1337 email owner as system admin group (un)assigned

[raftmsohani]

Summary of Changes

Provide a brief summary of changes
Pull request closes #1337 _

How to Test

task up

1. Open http://localhost:3000/ and sign in.
2. Proceed to admin page and create a group called: "System Owner"
3. Then add this group to one of the users
4. Change another user's group from/to: "OFA System Admin"
5. Check the user with system owner group receives email

The following screenshot shows an example of email template for assignment:

Deliverables

More details on how deliverables herein are assessed included here.

Deliverable 1: Accepted Features

Checklist of ACs:

• [insert ACs here]
• lfrohlich and/or adpennington confirmed that ACs are met.

Deliverable 2: Tested Code

• Are all areas of code introduced in this PR meaningfully tested?
  • If this PR introduces backend code changes, are they meaningfully tested?
  • If this PR introduces frontend code changes, are they meaningfully tested?
• Are code coverage minimums met?
  • Frontend coverage: [insert coverage %] (see CodeCov Report comment in PR)
  • Backend coverage: [insert coverage %] (see CodeCov Report comment in PR)

Deliverable 3: Properly Styled Code

• Are backend code style checks passing on CircleCI?
• Are frontend code style checks passing on CircleCI?
• Are code maintainability principles being followed?

Deliverable 4: Accessible

• Does this PR complete the epic?
• Are links included to any other gov-approved PRs associated with epic?
• Does PR include documentation for Raft's a11y review?
• Did automated and manual testing with iamjolly and ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

• Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

• Does this PR provide background for why coding decisions were made?
• If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces dependencies, are their licenses documented?
• Can reviewer explain and take ownership of these elements presented in this code review?

Deliverable 7: Secure

• Does the OWASP Scan pass on CircleCI?
• Do manual code review and manual testing detect any new security issues?
• If new issues detected, is investigation and/or remediation plan documented?

Deliverable 8: User Research

Research product(s) clearly articulate(s):

• the purpose of the research
• methods used to conduct the research
• who participated in the research
• what was tested and how
• impact of research on TDP
• (if applicable) final design mockups produced for TDP development

[codecov]

Codecov Report

Attention: Patch coverage is 90.24390% with 4 lines in your changes missing coverage. Please review.

Project coverage is 91.52%. Comparing base (bf0bcec) to head (770dcf7).
Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
tdrs-backend/tdpservice/email/tasks.py	66.66%	2 Missing ⚠️
tdrs-backend/tdpservice/users/signals.py	89.47%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3253      +/-   ##
===========================================
- Coverage    91.52%   91.52%   -0.01%     
===========================================
  Files          297      298       +1     
  Lines         8415     8456      +41     
  Branches       608      612       +4     
===========================================
+ Hits          7702     7739      +37     
- Misses         603      606       +3     
- Partials       110      111       +1     

Flag	Coverage Δ
dev-backend	91.36% <90.24%> (-0.01%)	⬇️
dev-frontend	92.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
tdrs-backend/tdpservice/email/email_enums.py	100.00% <100.00%> (ø)
...nd/tdpservice/email/helpers/admin_notifications.py	92.59% <100.00%> (+6.87%)	⬆️
tdrs-backend/tdpservice/users/apps.py	100.00% <100.00%> (ø)
tdrs-backend/tdpservice/email/tasks.py	79.78% <66.66%> (-0.90%)	⬇️
tdrs-backend/tdpservice/users/signals.py	89.47% <89.47%> (ø)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f8e618a...770dcf7. Read the comment docs.

[andrew-jameson]

LGTM!

[jtimpe]

is there a reason for the imports in the function? i see it in other functions in this file, so just curious

[raftmsohani]

I think originally I got circular error, but will check back again because I changed things around

[jtimpe]

enum?

[jtimpe]

This reads a little bit weird with "added" and "removed" as the action. Could we do "assigned" and "unassigned"? Or change the sentence a little.

"The System Admin role has been (assigned/unassigned) for a user of the TANF Data Portal (TDP)"

just a suggestion. sounds a little like the account has been deleted otherwise.

[jtimpe]

minor feedback. works as written

[jtimpe]

@raftmsohani one note i forgot to make: the description says "system admins" should receive the email, but i believe it should say "system owners"

also, the addition of the new System Owners group means that the frontend no longer shows the expected links (kibana, grafana, admin)

[raftmsohani]

@raftmsohani one note i forgot to make: the description says "system admins" should receive the email, but i believe it should say "system owners"

also, the addition of the new System Owners group means that the frontend no longer shows the expected links (kibana, grafana, admin)

@jtimpe I don't see anything wrong, basically when system admin group is being (un)assigned then system owner should receive email

[ADPennington]

Proceed to admin page and create a group called: "System Owner"
Then add this group to one of the users
Change another user's group from/to: "OFA System Admin"
Check the user with system owner group receives email

@raftmsohani is it expected for sys admins to create this new user group? if so, why? Additionally, what permissions does this user group need?

[raftmsohani]

Proceed to admin page and create a group called: "System Owner"
Then add this group to one of the users
Change another user's group from/to: "OFA System Admin"
Check the user with system owner group receives email

@raftmsohani is it expected for sys admins to create this new user group? if so, why? Additionally, what permissions does this user group need?

Instead of creating the group in migrations, we decided to create it one manually in prod, and then pull all group creations out of migrations and add it to load data command.

I thought the new SystemOwner group is what the ticket is asking. I assume same permissions as OFAAdmin??

[ADPennington]

Proceed to admin page and create a group called: "System Owner"
Then add this group to one of the users
Change another user's group from/to: "OFA System Admin"
Check the user with system owner group receives email

@raftmsohani is it expected for sys admins to create this new user group? if so, why? Additionally, what permissions does this user group need?

Instead of creating the group in migrations, we decided to create it one manually in prod, and then pull all group creations out of migrations and add it to load data command.

I thought the new SystemOwner group is what the ticket is asking. I assume same permissions as OFAAdmin??

okay; is this approach simpler? if so, can you attach a video demonstrating how to do this? @raftmsohani