from django.contrib.admin.models import LogEntry from django.contrib.auth import get_user_model from django.contrib.contenttypes.models import ContentType from rest_framework import viewsets from rest_framework.permissions import IsAuthenticated from django.shortcuts import render, get_object_or_404 from .models import Risk, Control, ResidualRisk, AuditLog, Incident from .serializers import ControlSerializer, RiskSerializer, ResidualRiskSerializer, UserSerializer, AuditSerializer, IncidentSerializer User = get_user_model() # --------------------------------------------------------------------------- # API # --------------------------------------------------------------------------- class RiskViewSet(viewsets.ModelViewSet): """ API endpoint for managing Risks. Provides CRUD operations. """ queryset = Risk.objects.all() serializer_class = RiskSerializer permission_classes = [IsAuthenticated] def perform_create(self, serializer): instance = serializer.save() instance._changed_by = self.request.user instance.save() def perform_update(self, serializer): instance = serializer.save() instance._changed_by = self.request.user instance.save() class ControlViewSet(viewsets.ModelViewSet): """ API endpoint for managing Controls. Provides CRUD operations. """ queryset = Control.objects.all() serializer_class = ControlSerializer permission_classes = [IsAuthenticated] def perform_create(self, serializer): instance = serializer.save() instance._changed_by = self.request.user instance.save() def perform_update(self, serializer): instance = serializer.save() instance._changed_by = self.request.user instance.save() class ResidualRiskViewSet(viewsets.ModelViewSet): queryset = ResidualRisk.objects.all() serializer_class = ResidualRiskSerializer permission_classes = [IsAuthenticated] class UserViewSet(viewsets.ReadOnlyModelViewSet): """ API endpoint for listing users and their responsibilities. """ queryset = User.objects.all() serializer_class = UserSerializer permission_classes = [IsAuthenticated] def perform_create(self, serializer): instance = serializer.save() instance._changed_by = self.request.user instance.save() def perform_update(self, serializer): instance = serializer.save() instance._changed_by = self.request.user instance.save() class AuditViewSet(viewsets.ReadOnlyModelViewSet): """ API endpoint for view audit logging. """ queryset = AuditLog.objects.all() serializer_class = AuditSerializer permission_classes = [IsAuthenticated] class IncidentViewSet(viewsets.ModelViewSet): """ API endpoint for listing incidents and its related risks. """ queryset = Incident.objects.all() serializer_class = IncidentSerializer permission_classes = [IsAuthenticated] def perform_create(self, serializer): instance = serializer.save(reported_by=self.request.user) instance._changed_by = self.request.user instance.save() def perform_update(self, serializer): instance = serializer.save() instance._changed_by = self.request.user instance.save() # --------------------------------------------------------------------------- # Web # --------------------------------------------------------------------------- def dashboard(request): return render(request, "risks/dashboard.html") def stats(request): return render(request, "risks/statistics.html") def list_risks(request): qs = Risk.objects.all().select_related("owner") # GET-Parameter lesen risk_id = request.GET.get("risk") control_id = request.GET.get("control") owner_id = request.GET.get("owner") if risk_id: qs = qs.filter(id=risk_id) if control_id: qs = qs.filter(controls__id=control_id) if owner_id: qs = qs.filter(owner_id=owner_id) risks = qs.order_by("title").distinct() controls = Control.objects.all().order_by("title") owners = User.objects.filter(owned_risks__isnull=False).distinct().order_by("username") return render(request, "risks/list_risks.html", { "risks": risks, "controls": controls, "owners": owners, }) def show_risk(request, id): risk = get_object_or_404(Risk, pk=id) ct = ContentType.objects.get_for_model(Risk) logs = LogEntry.objects.filter( content_type=ct, object_id=risk.pk ).order_by("-action_time") return render(request, "risks/item_risk.html", {"risk": risk, "logs": logs}) def list_controls(request): qs = Control.objects.all().select_related("risk", "responsible") # Filter control_id = request.GET.get("control") risk_id = request.GET.get("risk") status = request.GET.get("status") responsible_id = request.GET.get("responsible") if control_id: qs = qs.filter(id=control_id) if risk_id: qs = qs.filter(risk_id=risk_id) if status: qs = qs.filter(status=status) if responsible_id: qs = qs.filter(responsible_id=responsible_id) controls = qs.order_by("title") risks = Risk.objects.all().order_by("title") users = User.objects.filter(responsible_controls__isnull=False).distinct().order_by("username") return render(request, "risks/list_controls.html", { "controls": controls, "risks": risks, "users": users, "status_choices": Control.STATUS_CHOICES, }) def show_control(request, id): control = get_object_or_404(Control, pk=id) ct = ContentType.objects.get_for_model(Control) logs = LogEntry.objects.filter( content_type=ct, object_id=control.pk ).order_by("-action_time") return render(request, "risks/item_control.html", {"control": control, "logs": logs}) def list_incidents(request): return render(request, "risks/list_incidents.html") def show_incident(request, id): incident = Incident.objects.get(pk=id) return render(request, "risks/item_incident.html", {"incident": incident })