#2351: Org requests page - [RJM]

[zandercymatics]

Ticket

Resolves #2351

Joint ticket between @dave-kennedy-ecs / @rachidatecs / @zandercymatics

Changes

• Adds a portfolio domain requests page with the following changes:
  • Adds a dropdown button for the domain requests button (toggleable depending on permissions)
  • Adds a "creator" field to the table
  • Replaces the delete button with an expandable "three dots" icon (see this figma)
  • View / Manage logic like on the domains page
  • Show/hide the "Start a new domain request" button depending on permissions
  • Changed the API to return only domain requests associated with that portfolio
  • Automatically added new domain requests created through the portfolio page to that portfolio
• Added a "no organization requests" page (like our no domains page)
• Small refactor to our portfolio permission functions on user to work with this new flow
• Removed the VIEW_CREATED_REQUESTS permission and used EDIT_REQUESTS instead
• Refactored our middleware to simplify adding portfolios + fix session retention bugs

Context for reviewers

In a nutshell, this PR adds a domain request page that is similar to the domain page on portfolios.
As part of it, we will eventually need to add readonly versions of domain requests for members that do not have permissions to edit created requests. However, that will be addressed in a follow-on ticket. For now, clicking view on any request that you do not currently manage will return an error.

Like the domains page, the domain request table will return all domain requests within said portfolio. If you have the EDIT_REQUESTS permission, you can: 1) create new domain requests, 2) manage your created domain requests. You cannot modify requests that were not created by your user.

If you only have the VIEW_ALL_REQUESTS permission, you should not see the start a new domain request button - and all manage links should change to view.

Likewise, if you are missing both of those requests - you will be presented with a no access page like the one we have for domains.

Important: This PR also partially resolves a session bug wherein the session would not updated when the underlying portfolio was updated. This will be refined further, but this is something to note.

Setup

You will need:

1. A portfolio
2. The following flags enabled: organization_feature, organization_requests
3. Your user as a member user with the additional roles EDIT_REQUESTS (Called Create and edit requests in /admin) and VIEW_ALL_REQUESTS (Called View all requests in /admin)
4. Some domain requests with your portfolio added to them

You will need to test:

1. Navigating to the domain requests page + verifying that the dropdown button links work
2. Starting + finishing a new request (should be automatically added to the given portfolio)
3. Verifying that you cannot create a new request without the role EDIT_REQUESTS
4. Verifying that you see the no permissions page when removing EDIT_REQUESTS and VIEW_ALL_REQUESTS
5. Verifying that the domain request table only displays domain requests on that portfolio

Code Review Verification Steps

As the original developer, I have

Satisfied acceptance criteria and met development standards

• Met the acceptance criteria, or will meet them in a subsequent PR
• Created/modified automated tests
• Added at least 2 developers as PR reviewers (only 1 will need to approve)
• Messaged on Slack or in standup to notify the team that a PR is ready for review
• Changes to “how we do things” are documented in READMEs and or onboarding guide
• If any model was updated to modify/add/delete columns, makemigrations was ran and the associated migrations file has been commited.

Ensured code standards are met (Original Developer)

• All new functions and methods are commented using plain language
• Did dependency updates in Pipfile also get changed in requirements.txt?
• Interactions with external systems are wrapped in try/except
• Error handling exists for unusual or missing values

Validated user-facing changes (if applicable)

• New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
• Checked keyboard navigability
• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
• Add at least 1 designer as PR reviewer

As a code reviewer, I have

Reviewed, tested, and left feedback about the changes

• Pulled this branch locally and tested it
• Reviewed this code and left comments
• Checked that all code is adequately covered by tests
• Made it clear which comments need to be addressed before this work is merged
• If any model was updated to modify/add/delete columns, makemigrations was ran and the associated migrations file has been commited.

Ensured code standards are met (Code reviewer)

• All new functions and methods are commented using plain language
• Interactions with external systems are wrapped in try/except
• Error handling exists for unusual or missing values
• (Rarely needed) Did dependency updates in Pipfile also get changed in requirements.txt?

Validated user-facing changes as a developer

• New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing

• Checked keyboard navigability

• Meets all designs and user flows provided by design/product

• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)

• Tested with multiple browsers, the suggestion is to use ones that the developer didn't (check off which ones were used)

  • Chrome
  • Microsoft Edge
  • FireFox
  • Safari

• (Rarely needed) Tested as both an analyst and applicant user

Note: Multiple code reviewers can share the checklists above, a second reviewers should not make a duplicate checklist

As a designer reviewer, I have

Verified that the changes match the design intention

• Checked that the design translated visually
• Checked behavior
• Checked different states (empty, one, some, error)
• Checked for landmarks, page heading structure, and links
• Tried to break the intended flow

Validated user-facing changes as a designer

• Checked keyboard navigability

• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)

• Tested with multiple browsers (check off which ones were used)

  • Chrome
  • Microsoft Edge
  • FireFox
  • Safari

• (Rarely needed) Tested as both an analyst and applicant user

Screenshots

[zandercymatics]

@rachidatecs / @dave-kennedy-ecs do we need a test for this? I'm leaning toward no

[rachidatecs]

It would be nice

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[asaki222]

This is great that the checking for flag are moved into a method! :-)

[CocoByte]

I second this :D

[CocoByte]

Most of my comments are truly on the minutia. Overall solid work!

[CocoByte]

nitpick: "accordionIsOpen" looks like a boolean var...but it's clickable so clearly this is referring to an actual DOM element. Might want to rename to reflect its true identity. (eg. "openAccordionButton"? Like what you have later on?)

[zandercymatics]

What about accordionThatIsOpen? Since it grabs an open accordion element

cc: @rachidatecs

[rachidatecs]

We'll tackle renaming in the next ticket (search)

[CocoByte]

(non-blocking comment)--I'm surprised this isn't already built into the controls....are we over-customizing?

[zandercymatics]

Just making a guess but I think its due to how the default accordion works. I know this work was done before -- @rachidatecs did you have to do some heavy customization of this element to get it to behave this way?

[rachidatecs]

Correct

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[CocoByte]

LGTM so far. I'll let Rachid/Dave make final comments on the pieces they have been tagged in

[CocoByte]

Ah, thanks for the context

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.

[asaki222]

This overall lgtm! I do have a question. Am I supposed to see the delete button when I log in with an account that has View all requests?
Here are my screenshots:

This is the view under my admin account with Create and edit requests,

and this is my non admin account

[zandercymatics]

@asaki222 This is expected! You should see the edit button with create and edit requests. However when you do not have that permission, you should not see the save button. Are you seeing that behavior?

[CocoByte]

@asaki222 This is expected! You should see the edit button with create and edit requests. However when you do not have that permission, you should not see the save button. Are you seeing that behavior?

I verified this behavior. Approving!

[CocoByte]

LGTM

[asaki222]

LGTM!

[github-actions]

🥳 Successfully deployed to developer sandbox rjm.