2025-09-07 20:52:19 +02:00
|
|
|
from django.contrib.auth import get_user_model
|
|
|
|
|
from rest_framework import serializers
|
|
|
|
|
from .models import Risk, Control, ResidualRisk, AuditLog, Incident
|
|
|
|
|
|
2025-09-12 13:04:04 +02:00
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
# ResidualRiskSerializer
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-09-07 20:52:19 +02:00
|
|
|
class ResidualRiskSerializer(serializers.ModelSerializer):
|
|
|
|
|
class Meta:
|
|
|
|
|
model = ResidualRisk
|
|
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"risk",
|
|
|
|
|
"likelihood",
|
|
|
|
|
"impact",
|
|
|
|
|
"score",
|
|
|
|
|
"level",
|
|
|
|
|
"review_required",
|
|
|
|
|
]
|
|
|
|
|
read_only_fields = ["score", "level"]
|
|
|
|
|
|
|
|
|
|
|
2025-09-12 13:04:04 +02:00
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
# ControlSerializer
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-09-07 20:52:19 +02:00
|
|
|
class ControlSerializer(serializers.ModelSerializer):
|
2025-09-09 12:00:29 +02:00
|
|
|
risks = serializers.PrimaryKeyRelatedField(many=True, queryset=Risk.objects.all())
|
|
|
|
|
|
2025-09-07 20:52:19 +02:00
|
|
|
class Meta:
|
|
|
|
|
model = Control
|
|
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"title",
|
|
|
|
|
"status",
|
2025-09-09 12:00:29 +02:00
|
|
|
"created_at",
|
|
|
|
|
"updated_at",
|
2025-09-07 20:52:19 +02:00
|
|
|
"due_date",
|
|
|
|
|
"responsible",
|
|
|
|
|
"description",
|
|
|
|
|
"wiki_link",
|
2025-09-09 12:00:29 +02:00
|
|
|
"risks",
|
2025-09-07 20:52:19 +02:00
|
|
|
]
|
|
|
|
|
|
2025-09-12 13:04:04 +02:00
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
# RiskSerializer
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-09-07 20:52:19 +02:00
|
|
|
class RiskSerializer(serializers.ModelSerializer):
|
2025-09-12 13:04:04 +02:00
|
|
|
# Nested representation of related controls (read-only)
|
2025-09-07 20:52:19 +02:00
|
|
|
controls = ControlSerializer(many=True, read_only=True)
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
model = Risk
|
|
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"title",
|
|
|
|
|
"asset",
|
|
|
|
|
"process",
|
|
|
|
|
"category",
|
feat: Enhance Risk Management Module
- Updated Risk model to include description, created_at, and updated_at fields.
- Modified RiskSerializer to include created_at and updated_at in serialized output.
- Improved logging in signals for Risk and Control models, including serialization of values.
- Added new template tags for CIA label mapping.
- Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents.
- Implemented list and detail views for risks, controls, and incidents with filtering options.
- Enhanced CSS for better UI/UX, including breadcrumbs and table styling.
- Created new templates for displaying individual risks, controls, and incidents with detailed information.
2025-09-08 15:03:12 +02:00
|
|
|
"created_at",
|
2025-09-09 12:00:29 +02:00
|
|
|
"updated_at",
|
2025-09-07 20:52:19 +02:00
|
|
|
"likelihood",
|
|
|
|
|
"impact",
|
|
|
|
|
"score",
|
|
|
|
|
"level",
|
Add risk status and notification preferences
- Introduced a new `status` field to the `Risk` model with choices for "open", "in_progress", "closed", and "review_required".
- Created a `NotificationPreference` model to manage user notification settings for various events related to risks, controls, residual risks, reviews, users, and incidents.
- Updated the admin interface to include `NotificationPreference` inline with the `User` admin.
- Enhanced signal handlers to send notifications based on user preferences for created, updated, and deleted events for users, risks, controls, and incidents.
- Modified the `check_risk_followups` utility function to update risk status and create notifications for follow-ups.
- Updated serializers and views to accommodate the new `status` field and improved risk listing functionality.
- Added a new section in the risk detail template to display related incidents.
- Removed the unused statistics view from URLs.
2025-09-10 11:54:08 +02:00
|
|
|
"status",
|
2025-09-07 20:52:19 +02:00
|
|
|
"owner",
|
|
|
|
|
"follow_up",
|
2025-09-09 12:00:29 +02:00
|
|
|
"cia",
|
2025-09-07 20:52:19 +02:00
|
|
|
"controls",
|
|
|
|
|
]
|
|
|
|
|
|
2025-09-12 13:04:04 +02:00
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
# AuditSerializer
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-09-07 20:52:19 +02:00
|
|
|
class AuditSerializer(serializers.ModelSerializer):
|
|
|
|
|
class Meta:
|
|
|
|
|
model = AuditLog
|
|
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"user",
|
|
|
|
|
"action",
|
|
|
|
|
"model",
|
|
|
|
|
"object_id",
|
|
|
|
|
"changes",
|
|
|
|
|
"timestamp",
|
|
|
|
|
]
|
|
|
|
|
|
2025-09-12 13:04:04 +02:00
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
# UserSerializer
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-09-07 20:52:19 +02:00
|
|
|
User = get_user_model()
|
|
|
|
|
|
|
|
|
|
class UserSerializer(serializers.ModelSerializer):
|
|
|
|
|
risks_owned = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
|
|
|
|
|
controls_responsible = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
model = User
|
|
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"username",
|
|
|
|
|
"email",
|
|
|
|
|
"is_sso_user",
|
|
|
|
|
"risks_owned",
|
|
|
|
|
"controls_responsible",
|
|
|
|
|
]
|
|
|
|
|
|
2025-09-12 13:04:04 +02:00
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
# RiskSummarySerializer
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-09-07 20:52:19 +02:00
|
|
|
class RiskSummarySerializer(serializers.ModelSerializer):
|
|
|
|
|
class Meta:
|
|
|
|
|
model = Risk
|
2025-09-12 13:04:04 +02:00
|
|
|
fields = ["id", "title", "score", "level"]
|
|
|
|
|
|
2025-09-07 20:52:19 +02:00
|
|
|
|
2025-09-12 13:04:04 +02:00
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
# IncidentSerializer
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-09-07 20:52:19 +02:00
|
|
|
class IncidentSerializer(serializers.ModelSerializer):
|
2025-09-09 12:00:29 +02:00
|
|
|
related_risks = serializers.PrimaryKeyRelatedField(
|
|
|
|
|
many=True, queryset=Risk.objects.all()
|
|
|
|
|
)
|
|
|
|
|
date_reported = serializers.DateField(format="%Y-%m-%d", required=False)
|
|
|
|
|
created_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M:%S", read_only=True)
|
|
|
|
|
updated_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M:%S", read_only=True)
|
|
|
|
|
|
2025-09-07 20:52:19 +02:00
|
|
|
class Meta:
|
|
|
|
|
model = Incident
|
|
|
|
|
fields = [
|
2025-09-12 13:04:04 +02:00
|
|
|
"id",
|
|
|
|
|
"title",
|
|
|
|
|
"description",
|
|
|
|
|
"date_reported",
|
|
|
|
|
"created_at",
|
|
|
|
|
"updated_at",
|
|
|
|
|
"status",
|
|
|
|
|
"related_risks",
|
2025-09-09 12:00:29 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
def create(self, validated_data):
|
2025-09-12 13:04:04 +02:00
|
|
|
"""Ensure related_risks are set after creation."""
|
2025-09-09 12:00:29 +02:00
|
|
|
risks = validated_data.pop("related_risks", [])
|
|
|
|
|
obj = super().create(validated_data)
|
|
|
|
|
if risks:
|
|
|
|
|
obj.related_risks.set(risks)
|
|
|
|
|
return obj
|
|
|
|
|
|
|
|
|
|
def update(self, instance, validated_data):
|
2025-09-12 13:04:04 +02:00
|
|
|
"""Ensure related_risks are updated properly."""
|
2025-09-09 12:00:29 +02:00
|
|
|
risks = validated_data.pop("related_risks", None)
|
|
|
|
|
obj = super().update(instance, validated_data)
|
|
|
|
|
if risks is not None:
|
|
|
|
|
obj.related_risks.set(risks)
|
|
|
|
|
return obj
|
