diff --git a/risks/signals.py b/risks/signals.py index 1f0aba4..303218c 100644 --- a/risks/signals.py +++ b/risks/signals.py @@ -208,10 +208,10 @@ def control_risks_changed(sender, instance: Control, action, **kwargs): resid.save() if risk.status != "review_required": Risk.objects.filter(pk=risk.pk).update(status="review_required") - _notify( - _risk_stakeholders(risk), - _("Review required for risk '{t}' due to control change").format(t=risk.title), - "review_required", + notify_event( + NotificationKind.RESIDUAL_REVIEW_REQUIRED, + message=_("Residual review required for risk '{t}' due to control change").format(t=risk.title), + users=_risk_stakeholders(risk) ) diff --git a/risks/views.py b/risks/views.py index 8996477..dccef13 100644 --- a/risks/views.py +++ b/risks/views.py @@ -56,6 +56,15 @@ class RiskViewSet(_ChangedByMixin, viewsets.ModelViewSet): serializer_class = RiskSerializer permission_classes = [IsAuthenticated] + def perform_create(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) + + def perform_update(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) class ControlViewSet(_ChangedByMixin, viewsets.ModelViewSet): """API endpoint for managing Controls.""" @@ -63,6 +72,15 @@ class ControlViewSet(_ChangedByMixin, viewsets.ModelViewSet): serializer_class = ControlSerializer permission_classes = [IsAuthenticated] + def perform_create(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) + + def perform_update(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) class ResidualRiskViewSet(viewsets.ModelViewSet): """API endpoint for Residual Risks.""" @@ -70,6 +88,15 @@ class ResidualRiskViewSet(viewsets.ModelViewSet): serializer_class = ResidualRiskSerializer permission_classes = [IsAuthenticated] + def perform_create(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) + + def perform_update(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) class UserViewSet(_ChangedByMixin, viewsets.ReadOnlyModelViewSet): """API endpoint for listing users and their responsibilities.""" @@ -77,6 +104,15 @@ class UserViewSet(_ChangedByMixin, viewsets.ReadOnlyModelViewSet): serializer_class = UserSerializer permission_classes = [IsAuthenticated] + def perform_create(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) + + def perform_update(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) class AuditViewSet(viewsets.ReadOnlyModelViewSet): """API endpoint for viewing audit logs.""" @@ -95,6 +131,15 @@ class IncidentViewSet(_ChangedByMixin, viewsets.ModelViewSet): instance = serializer.save(reported_by=self.request.user) instance._changed_by = self.request.user + def perform_create(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) + + def perform_update(self, serializer): + instance = serializer.save() + instance._changed_by = self.request.user + instance.save(update_fields=[]) # --------------------------------------------------------------------------- # Web Views: Risks