from django.contrib.auth import get_user_model from rest_framework import serializers from .models import Risk, Control, ResidualRisk, AuditLog, Incident class ResidualRiskSerializer(serializers.ModelSerializer): class Meta: model = ResidualRisk fields = [ "id", "risk", "likelihood", "impact", "score", "level", "review_required", ] read_only_fields = ["score", "level"] class ControlSerializer(serializers.ModelSerializer): class Meta: model = Control fields = [ "id", "title", "status", "due_date", "responsible", "description", "wiki_link", "risk", ] class RiskSerializer(serializers.ModelSerializer): # Nested representation of related controls controls = ControlSerializer(many=True, read_only=True) class Meta: model = Risk fields = [ "id", "title", "asset", "process", "category", "likelihood", "impact", "score", "level", "owner", "follow_up", "confidentiality", "integrity", "availability", "controls", ] class AuditSerializer(serializers.ModelSerializer): class Meta: model = AuditLog fields = [ "id", "user", "action", "model", "object_id", "changes", "timestamp", ] User = get_user_model() class UserSerializer(serializers.ModelSerializer): risks_owned = serializers.PrimaryKeyRelatedField(many=True, read_only=True) controls_responsible = serializers.PrimaryKeyRelatedField(many=True, read_only=True) class Meta: model = User fields = [ "id", "username", "email", "is_sso_user", "risks_owned", "controls_responsible", ] class RiskSummarySerializer(serializers.ModelSerializer): class Meta: model = Risk fields = ["id", "title", "score", "level"] class IncidentSerializer(serializers.ModelSerializer): related_risks = RiskSummarySerializer(many=True, read_only=True) class Meta: model = Incident fields = [ "id", "title", "description", "date_reported", "status", "related_risks", ]