Skull-IT/ISO-27001-Risk-Management
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ISO-27001-Risk-Management/risks/admin.py
Kevin Heyer 686030e4cb feat: Enhance risk management application with user auditing and improved incident handling 
- Added AuditUserMiddleware to track the current user for auditing purposes.
- Introduced audit_context for managing the current user in thread-local storage.
- Updated Control and Incident models to include created_at and updated_at timestamps.
- Refactored Control and Incident serializers to handle related risks and timestamps.
- Modified views to set the _changed_by attribute for user actions.
- Enhanced incident listing and detail views to display related risks and user actions.
- Updated templates for better presentation of risks and incidents.
- Added migrations for new fields and relationships in the database.
- Improved filtering options in the incident list view.
2025-09-09 12:00:29 +02:00

110 lines
No EOL
3.6 KiB
Python
Raw Blame History

from django.contrib import admin
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
from .models import User, Risk, ResidualRisk, Control, Incident
@admin.register(User)
class UserAdmin(BaseUserAdmin):
fieldsets = BaseUserAdmin.fieldsets + (
("SSO Information", {"fields": ("is_sso_user",)}),
)
list_display = ("username", "email", "is_staff", "is_superuser", "is_sso_user",
"owned_risks_count", "responsible_controls_count")
def owned_risks_count(self, obj):
return obj.risks_owned.count()
owned_risks_count.short_description = "Risks Owned"
def responsible_controls_count(self, obj):
return obj.controls_responsible.count()
responsible_controls_count.short_description = "Controls Responsible"
class ResidualRiskInline(admin.StackedInline):
"""
Inline editor for ResidualRisk, linked one-to-one with Risk
"""
model = ResidualRisk
extra = 0
can_delete = False # Since each Risk can have at most one residual risk
readonly_fields = ("score", "level", "review_required")
fields = ("likelihood", "impact", "score", "level", "review_required")
class ControlRisksInline(admin.TabularInline):
model = Control.risks.through
fk_name = "risk"
extra = 1
autocomplete_fields = ("control",)
@admin.register(Risk)
class RiskAdmin(admin.ModelAdmin):
list_display = (
"title",
"owner",
"score",
"level",
"likelihood",
"impact",
"follow_up",
)
list_filter = ("level", "likelihood", "impact", "owner")
search_fields = ("title", "asset", "process", "category")
inlines = [ResidualRiskInline, ControlRisksInline] # Controls hier verknüpfen
def save_model(self, request, obj, form, change):
obj._changed_by = request.user
super().save_model(request, obj, form, change)
def delete_model(self, request, obj):
obj._changed_by = request.user
super().delete_model(request, obj)
@admin.register(ResidualRisk)
class ResidualRiskAdmin(admin.ModelAdmin):
list_display = (
"risk",
"score",
"level",
"likelihood",
"impact",
"review_required"
)
list_filter = ("level", "likelihood", "impact", "review_required")
def save_model(self, request, obj, form, change):
obj._changed_by = request.user
super().save_model(request, obj, form, change)
def delete_model(self, request, obj):
obj._changed_by = request.user
super().delete_model(request, obj)
@admin.register(Control)
class ControlAdmin(admin.ModelAdmin):
list_display = ("title", "status", "due_date", "responsible")
list_filter = ("status", "due_date")
autocomplete_fields = ("risks", "responsible",)
search_fields = ("title", "description")
def save_model(self, request, obj, form, change):
obj._changed_by = request.user
super().save_model(request, obj, form, change)
def delete_model(self, request, obj):
obj._changed_by = request.user
super().delete_model(request, obj)
@admin.register(Incident)
class IncidentAdmin(admin.ModelAdmin):
list_display = ("title", "date_reported", "reported_by", "status")
list_filter = ("status", "date_reported", "reported_by")
filter_horizontal = ("related_risks",)
search_fields = ("title", "description")
autocomplete_fields = ("related_risks",)
def save_model(self, request, obj, form, change):
obj._changed_by = request.user
super().save_model(request, obj, form, change)
def delete_model(self, request, obj):
obj._changed_by = request.user
super().delete_model(request, obj)
Reference in a new issue View git blame Copy permalink