diff --git a/config/settings.py b/config/settings.py index 8b6b5ef..1daca79 100644 --- a/config/settings.py +++ b/config/settings.py @@ -45,15 +45,15 @@ INSTALLED_APPS = [ # Middleware # --------------------------------------------------------------------------- MIDDLEWARE = [ - "django.middleware.security.SecurityMiddleware", - "django.contrib.sessions.middleware.SessionMiddleware", - "django.middleware.locale.LocaleMiddleware", - "django.middleware.common.CommonMiddleware", - "django.middleware.csrf.CsrfViewMiddleware", - "django.contrib.auth.middleware.AuthenticationMiddleware", - "risks.middleware.AuditUserMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - "django.middleware.clickjacking.XFrameOptionsMiddleware", + "django.middleware.security.SecurityMiddleware", # CSRF protection + "django.contrib.sessions.middleware.SessionMiddleware", # session management + "django.middleware.locale.LocaleMiddleware", # language settings + "django.middleware.common.CommonMiddleware", # common middleware + "django.middleware.csrf.CsrfViewMiddleware", # CSRF protection + "django.contrib.auth.middleware.AuthenticationMiddleware", # authentication + "risks.middleware.AuditUserMiddleware", # audit user + "django.contrib.messages.middleware.MessageMiddleware", # messages + "django.middleware.clickjacking.XFrameOptionsMiddleware", # clickjacking protection ] # --------------------------------------------------------------------------- @@ -72,11 +72,11 @@ TEMPLATES = [ "APP_DIRS": True, "OPTIONS": { "context_processors": [ - "django.template.context_processors.debug", - "django.template.context_processors.request", - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - "risks.context_processors.unread_notifications_count", + "django.template.context_processors.debug", # debug info + "django.template.context_processors.request", # request info + "django.contrib.auth.context_processors.auth", # auth info + "django.contrib.messages.context_processors.messages", # messages + "risks.context_processors.unread_notifications_count", # unread notifications ], }, }, @@ -118,7 +118,7 @@ else: # default: SQLite DATABASES = { "default": { "ENGINE": "django.db.backends.sqlite3", - "NAME": BASE_DIR / "db.sqlite3", # fixed filename for simplicity + "NAME": BASE_DIR / "db.sqlite3", } } @@ -130,10 +130,10 @@ AUTHENTICATION_BACKENDS = [ "django.contrib.auth.backends.ModelBackend", # local auth ] AUTH_PASSWORD_VALIDATORS = [ - {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"}, - {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, - {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, - {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, + {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"}, # check for username similarity + {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, # min length + {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, # check for common passwords + {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, # check for numeric passwords ] # Login-Flow diff --git a/config/urls.py b/config/urls.py index fba7162..cf90d16 100644 --- a/config/urls.py +++ b/config/urls.py @@ -14,13 +14,18 @@ router.register(r"users", UserViewSet) router.register(r"logs", AuditViewSet) urlpatterns = [ - path("admin/", admin.site.urls), - path("i18n/", include("django.conf.urls.i18n")), # Language Switch - path("api/ping/", ping), # Public healthcheck endpoint - path("api/secure-ping/", secure_ping), # Protected API endpoint - path("api/", include(router.urls)), - path("accounts/", include("django.contrib.auth.urls")), + # Risk Management path("", include("risks.urls", namespace="risks")), + # Admin + path("admin/", admin.site.urls), + # Login/Logout + path("accounts/", include("django.contrib.auth.urls")), + # Language Switch + path("i18n/", include("django.conf.urls.i18n")), + # API + path("api/", include(router.urls)), + path("api/ping/", ping), + path("api/secure-ping/", secure_ping), ] # Add OIDC routes only if Single Sign-On is enabled diff --git a/locale/de/LC_MESSAGES/django.po b/locale/de/LC_MESSAGES/django.po index 7f1d4d4..3ef904d 100644 --- a/locale/de/LC_MESSAGES/django.po +++ b/locale/de/LC_MESSAGES/django.po @@ -410,8 +410,7 @@ msgstr "Sende an alle App-Mitarbeiter" #: risks/models.py:438 msgid "Extra recipients (emails, comma or newline separated)" -msgstr "" -"Zusätzliche Empfänger (E-Mails, durch Komma oder Zeilenumbruch getrennt)" +msgstr "Zusätzliche Empfänger (E-Mails, durch Komma oder Zeilenumbruch getrennt)" #: risks/signals.py:71 #, python-brace-format @@ -459,8 +458,7 @@ msgstr "Maßnahme gelöscht: {t}" #: risks/signals.py:218 #, python-brace-format msgid "Residual review required for risk '{t}' due to control change" -msgstr "" -"Restrisikoprüfung nötig für das Risiko: '{t}', da Maßnahmen geändert wurden" +msgstr "Restrisikoprüfung nötig für das Risiko: '{t}', da Maßnahmen geändert wurden" #: risks/signals.py:245 #, python-brace-format @@ -508,9 +506,7 @@ msgstr "Das Risiko wurde geprüft und als geschlossen markiert" #: risks/views.py:220 msgid "Not all controls are completed. Risk cannot be closed yet." -msgstr "" -"Nicht alle Maßnhamen sind abgeschlossen, das Risiko kann nicht geschlossen " -"werden." +msgstr "Nicht alle Maßnhamen sind abgeschlossen, das Risiko kann nicht geschlossen werden." #: risks/views.py:409 msgid "Risk status updated."