ISO-27001-Risk-Management/risks/admin.py

from django.contrib import admin
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
from .models import User, Risk, ResidualRisk, Control, Incident


@admin.register(User)
class UserAdmin(BaseUserAdmin):
    fieldsets = BaseUserAdmin.fieldsets + (
        ("SSO Information", {"fields": ("is_sso_user",)}),
    )
    list_display = ("username", "email", "is_staff", "is_superuser", "is_sso_user",
                    "owned_risks_count", "responsible_controls_count")

    def owned_risks_count(self, obj):
        return obj.risks_owned.count()
    owned_risks_count.short_description = "Risks Owned"

    def responsible_controls_count(self, obj):
        return obj.controls_responsible.count()
    responsible_controls_count.short_description = "Controls Responsible"


class ControlInline(admin.TabularInline):
    model = Control
    extra = 1
    fields = ("title", "status", "due_date", "responsible", "wiki_link")
    autocomplete_fields = ("responsible",)

class ResidualRiskInline(admin.StackedInline):
    """
    Inline editor for ResidualRisk, linked one-to-one with Risk
    """
    model = ResidualRisk
    extra = 0
    can_delete = False # Since each Risk can have at most one residual risk
    readonly_fields = ("score", "level", "review_required")
    fields = ("likelihood", "impact", "score", "level", "review_required")


@admin.register(Risk)
class RiskAdmin(admin.ModelAdmin):
    list_display = (
        "title",
        "owner",
        "score",
        "level",
        "likelihood",
        "impact",
        "follow_up",
    )
    list_filter = ("level", "likelihood", "impact", "owner")
    search_fields = ("title", "asset", "process", "category")
    inlines = [ControlInline, ResidualRiskInline]

    def save_model(self, request, obj, form, change):
        obj._changed_by = request.user
        super().save_model(request, obj, form, change)

    def delete_model(self, request, obj):
        obj._changed_by = request.user
        super().delete_model(request, obj)

@admin.register(ResidualRisk)
class ResidualRiskAdmin(admin.ModelAdmin):
    list_display = (
        "risk",
        "score",
        "level",
        "likelihood",
        "impact",
        "review_required"
    )
    list_filter = ("level", "likelihood", "impact", "review_required")

    def save_model(self, request, obj, form, change):
        obj._changed_by = request.user
        super().save_model(request, obj, form, change)

    def delete_model(self, request, obj):
        obj._changed_by = request.user
        super().delete_model(request, obj)

@admin.register(Control)
class ControlAdmin(admin.ModelAdmin):
    list_display = ("title", "status", "due_date", "responsible", "risk")
    list_filter = ("status", "due_date")
    search_fields = ("title", "description")
    autocomplete_fields = ("responsible", "risk")

    def save_model(self, request, obj, form, change):
        obj._changed_by = request.user
        super().save_model(request, obj, form, change)

    def delete_model(self, request, obj):
        obj._changed_by = request.user
        super().delete_model(request, obj)

@admin.register(Incident)
class IncidentAdmin(admin.ModelAdmin):
    list_display = ("title", "date_reported", "reported_by", "status")
    list_filter = ("status", "date_reported", "reported_by")
    filter_horizontal = ("related_risks",)
    search_fields = ("title", "description")
    autocomplete_fields = ("related_risks",)

    def save_model(self, request, obj, form, change):
        obj._changed_by = request.user
        super().save_model(request, obj, form, change)

    def delete_model(self, request, obj):
        obj._changed_by = request.user
        super().delete_model(request, obj)
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`from django.contrib import admin`
			`from django.contrib.auth.admin import UserAdmin as BaseUserAdmin`
			`from .models import User, Risk, ResidualRisk, Control, Incident`


			`@admin.register(User)`
			`class UserAdmin(BaseUserAdmin):`
			`fieldsets = BaseUserAdmin.fieldsets + (`
			`("SSO Information", {"fields": ("is_sso_user",)}),`
			`)`
			`list_display = ("username", "email", "is_staff", "is_superuser", "is_sso_user",`
			`"owned_risks_count", "responsible_controls_count")`

			`def owned_risks_count(self, obj):`
			`return obj.risks_owned.count()`
			`owned_risks_count.short_description = "Risks Owned"`

			`def responsible_controls_count(self, obj):`
			`return obj.controls_responsible.count()`
			`responsible_controls_count.short_description = "Controls Responsible"`


			`class ControlInline(admin.TabularInline):`
			`model = Control`
			`extra = 1`
			`fields = ("title", "status", "due_date", "responsible", "wiki_link")`
			`autocomplete_fields = ("responsible",)`

			`class ResidualRiskInline(admin.StackedInline):`
			`"""`
			`Inline editor for ResidualRisk, linked one-to-one with Risk`
			`"""`
			`model = ResidualRisk`
			`extra = 0`
			`can_delete = False # Since each Risk can have at most one residual risk`
			`readonly_fields = ("score", "level", "review_required")`
			`fields = ("likelihood", "impact", "score", "level", "review_required")`


			`@admin.register(Risk)`
			`class RiskAdmin(admin.ModelAdmin):`
			`list_display = (`
			`"title",`
			`"owner",`
			`"score",`
			`"level",`
			`"likelihood",`
			`"impact",`
			`"follow_up",`
			`)`
			`list_filter = ("level", "likelihood", "impact", "owner")`
			`search_fields = ("title", "asset", "process", "category")`
			`inlines = [ControlInline, ResidualRiskInline]`

			`def save_model(self, request, obj, form, change):`
			`obj._changed_by = request.user`
			`super().save_model(request, obj, form, change)`

			`def delete_model(self, request, obj):`
			`obj._changed_by = request.user`
			`super().delete_model(request, obj)`

			`@admin.register(ResidualRisk)`
			`class ResidualRiskAdmin(admin.ModelAdmin):`
			`list_display = (`
			`"risk",`
			`"score",`
			`"level",`
			`"likelihood",`
			`"impact",`
			`"review_required"`
			`)`
			`list_filter = ("level", "likelihood", "impact", "review_required")`

			`def save_model(self, request, obj, form, change):`
			`obj._changed_by = request.user`
			`super().save_model(request, obj, form, change)`

			`def delete_model(self, request, obj):`
			`obj._changed_by = request.user`
			`super().delete_model(request, obj)`

			`@admin.register(Control)`
			`class ControlAdmin(admin.ModelAdmin):`
			`list_display = ("title", "status", "due_date", "responsible", "risk")`
			`list_filter = ("status", "due_date")`
			`search_fields = ("title", "description")`
			`autocomplete_fields = ("responsible", "risk")`

			`def save_model(self, request, obj, form, change):`
			`obj._changed_by = request.user`
			`super().save_model(request, obj, form, change)`

			`def delete_model(self, request, obj):`
			`obj._changed_by = request.user`
			`super().delete_model(request, obj)`

			`@admin.register(Incident)`
			`class IncidentAdmin(admin.ModelAdmin):`
			`list_display = ("title", "date_reported", "reported_by", "status")`
			`list_filter = ("status", "date_reported", "reported_by")`
			`filter_horizontal = ("related_risks",)`
			`search_fields = ("title", "description")`
			`autocomplete_fields = ("related_risks",)`

			`def save_model(self, request, obj, form, change):`
			`obj._changed_by = request.user`
			`super().save_model(request, obj, form, change)`

			`def delete_model(self, request, obj):`
			`obj._changed_by = request.user`
			`super().delete_model(request, obj)`