ISO-27001-Risk-Management/risks/serializers.py

from django.contrib.auth import get_user_model
from rest_framework import serializers
from .models import Risk, Control, ResidualRisk, AuditLog, Incident

class ResidualRiskSerializer(serializers.ModelSerializer):
    class Meta:
        model = ResidualRisk
        fields = [
            "id",
            "risk",
            "likelihood",
            "impact",
            "score",
            "level",
            "review_required",
        ]
        read_only_fields = ["score", "level"]


class ControlSerializer(serializers.ModelSerializer):
    class Meta:
        model = Control
        fields = [
            "id",
            "title",
            "status",
            "due_date",
            "responsible",
            "description",
            "wiki_link",
            "risk",
        ]

class RiskSerializer(serializers.ModelSerializer):
    # Nested representation of related controls
    controls = ControlSerializer(many=True, read_only=True)

    class Meta:
        model = Risk
        fields = [
            "id",
            "title",
            "asset",
            "process",
            "category",
            "likelihood",
            "impact",
            "score",
            "level",
            "owner",
            "follow_up",
            "confidentiality",
            "integrity",
            "availability",
            "controls",
        ]

class AuditSerializer(serializers.ModelSerializer):
    class Meta:
        model = AuditLog
        fields = [
            "id",
            "user",
            "action",
            "model",
            "object_id",
            "changes",
            "timestamp",
        ]

User = get_user_model()

class UserSerializer(serializers.ModelSerializer):
    risks_owned = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
    controls_responsible = serializers.PrimaryKeyRelatedField(many=True, read_only=True)

    class Meta:
        model = User
        fields = [
            "id",
            "username",
            "email",
            "is_sso_user",
            "risks_owned",
            "controls_responsible",
        ]

class RiskSummarySerializer(serializers.ModelSerializer):
    class Meta:
        model = Risk
        fields = ["id", "title", "score", "level"] 

class IncidentSerializer(serializers.ModelSerializer):
    related_risks = RiskSummarySerializer(many=True, read_only=True)
    
    class Meta:
        model = Incident
        fields = [
            "id",
            "title",
            "description",
            "date_reported",
            "status",
            "related_risks",
        ]
Add custom User model, OIDC backend, DB flexibility (SQLite/Postgres/MySQL), secured API endpoints, and initial Risk/Control models with enums, score calculation, and groups seeding. 2025-09-07 20:52:19 +02:00			`from django.contrib.auth import get_user_model`
			`from rest_framework import serializers`
			`from .models import Risk, Control, ResidualRisk, AuditLog, Incident`

			`class ResidualRiskSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = ResidualRisk`
			`fields = [`
			`"id",`
			`"risk",`
			`"likelihood",`
			`"impact",`
			`"score",`
			`"level",`
			`"review_required",`
			`]`
			`read_only_fields = ["score", "level"]`


			`class ControlSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = Control`
			`fields = [`
			`"id",`
			`"title",`
			`"status",`
			`"due_date",`
			`"responsible",`
			`"description",`
			`"wiki_link",`
			`"risk",`
			`]`

			`class RiskSerializer(serializers.ModelSerializer):`
			`# Nested representation of related controls`
			`controls = ControlSerializer(many=True, read_only=True)`

			`class Meta:`
			`model = Risk`
			`fields = [`
			`"id",`
			`"title",`
			`"asset",`
			`"process",`
			`"category",`
			`"likelihood",`
			`"impact",`
			`"score",`
			`"level",`
			`"owner",`
			`"follow_up",`
			`"confidentiality",`
			`"integrity",`
			`"availability",`
			`"controls",`
			`]`

			`class AuditSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = AuditLog`
			`fields = [`
			`"id",`
			`"user",`
			`"action",`
			`"model",`
			`"object_id",`
			`"changes",`
			`"timestamp",`
			`]`

			`User = get_user_model()`

			`class UserSerializer(serializers.ModelSerializer):`
			`risks_owned = serializers.PrimaryKeyRelatedField(many=True, read_only=True)`
			`controls_responsible = serializers.PrimaryKeyRelatedField(many=True, read_only=True)`

			`class Meta:`
			`model = User`
			`fields = [`
			`"id",`
			`"username",`
			`"email",`
			`"is_sso_user",`
			`"risks_owned",`
			`"controls_responsible",`
			`]`

			`class RiskSummarySerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = Risk`
			`fields = ["id", "title", "score", "level"]`

			`class IncidentSerializer(serializers.ModelSerializer):`
			`related_risks = RiskSummarySerializer(many=True, read_only=True)`

			`class Meta:`
			`model = Incident`
			`fields = [`
			`"id",`
			`"title",`
			`"description",`
			`"date_reported",`
			`"status",`
			`"related_risks",`
			`]`