First working version of staff admin screens

backend/audit/admin.py

@@ -4,7 +4,31 @@
 
 
 class SACAdmin(admin.ModelAdmin):
-    list_display = ("id", "report_id")
+    def has_module_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_view_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    list_display = (
+        "id",
+        "report_id",
+        "cognizant_agency",
+        "oversight_agency",
+    )
+    list_filter = [
+        "cognizant_agency",
+        "oversight_agency",
+    ]
+
+    fields = (
+        "report_id",
+        (
+            "cognizant_agency",
+            "oversight_agency",
+        ),
+        "general_information",
+    )
 
 
 class AccessAdmin(admin.ModelAdmin):

backend/audit/migrations/0004_alter_singleauditchecklist_cognizant_agency_and_more.py

@@ -0,0 +1,34 @@
+# Generated by Django 4.2.5 on 2023-10-11 15:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("audit", "0003_alter_singleauditchecklist_data_source_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="singleauditchecklist",
+            name="cognizant_agency",
+            field=models.CharField(
+                blank=True,
+                help_text="Agency assigned to this large submission. Computed when the submisson is finalized, but may be overridden",
+                max_length=2,
+                null=True,
+                verbose_name="Cog Agency",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="singleauditchecklist",
+            name="oversight_agency",
+            field=models.CharField(
+                blank=True,
+                help_text="Agency assigned to this not so large submission. Computed when the submisson is finalized",
+                max_length=2,
+                null=True,
+                verbose_name="OSight Agency",
+            ),
+        ),
+    ]

backend/audit/models.py

@@ -390,16 +390,18 @@ class STATUS:
     )
 
     cognizant_agency = models.CharField(
-        "Agency assigned to this large submission. Computed when the submisson is finalized, but may be overridden",
+        help_text="Agency assigned to this large submission. Computed when the submisson is finalized, but may be overridden",
         max_length=2,
         blank=True,
         null=True,
+        verbose_name="Cog Agency",
     )
     oversight_agency = models.CharField(
-        "Agency assigned to this not so large submission. Computed when the submisson is finalized",
+        help_text="Agency assigned to this not so large submission. Computed when the submisson is finalized",
         max_length=2,
         blank=True,
         null=True,
+        verbose_name="OSight Agency",
     )
 
     def validate_full(self):

backend/support/admin.py

@@ -5,9 +5,11 @@
 
 
 class SupportAdmin(admin.ModelAdmin):
+    def has_module_permission(self, request, obj=None):
+        return request.user.is_staff
+
     def has_view_permission(self, request, obj=None):
-        if request.user.is_staff:
-            return True
+        return request.user.is_staff
 
     def has_delete_permission(self, request, obj=None):
         return False
@@ -22,12 +24,12 @@ class CognizantBaselineAdmin(SupportAdmin):
         "ein",
         "dbkey",
         "is_active",
+        "source",
     ]
     list_filter = [
         "is_active",
-        "uei",
+        "source",
         "cognizant_agency",
-        "ein",
     ]
 
     def has_change_permission(self, request, obj=None):
@@ -91,7 +93,7 @@ def change_view(self, request, object_id, form_url="", extra_context=None):
         extra_context["show_save"] = False
         extra_context[
             "show_save_and_add_another"
-        ] = False  # this not works if has_add_permision is True
+        ] = False  # this does not work if has_add_permision is True
         return super().change_view(request, object_id, extra_context=extra_context)
 
     def save_model(self, request, obj, form, change):
@@ -100,9 +102,7 @@ def save_model(self, request, obj, form, change):
         super().save_model(request, obj, form, change)
 
     def has_change_permission(self, request, obj=None):
-        if request.user.is_staff:
-            return True
+        return request.user.is_staff
 
     def has_add_permission(self, request, obj=None):
-        if request.user.is_staff:
-            return True
+        return request.user.is_staff

backend/support/test_admin.py

@@ -0,0 +1,107 @@
+import hashlib
+
+
+from django.test import TestCase, Client
+from django.contrib.auth import get_user_model
+from django.urls import reverse
+
+from users.models import StaffUser, StaffUserLog
+
+User = get_user_model()
+PASSWORD = hashlib.sha256("password".encode()).hexdigest()
+
+
+class StaffUserAdminTest(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.superuser = User.objects.create_superuser(
+            username="roor",
+            password=PASSWORD,
+            email="[email protected]",
+        )
+        self.user = User(
+            username="testuser", password=PASSWORD, email="[email protected]"
+        )
+        self.url_prefix = "admin:users_staffuser"
+
+    def test_make_user_staff_then_create_user(self):
+        # first test that a super user can add a staff user
+        self.client.force_login(self.superuser)
+        self.client.post(
+            reverse(f"{self.url_prefix}_add"),
+            data={"staff_email": self.user.email},
+        )
+        staff = StaffUser.objects.filter(staff_email=self.user.email)
+        self.assertEqual(len(staff), 1)
+        self.assertEqual(staff.first().added_by_email, self.superuser.email)
+
+        # test that when the user is now created, they have is_staff set to True
+        User.objects.create_user(
+            username=self.user.username,
+            password=self.user.password,
+            email=self.user.email,
+        )
+        added_users = User.objects.filter(email=self.user.email)
+        self.assertEqual(len(added_users), 1)
+        added_user = added_users.first()
+        self.assertTrue(added_user.is_staff)
+
+        # test that a staff user can view the list
+        self.client.force_login(added_user)
+        response = self.client.get(reverse(f"{self.url_prefix}_changelist"))
+        self.assertContains(response, added_user.email)
+
+        # test that a staff user cannot add to the lisy
+        response = self.client.post(
+            reverse(f"{self.url_prefix}_add"),
+            data={"staff_email": "[email protected]"},
+        )
+        self.assertGreaterEqual(response.status_code, 400)
+
+    def test_create_user_then_make_user_staff(self):
+        User.objects.create_user(
+            username=self.user.username,
+            password=self.user.password,
+            email=self.user.email,
+        )
+        self.client.force_login(self.superuser)
+        self.client.post(
+            reverse(f"{self.url_prefix}_add"),
+            data={"staff_email": self.user.email},
+        )
+        added_users = User.objects.filter(email=self.user.email)
+        self.assertEqual(len(added_users), 1)
+        added_user = added_users.first()
+        self.assertTrue(added_user.is_staff)
+
+    def test_make_user_nonstaff(self):
+        User.objects.create_user(
+            username=self.user.username,
+            password=self.user.password,
+            email=self.user.email,
+        )
+        self.client.force_login(self.superuser)
+        self.client.post(
+            reverse(f"{self.url_prefix}_add"),
+            data={"staff_email": self.user.email},
+        )
+        staff = StaffUser.objects.get(staff_email=self.user.email)
+
+        response = self.client.post(
+            reverse(f"{self.url_prefix}_delete", kwargs={"object_id": staff.pk})
+            # reverse(f"{self.url_prefix}_changelist"),
+            # data={"action": "delete_selected", "_selected_action": [staff.pk]},
+        )
+        csrf_token = response.context["csrf_token"]
+        post_data = {
+            "csrfmiddlewaretoken": str(csrf_token),
+            "post": "yes",  # This indicates confirmation of deletion
+        }
+        self.client.post(
+            reverse(f"{self.url_prefix}_delete", kwargs={"object_id": staff.pk}),
+            data=post_data,
+        )
+        staff = StaffUser.objects.filter(staff_email=self.user.email)
+        self.assertEqual(len(staff), 0)
+        staff_logs = StaffUserLog.objects.filter(staff_email=self.user.email)
+        self.assertEqual(len(staff_logs), 1)

backend/users/admin.py

@@ -1,5 +1,65 @@
 from django.contrib import admin
 
-from .models import UserProfile
+from .models import StaffUserLog, UserProfile, StaffUser
 
 admin.site.register(UserProfile)
+
+
+@admin.register(StaffUserLog)
+class StaffUserLogAdmin(admin.ModelAdmin):
+    list_display = [
+        "staff_email",
+        "added_by_email",
+        "date_added",
+        "removed_by_email",
+        "date_removed",
+    ]
+
+    def has_add_permission(self, request, obj=None):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+
+@admin.register(StaffUser)
+class StaffUserAdmin(admin.ModelAdmin):
+    list_display = [
+        "staff_email",
+        "added_by_email",
+        "date_added",
+    ]
+    fields = [
+        "staff_email",
+    ]
+
+    def save_model(self, request, obj, form, change):
+        obj.added_by_email = request.user.email
+        super().save_model(request, obj, form, change)
+
+    def delete_model(self, request, obj):
+        StaffUserLog(
+            staff_email=obj.staff_email,
+            added_by_email=obj.added_by_email,
+            date_added=obj.date_added,
+            removed_by_email=request.user.email,
+        ).save()
+        super().delete_model(request, obj)
+
+    def has_module_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_view_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+    def has_add_permission(self, request, obj=None):
+        return request.user.is_superuser
+
+    def has_delete_permission(self, request, obj=None):
+        return request.user.is_superuser

backend/users/migrations/0002_staffuser_staffuserlog.py

@@ -0,0 +1,68 @@
+# Generated by Django 4.2.5 on 2023-10-06 16:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("users", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="StaffUser",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("staff_email", models.EmailField(max_length=254)),
+                (
+                    "date_added",
+                    models.DateTimeField(auto_now_add=True, verbose_name="Date Added"),
+                ),
+                (
+                    "added_by_email",
+                    models.EmailField(max_length=254, verbose_name="Email of Adder"),
+                ),
+            ],
+        ),
+        migrations.CreateModel(
+            name="StaffUserLog",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("staff_email", models.EmailField(max_length=254)),
+                (
+                    "date_added",
+                    models.DateTimeField(auto_now_add=True, verbose_name="Date Added"),
+                ),
+                (
+                    "added_by_email",
+                    models.EmailField(max_length=254, verbose_name="Email of Adder"),
+                ),
+                (
+                    "date_removed",
+                    models.DateTimeField(
+                        auto_now_add=True, verbose_name="Date removed"
+                    ),
+                ),
+                (
+                    "removed_by_email",
+                    models.EmailField(max_length=254, verbose_name="Email of Remover"),
+                ),
+            ],
+        ),
+    ]