Coverage for product_risk_suite/risk_assessment/views.py: 67%
94 statements
« prev ^ index » next coverage.py v7.15.0, created at 2026-07-07 12:45 +0000
« prev ^ index » next coverage.py v7.15.0, created at 2026-07-07 12:45 +0000
1from django.shortcuts import get_object_or_404, render
2from django.views.decorators.csrf import csrf_protect
3from django.contrib.auth.decorators import login_required
4from django.contrib.auth.mixins import PermissionRequiredMixin
5from django.views.generic import FormView
6from django.urls import reverse
7from django.contrib import messages
8from django.utils.translation import gettext_lazy as _
9from django.shortcuts import redirect
11from .forms import EvidenceUpdateProductForm
12from .models import SecurityRequirement, RiskRating, SeverityName, LikelihoodName, SeverityExample, LikelihoodExample, SuggestedMitigationValidation, Evidence
14@csrf_protect
15@login_required
16def security_requirements(request):
17 srs = SecurityRequirement.objects.all()
18 context_norms = {}
19 for sr in srs:
20 if not sr.norm_long in context_norms:
21 context_norms[sr.norm_long] = []
22 context_norms[sr.norm_long].append({
23 "description_short": sr.description_short,
24 "description_long": sr.description_long,
25 })
27 context = {"security_req_map": context_norms}
29 return render(request, "security_requirements.html", context)
31@csrf_protect
32@login_required
33def security_requirement(request, norm_slug):
34 req = get_object_or_404(SecurityRequirement, slug=norm_slug)
36 context = {"req": req}
37 return render(request, "security_requirement.html", context)
39@csrf_protect
40@login_required
41def risk_info(request):
42 severities = [{ "str": SeverityName.to_human_str(i), "value": i } for i in range(1, 6)]
43 loos = [{"str": LikelihoodName.to_human_str(i), "value": i} for i in range(1, 6) ]
45 risk_color = {}
46 risk = {}
47 for y in range(1, 6):
48 risk[f"{y}"] = {}
49 risk_color[f"{y}"] = {}
50 for x in range(1, 6):
51 r = RiskRating.calc_risk(y, x)
52 risk[f"{y}"][f"{x}"] = r
53 risk_color[f"{y}"][f"{x}"] = RiskRating.risk_level_to_color(RiskRating.risk_level(r))
55 example_severities = {}
56 for se in SeverityExample.objects.all():
57 example_severities[f"{se.severity_of_impact}"] = se.examples
58 example_loos = {}
59 for lo in LikelihoodExample.objects.all():
60 example_loos[f"{lo.likelihood_of_occurrence}"] = lo.examples
61 context = {
62 "risk_color": risk_color,
63 "risk": risk,
64 "severities": severities,
65 "loos": loos,
66 "example_severities": example_severities,
67 "example_loos": example_loos
68 }
69 return render(request, "risk_info.html", context)
71@csrf_protect
72@login_required
73def suggestion_view(request, id):
74 sug = get_object_or_404(SuggestedMitigationValidation, id=id)
76 context = {"sug": sug}
77 return render(request, "suggestion.html", context)
80class EvidenceUpdateProductView(PermissionRequiredMixin,FormView):
81 """
82 View for updating evidence products.
83 Only users with the `evidence.change_product` permission can access this view.
84 """
85 form_class = EvidenceUpdateProductForm
86 template_name = 'admin/evidence_product_update.html'
87 permission_required = ['evidence.change_product']
89 def form_valid(self, form):
90 """
91 Update the selected fields of all chosen evidences.
92 A field is only written when its corresponding "Enable change" checkbox is submitted.
93 """
94 enable_product = 'enable_product' in self.request.POST
95 enable_status = 'enable_status' in self.request.POST
96 enable_responsible = 'enable_responsible' in self.request.POST
98 if not (enable_product or enable_status or enable_responsible):
99 messages.warning(self.request, _('No fields selected for update'))
100 return redirect('admin:risk_assessment_evidence_changelist')
102 evidence_ids = self.request.GET.get('ids').split(',')
103 evidences = Evidence.objects.filter(id__in=evidence_ids)
105 for evidence in evidences:
106 changed = []
107 if enable_product:
108 evidence.product = form.cleaned_data['product']
109 changed.append('product')
110 if enable_status and form.cleaned_data.get('status'):
111 evidence.status = form.cleaned_data['status']
112 changed.append('status')
113 if enable_responsible:
114 evidence.responsible = form.cleaned_data['responsible']
115 changed.append('responsible')
116 if changed:
117 evidence.save(update_fields=changed)
119 messages.success(self.request, _('Evidences updated successfully'))
120 return redirect('admin:risk_assessment_evidence_changelist')
122 def form_invalid(self, form):
123 """
124 Display an error message if the form is invalid.
125 """
126 messages.error(self.request, _('Error updating evidences'))
127 return super().form_invalid(form)
129 def get_context_data(self, **kwargs):
130 """
131 Add the title and form URL to the context data.
132 """
133 context = super().get_context_data(**kwargs)
134 context['title'] = _('Update Products')
135 context['form_url'] = reverse('evidence_product_update')
137 # get evidence ids from url
138 evidence_ids = self.request.GET.get('ids').split(',')
140 context['evidences'] = Evidence.objects.filter(id__in=evidence_ids)
141 return context