ISO-27001-Risk-Management/risks/views.py

from django.contrib.admin.models import LogEntry
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticated
from django.shortcuts import render, get_object_or_404
from .models import Risk, Control, ResidualRisk, AuditLog, Incident
from .serializers import ControlSerializer, RiskSerializer, ResidualRiskSerializer, UserSerializer, AuditSerializer, IncidentSerializer

User = get_user_model()

# ---------------------------------------------------------------------------
# API
# ---------------------------------------------------------------------------
class RiskViewSet(viewsets.ModelViewSet):
    """
    API endpoint for managing Risks.
    Provides CRUD operations.
    """
    queryset = Risk.objects.all()
    serializer_class = RiskSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

class ControlViewSet(viewsets.ModelViewSet):
    """
    API endpoint for managing Controls.
    Provides CRUD operations.
    """
    queryset = Control.objects.all()
    serializer_class = ControlSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

class ResidualRiskViewSet(viewsets.ModelViewSet):
    queryset = ResidualRisk.objects.all()
    serializer_class = ResidualRiskSerializer
    permission_classes = [IsAuthenticated]

class UserViewSet(viewsets.ReadOnlyModelViewSet):
    """
    API endpoint for listing users and their responsibilities.
    """
    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

class AuditViewSet(viewsets.ReadOnlyModelViewSet):
    """
    API endpoint for view audit logging.
    """
    queryset = AuditLog.objects.all()
    serializer_class = AuditSerializer
    permission_classes = [IsAuthenticated]

class IncidentViewSet(viewsets.ModelViewSet):
    """
    API endpoint for listing incidents and its related risks.
    """
    queryset = Incident.objects.all()
    serializer_class = IncidentSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save(reported_by=self.request.user)
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

# ---------------------------------------------------------------------------
# Web
# ---------------------------------------------------------------------------

def dashboard(request):
    return render(request, "risks/dashboard.html")

def stats(request):
    return render(request, "risks/statistics.html")

def list_risks(request):
    qs = Risk.objects.all().select_related("owner")

    # GET-Parameter lesen
    risk_id = request.GET.get("risk")
    control_id = request.GET.get("control")
    owner_id = request.GET.get("owner")

    if risk_id:
        qs = qs.filter(id=risk_id)
    if control_id:
        qs = qs.filter(controls__id=control_id)
    if owner_id:
        qs = qs.filter(owner_id=owner_id)

    risks = qs.order_by("title").distinct()

    controls = Control.objects.all().order_by("title")
    owners = User.objects.filter(owned_risks__isnull=False).distinct().order_by("username")

    return render(request, "risks/list_risks.html", {
        "risks": risks,
        "controls": controls,
        "owners": owners,
    })

def show_risk(request, id):
    risk = get_object_or_404(Risk, pk=id)
    ct = ContentType.objects.get_for_model(Risk)
    logs = LogEntry.objects.filter(
        content_type=ct,
        object_id=risk.pk
    ).order_by("-action_time")

    return render(request, "risks/item_risk.html", {"risk": risk, "logs": logs})

def list_controls(request):
    qs = Control.objects.all().select_related("risk", "responsible")

    # Filter
    control_id = request.GET.get("control")
    risk_id = request.GET.get("risk")
    status = request.GET.get("status")
    responsible_id = request.GET.get("responsible")

    if control_id:
        qs = qs.filter(id=control_id)
    if risk_id:
        qs = qs.filter(risk_id=risk_id)
    if status:
        qs = qs.filter(status=status)
    if responsible_id:
        qs = qs.filter(responsible_id=responsible_id)

    controls = qs.order_by("title")

    risks = Risk.objects.all().order_by("title")
    users = User.objects.filter(responsible_controls__isnull=False).distinct().order_by("username")

    return render(request, "risks/list_controls.html", {
        "controls": controls,
        "risks": risks,
        "users": users,
        "status_choices": Control.STATUS_CHOICES,
    })

def show_control(request, id):
    control = get_object_or_404(Control, pk=id)
    ct = ContentType.objects.get_for_model(Control)
    logs = LogEntry.objects.filter(
        content_type=ct,
        object_id=control.pk
    ).order_by("-action_time")

    return render(request, "risks/item_control.html", {"control": control, "logs": logs})

def list_incidents(request):
    return render(request, "risks/list_incidents.html")

def show_incident(request, id):
    incident = Incident.objects.get(pk=id)
    return render(request, "risks/item_incident.html", {"incident": incident })
feat: Enhance Risk Management Module - Updated Risk model to include description, created_at, and updated_at fields. - Modified RiskSerializer to include created_at and updated_at in serialized output. - Improved logging in signals for Risk and Control models, including serialization of values. - Added new template tags for CIA label mapping. - Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents. - Implemented list and detail views for risks, controls, and incidents with filtering options. - Enhanced CSS for better UI/UX, including breadcrumbs and table styling. - Created new templates for displaying individual risks, controls, and incidents with detailed information. 2025-09-08 15:03:12 +02:00			`from django.contrib.admin.models import LogEntry`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`from django.contrib.auth import get_user_model`
feat: Enhance Risk Management Module - Updated Risk model to include description, created_at, and updated_at fields. - Modified RiskSerializer to include created_at and updated_at in serialized output. - Improved logging in signals for Risk and Control models, including serialization of values. - Added new template tags for CIA label mapping. - Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents. - Implemented list and detail views for risks, controls, and incidents with filtering options. - Enhanced CSS for better UI/UX, including breadcrumbs and table styling. - Created new templates for displaying individual risks, controls, and incidents with detailed information. 2025-09-08 15:03:12 +02:00			`from django.contrib.contenttypes.models import ContentType`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`from rest_framework import viewsets`
			`from rest_framework.permissions import IsAuthenticated`
feat: Enhance Risk Management Module - Updated Risk model to include description, created_at, and updated_at fields. - Modified RiskSerializer to include created_at and updated_at in serialized output. - Improved logging in signals for Risk and Control models, including serialization of values. - Added new template tags for CIA label mapping. - Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents. - Implemented list and detail views for risks, controls, and incidents with filtering options. - Enhanced CSS for better UI/UX, including breadcrumbs and table styling. - Created new templates for displaying individual risks, controls, and incidents with detailed information. 2025-09-08 15:03:12 +02:00			`from django.shortcuts import render, get_object_or_404`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`from .models import Risk, Control, ResidualRisk, AuditLog, Incident`
			`from .serializers import ControlSerializer, RiskSerializer, ResidualRiskSerializer, UserSerializer, AuditSerializer, IncidentSerializer`

feat: Enhance Risk Management Module - Updated Risk model to include description, created_at, and updated_at fields. - Modified RiskSerializer to include created_at and updated_at in serialized output. - Improved logging in signals for Risk and Control models, including serialization of values. - Added new template tags for CIA label mapping. - Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents. - Implemented list and detail views for risks, controls, and incidents with filtering options. - Enhanced CSS for better UI/UX, including breadcrumbs and table styling. - Created new templates for displaying individual risks, controls, and incidents with detailed information. 2025-09-08 15:03:12 +02:00			`User = get_user_model()`

Add FontAwesome webfonts and update templates for Risiko Management - Added FontAwesome webfont files: fa-brands-400.woff2, fa-regular-400.woff2, fa-solid-900.woff2, and fa-v4compatibility.woff2. - Updated base.html to include FontAwesome stylesheet. - Renamed the application title from "Risiko Management" to "ISO27001 Management". - Enhanced navigation menu with dynamic active states for Dashboard, Statistics, Risks, Controls, and Incidents. - Created new templates for dashboard, controls, incidents, risks, and statistics with breadcrumb navigation. 2025-09-07 23:07:56 +02:00			`# ---------------------------------------------------------------------------`
			`# API`
			`# ---------------------------------------------------------------------------`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`class RiskViewSet(viewsets.ModelViewSet):`
			`"""`
			`API endpoint for managing Risks.`
			`Provides CRUD operations.`
			`"""`
			`queryset = Risk.objects.all()`
			`serializer_class = RiskSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`class ControlViewSet(viewsets.ModelViewSet):`
			`"""`
			`API endpoint for managing Controls.`
			`Provides CRUD operations.`
			`"""`
			`queryset = Control.objects.all()`
			`serializer_class = ControlSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`class ResidualRiskViewSet(viewsets.ModelViewSet):`
			`queryset = ResidualRisk.objects.all()`
			`serializer_class = ResidualRiskSerializer`
			`permission_classes = [IsAuthenticated]`

			`class UserViewSet(viewsets.ReadOnlyModelViewSet):`
			`"""`
			`API endpoint for listing users and their responsibilities.`
			`"""`
			`queryset = User.objects.all()`
			`serializer_class = UserSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`class AuditViewSet(viewsets.ReadOnlyModelViewSet):`
			`"""`
			`API endpoint for view audit logging.`
			`"""`
			`queryset = AuditLog.objects.all()`
			`serializer_class = AuditSerializer`
			`permission_classes = [IsAuthenticated]`

			`class IncidentViewSet(viewsets.ModelViewSet):`
			`"""`
			`API endpoint for listing incidents and its related risks.`
			`"""`
			`queryset = Incident.objects.all()`
			`serializer_class = IncidentSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save(reported_by=self.request.user)`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
Add FontAwesome webfonts and update templates for Risiko Management - Added FontAwesome webfont files: fa-brands-400.woff2, fa-regular-400.woff2, fa-solid-900.woff2, and fa-v4compatibility.woff2. - Updated base.html to include FontAwesome stylesheet. - Renamed the application title from "Risiko Management" to "ISO27001 Management". - Enhanced navigation menu with dynamic active states for Dashboard, Statistics, Risks, Controls, and Incidents. - Created new templates for dashboard, controls, incidents, risks, and statistics with breadcrumb navigation. 2025-09-07 23:07:56 +02:00			`instance.save()`

			`# ---------------------------------------------------------------------------`
			`# Web`
			`# ---------------------------------------------------------------------------`

			`def dashboard(request):`
			`return render(request, "risks/dashboard.html")`

			`def stats(request):`
			`return render(request, "risks/statistics.html")`

feat: Enhance Risk Management Module - Updated Risk model to include description, created_at, and updated_at fields. - Modified RiskSerializer to include created_at and updated_at in serialized output. - Improved logging in signals for Risk and Control models, including serialization of values. - Added new template tags for CIA label mapping. - Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents. - Implemented list and detail views for risks, controls, and incidents with filtering options. - Enhanced CSS for better UI/UX, including breadcrumbs and table styling. - Created new templates for displaying individual risks, controls, and incidents with detailed information. 2025-09-08 15:03:12 +02:00			`def list_risks(request):`
			`qs = Risk.objects.all().select_related("owner")`

			`# GET-Parameter lesen`
			`risk_id = request.GET.get("risk")`
			`control_id = request.GET.get("control")`
			`owner_id = request.GET.get("owner")`

			`if risk_id:`
			`qs = qs.filter(id=risk_id)`
			`if control_id:`
			`qs = qs.filter(controls__id=control_id)`
			`if owner_id:`
			`qs = qs.filter(owner_id=owner_id)`

			`risks = qs.order_by("title").distinct()`

			`controls = Control.objects.all().order_by("title")`
			`owners = User.objects.filter(owned_risks__isnull=False).distinct().order_by("username")`

			`return render(request, "risks/list_risks.html", {`
			`"risks": risks,`
			`"controls": controls,`
			`"owners": owners,`
			`})`

			`def show_risk(request, id):`
			`risk = get_object_or_404(Risk, pk=id)`
			`ct = ContentType.objects.get_for_model(Risk)`
			`logs = LogEntry.objects.filter(`
			`content_type=ct,`
			`object_id=risk.pk`
			`).order_by("-action_time")`

			`return render(request, "risks/item_risk.html", {"risk": risk, "logs": logs})`

			`def list_controls(request):`
			`qs = Control.objects.all().select_related("risk", "responsible")`

			`# Filter`
			`control_id = request.GET.get("control")`
			`risk_id = request.GET.get("risk")`
			`status = request.GET.get("status")`
			`responsible_id = request.GET.get("responsible")`

			`if control_id:`
			`qs = qs.filter(id=control_id)`
			`if risk_id:`
			`qs = qs.filter(risk_id=risk_id)`
			`if status:`
			`qs = qs.filter(status=status)`
			`if responsible_id:`
			`qs = qs.filter(responsible_id=responsible_id)`

			`controls = qs.order_by("title")`

			`risks = Risk.objects.all().order_by("title")`
			`users = User.objects.filter(responsible_controls__isnull=False).distinct().order_by("username")`

			`return render(request, "risks/list_controls.html", {`
			`"controls": controls,`
			`"risks": risks,`
			`"users": users,`
			`"status_choices": Control.STATUS_CHOICES,`
			`})`

			`def show_control(request, id):`
			`control = get_object_or_404(Control, pk=id)`
			`ct = ContentType.objects.get_for_model(Control)`
			`logs = LogEntry.objects.filter(`
			`content_type=ct,`
			`object_id=control.pk`
			`).order_by("-action_time")`

			`return render(request, "risks/item_control.html", {"control": control, "logs": logs})`

			`def list_incidents(request):`
			`return render(request, "risks/list_incidents.html")`

			`def show_incident(request, id):`
			`incident = Incident.objects.get(pk=id)`
			`return render(request, "risks/item_incident.html", {"incident": incident })`