Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#1768: status change notifications - MS #3231

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

Matt-Spence
Copy link
Contributor

Ticket

Resolves #1768

Changes

  • change_view in domain request admin page now checked if the request is approved and has a domain in the ready state. If so it displays a warning banner that this domain cannot be moved out of the approved state.
  • Test for the above behavior

Context for reviewers

Setup

Code Review Verification Steps

As the original developer, I have

Satisfied acceptance criteria and met development standards

  • Met the acceptance criteria, or will meet them in a subsequent PR
  • Created/modified automated tests
  • Update documentation in READMEs and/or onboarding guide

Ensured code standards are met (Original Developer)

  • If any updated dependencies on Pipfile, also update dependencies in requirements.txt.
  • Interactions with external systems are wrapped in try/except
  • Error handling exists for unusual or missing values

Validated user-facing changes (if applicable)

  • Tag @dotgov-designers in this PR's Reviewers for design review. If code is not user-facing, delete design reviewer checklist
  • Verify new pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
  • Checked keyboard navigability
  • Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)

As a code reviewer, I have

Reviewed, tested, and left feedback about the changes

  • Pulled this branch locally and tested it
  • Verified code meets all checks above. Address any checks that are not satisfied
  • Reviewed this code and left comments. Indicate if comments must be addressed before code is merged
  • Checked that all code is adequately covered by tests
  • Verify migrations are valid and do not conflict with existing migrations

Validated user-facing changes as a developer

Note: Multiple code reviewers can share the checklists above, a second reviewer should not make a duplicate checklist. All checks should be checked before approving, even those labeled N/A.

  • New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
  • Checked keyboard navigability
  • Meets all designs and user flows provided by design/product
  • Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
  • (Rarely needed) Tested as both an analyst and applicant user

As a designer reviewer, I have

Verified that the changes match the design intention

  • Checked that the design translated visually
  • Checked behavior. Comment any found issues or broken flows.
  • Checked different states (empty, one, some, error)
  • Checked for landmarks, page heading structure, and links

Validated user-facing changes as a designer

  • Checked keyboard navigability
  • Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
  • Tested with multiple browsers (check off which ones were used)
    • Chrome
    • Microsoft Edge
    • FireFox
    • Safari
  • (Rarely needed) Tested as both an analyst and applicant user

References

Screenshots

@Matt-Spence Matt-Spence changed the title Ms/1768 status change notifications #1768: status change notifications - MS Dec 16, 2024
Copy link

🥳 Successfully deployed to developer sandbox ms.

1 similar comment
Copy link

🥳 Successfully deployed to developer sandbox ms.

Copy link

🥳 Successfully deployed to developer sandbox ms.

1 similar comment
Copy link

🥳 Successfully deployed to developer sandbox ms.

Copy link
Contributor

@zandercymatics zandercymatics left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like the notification is displaying as both warning and ready (two messages). May just be an issue on my end though
image

Comment on lines +2439 to +2443
# get change url for domain
app_label = domain_request.approved_domain._meta.app_label
model_name = domain._meta.model_name
obj_id = domain.id
change_url = reverse("admin:%s_%s_change" % (app_label, model_name), args=[obj_id])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really great

Comment on lines +2445 to +2448
message = f"<li>The status of this domain request cannot be changed because it has been joined to a domain in Ready status: " # noqa
message += f"<a href='{change_url}'>{domain}</a></li>"

message_html = mark_safe(message) # nosec
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
message = f"<li>The status of this domain request cannot be changed because it has been joined to a domain in Ready status: " # noqa
message += f"<a href='{change_url}'>{domain}</a></li>"
message_html = mark_safe(message) # nosec
message = format_html(
"<li>The status of this domain request cannot be changed because it has been joined to a domain in Ready status:"
"<a href='{}'>{}</a></li>",
mark_safe(change_url),
escape(str(domain))
)

(Sorry about the wonky spacing)

(Conditionally blocking) The domain string here technically raises a security issue because when coerced to a string, it defaults to the domain name which is user input. While I don't see the analysts ever approving something like <script>x = totally-real-domain.gov; console.log(x)</script>, but I think its worth patching this just in case.

Your change url is totally fine though. When I've ran into this before I usually just embed escape because of execution order. I've outlined a different approach above, but it doesn't need to look any particular way

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add notification so Analysts know when they cannot change request status from "Approved"
2 participants