ff134eee9a
- Added FontAwesome webfont files: fa-brands-400.woff2, fa-regular-400.woff2, fa-solid-900.woff2, and fa-v4compatibility.woff2. - Updated base.html to include FontAwesome stylesheet. - Renamed the application title from "Risiko Management" to "ISO27001 Management". - Enhanced navigation menu with dynamic active states for Dashboard, Statistics, Risks, Controls, and Incidents. - Created new templates for dashboard, controls, incidents, risks, and statistics with breadcrumb navigation.
117 lines
No EOL
3.7 KiB
Python
117 lines
No EOL
3.7 KiB
Python
from django.contrib.auth import get_user_model
|
|
from rest_framework import viewsets
|
|
from rest_framework.permissions import IsAuthenticated
|
|
from django.shortcuts import render
|
|
from .models import Risk, Control, ResidualRisk, AuditLog, Incident
|
|
from .serializers import ControlSerializer, RiskSerializer, ResidualRiskSerializer, UserSerializer, AuditSerializer, IncidentSerializer
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# API
|
|
# ---------------------------------------------------------------------------
|
|
class RiskViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
API endpoint for managing Risks.
|
|
Provides CRUD operations.
|
|
"""
|
|
queryset = Risk.objects.all()
|
|
serializer_class = RiskSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
class ControlViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
API endpoint for managing Controls.
|
|
Provides CRUD operations.
|
|
"""
|
|
queryset = Control.objects.all()
|
|
serializer_class = ControlSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
class ResidualRiskViewSet(viewsets.ModelViewSet):
|
|
queryset = ResidualRisk.objects.all()
|
|
serializer_class = ResidualRiskSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
User = get_user_model()
|
|
|
|
class UserViewSet(viewsets.ReadOnlyModelViewSet):
|
|
"""
|
|
API endpoint for listing users and their responsibilities.
|
|
"""
|
|
queryset = User.objects.all()
|
|
serializer_class = UserSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
class AuditViewSet(viewsets.ReadOnlyModelViewSet):
|
|
"""
|
|
API endpoint for view audit logging.
|
|
"""
|
|
queryset = AuditLog.objects.all()
|
|
serializer_class = AuditSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
class IncidentViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
API endpoint for listing incidents and its related risks.
|
|
"""
|
|
queryset = Incident.objects.all()
|
|
serializer_class = IncidentSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
instance = serializer.save(reported_by=self.request.user)
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
def perform_update(self, serializer):
|
|
instance = serializer.save()
|
|
instance._changed_by = self.request.user
|
|
instance.save()
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Web
|
|
# ---------------------------------------------------------------------------
|
|
|
|
def dashboard(request):
|
|
return render(request, "risks/dashboard.html")
|
|
|
|
def stats(request):
|
|
return render(request, "risks/statistics.html")
|
|
|
|
def risks(request):
|
|
return render(request, "risks/list_risks.html")
|
|
|
|
def controls(request):
|
|
return render(request, "risks/list_controls.html")
|
|
|
|
def incidents(request):
|
|
return render(request, "risks/list_incidents.html") |