Progress save

2025-08-05 09:21:54 +02:00 · 2023-08-21 14:04:31 -06:00 · 2023-08-21 14:04:31 -06:00 · fc101e8676
commit fc101e8676
parent bd0edf7203
6 changed files with 60 additions and 28 deletions
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@ -19,7 +19,7 @@

    <div class="tablet:grid-col-9">
      <main id="main-content" class="grid-container">
-    {% if not is_analyst_or_superuser %}
+    {% if not is_analyst_or_superuser or is_original_creator %}
 	  <a href="{% url 'home' %}" class="breadcrumb__back">
        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
@ -35,9 +35,9 @@
        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
        </svg>
-
+        {# Q: should this be 'Back to .gov admin' or  'Back to manage your domains'? #}
        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
+        Back to change domain
        </p>

      </a>
--- a/src/registrar/templates/domain_detail.html
+++ b/src/registrar/templates/domain_detail.html
@ -34,7 +34,7 @@
    {% if is_original_creator %}
      {% include "includes/summary_item.html" with title='Your contact information' value=request.user.contact contact='true' edit_link=url %}
    {% else %}
-      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' %}
+      {% include "includes/summary_item.html" with title='Contact information' value=request.user.contact contact='true' edit_link=url %}
    {% endif %}

    {% url 'domain-security-email' pk=domain.id as url %}
--- a/src/registrar/templates/domain_org_name_address.html
+++ b/src/registrar/templates/domain_org_name_address.html
@ -8,8 +8,11 @@
  {% include "includes/form_errors.html" with form=form %}

  <h1>Organization name and mailing address </h1>
-
+  {% if is_original_creator %}
  <p>The name of your organization will be publicly listed as the domain registrant.</p>
+  {% else %}
+  <p>The name of the organization will be publicly listed as the domain registrant.</p>
+  {% endif %}

  {% include "includes/required_fields.html" %}

--- a/src/registrar/templates/domain_sidebar.html
+++ b/src/registrar/templates/domain_sidebar.html
@ -39,16 +39,19 @@
        </a>
      </li>
      {% endif %}
-      {% if is_original_creator %}
      <li class="usa-sidenav__item">
        {% url 'domain-your-contact-information' pk=domain.id as url %}
        <a href="{{ url }}"
          {% if request.path == url %}class="usa-current"{% endif %}
        >
+        {% if is_original_creator %}
          Your contact information
+        {% else %}
+          Contact information
+        {% endif %}
        </a>
      </li>
-      {% endif %}
+
      <li class="usa-sidenav__item">
        {% url 'domain-security-email' pk=domain.id as url %}
        <a href="{{ url }}"
--- a/src/registrar/views/utility/mixins.py
+++ b/src/registrar/views/utility/mixins.py
@ -1,9 +1,12 @@
 """Permissions-related mixin classes."""

 from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.http import Http404

-from registrar.models import UserDomainRole, DomainApplication, DomainInvitation
+from registrar.models import DomainApplication, DomainInvitation
 import logging
+
+from registrar.models.domain_information import DomainInformation
 logger = logging.getLogger(__name__)

 class PermissionsLoginMixin(PermissionRequiredMixin):
@ -24,35 +27,49 @@ class DomainPermission(PermissionsLoginMixin):

        The user is in self.request.user and the domain needs to be looked
        up from the domain's primary key in self.kwargs["pk"]
-
-        analysts and superusers are exempt
        """

-        # ticket 806
-        # if self.request.user is staff or admin and
-        # domain.application__status = 'approved' or 'rejected' or 'action needed'
-        #     return True
-
        if not self.request.user.is_authenticated:
            return False

-        # user needs to be the creator of the application
-        # this query is empty if there isn't a domain application with this
-        # id and this user as creator
-        user_is_creator: bool = DomainApplication.objects.filter(
-            creator=self.request.user, id=self.kwargs["pk"]
-        ).exists()
-        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+        pk = self.kwargs["pk"]
+        if pk is None:
+            raise ValueError("Primary key is null for Domain")
+
+        requested_domain = None
+
+        try:
+            requested_domain = DomainInformation.objects.get(
+                id=pk
+            )
+
+        # This should never happen in normal flow.
+        # If it does, then it likely means something bad happened...
+        except DomainInformation.DoesNotExist:
+            raise Http404()
+
+        # Checks if the creator is the user requesting this item
+        user_is_creator: bool = requested_domain.creator.username == self.request.user.username
+        
        # user needs to have a role on the domain
-        if not user_is_creator and not user_is_analyst_or_superuser:
-            return False
+        if user_is_creator:
+            return True
+
+        # ticket 806
+        # Analysts may manage domains, when they are in these statuses:
+        valid_domain_statuses = [DomainApplication.APPROVED, DomainApplication.IN_REVIEW, DomainApplication.REJECTED, DomainApplication.ACTION_NEEDED]
+        # Check if the user is permissioned...
+        user_is_analyst_or_superuser = self.request.user.is_staff or self.request.user.is_superuser
+
+        if user_is_analyst_or_superuser and requested_domain.domain_application.status in valid_domain_statuses:
+            return True

        # ticket 796
        # if domain.application__status != 'approved'
        #     return false

        # if we need to check more about the nature of role, do it here.
-        return True
+        return False


 class DomainApplicationPermission(PermissionsLoginMixin):
--- a/src/registrar/views/utility/permission_views.py
+++ b/src/registrar/views/utility/permission_views.py
@ -31,11 +31,20 @@ class DomainPermissionView(DomainPermission, DetailView, abc.ABC):
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        user = self.request.user
+        # Q: is there a more efficent way to do this?
+        # Searches by creator_id instead of creator,
+        # should be slightly faster than by creator...
+        is_original_creator = DomainInformation.objects.filter(
+            creator_id=self.request.user.id, id=self.kwargs["pk"]
+        ).exists()
+
        context['primary_key'] = self.kwargs["pk"]
        context['is_analyst_or_superuser'] = user.is_superuser or user.is_staff
-        context['is_original_creator'] = DomainInformation.objects.filter(
-            creator=self.request.user, id=self.kwargs["pk"]
-        ).exists()
+        context['is_original_creator'] = is_original_creator
+        context['is_active_user'] = DomainInformation.objects.filter(
+            id=self.kwargs["pk"]
+        )
+
        return context

    # Abstract property enforces NotImplementedError on an attribute.