Coverage for product_risk_suite/risk_assessment/views.py: 67%

94 statements  

« prev     ^ index     » next       coverage.py v7.15.0, created at 2026-07-07 12:45 +0000

1from django.shortcuts import get_object_or_404, render 

2from django.views.decorators.csrf import csrf_protect 

3from django.contrib.auth.decorators import login_required 

4from django.contrib.auth.mixins import PermissionRequiredMixin 

5from django.views.generic import FormView 

6from django.urls import reverse 

7from django.contrib import messages 

8from django.utils.translation import gettext_lazy as _ 

9from django.shortcuts import redirect 

10 

11from .forms import EvidenceUpdateProductForm 

12from .models import SecurityRequirement, RiskRating, SeverityName, LikelihoodName, SeverityExample, LikelihoodExample, SuggestedMitigationValidation, Evidence 

13 

14@csrf_protect 

15@login_required 

16def security_requirements(request): 

17 srs = SecurityRequirement.objects.all() 

18 context_norms = {} 

19 for sr in srs: 

20 if not sr.norm_long in context_norms: 

21 context_norms[sr.norm_long] = [] 

22 context_norms[sr.norm_long].append({ 

23 "description_short": sr.description_short, 

24 "description_long": sr.description_long, 

25 }) 

26 

27 context = {"security_req_map": context_norms} 

28 

29 return render(request, "security_requirements.html", context) 

30 

31@csrf_protect 

32@login_required 

33def security_requirement(request, norm_slug): 

34 req = get_object_or_404(SecurityRequirement, slug=norm_slug) 

35 

36 context = {"req": req} 

37 return render(request, "security_requirement.html", context) 

38 

39@csrf_protect 

40@login_required 

41def risk_info(request): 

42 severities = [{ "str": SeverityName.to_human_str(i), "value": i } for i in range(1, 6)] 

43 loos = [{"str": LikelihoodName.to_human_str(i), "value": i} for i in range(1, 6) ] 

44 

45 risk_color = {} 

46 risk = {} 

47 for y in range(1, 6): 

48 risk[f"{y}"] = {} 

49 risk_color[f"{y}"] = {} 

50 for x in range(1, 6): 

51 r = RiskRating.calc_risk(y, x) 

52 risk[f"{y}"][f"{x}"] = r 

53 risk_color[f"{y}"][f"{x}"] = RiskRating.risk_level_to_color(RiskRating.risk_level(r)) 

54 

55 example_severities = {} 

56 for se in SeverityExample.objects.all(): 

57 example_severities[f"{se.severity_of_impact}"] = se.examples 

58 example_loos = {} 

59 for lo in LikelihoodExample.objects.all(): 

60 example_loos[f"{lo.likelihood_of_occurrence}"] = lo.examples 

61 context = { 

62 "risk_color": risk_color, 

63 "risk": risk, 

64 "severities": severities, 

65 "loos": loos, 

66 "example_severities": example_severities, 

67 "example_loos": example_loos 

68 } 

69 return render(request, "risk_info.html", context) 

70 

71@csrf_protect 

72@login_required 

73def suggestion_view(request, id): 

74 sug = get_object_or_404(SuggestedMitigationValidation, id=id) 

75 

76 context = {"sug": sug} 

77 return render(request, "suggestion.html", context) 

78 

79 

80class EvidenceUpdateProductView(PermissionRequiredMixin,FormView): 

81 """ 

82 View for updating evidence products. 

83 Only users with the `evidence.change_product` permission can access this view. 

84 """ 

85 form_class = EvidenceUpdateProductForm 

86 template_name = 'admin/evidence_product_update.html' 

87 permission_required = ['evidence.change_product'] 

88 

89 def form_valid(self, form): 

90 """ 

91 Update the selected fields of all chosen evidences. 

92 A field is only written when its corresponding "Enable change" checkbox is submitted. 

93 """ 

94 enable_product = 'enable_product' in self.request.POST 

95 enable_status = 'enable_status' in self.request.POST 

96 enable_responsible = 'enable_responsible' in self.request.POST 

97 

98 if not (enable_product or enable_status or enable_responsible): 

99 messages.warning(self.request, _('No fields selected for update')) 

100 return redirect('admin:risk_assessment_evidence_changelist') 

101 

102 evidence_ids = self.request.GET.get('ids').split(',') 

103 evidences = Evidence.objects.filter(id__in=evidence_ids) 

104 

105 for evidence in evidences: 

106 changed = [] 

107 if enable_product: 

108 evidence.product = form.cleaned_data['product'] 

109 changed.append('product') 

110 if enable_status and form.cleaned_data.get('status'): 

111 evidence.status = form.cleaned_data['status'] 

112 changed.append('status') 

113 if enable_responsible: 

114 evidence.responsible = form.cleaned_data['responsible'] 

115 changed.append('responsible') 

116 if changed: 

117 evidence.save(update_fields=changed) 

118 

119 messages.success(self.request, _('Evidences updated successfully')) 

120 return redirect('admin:risk_assessment_evidence_changelist') 

121 

122 def form_invalid(self, form): 

123 """ 

124 Display an error message if the form is invalid. 

125 """ 

126 messages.error(self.request, _('Error updating evidences')) 

127 return super().form_invalid(form) 

128 

129 def get_context_data(self, **kwargs): 

130 """ 

131 Add the title and form URL to the context data. 

132 """ 

133 context = super().get_context_data(**kwargs) 

134 context['title'] = _('Update Products') 

135 context['form_url'] = reverse('evidence_product_update') 

136 

137 # get evidence ids from url 

138 evidence_ids = self.request.GET.get('ids').split(',') 

139 

140 context['evidences'] = Evidence.objects.filter(id__in=evidence_ids) 

141 return context