Merge branch 'main' into CA-178-Add-score-notion-to-ComplianceAssessment

intuitem · Apr 24, 2024 · 039a6e7 · 039a6e7
2 parents 2c492cb + 7a61562
commit 039a6e7
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 43 deletions.
diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml
@@ -11,7 +11,7 @@ env:
 
 jobs:
   functional-tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       backend-directory: ./backend
       working-directory: ./frontend
@@ -27,10 +27,7 @@ jobs:
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
       mailhog:
         image: mailhog/mailhog
-        ports: [
-          "1025:1025", 
-          "8025:8025"
-        ]
+        ports: ["1025:1025", "8025:8025"]
 
     strategy:
       max-parallel: 4

diff --git a/.github/workflows/startup-tests.yml b/.github/workflows/startup-tests.yml
@@ -11,7 +11,7 @@ env:
 
 jobs:
   startup-functional-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
 
     services:
       postgres:
@@ -92,7 +92,7 @@ jobs:
             ${{ env.working-directory }}/tests/reports/
           retention-days: 5
   startup-docker-compose-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       COMPOSE_TEST: True
     steps:

diff --git a/backend/serdes/urls.py b/backend/serdes/urls.py
@@ -3,7 +3,7 @@
 from . import views
 
 urlpatterns = [
-    path("dump-db/", views.dump_db_view, name="dump-db"),
+    path("dump-db/", views.ExportBackupView.as_view(), name="dump-db"),
     path(
         "load-backup/",
         views.LoadBackupView.as_view(),

diff --git a/backend/serdes/views.py b/backend/serdes/views.py
@@ -1,55 +1,50 @@
+import io
 import json
-from django.http import HttpResponse
-from django.core import management
-from django.core.management.commands import loaddata, dumpdata
-from django.contrib.auth.decorators import user_passes_test
+import sys
 from datetime import datetime
+
+from ciso_assistant.settings import VERSION
+from django.core import management
+from django.core.management.commands import dumpdata, loaddata
+from django.http import HttpResponse
 from rest_framework import status
 from rest_framework.parsers import JSONParser
 from rest_framework.response import Response
-
 from rest_framework.views import APIView
 
-from ciso_assistant.settings import VERSION
-
-import sys
-import io
-
 from serdes.serializers import LoadBackupSerializer
 
 
-def is_admin_check(user):
-    return user.has_backup_permission
-
-
-@user_passes_test(is_admin_check)
-def dump_db_view(request):
-    response = HttpResponse(content_type="application/json")
-    timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
-    response["Content-Disposition"] = (
-        f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
-    )
-
-    response.write(f'[{{"meta": [{{"media_version": "{VERSION}"}}]}},\n')
-    # Here we dump th data to stdout
-    # NOTE: We will not be able to dump selected folders with this method.
-    management.call_command(
-        dumpdata.Command(),
-        exclude=["contenttypes", "auth.permission", "sessions.session"],
-        indent=4,
-        stdout=response,
-        natural_foreign=True,
-    )
-    response.write("]")
-    return response
+class ExportBackupView(APIView):
+    def get(self, request, *args, **kwargs):
+        if not request.user.has_backup_permission:
+            return Response(status=status.HTTP_403_FORBIDDEN)
+        response = HttpResponse(content_type="application/json")
+        timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
+        response["Content-Disposition"] = (
+            f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
+        )
+
+        response.write(f'[{{"meta": [{{"media_version": "{VERSION}"}}]}},\n')
+        # Here we dump th data to stdout
+        # NOTE: We will not be able to dump selected folders with this method.
+        management.call_command(
+            dumpdata.Command(),
+            exclude=["contenttypes", "auth.permission", "sessions.session"],
+            indent=4,
+            stdout=response,
+            natural_foreign=True,
+        )
+        response.write("]")
+        return response
 
 
 class LoadBackupView(APIView):
     parser_classes = (JSONParser,)
     serializer_class = LoadBackupSerializer
 
     def post(self, request, *args, **kwargs):
-        if not is_admin_check(request.user):
+        if not request.user.has_backup_permission:
             return Response(status=status.HTTP_403_FORBIDDEN)
         if request.data:
             sys.stdin = io.StringIO(json.dumps(request.data[1]))