Skip to content

Commit

Permalink
Merge branch 'main' into feat/implementation-groups
Browse files Browse the repository at this point in the history
  • Loading branch information
nas-tabchiche committed May 7, 2024
2 parents 4d75be3 + 8480447 commit 1dc17fd
Show file tree
Hide file tree
Showing 7 changed files with 66 additions and 35 deletions.
1 change: 0 additions & 1 deletion .github/workflows/backend-api-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ jobs:
working-directory: ${{env.working-directory}}
run: |
touch .env
echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env
echo DJANGO_DEBUG='True' >> .env
echo DB_HOST=localhost >> .env
echo EMAIL_HOST=localhost >> .env
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/backend-coverage.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
image: postgres:14.1
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_PASSWORD: postgres # test credential
POSTGRES_DB: postgres
ports: ["5432:5432"]
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
Expand All @@ -46,11 +46,10 @@ jobs:
working-directory: ${{env.working-directory}}
run: |
touch .env
echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env
echo DJANGO_DEBUG='True' >> .env
echo POSTGRES_NAME=postgres >> .env
echo POSTGRES_USER=postgres >> .env
echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env
echo POSTGRES_PASSWORD=postgers >> .env
echo DB_HOST=localhost >> .env
echo EMAIL_HOST=localhost >> .env
echo EMAIL_PORT=1025 >> .env
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/functional-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
image: postgres:14.1
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_PASSWORD: postgres # test credential
POSTGRES_DB: postgres
ports: ["5432:5432"]
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
Expand Down Expand Up @@ -68,12 +68,11 @@ jobs:
working-directory: ${{ env.backend-directory }}
run: |
touch .env
echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env
echo [email protected] >> .env
echo DJANGO_SUPERUSER_PASSWORD=1234 >> .env
echo POSTGRES_NAME=postgres >> .env
echo POSTGRES_USER=postgres >> .env
echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env
echo POSTGRES_PASSWORD=postgres >> .env
echo DB_HOST=localhost >> .env
echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env
echo CISO_ASSISTANT_URL=http://localhost:4173 >> .env
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/startup-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ jobs:
working-directory: ${{ env.backend-directory }}
run: |
touch .env
echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env
echo [email protected] >> .env
echo DJANGO_SUPERUSER_PASSWORD=1234 >> .env
echo POSTGRES_NAME=postgres >> .env
Expand Down Expand Up @@ -114,7 +113,6 @@ jobs:
working-directory: ${{ env.backend-directory }}
run: |
touch .env
echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env
export $(grep -v '^#' .env | xargs)
- name: Config the Docker app
run: |
Expand Down
9 changes: 8 additions & 1 deletion backend/core/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,16 @@ def has_object_permission(self, request: Request, view, obj):
_codename = perms[0].split(".")[1]
if request.method in ["GET", "OPTIONS", "HEAD"] and obj.is_published:
return True
perm = Permission.objects.get(codename=_codename)
# special case of risk acceptance approval
if (
request.parser_context["request"]._request.resolver_match.url_name
== "risk-acceptances-accept"
):
perm = Permission.objects.get(codename="approve_riskacceptance")
return RoleAssignment.is_access_allowed(
user=request.user,
perm=Permission.objects.get(codename=_codename),
perm=perm,
folder=Folder.get_folder(obj),
)

Expand Down
2 changes: 2 additions & 0 deletions frontend/src/lib/components/Forms/ModelForm.svelte
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@
<Select {form} options={model.selectOptions['status']} field="status" label={m.status()} />
<AutocompleteSelect
{form}
disabled={object.id}
options={getOptions({ objects: model.foreignKeys['risk_matrix'] })}
field="risk_matrix"
label={m.riskMatrix()}
Expand Down Expand Up @@ -329,6 +330,7 @@
<Select {form} options={model.selectOptions['status']} field="status" label={m.status()} />
<AutocompleteSelect
{form}
disabled={object.id}
options={getOptions({ objects: model.foreignKeys['framework'] })}
field="framework"
label={m.framework()}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,16 +1,18 @@
import { BASE_API_URL } from '$lib/utils/constants';
import { getModelInfo, urlParamModelVerboseName } from '$lib/utils/crud';
import { localItems, toCamelCase } from '$lib/utils/locales';
import { modelSchema } from '$lib/utils/schemas';
import { listViewFields } from '$lib/utils/table';
import type { urlModel } from '$lib/utils/types';
import * as m from '$paraglide/messages';
import { languageTag } from '$paraglide/runtime';
import { tableSourceMapper, type TableSource } from '@skeletonlabs/skeleton';
import type { Actions } from '@sveltejs/kit';
import { fail, redirect } from '@sveltejs/kit';
import { setFlash } from 'sveltekit-flash-message/server';
import { setError, superValidate } from 'sveltekit-superforms';
import type { PageServerLoad } from './$types';
import * as m from '$paraglide/messages';
import { zod } from 'sveltekit-superforms/adapters';
import type { PageServerLoad } from './$types';

export const load = (async ({ fetch, params }) => {
const URLModel = 'requirement-assessments';
Expand Down Expand Up @@ -323,18 +325,29 @@ export const actions: Actions = {
return { form };
},
createEvidence: async (event) => {
const URLModel = 'evidences';
const schema = modelSchema(URLModel);
const endpoint = `${BASE_API_URL}/${URLModel}/`;
const formData = await event.request.formData();

if (!formData) {
return fail(400, { form: null });
}

const schema = modelSchema('evidences');
const form = await superValidate(formData, zod(schema));

if (!form.valid) {
console.error(form.errors);
return fail(400, { form: form });
}

form.data.requirement_assessments = [event.params.id];
const endpoint = `${BASE_API_URL}/evidences/`;

const fileFields = Object.fromEntries(
Object.entries(form.data).filter(([, value]) => value instanceof File)
);

Object.keys(fileFields).forEach((key) => {
form.data[key] = undefined;
});

const requestInitOptions: RequestInit = {
method: 'POST',
Expand All @@ -344,46 +357,60 @@ export const actions: Actions = {
const res = await event.fetch(endpoint, requestInitOptions);

if (!res.ok) {
const response = await res.json();
console.error('server response:', response);
if (response.non_field_errors) {
setError(form, 'non_field_errors', response.non_field_errors);
const response: Record<string, any> = await res.json();
console.error(response);
if (response.warning) {
setFlash({ type: 'warning', message: response.warning }, event);
return { createForm: form };
}
if (response.error) {
setFlash({ type: 'error', message: response.error }, event);
return { createForm: form };
}
Object.entries(response).forEach(([key, value]) => {
setError(form, key, value);
});
return fail(400, { form: form });
}

const evidence = await res.json();
if (formData.has('attachment')) {
const { attachment } = Object.fromEntries(formData) as { attachment: File };
if (attachment.size > 0) {
const attachmentEndpoint = `${BASE_API_URL}/evidences/${evidence.id}/upload/`;
const attachmentRequestInitOptions: RequestInit = {
const createdObject = await res.json();

if (fileFields) {
for (const [, file] of Object.entries(fileFields)) {
if (file.size <= 0) {
continue;
}
const fileUploadEndpoint = `${BASE_API_URL}/${'evidences'}/${createdObject.id}/upload/`;
const fileUploadRequestInitOptions: RequestInit = {
headers: {
'Content-Disposition': `attachment; filename=${encodeURIComponent(attachment.name)}`
'Content-Disposition': `attachment; filename=${encodeURIComponent(file.name)}`
},
method: 'POST',
body: attachment
body: file
};
const attachmentRes = await event.fetch(attachmentEndpoint, attachmentRequestInitOptions);
if (!attachmentRes.ok) {
const response = await attachmentRes.json();
const fileUploadRes = await event.fetch(fileUploadEndpoint, fileUploadRequestInitOptions);
if (!fileUploadRes.ok) {
const response = await fileUploadRes.json();
console.error(response);
if (response.non_field_errors) {
setError(form, 'non_field_errors', response.non_field_errors);
}
return fail(400, { form });
return fail(400, { form: form });
}
}
}

const model: string = urlParamModelVerboseName(URLModel);
const modelVerboseName = 'evidences';
// TODO: reference newly created object
setFlash(
{
type: 'success',
message: m.successfullyUpdatedObject({ object: model, name: form.data.name })
message: m.successfullyCreatedObject({
object: localItems(languageTag())[toCamelCase(modelVerboseName)].toLowerCase()
})
},
event
);
return { form };
return { createForm: form };
}
};

0 comments on commit 1dc17fd

Please sign in to comment.