refactor: Update notification handling and track user changes in risk management views

risks/signals.py

@@ -208,10 +208,10 @@ def control_risks_changed(sender, instance: Control, action, **kwargs):
                 resid.save()
             if risk.status != "review_required":
                 Risk.objects.filter(pk=risk.pk).update(status="review_required")
-            _notify(
+            notify_event(
-                _risk_stakeholders(risk),
+                NotificationKind.RESIDUAL_REVIEW_REQUIRED,
-                _("Review required for risk '{t}' due to control change").format(t=risk.title),
+                message=_("Residual review required for risk '{t}' due to control change").format(t=risk.title),
-                "review_required",
+                users=_risk_stakeholders(risk)
             )
 
 

risks/views.py

@@ -56,6 +56,15 @@ class RiskViewSet(_ChangedByMixin, viewsets.ModelViewSet):
     serializer_class = RiskSerializer
     permission_classes = [IsAuthenticated]
 
+    def perform_create(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
+
+    def perform_update(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
 
 class ControlViewSet(_ChangedByMixin, viewsets.ModelViewSet):
     """API endpoint for managing Controls."""
@@ -63,6 +72,15 @@ class ControlViewSet(_ChangedByMixin, viewsets.ModelViewSet):
     serializer_class = ControlSerializer
     permission_classes = [IsAuthenticated]
 
+    def perform_create(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
+
+    def perform_update(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
 
 class ResidualRiskViewSet(viewsets.ModelViewSet):
     """API endpoint for Residual Risks."""
@@ -70,6 +88,15 @@ class ResidualRiskViewSet(viewsets.ModelViewSet):
     serializer_class = ResidualRiskSerializer
     permission_classes = [IsAuthenticated]
 
+    def perform_create(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
+
+    def perform_update(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
 
 class UserViewSet(_ChangedByMixin, viewsets.ReadOnlyModelViewSet):
     """API endpoint for listing users and their responsibilities."""
@@ -77,6 +104,15 @@ class UserViewSet(_ChangedByMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = UserSerializer
     permission_classes = [IsAuthenticated]
 
+    def perform_create(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
+
+    def perform_update(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
 
 class AuditViewSet(viewsets.ReadOnlyModelViewSet):
     """API endpoint for viewing audit logs."""
@@ -95,6 +131,15 @@ class IncidentViewSet(_ChangedByMixin, viewsets.ModelViewSet):
         instance = serializer.save(reported_by=self.request.user)
         instance._changed_by = self.request.user
 
+    def perform_create(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
+
+    def perform_update(self, serializer):
+        instance = serializer.save()
+        instance._changed_by = self.request.user
+        instance.save(update_fields=[])
 
 # ---------------------------------------------------------------------------
 # Web Views: Risks