ISO-27001-Risk-Management/risks/views.py

from django.contrib.auth import get_user_model
from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticated
from .models import Risk, Control, ResidualRisk, AuditLog, Incident
from .serializers import ControlSerializer, RiskSerializer, ResidualRiskSerializer, UserSerializer, AuditSerializer, IncidentSerializer

class RiskViewSet(viewsets.ModelViewSet):
    """
    API endpoint for managing Risks.
    Provides CRUD operations.
    """
    queryset = Risk.objects.all()
    serializer_class = RiskSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

class ControlViewSet(viewsets.ModelViewSet):
    """
    API endpoint for managing Controls.
    Provides CRUD operations.
    """
    queryset = Control.objects.all()
    serializer_class = ControlSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

class ResidualRiskViewSet(viewsets.ModelViewSet):
    queryset = ResidualRisk.objects.all()
    serializer_class = ResidualRiskSerializer
    permission_classes = [IsAuthenticated]

User = get_user_model()

class UserViewSet(viewsets.ReadOnlyModelViewSet):
    """
    API endpoint for listing users and their responsibilities.
    """
    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()

class AuditViewSet(viewsets.ReadOnlyModelViewSet):
    """
    API endpoint for view audit logging.
    """
    queryset = AuditLog.objects.all()
    serializer_class = AuditSerializer
    permission_classes = [IsAuthenticated]

class IncidentViewSet(viewsets.ModelViewSet):
    """
    API endpoint for listing incidents and its related risks.
    """
    queryset = Incident.objects.all()
    serializer_class = IncidentSerializer
    permission_classes = [IsAuthenticated]

    def perform_create(self, serializer):
        instance = serializer.save(reported_by=self.request.user)
        instance._changed_by = self.request.user
        instance.save()

    def perform_update(self, serializer):
        instance = serializer.save()
        instance._changed_by = self.request.user
        instance.save()
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`from django.contrib.auth import get_user_model`
			`from rest_framework import viewsets`
			`from rest_framework.permissions import IsAuthenticated`
			`from .models import Risk, Control, ResidualRisk, AuditLog, Incident`
			`from .serializers import ControlSerializer, RiskSerializer, ResidualRiskSerializer, UserSerializer, AuditSerializer, IncidentSerializer`

			`class RiskViewSet(viewsets.ModelViewSet):`
			`"""`
			`API endpoint for managing Risks.`
			`Provides CRUD operations.`
			`"""`
			`queryset = Risk.objects.all()`
			`serializer_class = RiskSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`class ControlViewSet(viewsets.ModelViewSet):`
			`"""`
			`API endpoint for managing Controls.`
			`Provides CRUD operations.`
			`"""`
			`queryset = Control.objects.all()`
			`serializer_class = ControlSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`class ResidualRiskViewSet(viewsets.ModelViewSet):`
			`queryset = ResidualRisk.objects.all()`
			`serializer_class = ResidualRiskSerializer`
			`permission_classes = [IsAuthenticated]`

			`User = get_user_model()`

			`class UserViewSet(viewsets.ReadOnlyModelViewSet):`
			`"""`
			`API endpoint for listing users and their responsibilities.`
			`"""`
			`queryset = User.objects.all()`
			`serializer_class = UserSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`class AuditViewSet(viewsets.ReadOnlyModelViewSet):`
			`"""`
			`API endpoint for view audit logging.`
			`"""`
			`queryset = AuditLog.objects.all()`
			`serializer_class = AuditSerializer`
			`permission_classes = [IsAuthenticated]`

			`class IncidentViewSet(viewsets.ModelViewSet):`
			`"""`
			`API endpoint for listing incidents and its related risks.`
			`"""`
			`queryset = Incident.objects.all()`
			`serializer_class = IncidentSerializer`
			`permission_classes = [IsAuthenticated]`

			`def perform_create(self, serializer):`
			`instance = serializer.save(reported_by=self.request.user)`
			`instance._changed_by = self.request.user`
			`instance.save()`

			`def perform_update(self, serializer):`
			`instance = serializer.save()`
			`instance._changed_by = self.request.user`
			`instance.save()`