,7 @@ def send_invitation_email(email, requestor_email, domains, requested_user):
        raise EmailSendingError(f"Could not send email invitation to {email} for domains: {domain_names}") from err
-def send_portfolio_invitation_email(email: str, requestor, portfolio):
+def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_invitation):
    """
    Sends a portfolio member invitation email to the specified address.
@ -179,21 +187,17 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio):
        email (str): Email address of the recipient
        requestor (User): The user initiating the invitation.
        portfolio (Portfolio): The portfolio object for which the invitation is being sent.
        is_admin_invitation (boolean): boolean indicating if the invitation is an admin invitation
    Returns:
        Boolean indicating if all messages were sent successfully.
    Raises:
        MissingEmailError: If the requestor has no email associated with their account.
        EmailSendingError: If there is an error while sending the email.
    """
-    # Default email address for staff
+    requestor_email = _get_requestor_email(requestor, portfolio=portfolio)
    requestor_email = settings.DEFAULT_FROM_EMAIL
    # Check if the requestor is staff and has an email
    if not requestor.is_staff:
        if not requestor.email or requestor.email.strip() == "":
            raise MissingEmailError(email=email, portfolio=portfolio)
        else:
            requestor_email = requestor.email
    try:
        send_templated_email(
@ -210,3 +214,119 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio):
        raise EmailSendingError(
            f"Could not sent email invitation to {email} for portfolio {portfolio}. Portfolio invitation not saved."
        ) from err
    all_admin_emails_sent = True
    # send emails to portfolio admins
    if is_admin_invitation:
        all_admin_emails_sent = _send_portfolio_admin_addition_emails_to_portfolio_admins(
            email=email,
            requestor_email=requestor_email,
            portfolio=portfolio,
        )
    return all_admin_emails_sent
 def send_portfolio_admin_addition_emails(email: str, requestor, portfolio: Portfolio):
    """
    Notifies all portfolio admins of the provided portfolio of a newly invited portfolio admin
    Returns:
        Boolean indicating if all messages were sent successfully.
    Raises:
        MissingEmailError
    """
    requestor_email = _get_requestor_email(requestor, portfolio=portfolio)
    return _send_portfolio_admin_addition_emails_to_portfolio_admins(email, requestor_email, portfolio)
 def _send_portfolio_admin_addition_emails_to_portfolio_admins(email: str, requestor_email, portfolio: Portfolio):
    """
    Notifies all portfolio admins of the provided portfolio of a newly invited portfolio admin
    Returns:
        Boolean indicating if all messages were sent successfully.
    """
    all_emails_sent = True
    # Get each portfolio admin from list
    user_portfolio_permissions = UserPortfolioPermission.objects.filter(
        portfolio=portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
    ).exclude(user__email=email)
    for user_portfolio_permission in user_portfolio_permissions:
        # Send email to each portfolio_admin
        user = user_portfolio_permission.user
        try:
            send_templated_email(
                "emails/portfolio_admin_addition_notification.txt",
                "emails/portfolio_admin_addition_notification_subject.txt",
                to_address=user.email,
                context={
                    "portfolio": portfolio,
                    "requestor_email": requestor_email,
                    "invited_email_address": email,
                    "portfolio_admin": user,
                    "date": date.today(),
                },
            )
        except EmailSendingError:
            logger.warning(
                "Could not send email organization admin notification to %s " "for portfolio: %s",
                user.email,
                portfolio.organization_name,
                exc_info=True,
            )
            all_emails_sent = False
    return all_emails_sent
 def send_portfolio_admin_removal_emails(email: str, requestor, portfolio: Portfolio):
    """
    Notifies all portfolio admins of the provided portfolio of a removed portfolio admin
    Returns:
        Boolean indicating if all messages were sent successfully.
    Raises:
        MissingEmailError
    """
    requestor_email = _get_requestor_email(requestor, portfolio=portfolio)
    return _send_portfolio_admin_removal_emails_to_portfolio_admins(email, requestor_email, portfolio)
 def _send_portfolio_admin_removal_emails_to_portfolio_admins(email: str, requestor_email, portfolio: Portfolio):
    """
    Notifies all portfolio admins of the provided portfolio of a removed portfolio admin
    Returns:
        Boolean indicating if all messages were sent successfully.
    """
    all_emails_sent = True
    # Get each portfolio admin from list
    user_portfolio_permissions = UserPortfolioPermission.objects.filter(
        portfolio=portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
    ).exclude(user__email=email)
    for user_portfolio_permission in user_portfolio_permissions:
        # Send email to each portfolio_admin
        user = user_portfolio_permission.user
        try:
            send_templated_email(
                "emails/portfolio_admin_removal_notification.txt",
                "emails/portfolio_admin_removal_notification_subject.txt",
                to_address=user.email,
                context={
                    "portfolio": portfolio,
                    "requestor_email": requestor_email,
                    "removed_email_address": email,
                    "portfolio_admin": user,
                    "date": date.today(),
                },
            )
        except EmailSendingError:
            logger.warning(
                "Could not send email organization admin notification to %s " "for portfolio: %s",
                user.email,
                portfolio.organization_name,
                exc_info=True,
            )
            all_emails_sent = False
    return all_emails_sent
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@ -1234,7 +1234,9 @@ class DomainAddUserView(DomainFormBaseView):
                and requestor_can_update_portfolio
                and not member_of_this_org
            ):
-                send_portfolio_invitation_email(email=requested_email, requestor=requestor, portfolio=domain_org)
+                send_portfolio_invitation_email(
                    email=requested_email, requestor=requestor, portfolio=domain_org, is_admin_invitation=False
                )
                portfolio_invitation, _ = PortfolioInvitation.objects.get_or_create(
                    email=requested_email, portfolio=domain_org, roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER]
                )
--- a/src/registrar/views/portfolio_members_json.py
+++ b/src/registrar/views/portfolio_members_json.py
@ -123,7 +123,11 @@ class PortfolioMembersJson(PortfolioMembersPermission, View):
        # Subquery to get concatenated domain information for each email
        domain_invitations = (
-            DomainInvitation.objects.filter(email=OuterRef("email"), domain__domain_info__portfolio=portfolio)
+            DomainInvitation.objects.filter(
                email=OuterRef("email"),
                domain__domain_info__portfolio=portfolio,
                status=DomainInvitation.DomainInvitationStatus.INVITED,
            )
            .annotate(
                concatenated_info=Concat(F("domain__id"), Value(":"), F("domain__name"), output_field=CharField())
            )
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@ -15,7 +15,12 @@ from registrar.models.user_domain_role import UserDomainRole
 from registrar.models.user_portfolio_permission import UserPortfolioPermission
 from registrar.models.utility.portfolio_helper import UserPortfolioPermissionChoices, UserPortfolioRoleChoices
 from registrar.utility.email import EmailSendingError
-from registrar.utility.email_invitations import send_domain_invitation_email, send_portfolio_invitation_email
+from registrar.utility.email_invitations import (
    send_domain_invitation_email,
    send_portfolio_admin_addition_emails,
    send_portfolio_admin_removal_emails,
    send_portfolio_invitation_email,
 )
 from registrar.utility.errors import MissingEmailError
 from registrar.utility.enums import DefaultUserValues
 from registrar.views.utility.mixins import PortfolioMemberPermission
@ -143,6 +148,19 @@ class PortfolioMemberDeleteView(PortfolioMemberPermission, View):
                messages.error(request, error_message)
                return redirect(reverse("member", kwargs={"pk": pk}))
        # if member being removed is an admin
        if UserPortfolioRoleChoices.ORGANIZATION_ADMIN in portfolio_member_permission.roles:
            try:
                # attempt to send notification emails of the removal to other portfolio admins
                if not send_portfolio_admin_removal_emails(
                    email=portfolio_member_permission.user.email,
                    requestor=request.user,
                    portfolio=portfolio_member_permission.portfolio,
                ):
                    messages.warning(self.request, "Could not send email notification to existing organization admins.")
            except Exception as e:
                self._handle_exceptions(e)
        # passed all error conditions
        portfolio_member_permission.delete()
@ -154,6 +172,18 @@ class PortfolioMemberDeleteView(PortfolioMemberPermission, View):
            messages.success(request, success_message)
            return redirect(reverse("members"))
    def _handle_exceptions(self, exception):
        """Handle exceptions raised during the process."""
        if isinstance(exception, MissingEmailError):
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
            logger.warning(
                "Could not send email notification to existing organization admins.",
                exc_info=True,
            )
        else:
            logger.warning("Could not send email notification to existing organization admins.", exc_info=True)
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
 class PortfolioMemberEditView(PortfolioMemberEditPermissionView, View):
@ -177,16 +207,33 @@ class PortfolioMemberEditView(PortfolioMemberEditPermissionView, View):
    def post(self, request, pk):
        portfolio_permission = get_object_or_404(UserPortfolioPermission, pk=pk)
        user_initially_is_admin = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in portfolio_permission.roles
        user = portfolio_permission.user
        form = self.form_class(request.POST, instance=portfolio_permission)
        removing_admin_role_on_self = False
        if form.is_valid():
-            # Check if user is removing their own admin or edit role
+            try:
-            removing_admin_role_on_self = (
+                if form.is_change_from_member_to_admin():
-                request.user == user
+                    if not send_portfolio_admin_addition_emails(
-                and user_initially_is_admin
+                        email=portfolio_permission.user.email,
-                and UserPortfolioRoleChoices.ORGANIZATION_ADMIN not in form.cleaned_data.get("role", [])
+                        requestor=request.user,
-            )
+                        portfolio=portfolio_permission.portfolio,
                    ):
                        messages.warning(
                            self.request, "Could not send email notification to existing organization admins."
                        )
                elif form.is_change_from_admin_to_member():
                    if not send_portfolio_admin_removal_emails(
                        email=portfolio_permission.user.email,
                        requestor=request.user,
                        portfolio=portfolio_permission.portfolio,
                    ):
                        messages.warning(
                            self.request, "Could not send email notification to existing organization admins."
                        )
                    # Check if user is removing their own admin or edit role
                    removing_admin_role_on_self = request.user == user
            except Exception as e:
                self._handle_exceptions(e)
            form.save()
            messages.success(self.request, "The member access and permission changes have been saved.")
            return redirect("member", pk=pk) if not removing_admin_role_on_self else redirect("home")
@ -200,6 +247,18 @@ class PortfolioMemberEditView(PortfolioMemberEditPermissionView, View):
            },
        )
    def _handle_exceptions(self, exception):
        """Handle exceptions raised during the process."""
        if isinstance(exception, MissingEmailError):
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
            logger.warning(
                "Could not send email notification to existing organization admins.",
                exc_info=True,
            )
        else:
            logger.warning("Could not send email notification to existing organization admins.", exc_info=True)
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
 class PortfolioMemberDomainsView(PortfolioMemberDomainsPermissionView, View):
@ -380,6 +439,17 @@ class PortfolioInvitedMemberDeleteView(PortfolioMemberPermission, View):
        """
        portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
        # if invitation being removed is an admin
        if UserPortfolioRoleChoices.ORGANIZATION_ADMIN in portfolio_invitation.roles:
            try:
                # attempt to send notification emails of the removal to portfolio admins
                if not send_portfolio_admin_removal_emails(
                    email=portfolio_invitation.email, requestor=request.user, portfolio=portfolio_invitation.portfolio
                ):
                    messages.warning(self.request, "Could not send email notification to existing organization admins.")
            except Exception as e:
                self._handle_exceptions(e)
        portfolio_invitation.delete()
        success_message = f"You've removed {portfolio_invitation.email} from the organization."
@ -390,6 +460,18 @@ class PortfolioInvitedMemberDeleteView(PortfolioMemberPermission, View):
            messages.success(request, success_message)
            return redirect(reverse("members"))
    def _handle_exceptions(self, exception):
        """Handle exceptions raised during the process."""
        if isinstance(exception, MissingEmailError):
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
            logger.warning(
                "Could not send email notification to existing organization admins.",
                exc_info=True,
            )
        else:
            logger.warning("Could not send email notification to existing organization admins.", exc_info=True)
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
 class PortfolioInvitedMemberEditView(PortfolioMemberEditPermissionView, View):
@ -413,6 +495,27 @@ class PortfolioInvitedMemberEditView(PortfolioMemberEditPermissionView, View):
        portfolio_invitation = get_object_or_404(PortfolioInvitation, pk=pk)
        form = self.form_class(request.POST, instance=portfolio_invitation)
        if form.is_valid():
            try:
                if form.is_change_from_member_to_admin():
                    if not send_portfolio_admin_addition_emails(
                        email=portfolio_invitation.email,
                        requestor=request.user,
                        portfolio=portfolio_invitation.portfolio,
                    ):
                        messages.warning(
                            self.request, "Could not send email notification to existing organization admins."
                        )
                elif form.is_change_from_admin_to_member():
                    if not send_portfolio_admin_removal_emails(
                        email=portfolio_invitation.email,
                        requestor=request.user,
                        portfolio=portfolio_invitation.portfolio,
                    ):
                        messages.warning(
                            self.request, "Could not send email notification to existing organization admins."
                        )
            except Exception as e:
                self._handle_exceptions(e)
            form.save()
            messages.success(self.request, "The member access and permission changes have been saved.")
            return redirect("invitedmember", pk=pk)
@ -426,6 +529,18 @@ class PortfolioInvitedMemberEditView(PortfolioMemberEditPermissionView, View):
            },
        )
    def _handle_exceptions(self, exception):
        """Handle exceptions raised during the process."""
        if isinstance(exception, MissingEmailError):
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
            logger.warning(
                "Could not send email notification to existing organization admins.",
                exc_info=True,
            )
        else:
            logger.warning("Could not send email notification to existing organization admins.", exc_info=True)
            messages.warning(self.request, "Could not send email notification to existing organization admins.")
 class PortfolioInvitedMemberDomainsView(PortfolioMemberDomainsPermissionView, View):
@ -641,7 +756,7 @@ class PortfolioOrganizationView(PortfolioBasePermissionView, FormMixin):
        """Add additional context data to the template."""
        context = super().get_context_data(**kwargs)
        portfolio = self.request.session.get("portfolio")
-        context["has_edit_org_portfolio_permission"] = self.request.user.has_edit_org_portfolio_permission(portfolio)
+        context["has_edit_portfolio_permission"] = self.request.user.has_edit_portfolio_permission(portfolio)
        return context
    def get_object(self, queryset=None):
@ -781,12 +896,19 @@ class PortfolioAddMemberView(PortfolioMembersPermissionView, FormMixin):
        requested_email = form.cleaned_data["email"]
        requestor = self.request.user
        portfolio = form.cleaned_data["portfolio"]
        is_admin_invitation = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in form.cleaned_data["roles"]
        requested_user = User.objects.filter(email=requested_email).first()
        permission_exists = UserPortfolioPermission.objects.filter(user=requested_user, portfolio=portfolio).exists()
        try:
            if not requested_user or not permission_exists:
-                send_portfolio_invitation_email(email=requested_email, requestor=requestor, portfolio=portfolio)
+                if not send_portfolio_invitation_email(
                    email=requested_email,
                    requestor=requestor,
                    portfolio=portfolio,
                    is_admin_invitation=is_admin_invitation,
                ):
                    messages.warning(self.request, "Could not send email notification to existing organization admins.")
                portfolio_invitation = form.save()
                # if user exists for email, immediately retrieve portfolio invitation upon creation
                if requested_user is not None:
@ -809,7 +931,7 @@ class PortfolioAddMemberView(PortfolioMembersPermissionView, FormMixin):
                portfolio,
                exc_info=True,
            )
-            messages.warning(self.request, "Could not send portfolio email invitation.")
+            messages.error(self.request, "Could not send organization invitation email.")
        elif isinstance(exception, MissingEmailError):
            messages.error(self.request, str(exception))
            logger.error(
		`@ -0,0 +1 @@`
							`An admin was invited to your .gov organization`
		`@ -0,0 +1 @@`
							`An admin was removed from your .gov organization`