43e86d0357
- Updated Risk model to include description, created_at, and updated_at fields. - Modified RiskSerializer to include created_at and updated_at in serialized output. - Improved logging in signals for Risk and Control models, including serialization of values. - Added new template tags for CIA label mapping. - Refactored URL patterns for better clarity and added detail views for risks, controls, and incidents. - Implemented list and detail views for risks, controls, and incidents with filtering options. - Enhanced CSS for better UI/UX, including breadcrumbs and table styling. - Created new templates for displaying individual risks, controls, and incidents with detailed information.
193 lines
No EOL
6.1 KiB
Python
193 lines
No EOL
6.1 KiB
Python
from django.contrib.admin.models import LogEntry
|
|
from django.contrib.auth import get_user_model
|
|
from django.contrib.contenttypes.models import ContentType
|
|
from rest_framework import viewsets
|
|
from rest_framework.permissions import IsAuthenticated
|
|
from django.shortcuts import render, get_object_or_404
|
|
from .models import Risk, Control, ResidualRisk, AuditLog, Incident
|
|
from .serializers import ControlSerializer, RiskSerializer, ResidualRiskSerializer, UserSerializer, AuditSerializer, IncidentSerializer
|
|
|
|
User = get_user_model()
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# API
|
|
# ---------------------------------------------------------------------------
|
|
class RiskViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
API endpoint for managing Risks.
|
|
Provides CRUD operations.
|
|
"""
|
|
queryset = Risk.objects.all()
|
|
serializer_class = RiskSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
class ControlViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
API endpoint for managing Controls.
|
|
Provides CRUD operations.
|
|
"""
|
|
queryset = Control.objects.all()
|
|
serializer_class = ControlSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
class ResidualRiskViewSet(viewsets.ModelViewSet):
|
|
queryset = ResidualRisk.objects.all()
|
|
serializer_class = ResidualRiskSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
class UserViewSet(viewsets.ReadOnlyModelViewSet):
|
|
"""
|
|
API endpoint for listing users and their responsibilities.
|
|
"""
|
|
queryset = User.objects.all()
|
|
serializer_class = UserSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
class AuditViewSet(viewsets.ReadOnlyModelViewSet):
|
|
"""
|
|
API endpoint for view audit logging.
|
|
"""
|
|
queryset = AuditLog.objects.all()
|
|
serializer_class = AuditSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
class IncidentViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
API endpoint for listing incidents and its related risks.
|
|
"""
|
|
queryset = Incident.objects.all()
|
|
serializer_class = IncidentSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save(reported_by=self.request.user)
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Web
|
|
# ---------------------------------------------------------------------------
|
|
|
|
def dashboard(request):
|
|
return render(request, "risks/dashboard.html")
|
|
|
|
def stats(request):
|
|
return render(request, "risks/statistics.html")
|
|
|
|
def list_risks(request):
|
|
qs = Risk.objects.all().select_related("owner")
|
|
|
|
# GET-Parameter lesen
|
|
risk_id = request.GET.get("risk")
|
|
control_id = request.GET.get("control")
|
|
owner_id = request.GET.get("owner")
|
|
|
|
if risk_id:
|
|
qs = qs.filter(id=risk_id)
|
|
if control_id:
|
|
qs = qs.filter(controls__id=control_id)
|
|
if owner_id:
|
|
qs = qs.filter(owner_id=owner_id)
|
|
|
|
risks = qs.order_by("title").distinct()
|
|
|
|
controls = Control.objects.all().order_by("title")
|
|
owners = User.objects.filter(owned_risks__isnull=False).distinct().order_by("username")
|
|
|
|
return render(request, "risks/list_risks.html", {
|
|
"risks": risks,
|
|
"controls": controls,
|
|
"owners": owners,
|
|
})
|
|
|
|
def show_risk(request, id):
|
|
risk = get_object_or_404(Risk, pk=id)
|
|
ct = ContentType.objects.get_for_model(Risk)
|
|
logs = LogEntry.objects.filter(
|
|
content_type=ct,
|
|
object_id=risk.pk
|
|
).order_by("-action_time")
|
|
|
|
return render(request, "risks/item_risk.html", {"risk": risk, "logs": logs})
|
|
|
|
def list_controls(request):
|
|
qs = Control.objects.all().select_related("risk", "responsible")
|
|
|
|
# Filter
|
|
control_id = request.GET.get("control")
|
|
risk_id = request.GET.get("risk")
|
|
status = request.GET.get("status")
|
|
responsible_id = request.GET.get("responsible")
|
|
|
|
if control_id:
|
|
qs = qs.filter(id=control_id)
|
|
if risk_id:
|
|
qs = qs.filter(risk_id=risk_id)
|
|
if status:
|
|
qs = qs.filter(status=status)
|
|
if responsible_id:
|
|
qs = qs.filter(responsible_id=responsible_id)
|
|
|
|
controls = qs.order_by("title")
|
|
|
|
risks = Risk.objects.all().order_by("title")
|
|
users = User.objects.filter(responsible_controls__isnull=False).distinct().order_by("username")
|
|
|
|
return render(request, "risks/list_controls.html", {
|
|
"controls": controls,
|
|
"risks": risks,
|
|
"users": users,
|
|
"status_choices": Control.STATUS_CHOICES,
|
|
})
|
|
|
|
def show_control(request, id):
|
|
control = get_object_or_404(Control, pk=id)
|
|
ct = ContentType.objects.get_for_model(Control)
|
|
logs = LogEntry.objects.filter(
|
|
content_type=ct,
|
|
object_id=control.pk
|
|
).order_by("-action_time")
|
|
|
|
return render(request, "risks/item_control.html", {"control": control, "logs": logs})
|
|
|
|
def list_incidents(request):
|
|
return render(request, "risks/list_incidents.html")
|
|
|
|
def show_incident(request, id):
|
|
incident = Incident.objects.get(pk=id)
|
|
return render(request, "risks/item_incident.html", {"incident": incident }) |