#2402: Design Review for Analyst Portfolio View - [ZA] - MIGRATION

[zandercymatics]

Ticket

Resolves #2402

Changes

All of the following changes are in django admin.

Portfolio table:

• Added an "organization_type" and "federal_type" columns
• Removed the "federal_agency" column
• Changed the help text under the search bar to "Search by organization name."

On the portfolio page:

• Added view, edit, and add permissions for analysts
• Made the "organization_name" field readonly for analysts
• Added a details table for administrators, members, domain requests, and domains. These all now link either to the table or to the individual record.
• Changed the order of portfolio fields
• Dynamically show/hide the organization name field depending on the federal type. It is hidden if it is not portfolio.
• Added a "create a new senior official" button if none is auto-populated.
• Tweaked existing javascript to account for these changes

On the UserPortfolioPermission page:

• Added a "roles" table
• Added a search bar
• Changed the str display of UserPortfolioPermission

On the federal agencies field:

• Removed the helper text below federal_type
• Renamed "initials" to "acronym"
  • Updated helper text to read: "Acronym commonly used to reference the federal agency (optional) "
• Updated the helper text for "FCEB" to read: "Federal Civilian Executive Branch (FCEB)

On the suborganization page:

• Added a search helper text that reads: "Search by suborganization."
• Updated the "Name" field to read "Suborganization" (verbose_name)
• Removed the helper text below the "Suborganization" field
• If there are no requests or domains associated with a suborganization, display "No domains" or "No domain requests" below those headings.

On the User page:

• Updated the blue-bar heading for "Portfolio information" to read: "Associated portfolios"
• Within that section, the display of "portfolio" now matches the styling we use for "suborganizations" on the portfolio page
• Rather than hiding the "Associated portfolios" section if the user isn't associated with one, we just show the text "no portfolios"
• If there are no requests or domains associated with a user, display "No domains" or "No domain requests" below those headings.

On the Domain information / Domain request pages:

• Updated helper for portfolio text to read: “If blank, request is not associated with a portfolio.”
• "Sub organization" is now displayed as "Suborganization"
• Updated helper text for suborganization to read: “If blank, request is associated with the overarching organization for this portfolio."

Context for reviewers

This PR addresses changes related to the design review of the analyst portfolio view. So - essentially milestone features that touch on /admin. You will need to test the changes detailed above.

Setup

Visit and test the following pages in django admin as an analyst:

1. The portfolio table
2. The portfolio page
3. The UserPermissionRole page
4. The suborganization page
5. The user page
6. The domain request page
7. The domain page

Code Review Verification Steps

As the original developer, I have

Satisfied acceptance criteria and met development standards

• Met the acceptance criteria, or will meet them in a subsequent PR
• Created/modified automated tests
• Added at least 2 developers as PR reviewers (only 1 will need to approve)
• Messaged on Slack or in standup to notify the team that a PR is ready for review
• Changes to “how we do things” are documented in READMEs and or onboarding guide
• If any model was updated to modify/add/delete columns, makemigrations was ran and the associated migrations file has been commited.

Ensured code standards are met (Original Developer)

• All new functions and methods are commented using plain language
• Did dependency updates in Pipfile also get changed in requirements.txt?
• Interactions with external systems are wrapped in try/except
• Error handling exists for unusual or missing values

Validated user-facing changes (if applicable)

• New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
• Checked keyboard navigability
• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
• Add at least 1 designer as PR reviewer

As a code reviewer, I have

Reviewed, tested, and left feedback about the changes

• Pulled this branch locally and tested it
• Reviewed this code and left comments
• Checked that all code is adequately covered by tests
• Made it clear which comments need to be addressed before this work is merged
• If any model was updated to modify/add/delete columns, makemigrations was ran and the associated migrations file has been commited.

Ensured code standards are met (Code reviewer)

• All new functions and methods are commented using plain language
• Interactions with external systems are wrapped in try/except
• Error handling exists for unusual or missing values
• (Rarely needed) Did dependency updates in Pipfile also get changed in requirements.txt?

Validated user-facing changes as a developer

• New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing

• Checked keyboard navigability

• Meets all designs and user flows provided by design/product

• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)

• Tested with multiple browsers, the suggestion is to use ones that the developer didn't (check off which ones were used)

  • Chrome
  • Microsoft Edge
  • FireFox
  • Safari

• (Rarely needed) Tested as both an analyst and applicant user

Note: Multiple code reviewers can share the checklists above, a second reviewers should not make a duplicate checklist

As a designer reviewer, I have

Verified that the changes match the design intention

• Checked that the design translated visually
• Checked behavior
• Checked different states (empty, one, some, error)
• Checked for landmarks, page heading structure, and links
• Tried to break the intended flow

Validated user-facing changes as a designer

• Checked keyboard navigability

• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)

• Tested with multiple browsers (check off which ones were used)

  • Chrome
  • Microsoft Edge
  • FireFox
  • Safari

• (Rarely needed) Tested as both an analyst and applicant user

Screenshots

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[zandercymatics]

@Katherine-Osos All those changes should be in!

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[asaki222]

This is great cleanup here~

[asaki222]

what does '#type: ignore' mean?

[zandercymatics]

Its for ignoring type checking with our linter. Its just a bit overzealous here so we've been doing that on these particular functions

[asaki222]

on the changes description, it says that help text is Search by portfolio organization

[zandercymatics]

Ah sorry - this is correct! I just forgot to fix that in the ticket. We eventually renamed it to this. Great eye!

[asaki222]

this might be a nitpick. Would !seniorOfficialName and !seniorOfficialName.trim() both pass if seniorOfficialName was invalid?

[zandercymatics]

If the senior official name contains a space, I think it would evaluate to true. Its basically catching that particular edge case.

I'd have to look again but I think the compiler knows how to optimize this such that if !seniorOfficialName, then it'll just enter the loop without computing the rest. It works this way in python as you can do if something and something.field and something.field.another_field and it doesn't error out

[Katherine-Osos]

@zandercymatics On the Domain Request and Domains pages … I changed my mind about the “Portfolio” helper text. Let’s remove that completely; it seems unnecessary (but keep the helper text for “Suborganization.”)

Other than that, this looks great! I'll approve once that helper text is removed!

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[asaki222]

LGTM

[zandercymatics]

@Katherine-Osos Removed! Can you take another look?

[Katherine-Osos]

Woot woot! Looks great, @zandercymatics!

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[Matt-Spence]

Good stuff

[Matt-Spence]

This seniorOfficialId isn't user-supplied data is it? I'm a bit fuzzy on what the api call above will return, so I just want to check what the data.id that's being used here actually is. We need to be careful when supplying data in href's that will be passed into an innerHTML object like it is below, as it creates a possible vector for cross-site-scripting attacks. I don't think it's an issue here but want to double check.

[zandercymatics]

This seniorOfficialId isn't user-supplied data is it

Nope, this is the PK of the senior official field. I believe it gets pulled from the model. Since only superusers / analysts can access this field (and since it pulls from a table they already have access to) I figured this approach would be OK.

I'm a bit fuzzy on what the api call above will return

Check out the get_senior_official_from_federal_agency_json function. It basically just returns a json representation of the senior official object which they would normally have access to on the senior official table

[github-actions]

🥳 Successfully deployed to developer sandbox za.

[github-actions]

🥳 Successfully deployed to developer sandbox za.