mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-08-03 00:12:16 +02:00
Merge pull request #1167 from cisagov/rh/1031-staff-enable-editing
Ticket #1031: Update Staff permissions for contacts, websites, addresses, domain information and domain application
This commit is contained in:
commit
faf03334a0
5 changed files with 101 additions and 11 deletions
|
@ -294,6 +294,26 @@ class ContactAdmin(ListHeaderAdmin):
|
|||
|
||||
contact.admin_order_field = "first_name" # type: ignore
|
||||
|
||||
# Read only that we'll leverage for CISA Analysts
|
||||
analyst_readonly_fields = [
|
||||
"user",
|
||||
]
|
||||
|
||||
def get_readonly_fields(self, request, obj=None):
|
||||
"""Set the read-only state on form elements.
|
||||
We have 1 conditions that determine which fields are read-only:
|
||||
admin user permissions.
|
||||
"""
|
||||
|
||||
readonly_fields = list(self.readonly_fields)
|
||||
|
||||
if request.user.has_perm("registrar.full_access_permission"):
|
||||
return readonly_fields
|
||||
# Return restrictive Read-only fields for analysts and
|
||||
# users who might not belong to groups
|
||||
readonly_fields.extend([field for field in self.analyst_readonly_fields])
|
||||
return readonly_fields # Read-only fields for analysts
|
||||
|
||||
|
||||
class WebsiteAdmin(ListHeaderAdmin):
|
||||
"""Custom website admin class."""
|
||||
|
@ -420,9 +440,6 @@ class DomainInformationAdmin(ListHeaderAdmin):
|
|||
"creator",
|
||||
"type_of_work",
|
||||
"more_organization_information",
|
||||
"address_line1",
|
||||
"address_line2",
|
||||
"zipcode",
|
||||
"domain",
|
||||
"submitter",
|
||||
"no_other_contacts_rationale",
|
||||
|
@ -557,9 +574,6 @@ class DomainApplicationAdmin(ListHeaderAdmin):
|
|||
analyst_readonly_fields = [
|
||||
"creator",
|
||||
"about_your_organization",
|
||||
"address_line1",
|
||||
"address_line2",
|
||||
"zipcode",
|
||||
"requested_domain",
|
||||
"alternative_domains",
|
||||
"purpose",
|
||||
|
|
37
src/registrar/migrations/0042_create_groups_v03.py
Normal file
37
src/registrar/migrations/0042_create_groups_v03.py
Normal file
|
@ -0,0 +1,37 @@
|
|||
# This migration creates the create_full_access_group and create_cisa_analyst_group groups
|
||||
# It is dependent on 0035 (which populates ContentType and Permissions)
|
||||
# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
|
||||
# in the user_group model then:
|
||||
# [NOT RECOMMENDED]
|
||||
# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
|
||||
# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
|
||||
# step 3: fake run the latest migration in the migrations list
|
||||
# [RECOMMENDED]
|
||||
# Alternatively:
|
||||
# step 1: duplicate the migration that loads data
|
||||
# step 2: docker-compose exec app ./manage.py migrate
|
||||
|
||||
from django.db import migrations
|
||||
from registrar.models import UserGroup
|
||||
from typing import Any
|
||||
|
||||
|
||||
# For linting: RunPython expects a function reference,
|
||||
# so let's give it one
|
||||
def create_groups(apps, schema_editor) -> Any:
|
||||
UserGroup.create_cisa_analyst_group(apps, schema_editor)
|
||||
UserGroup.create_full_access_group(apps, schema_editor)
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
("registrar", "0041_alter_domainapplication_organization_type_and_more"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RunPython(
|
||||
create_groups,
|
||||
reverse_code=migrations.RunPython.noop,
|
||||
atomic=True,
|
||||
),
|
||||
]
|
|
@ -24,7 +24,7 @@ class UserGroup(Group):
|
|||
{
|
||||
"app_label": "registrar",
|
||||
"model": "contact",
|
||||
"permissions": ["view_contact"],
|
||||
"permissions": ["change_contact"],
|
||||
},
|
||||
{
|
||||
"app_label": "registrar",
|
||||
|
@ -56,6 +56,11 @@ class UserGroup(Group):
|
|||
"model": "domaininvitation",
|
||||
"permissions": ["add_domaininvitation", "view_domaininvitation"],
|
||||
},
|
||||
{
|
||||
"app_label": "registrar",
|
||||
"model": "website",
|
||||
"permissions": ["change_website"],
|
||||
},
|
||||
]
|
||||
|
||||
# Avoid error: You can't execute queries until the end
|
||||
|
|
|
@ -11,6 +11,7 @@ from registrar.admin import (
|
|||
ListHeaderAdmin,
|
||||
MyUserAdmin,
|
||||
AuditedAdmin,
|
||||
ContactAdmin,
|
||||
)
|
||||
from registrar.models import (
|
||||
Domain,
|
||||
|
@ -660,9 +661,6 @@ class TestDomainApplicationAdmin(MockEppLib):
|
|||
expected_fields = [
|
||||
"creator",
|
||||
"about_your_organization",
|
||||
"address_line1",
|
||||
"address_line2",
|
||||
"zipcode",
|
||||
"requested_domain",
|
||||
"alternative_domains",
|
||||
"purpose",
|
||||
|
@ -1353,3 +1351,38 @@ class DomainSessionVariableTest(TestCase):
|
|||
{"_edit_domain": "true"},
|
||||
follow=True,
|
||||
)
|
||||
|
||||
|
||||
class ContactAdminTest(TestCase):
|
||||
def setUp(self):
|
||||
self.site = AdminSite()
|
||||
self.factory = RequestFactory()
|
||||
self.client = Client(HTTP_HOST="localhost:8080")
|
||||
self.admin = ContactAdmin(model=get_user_model(), admin_site=None)
|
||||
self.superuser = create_superuser()
|
||||
self.staffuser = create_user()
|
||||
|
||||
def test_readonly_when_restricted_staffuser(self):
|
||||
request = self.factory.get("/")
|
||||
request.user = self.staffuser
|
||||
|
||||
readonly_fields = self.admin.get_readonly_fields(request)
|
||||
|
||||
expected_fields = [
|
||||
"user",
|
||||
]
|
||||
|
||||
self.assertEqual(readonly_fields, expected_fields)
|
||||
|
||||
def test_readonly_when_restricted_superuser(self):
|
||||
request = self.factory.get("/")
|
||||
request.user = self.superuser
|
||||
|
||||
readonly_fields = self.admin.get_readonly_fields(request)
|
||||
|
||||
expected_fields = []
|
||||
|
||||
self.assertEqual(readonly_fields, expected_fields)
|
||||
|
||||
def tearDown(self):
|
||||
User.objects.all().delete()
|
||||
|
|
|
@ -36,7 +36,7 @@ class TestGroups(TestCase):
|
|||
# Define the expected permission codenames
|
||||
expected_permissions = [
|
||||
"view_logentry",
|
||||
"view_contact",
|
||||
"change_contact",
|
||||
"view_domain",
|
||||
"change_domainapplication",
|
||||
"change_domaininformation",
|
||||
|
@ -45,6 +45,7 @@ class TestGroups(TestCase):
|
|||
"change_draftdomain",
|
||||
"analyst_access_permission",
|
||||
"change_user",
|
||||
"change_website",
|
||||
]
|
||||
|
||||
# Get the codenames of actual permissions associated with the group
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue