3399 controlled access fra data files page

[raftmsohani]

Summary of Changes

Provide a brief summary of changes
Pull request closes #3399 _

How to Test

List the steps to test the PR

1. start the backend and frontend
2. login to admin as superuser
3. make sure you have datafiles for testing. change a couple of sections to FRA sections
4. check that without fra_access, you user cannot see the files in FRA sections
5. add fra access by adding the following to feature flag section: {"fra_access": true}
6. check that now you can see the FRA files only

Demo GIF(s) and screenshots for testing procedure

Deliverables

More details on how deliverables herein are assessed included here.

Deliverable 1: Accepted Features

Checklist of ACs:

• [insert ACs here]
• lfrohlich and/or adpennington confirmed that ACs are met.

Deliverable 2: Tested Code

• Are all areas of code introduced in this PR meaningfully tested?
  • If this PR introduces backend code changes, are they meaningfully tested?
  • If this PR introduces frontend code changes, are they meaningfully tested?
• Are code coverage minimums met?
  • Frontend coverage: [insert coverage %] (see CodeCov Report comment in PR)
  • Backend coverage: [insert coverage %] (see CodeCov Report comment in PR)

Deliverable 3: Properly Styled Code

• Are backend code style checks passing on CircleCI?
• Are frontend code style checks passing on CircleCI?
• Are code maintainability principles being followed?

Deliverable 4: Accessible

• Does this PR complete the epic?
• Are links included to any other gov-approved PRs associated with epic?
• Does PR include documentation for Raft's a11y review?
• Did automated and manual testing with iamjolly and ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

• Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

• Does this PR provide background for why coding decisions were made?
• If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces dependencies, are their licenses documented?
• Can reviewer explain and take ownership of these elements presented in this code review?

Deliverable 7: Secure

• Does the OWASP Scan pass on CircleCI?
• Do manual code review and manual testing detect any new security issues?
• If new issues detected, is investigation and/or remediation plan documented?

Deliverable 8: User Research

Research product(s) clearly articulate(s):

• the purpose of the research
• methods used to conduct the research
• who participated in the research
• what was tested and how
• impact of research on TDP
• (if applicable) final design mockups produced for TDP development

[codecov]

Codecov Report

Attention: Patch coverage is 66.66667% with 25 lines in your changes missing coverage. Please review.

Project coverage is 91.26%. Comparing base (099b230) to head (2b0e4be).
Report is 4 commits behind head on develop.

Files with missing lines	Patch %	Lines
tdrs-backend/tdpservice/data_files/admin/admin.py	48.00%	13 Missing ⚠️
tdrs-backend/tdpservice/data_files/views.py	16.66%	4 Missing and 1 partial ⚠️
tdrs-backend/tdpservice/users/admin.py	28.57%	5 Missing ⚠️
tdrs-backend/tdpservice/data_files/models.py	90.47%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3430      +/-   ##
===========================================
- Coverage    91.43%   91.26%   -0.17%     
===========================================
  Files          300      302       +2     
  Lines         8647     8720      +73     
  Branches       640      650      +10     
===========================================
+ Hits          7906     7958      +52     
- Misses         621      642      +21     
  Partials       120      120              

Flag	Coverage Δ
dev-backend	91.10% <66.66%> (-0.20%)	⬇️
dev-frontend	92.44% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...ta_files/migrations/0017_alter_datafile_section.py	100.00% <100.00%> (ø)
tdrs-backend/tdpservice/data_files/serializers.py	96.55% <100.00%> (+0.25%)	⬆️
...ervice/users/migrations/0042_user_feature_flags.py	100.00% <100.00%> (ø)
tdrs-backend/tdpservice/users/models.py	93.93% <100.00%> (+2.36%)	⬆️
tdrs-backend/tdpservice/data_files/models.py	87.64% <90.47%> (+0.29%)	⬆️
tdrs-backend/tdpservice/data_files/views.py	85.21% <16.66%> (-3.78%)	⬇️
tdrs-backend/tdpservice/users/admin.py	72.72% <28.57%> (-8.76%)	⬇️
tdrs-backend/tdpservice/data_files/admin/admin.py	66.34% <48.00%> (-4.54%)	⬇️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4849833...2b0e4be. Read the comment docs.

[andrew-jameson]

Hey Mo, can you update testing steps here? Functionally it's looking good

[elipe17]

Is there a reason this lives in the function instead of at the module level?

[raftmsohani]

not really, corrected it

[elipe17]

Is this stylistic/for completeness, or was this required?

[raftmsohani]

byproduct of an approach I was taking, can be removed

[elipe17]

This comment is confusing since the test is using an FRA section immediately below it even though the comment says not to.

[elipe17]

Left some comments and questions

[elipe17]

If we keep null and blank set to True, the property has_fra_access should do a null check on self.feature_flags before checking for the key. I was able to leave the form field blank in the admin and cause an exception to be raised when navigating to the data files page. Could we instead make them both false since we do have the default set as dict to avoid worrying about checks?

[raftmsohani]

Unfortunately, there is an internal check for {} in JSONField. The only way to bypass is to override JSONField, but I decided to check for null or empty dict during cleaning which is simple

[raftmsohani]

Also moved null out

[elipe17]

Checkout my comment

[elipe17]

@raftmsohani this PR is also generating another migration on top of the two existing ones when I start it locally.\

[raftmsohani]

@raftmsohani this PR is also generating another migration on top of the two existing ones when I start it locally.\

fixed

[jtimpe]

Working for the most part. I do have one suggestion i think would be worth exploring

[jtimpe]

not sure if this is intended, but setting fra_access=True means that the data files page filters down to only FRA files. you have to set fra_access=False to see other file types. maybe we should have a "both" option for admins and other users so that they don't have to switch the feature flag to find files in the admin

[raftmsohani]

if user doesn't have FRA access or is Admin, then FRA files will be filtered

[raftmsohani]

This filter will appear if user has FRA access and is Admin

[jtimpe]

Looks good