diff --git a/backend/core/helpers.py b/backend/core/helpers.py index c6dbdd896..c7a7c2a4b 100644 --- a/backend/core/helpers.py +++ b/backend/core/helpers.py @@ -748,15 +748,38 @@ def risks_per_project_groups(user: User): def get_counters(user: User): + print() return { - "domains": Folder.objects.filter( - content_type=Folder.ContentType.DOMAIN - ).count(), - "projects": Project.objects.all().count(), - "applied_controls": AppliedControl.objects.all().count(), - "risk_assessments": RiskAssessment.objects.all().count(), - "compliance_assessments": ComplianceAssessment.objects.all().count(), - "policies": Policy.objects.all().count(), + "domains": len( + RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), user, Folder + )[0] + ), + "projects": len( + RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), user, Project + )[0] + ), + "applied_controls": len( + RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), user, AppliedControl + )[0] + ), + "risk_assessments": len( + RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), user, RiskAssessment + )[0] + ), + "compliance_assessments": len( + RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), user, ComplianceAssessment + )[0] + ), + "policies": len( + RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), user, Policy + )[0] + ), } @@ -964,11 +987,18 @@ def threats_count_per_name(user: User): _, _, ) = RoleAssignment.get_accessible_object_ids(Folder.get_root_folder(), user, Threat) + viewable_scenarios = RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), user, RiskScenario + )[0] # expected by echarts to send the threats names in labels and the count of each threat in values for threat in Threat.objects.filter(id__in=object_ids_view).order_by("name"): - val = RiskScenario.objects.filter(threats=threat).count() + val = ( + RiskScenario.objects.filter(threats=threat) + .filter(id__in=viewable_scenarios) + .count() + ) if val > 0: labels.append({"name": threat.name}) values.append(val) diff --git a/backend/core/views.py b/backend/core/views.py index bc70c8562..ffea66c84 100644 --- a/backend/core/views.py +++ b/backend/core/views.py @@ -283,14 +283,25 @@ def colors(self, request): @action(detail=False, name="Get used risk matrices") def used(self, request): - _used_matrices = RiskMatrix.objects.filter( - riskassessment__isnull=False - ).distinct() + viewable_matrices = RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), request.user, RiskMatrix + )[0] + viewable_assessments = RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), request.user, RiskAssessment + )[0] + _used_matrices = ( + RiskMatrix.objects.filter(riskassessment__isnull=False) + .filter(id__in=viewable_matrices) + .filter(riskassessment__id__in=viewable_assessments) + .distinct() + ) used_matrices = _used_matrices.values("id", "name") for i in range(len(used_matrices)): - used_matrices[i]["risk_assessments_count"] = _used_matrices.get( - id=used_matrices[i]["id"] - ).riskassessment_set.count() + used_matrices[i]["risk_assessments_count"] = ( + RiskAssessment.objects.filter(risk_matrix=_used_matrices[i].id) + .filter(id__in=viewable_assessments) + .count() + ) return Response({"results": used_matrices}) @@ -1060,14 +1071,25 @@ def tree(self, request, pk): @action(detail=False, name="Get used frameworks") def used(self, request): - _used_frameworks = Framework.objects.filter( - complianceassessment__isnull=False - ).distinct() + viewable_framework = RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), request.user, Framework + )[0] + viewable_assessments = RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), request.user, ComplianceAssessment + )[0] + _used_frameworks = ( + Framework.objects.filter(complianceassessment__isnull=False) + .filter(id__in=viewable_framework) + .filter(complianceassessment__id__in=viewable_assessments) + .distinct() + ) used_frameworks = _used_frameworks.values("id", "name") for i in range(len(used_frameworks)): - used_frameworks[i]["compliance_assessments_count"] = _used_frameworks.get( - id=used_frameworks[i]["id"] - ).complianceassessment_set.count() + used_frameworks[i]["compliance_assessments_count"] = ( + ComplianceAssessment.objects.filter(framework=_used_frameworks[i].id) + .filter(id__in=viewable_assessments) + .count() + ) return Response({"results": used_frameworks}) diff --git a/frontend/src/routes/(app)/analytics/ComposerSelect.svelte b/frontend/src/routes/(app)/analytics/ComposerSelect.svelte index 621c32138..4309472d3 100644 --- a/frontend/src/routes/(app)/analytics/ComposerSelect.svelte +++ b/frontend/src/routes/(app)/analytics/ComposerSelect.svelte @@ -15,7 +15,7 @@ onMount(async () => { const riskAssessments = await fetch('/risk-assessments').then((res) => res.json()); - options = getOptions({ objects: riskAssessments }); + options = getOptions({ objects: riskAssessments, extra_fields: [['project', 'str']] }); }); diff --git a/frontend/src/routes/(app)/analytics/composer/+page.svelte b/frontend/src/routes/(app)/analytics/composer/+page.svelte index 7afbb574c..cbdc02b3e 100644 --- a/frontend/src/routes/(app)/analytics/composer/+page.svelte +++ b/frontend/src/routes/(app)/analytics/composer/+page.svelte @@ -20,7 +20,7 @@ } -