Regional User Request Access

[elipe17]

Summary of Changes

• Added support for acf domain based users to select whether they're central or regional users
• Added frontend support for selecting regions for regional users
• Refactored the request access form into it's own component
• Added new frontend tests to test the new form component
• Added support in the backend to allow a user to be associated with multiple regions and vice versa
• Updated email templates to handle regional vs central access request/approved emails
• Added new form fields for e2e tests
  Pull request closes Update the existing OFA access workflow to include regions #3384

How to Test

cd tdrs-frontend && docker-compose up --build
cd tdrs-backend && docker-compose up --build

1. Open http://localhost:3000/ and sign in.
2. Request access as a normal central user, make sure you try introducing form errors to verify the errors and count of errors looks good.
3. Verify you can successfully request access and that your user is updated etc...
4. To test as the regional user with acf domain, you can modify line 247 in RequestAccessForm from {isAMSUser && ( to {!isAMSUser && (. Notice the addition of the bang symbol.
5. Now log in, and request access again. Toggle the regional radio buttons to verify functionality.
6. Introduce/fix form errors with and without the regional checkboxes rendered
7. select one or more regions for your user, and request access
8. Verify the user is created and that it is correctly associated with the regions you chose.

Deliverables

More details on how deliverables herein are assessed included here.

Deliverable 1: Accepted Features

Checklist of ACs:

• When a user with an ACF email domain, they should be presented with the region checkboxes
• Regional user is emailed when access is submitted, approved, and/or denied.
• The regional user must select 1+ region(s).
• DAC should allow regional user with null STTs if region is selected.
• Testing Checklist has been run and all tests pass
• README is updated, if necessary

Deliverable 2: Tested Code

• Are all areas of code introduced in this PR meaningfully tested?
  • If this PR introduces backend code changes, are they meaningfully tested?
  • If this PR introduces frontend code changes, are they meaningfully tested?
• Are code coverage minimums met?
  • Frontend coverage: [insert coverage %] (see CodeCov Report comment in PR)
  • Backend coverage: [insert coverage %] (see CodeCov Report comment in PR)

Deliverable 3: Properly Styled Code

• Are backend code style checks passing on CircleCI?
• Are frontend code style checks passing on CircleCI?
• Are code maintainability principles being followed?

Deliverable 4: Accessible

• Does this PR complete the epic?
• Are links included to any other gov-approved PRs associated with epic?
• Does PR include documentation for Raft's a11y review?
• Did automated and manual testing with iamjolly and ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

• Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

• Does this PR provide background for why coding decisions were made?
• If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces dependencies, are their licenses documented?
• Can reviewer explain and take ownership of these elements presented in this code review?

Deliverable 7: Secure

• Does the OWASP Scan pass on CircleCI?
• Do manual code review and manual testing detect any new security issues?
• If new issues detected, is investigation and/or remediation plan documented?

Deliverable 8: User Research

Research product(s) clearly articulate(s):

• the purpose of the research
• methods used to conduct the research
• who participated in the research
• what was tested and how
• impact of research on TDP
• (if applicable) final design mockups produced for TDP development

[codecov]

Codecov Report

Attention: Patch coverage is 89.82036% with 17 lines in your changes missing coverage. Please review.

Project coverage is 91.15%. Comparing base (d227065) to head (29468bf).
Report is 51 commits behind head on develop.

Files with missing lines	Patch %	Lines
...backend/tdpservice/email/helpers/account_status.py	44.44%	3 Missing and 2 partials ⚠️
tdrs-backend/tdpservice/users/serializers.py	61.53%	3 Missing and 2 partials ⚠️
...rc/components/RequestAccessForm/RegionSelector.jsx	88.23%	2 Missing and 2 partials ⚠️
tdrs-backend/tdpservice/users/models.py	81.81%	1 Missing and 1 partial ⚠️
...ponents/RequestAccessForm/JurisdictionSelector.jsx	75.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3440      +/-   ##
===========================================
- Coverage    91.24%   91.15%   -0.09%     
===========================================
  Files          303      308       +5     
  Lines         8734     8832      +98     
  Branches       650      670      +20     
===========================================
+ Hits          7969     8051      +82     
- Misses         645      654       +9     
- Partials       120      127       +7     

Flag	Coverage Δ
dev-backend	91.01% <83.09%> (-0.10%)	⬇️
dev-frontend	92.18% <94.79%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...pservice/stts/management/commands/populate_stts.py	100.00% <100.00%> (ø)
...tdpservice/stts/migrations/0011_add_region_name.py	100.00% <100.00%> (ø)
tdrs-backend/tdpservice/stts/models.py	100.00% <100.00%> (ø)
tdrs-backend/tdpservice/users/admin.py	77.50% <100.00%> (+4.77%)	⬆️
...s/migrations/0043_create_regions_m2m_del_region.py	100.00% <100.00%> (ø)
tdrs-backend/tdpservice/users/permissions.py	100.00% <100.00%> (ø)
tdrs-backend/tdpservice/users/test/factories.py	100.00% <ø> (ø)
tdrs-backend/tdpservice/users/views.py	96.00% <ø> (ø)
tdrs-frontend/src/actions/requestAccess.js	100.00% <100.00%> (ø)
tdrs-frontend/src/components/Home/Home.jsx	100.00% <100.00%> (+1.78%)	⬆️
... and 6 more

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8955b3b...29468bf. Read the comment docs.

[elipe17]

@elipe17 merge conflict here

@ADPennington , just fixed :)

[ADPennington]

@elipe17 @lhuxraft -- @ttran-hub and I will meet tomorrow, 2/11, to test this PR together in the QASP environment. I need to avoid deleting my user account for testing in QASP because it is linked to the vast majority of data file objects tested in this environment.

[ADPennington]

@elipe17 @lhuxraft -- @ttran-hub and I will meet tomorrow, 2/11, to test this PR together in the QASP environment. I need to avoid deleting my user account for testing in QASP because it is linked to the vast majority of data file objects tested in this environment.

@elipe17 @lhuxraft -- @ttran-hub and I completed our testing and below are the findings. Please note that I deleted the test account after every test to model a new user flow as closely as possible. Let us know how best to proceed here.

In summary:

• the state issue underlying the Bug: Group renders as None in request approved email if assigned During Approval #3449 bug is still apparent and would need to be addressed before we can onboard any regional staff users. We would be okay approving this as long as it is addressed before onboarding.
• we also noticed that it is possible to add regions to a user account but not possible to remove any. This probably needs to be addressed in another ticket.
• For the approved regional user's profile, would be a nice enhancement to add the region(s) associated with their account to the profile.
• STT(s) not able to be selected on data files page (Update Data Files page for regional staff #3385)

---

test 1. Request access as a central office user

user received the correct email language

test 2. Request access as a regional office user (one region only)

user received the incorrect email language (no evidence of requesting R1 in email but evident in user account)

test 3. Request access as a regional office user (more than one region only)

user received the incorrect email language (no evidence of requesting multiple regions in email but evident in user account)

user profile once approved

data files page once approved

[elipe17]

@elipe17 @lhuxraft -- @ttran-hub and I will meet tomorrow, 2/11, to test this PR together in the QASP environment. I need to avoid deleting my user account for testing in QASP because it is linked to the vast majority of data file objects tested in this environment.

@elipe17 @lhuxraft -- @ttran-hub and I completed our testing and below are the findings. Please note that I deleted the test account after every test to model a new user flow as closely as possible. Let us know how best to proceed here.

In summary:

• the state issue underlying the Request Approved Template has Missing Data #3449 bug is still apparent and would need to be addressed before we can onboard any regional staff users. We would be okay approving this as long as it is addressed before onboarding.
• we also noticed that it is possible to add regions to a user account but not possible to remove any. This probably needs to be addressed in another ticket.
• For the approved regional user's profile, would be a nice enhancement to add the region(s) associated with their account to the profile.
• STT(s) not able to be selected on data files page (Update Data Files page for regional staff #3385)

test 1. Request access as a central office user

user received the correct email language

test 2. Request access as a regional office user (one region only)

user received the incorrect email language (no evidence of requesting R1 in email but evident in user account)

test 3. Request access as a regional office user (more than one region only)

user received the incorrect email language (no evidence of requesting multiple regions in email but evident in user account)

user profile once approved

data files page once approved

@ADPennington, I added a fix to correctly handle the email context wrt a user being central/regional. You should now be able to request access as central/regional user and get the correct emails. You can also use the same user now without having to delete it from shell_plus. The caveat to this is you should NOT assign the user a group while switching the request access state back and forth. It's hard to explain here why that can cause issues, but happy to get on a call to explain. The issue WRT the Group being null in approval emails is still an issue and is the same issue I fixed for the email context stuff but in a different code flow. Because it has a different flow, my fix for the emails does not apply to the group stuff. I also updated the admin form to allow you and other admins the ability to add/remove regions. Sorry this took so long, it was a tough issue to track down and has to do with Many to Many fields inside of Models.

cc. @lhuxraft

[ADPennington]

@elipe17 re-tested with a team member who didnt previously have an account in qasp environment. Results below:

1. central office user request ✔️

2. (after resetting account to initial state) user request for one region ✔️

3. (after assigning to RO group ---> account status pending ---> save/continue --> account status approval) approval email ✔️

4. (after adding a region to the user's approved account --> account status pending ---> save/continue --> account status approval) approval email ✔️
   

5. (after checking to delete regions, removing user from RO group, and setting account status to initial state) user request for multiple regions ✔️
   
   
   

[ADPennington]

during review, I noticed the tests here for regional staff interactions with the user accounts in/out of their region. Its come to my attention that regional user group is currently configured to have visibility into user accounts, and its not just users in their region. These permissions need to be removed before onboarding of regional staff users. Currently no impact. will spin up new ticket, as these permissions were pre-existing @elipe17 @lhuxraft

[ADPennington]

LGTM @elipe17 🚀

As discussed, there will be new tickets for:

• adding region(s) to profile for approved regional staff users
• resolving regional staff permissions re: users before onboarding