cleanup

config/settings.py

@@ -45,15 +45,15 @@ INSTALLED_APPS = [
 # Middleware
 # ---------------------------------------------------------------------------
 MIDDLEWARE = [
-    "django.middleware.security.SecurityMiddleware",
-    "django.contrib.sessions.middleware.SessionMiddleware",
-    "django.middleware.locale.LocaleMiddleware",
-    "django.middleware.common.CommonMiddleware",
-    "django.middleware.csrf.CsrfViewMiddleware",
-    "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "risks.middleware.AuditUserMiddleware",
-    "django.contrib.messages.middleware.MessageMiddleware",
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "django.middleware.security.SecurityMiddleware", # CSRF protection
+    "django.contrib.sessions.middleware.SessionMiddleware", # session management
+    "django.middleware.locale.LocaleMiddleware", # language settings
+    "django.middleware.common.CommonMiddleware", # common middleware
+    "django.middleware.csrf.CsrfViewMiddleware", # CSRF protection
+    "django.contrib.auth.middleware.AuthenticationMiddleware", # authentication
+    "risks.middleware.AuditUserMiddleware", # audit user
+    "django.contrib.messages.middleware.MessageMiddleware", # messages
+    "django.middleware.clickjacking.XFrameOptionsMiddleware", # clickjacking protection
 ]
 
 # ---------------------------------------------------------------------------
@@ -72,11 +72,11 @@ TEMPLATES = [
         "APP_DIRS": True,
         "OPTIONS": {
             "context_processors": [
-                "django.template.context_processors.debug",
-                "django.template.context_processors.request",
-                "django.contrib.auth.context_processors.auth",
-                "django.contrib.messages.context_processors.messages",
-                "risks.context_processors.unread_notifications_count",
+                "django.template.context_processors.debug", # debug info
+                "django.template.context_processors.request", # request info
+                "django.contrib.auth.context_processors.auth", # auth info 
+                "django.contrib.messages.context_processors.messages", # messages
+                "risks.context_processors.unread_notifications_count", # unread notifications
             ],
         },
     },
@@ -118,7 +118,7 @@ else:  # default: SQLite
     DATABASES = {
         "default": {
             "ENGINE": "django.db.backends.sqlite3",
-            "NAME": BASE_DIR / "db.sqlite3",  # fixed filename for simplicity
+            "NAME": BASE_DIR / "db.sqlite3",
         }
     }
 
@@ -130,10 +130,10 @@ AUTHENTICATION_BACKENDS = [
     "django.contrib.auth.backends.ModelBackend",  # local auth
 ]
 AUTH_PASSWORD_VALIDATORS = [
-    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
-    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
-    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
-    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"}, # check for username similarity
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, # min length
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, # check for common passwords
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, # check for numeric passwords
 ]
 
 # Login-Flow

config/urls.py

@@ -14,13 +14,18 @@ router.register(r"users", UserViewSet)
 router.register(r"logs", AuditViewSet)
 
 urlpatterns = [
-    path("admin/", admin.site.urls),
-    path("i18n/", include("django.conf.urls.i18n")), # Language Switch
-    path("api/ping/", ping),               # Public healthcheck endpoint
-    path("api/secure-ping/", secure_ping), # Protected API endpoint
-    path("api/", include(router.urls)),
-    path("accounts/", include("django.contrib.auth.urls")),
+    # Risk Management
     path("", include("risks.urls", namespace="risks")),
+    # Admin
+    path("admin/", admin.site.urls),
+    # Login/Logout
+    path("accounts/", include("django.contrib.auth.urls")),
+    # Language Switch
+    path("i18n/", include("django.conf.urls.i18n")),
+    # API
+    path("api/", include(router.urls)),
+    path("api/ping/", ping),
+    path("api/secure-ping/", secure_ping),
 ]
 
 # Add OIDC routes only if Single Sign-On is enabled

locale/de/LC_MESSAGES/django.po

@@ -410,8 +410,7 @@ msgstr "Sende an alle App-Mitarbeiter"
 
 #: risks/models.py:438
 msgid "Extra recipients (emails, comma or newline separated)"
-msgstr ""
-"Zusätzliche Empfänger (E-Mails, durch Komma oder Zeilenumbruch getrennt)"
+msgstr "Zusätzliche Empfänger (E-Mails, durch Komma oder Zeilenumbruch getrennt)"
 
 #: risks/signals.py:71
 #, python-brace-format
@@ -459,8 +458,7 @@ msgstr "Maßnahme gelöscht: {t}"
 #: risks/signals.py:218
 #, python-brace-format
 msgid "Residual review required for risk '{t}' due to control change"
-msgstr ""
-"Restrisikoprüfung nötig für das Risiko: '{t}', da Maßnahmen geändert wurden"
+msgstr "Restrisikoprüfung nötig für das Risiko: '{t}', da Maßnahmen geändert wurden"
 
 #: risks/signals.py:245
 #, python-brace-format
@@ -508,9 +506,7 @@ msgstr "Das Risiko wurde geprüft und als geschlossen markiert"
 
 #: risks/views.py:220
 msgid "Not all controls are completed. Risk cannot be closed yet."
-msgstr ""
-"Nicht alle Maßnhamen sind abgeschlossen, das Risiko kann nicht geschlossen "
-"werden."
+msgstr "Nicht alle Maßnhamen sind abgeschlossen, das Risiko kann nicht geschlossen werden."
 
 #: risks/views.py:409
 msgid "Risk status updated."