ISO-27001-Risk-Management/risks/serializers.py

from django.contrib.auth import get_user_model
from rest_framework import serializers
from .models import Risk, Control, ResidualRisk, AuditLog, Incident

class ResidualRiskSerializer(serializers.ModelSerializer):
    class Meta:
        model = ResidualRisk
        fields = [
            "id",
            "risk",
            "likelihood",
            "impact",
            "score",
            "level",
            "review_required",
        ]
        read_only_fields = ["score", "level"]


class ControlSerializer(serializers.ModelSerializer):
    risks = serializers.PrimaryKeyRelatedField(many=True, queryset=Risk.objects.all())

    class Meta:
        model = Control
        fields = [
            "id",
            "title",
            "status",
            "created_at",
            "updated_at",
            "due_date",
            "responsible",
            "description",
            "wiki_link",
            "risks",
        ]

class RiskSerializer(serializers.ModelSerializer):
    # Nested representation of related controls
    controls = ControlSerializer(many=True, read_only=True)

    class Meta:
        model = Risk
        fields = [
            "id",
            "title",
            "asset",
            "process",
            "category",
            "created_at",
            "updated_at",
            "likelihood",
            "impact",
            "score",
            "level",
            "status",
            "owner",
            "follow_up",
            "cia",
            "controls",
        ]

class AuditSerializer(serializers.ModelSerializer):
    class Meta:
        model = AuditLog
        fields = [
            "id",
            "user",
            "action",
            "model",
            "object_id",
            "changes",
            "timestamp",
        ]

User = get_user_model()

class UserSerializer(serializers.ModelSerializer):
    risks_owned = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
    controls_responsible = serializers.PrimaryKeyRelatedField(many=True, read_only=True)

    class Meta:
        model = User
        fields = [
            "id",
            "username",
            "email",
            "is_sso_user",
            "risks_owned",
            "controls_responsible",
        ]

class RiskSummarySerializer(serializers.ModelSerializer):
    class Meta:
        model = Risk
        fields = ["id", "title", "score", "level"] 

class IncidentSerializer(serializers.ModelSerializer):
    related_risks = serializers.PrimaryKeyRelatedField(
        many=True, queryset=Risk.objects.all()
    )
    date_reported = serializers.DateField(format="%Y-%m-%d", required=False)
    created_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M:%S", read_only=True)
    updated_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M:%S", read_only=True)

    class Meta:
        model = Incident
        fields = [
            "id", "title", "description", "date_reported",
            "created_at", "updated_at", "status", "related_risks",
        ]

    def create(self, validated_data):
        risks = validated_data.pop("related_risks", [])
        obj = super().create(validated_data)
        if risks:
            obj.related_risks.set(risks)
        return obj

    def update(self, instance, validated_data):
        risks = validated_data.pop("related_risks", None)
        obj = super().update(instance, validated_data)
        if risks is not None:
            obj.related_risks.set(risks)
        return obj
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`from django.contrib.auth import get_user_model`
			`from rest_framework import serializers`
			`from .models import Risk, Control, ResidualRisk, AuditLog, Incident`

			`class ResidualRiskSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = ResidualRisk`
			`fields = [`
			`"id",`
			`"risk",`
			`"likelihood",`
			`"impact",`
			`"score",`
			`"level",`
			`"review_required",`
			`]`
			`read_only_fields = ["score", "level"]`


			`class ControlSerializer(serializers.ModelSerializer):`
feat: Enhance risk management application with user auditing and improved incident handling - Added AuditUserMiddleware to track the current user for auditing purposes. - Introduced audit_context for managing the current user in thread-local storage. - Updated Control and Incident models to include created_at and updated_at timestamps. - Refactored Control and Incident serializers to handle related risks and timestamps. - Modified views to set the _changed_by attribute for user actions. - Enhanced incident listing and detail views to display related risks and user actions. - Updated templates for better presentation of risks and incidents. - Added migrations for new fields and relationships in the database. - Improved filtering options in the incident list view. 2025-09-09 12:00:29 +02:00			`risks = serializers.PrimaryKeyRelatedField(many=True, queryset=Risk.objects.all())`

Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`class Meta:`
			`model = Control`
			`fields = [`
			`"id",`
			`"title",`
			`"status",`
feat: Enhance risk management application with user auditing and improved incident handling - Added AuditUserMiddleware to track the current user for auditing purposes. - Introduced audit_context for managing the current user in thread-local storage. - Updated Control and Incident models to include created_at and updated_at timestamps. - Refactored Control and Incident serializers to handle related risks and timestamps. - Modified views to set the _changed_by attribute for user actions. - Enhanced incident listing and detail views to display related risks and user actions. - Updated templates for better presentation of risks and incidents. - Added migrations for new fields and relationships in the database. - Improved filtering options in the incident list view. 2025-09-09 12:00:29 +02:00			`"created_at",`
			`"updated_at",`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`"due_date",`
			`"responsible",`
			`"description",`
			`"wiki_link",`
feat: Enhance risk management application with user auditing and improved incident handling - Added AuditUserMiddleware to track the current user for auditing purposes. - Introduced audit_context for managing the current user in thread-local storage. - Updated Control and Incident models to include created_at and updated_at timestamps. - Refactored Control and Incident serializers to handle related risks and timestamps. - Modified views to set the _changed_by attribute for user actions. - Enhanced incident listing and detail views to display related risks and user actions. - Updated templates for better presentation of risks and incidents. - Added migrations for new fields and relationships in the database. - Improved filtering options in the incident list view. 2025-09-09 12:00:29 +02:00			`"risks",`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`]`

			`class RiskSerializer(serializers.ModelSerializer):`
			`# Nested representation of related controls`
			`controls = ControlSerializer(many=True, read_only=True)`

			`class Meta:`
			`model = Risk`
			`fields = [`
			`"id",`
			`"title",`
			`"asset",`
			`"process",`
			`"category",`
feat: Enhance Risk Management Module - Updated Risk model to include description, created_at, and updated_at fields. - Modified RiskSerializer to include created_at and updated_at in serialized output. - Improved logging in signals for Risk and Control models, including serialization of values. - Added new template tags for CIA label mapping. - Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents. - Implemented list and detail views for risks, controls, and incidents with filtering options. - Enhanced CSS for better UI/UX, including breadcrumbs and table styling. - Created new templates for displaying individual risks, controls, and incidents with detailed information. 2025-09-08 15:03:12 +02:00			`"created_at",`
feat: Enhance risk management application with user auditing and improved incident handling - Added AuditUserMiddleware to track the current user for auditing purposes. - Introduced audit_context for managing the current user in thread-local storage. - Updated Control and Incident models to include created_at and updated_at timestamps. - Refactored Control and Incident serializers to handle related risks and timestamps. - Modified views to set the _changed_by attribute for user actions. - Enhanced incident listing and detail views to display related risks and user actions. - Updated templates for better presentation of risks and incidents. - Added migrations for new fields and relationships in the database. - Improved filtering options in the incident list view. 2025-09-09 12:00:29 +02:00			`"updated_at",`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`"likelihood",`
			`"impact",`
			`"score",`
			`"level",`
Add risk status and notification preferences - Introduced a new `status` field to the `Risk` model with choices for "open", "in_progress", "closed", and "review_required". - Created a `NotificationPreference` model to manage user notification settings for various events related to risks, controls, residual risks, reviews, users, and incidents. - Updated the admin interface to include `NotificationPreference` inline with the `User` admin. - Enhanced signal handlers to send notifications based on user preferences for created, updated, and deleted events for users, risks, controls, and incidents. - Modified the `check_risk_followups` utility function to update risk status and create notifications for follow-ups. - Updated serializers and views to accommodate the new `status` field and improved risk listing functionality. - Added a new section in the risk detail template to display related incidents. - Removed the unused statistics view from URLs. 2025-09-10 11:54:08 +02:00			`"status",`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`"owner",`
			`"follow_up",`
feat: Enhance risk management application with user auditing and improved incident handling - Added AuditUserMiddleware to track the current user for auditing purposes. - Introduced audit_context for managing the current user in thread-local storage. - Updated Control and Incident models to include created_at and updated_at timestamps. - Refactored Control and Incident serializers to handle related risks and timestamps. - Modified views to set the _changed_by attribute for user actions. - Enhanced incident listing and detail views to display related risks and user actions. - Updated templates for better presentation of risks and incidents. - Added migrations for new fields and relationships in the database. - Improved filtering options in the incident list view. 2025-09-09 12:00:29 +02:00			`"cia",`
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`"controls",`
			`]`

			`class AuditSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = AuditLog`
			`fields = [`
			`"id",`
			`"user",`
			`"action",`
			`"model",`
			`"object_id",`
			`"changes",`
			`"timestamp",`
			`]`

			`User = get_user_model()`

			`class UserSerializer(serializers.ModelSerializer):`
			`risks_owned = serializers.PrimaryKeyRelatedField(many=True, read_only=True)`
			`controls_responsible = serializers.PrimaryKeyRelatedField(many=True, read_only=True)`

			`class Meta:`
			`model = User`
			`fields = [`
			`"id",`
			`"username",`
			`"email",`
			`"is_sso_user",`
			`"risks_owned",`
			`"controls_responsible",`
			`]`

			`class RiskSummarySerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = Risk`
			`fields = ["id", "title", "score", "level"]`

			`class IncidentSerializer(serializers.ModelSerializer):`
feat: Enhance risk management application with user auditing and improved incident handling - Added AuditUserMiddleware to track the current user for auditing purposes. - Introduced audit_context for managing the current user in thread-local storage. - Updated Control and Incident models to include created_at and updated_at timestamps. - Refactored Control and Incident serializers to handle related risks and timestamps. - Modified views to set the _changed_by attribute for user actions. - Enhanced incident listing and detail views to display related risks and user actions. - Updated templates for better presentation of risks and incidents. - Added migrations for new fields and relationships in the database. - Improved filtering options in the incident list view. 2025-09-09 12:00:29 +02:00			`related_risks = serializers.PrimaryKeyRelatedField(`
			`many=True, queryset=Risk.objects.all()`
			`)`
			`date_reported = serializers.DateField(format="%Y-%m-%d", required=False)`
			`created_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M:%S", read_only=True)`
			`updated_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M:%S", read_only=True)`

Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`class Meta:`
			`model = Incident`
			`fields = [`
feat: Enhance risk management application with user auditing and improved incident handling - Added AuditUserMiddleware to track the current user for auditing purposes. - Introduced audit_context for managing the current user in thread-local storage. - Updated Control and Incident models to include created_at and updated_at timestamps. - Refactored Control and Incident serializers to handle related risks and timestamps. - Modified views to set the _changed_by attribute for user actions. - Enhanced incident listing and detail views to display related risks and user actions. - Updated templates for better presentation of risks and incidents. - Added migrations for new fields and relationships in the database. - Improved filtering options in the incident list view. 2025-09-09 12:00:29 +02:00			`"id", "title", "description", "date_reported",`
			`"created_at", "updated_at", "status", "related_risks",`
			`]`

			`def create(self, validated_data):`
			`risks = validated_data.pop("related_risks", [])`
			`obj = super().create(validated_data)`
			`if risks:`
			`obj.related_risks.set(risks)`
			`return obj`

			`def update(self, instance, validated_data):`
			`risks = validated_data.pop("related_risks", None)`
			`obj = super().update(instance, validated_data)`
			`if risks is not None:`
			`obj.related_risks.set(risks)`
			`return obj`