from django.contrib import admin from django.contrib.auth.admin import UserAdmin as BaseUserAdmin from .models import User, Risk, ResidualRisk, Control, Incident @admin.register(User) class UserAdmin(BaseUserAdmin): fieldsets = BaseUserAdmin.fieldsets + ( ("SSO Information", {"fields": ("is_sso_user",)}), ) list_display = ("username", "email", "is_staff", "is_superuser", "is_sso_user", "owned_risks_count", "responsible_controls_count") def owned_risks_count(self, obj): return obj.risks_owned.count() owned_risks_count.short_description = "Risks Owned" def responsible_controls_count(self, obj): return obj.controls_responsible.count() responsible_controls_count.short_description = "Controls Responsible" class ResidualRiskInline(admin.StackedInline): """ Inline editor for ResidualRisk, linked one-to-one with Risk """ model = ResidualRisk extra = 0 can_delete = False # Since each Risk can have at most one residual risk readonly_fields = ("score", "level", "review_required") fields = ("likelihood", "impact", "score", "level", "review_required") class ControlRisksInline(admin.TabularInline): model = Control.risks.through fk_name = "risk" extra = 1 autocomplete_fields = ("control",) @admin.register(Risk) class RiskAdmin(admin.ModelAdmin): list_display = ( "title", "owner", "score", "level", "likelihood", "impact", "follow_up", ) list_filter = ("level", "likelihood", "impact", "owner") search_fields = ("title", "asset", "process", "category") inlines = [ResidualRiskInline, ControlRisksInline] # Controls hier verknüpfen def save_model(self, request, obj, form, change): obj._changed_by = request.user super().save_model(request, obj, form, change) def delete_model(self, request, obj): obj._changed_by = request.user super().delete_model(request, obj) @admin.register(ResidualRisk) class ResidualRiskAdmin(admin.ModelAdmin): list_display = ( "risk", "score", "level", "likelihood", "impact", "review_required" ) list_filter = ("level", "likelihood", "impact", "review_required") def save_model(self, request, obj, form, change): obj._changed_by = request.user super().save_model(request, obj, form, change) def delete_model(self, request, obj): obj._changed_by = request.user super().delete_model(request, obj) @admin.register(Control) class ControlAdmin(admin.ModelAdmin): list_display = ("title", "status", "due_date", "responsible") list_filter = ("status", "due_date") autocomplete_fields = ("risks", "responsible",) search_fields = ("title", "description") def save_model(self, request, obj, form, change): obj._changed_by = request.user super().save_model(request, obj, form, change) def delete_model(self, request, obj): obj._changed_by = request.user super().delete_model(request, obj) @admin.register(Incident) class IncidentAdmin(admin.ModelAdmin): list_display = ("title", "date_reported", "reported_by", "status") list_filter = ("status", "date_reported", "reported_by") filter_horizontal = ("related_risks",) search_fields = ("title", "description") autocomplete_fields = ("related_risks",) def save_model(self, request, obj, form, change): obj._changed_by = request.user super().save_model(request, obj, form, change) def delete_model(self, request, obj): obj._changed_by = request.user super().delete_model(request, obj)