Skip to content

Commit

Permalink
Merge branch 'main' into ci_experiments
Browse files Browse the repository at this point in the history
  • Loading branch information
nas-tabchiche committed Oct 3, 2024
2 parents 8c0185a + 95ce9a7 commit 55a8878
Show file tree
Hide file tree
Showing 25 changed files with 403 additions and 1,666 deletions.
6 changes: 3 additions & 3 deletions backend/app_tests/api/test_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ def expected_request_response(
# User has access to the domain
return False, expected_status, "ok"
else:
return False, expected_status, "outside_scope"
return True, expected_status, "outside_scope"
else:
# User has not permission to perform the action
if (
Expand Down Expand Up @@ -771,7 +771,7 @@ def update_object(
), f"{verbose_name} object detail can not be accessed with permission"
else:
assert (
response.status_code == status.HTTP_403_FORBIDDEN
response.status_code == status.HTTP_404_NOT_FOUND
), f"{verbose_name} object detail can be accessed without permission"

if not (fails or user_perm_fails):
Expand Down Expand Up @@ -911,7 +911,7 @@ def delete_object(
), f"{verbose_name} object detail can not be accessed with permission"
else:
assert (
response.status_code == status.HTTP_403_FORBIDDEN
response.status_code == status.HTTP_404_NOT_FOUND
), f"{verbose_name} object detail can be accessed without permission"

# Asserts that the object was deleted successfully
Expand Down
43 changes: 32 additions & 11 deletions backend/core/helpers.py
Original file line number Diff line number Diff line change
@@ -1,25 +1,22 @@
import json
from collections.abc import MutableMapping
from datetime import date, timedelta
from typing import Optional

from django.core.exceptions import NON_FIELD_ERRORS as DJ_NON_FIELD_ERRORS
from django.core.exceptions import ValidationError as DjValidationError
from django.db.models import Count
from django.shortcuts import get_object_or_404
from iam.models import Folder, Permission, RoleAssignment, User
from rest_framework.exceptions import ValidationError as DRFValidationError
from rest_framework.views import api_settings
from rest_framework.views import exception_handler as drf_exception_handler

from iam.models import Folder, Permission, RoleAssignment, User
from library.helpers import get_referential_translation

from .models import *
from .utils import camel_case

from typing import List, Dict, Optional

import json

from django.core.exceptions import NON_FIELD_ERRORS as DJ_NON_FIELD_ERRORS
from django.core.exceptions import ValidationError as DjValidationError
from rest_framework.exceptions import ValidationError as DRFValidationError
from rest_framework.views import api_settings
from rest_framework.views import exception_handler as drf_exception_handler

DRF_NON_FIELD_ERRORS = api_settings.NON_FIELD_ERRORS_KEY


Expand Down Expand Up @@ -1140,6 +1137,30 @@ def threats_count_per_name(user: User):
return {"labels": labels, "values": values}


def get_folder_content(folder: Folder):
content = []
for f in Folder.objects.filter(parent_folder=folder).distinct():
content.append({"name": f.name, "children": get_folder_content(f)})
for p in Project.objects.filter(folder=folder).distinct():
content.append(
{
"name": p.name,
"children": [
{
"name": "audits",
"value": ComplianceAssessment.objects.filter(project=p).count(),
},
{
"name": "risk assessments",
"value": RiskAssessment.objects.filter(project=p).count(),
},
],
}
)

return content


def handle(exc, context):
# translate django validation error which ...
# .. causes HTTP 500 status ==> DRF validation which will cause 400 HTTP status
Expand Down
239 changes: 138 additions & 101 deletions backend/core/startup.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,28 +11,32 @@
logger = get_logger(__name__)

READER_PERMISSIONS_LIST = [
"view_project",
"view_riskassessment",
"view_appliedcontrol",
"view_policy",
"view_riskscenario",
"view_riskacceptance",
"view_asset",
"view_threat",
"view_referencecontrol",
"view_folder",
"view_usergroup",
"view_riskmatrix",
"view_complianceassessment",
"view_requirementassessment",
"view_requirementnode",
"view_entity",
"view_entityassessment",
"view_evidence",
"view_folder",
"view_framework",
"view_loadedlibrary",
"view_policy",
"view_project",
"view_referencecontrol",
"view_representative",
"view_requirementassessment",
"view_requirementmapping",
"view_requirementmappingset",
"view_requirementnode",
"view_riskacceptance",
"view_riskassessment",
"view_riskmatrix",
"view_riskscenario",
"view_solution",
"view_storedlibrary",
"view_threat",
"view_user",
"view_requirementmappingset",
"view_requirementmapping",
"view_usergroup",
]

APPROVER_PERMISSIONS_LIST = [
Expand Down Expand Up @@ -62,120 +66,153 @@
]

ANALYST_PERMISSIONS_LIST = [
"add_appliedcontrol",
"add_asset",
"add_complianceassessment",
"add_evidence",
"add_policy",
"add_project",
"view_project",
"change_project",
"delete_project",
"add_riskacceptance",
"add_riskassessment",
"view_riskassessment",
"change_riskassessment",
"delete_riskassessment",
"add_appliedcontrol",
"view_appliedcontrol",
"add_riskscenario",
"add_solution",
"add_threat",
"change_appliedcontrol",
"delete_appliedcontrol",
"add_policy",
"view_policy",
"change_asset",
"change_complianceassessment",
"change_entity",
"change_entityassessment",
"change_evidence",
"change_policy",
"delete_policy",
"add_riskscenario",
"view_riskscenario",
"change_riskscenario",
"delete_riskscenario",
"add_riskacceptance",
"view_riskacceptance",
"change_project",
"change_referencecontrol",
"change_representative",
"change_requirementassessment",
"change_riskacceptance",
"delete_riskacceptance",
"add_complianceassessment",
"view_complianceassessment",
"change_complianceassessment",
"change_riskassessment",
"change_riskscenario",
"change_solution",
"change_threat",
"delete_appliedcontrol",
"delete_asset",
"delete_complianceassessment",
"view_requirementassessment",
"change_requirementassessment",
"add_evidence",
"view_evidence",
"change_evidence",
"delete_entity",
"delete_entityassessment",
"delete_evidence",
"add_asset",
"view_asset",
"change_asset",
"delete_asset",
"add_threat",
"view_threat",
"change_threat",
"delete_policy",
"delete_project",
"delete_referencecontrol",
"delete_representative",
"delete_riskacceptance",
"delete_riskassessment",
"delete_riskscenario",
"delete_solution",
"delete_threat",
"view_referencecontrol",
"view_appliedcontrol",
"view_asset",
"view_complianceassessment",
"view_entity",
"view_entityassessment",
"view_evidence",
"view_folder",
"view_usergroup",
"view_riskmatrix",
"view_requirementnode",
"view_framework",
"view_storedlibrary",
"view_loadedlibrary",
"view_user",
"view_requirementmappingset",
"view_policy",
"view_project",
"view_referencecontrol",
"view_representative",
"view_requirementassessment",
"view_requirementmapping",
"view_requirementmappingset",
"view_requirementnode",
"view_riskacceptance",
"view_riskassessment",
"view_riskmatrix",
"view_riskscenario",
"view_solution",
"view_storedlibrary",
"view_threat",
"view_user",
"view_usergroup",
]

DOMAIN_MANAGER_PERMISSIONS_LIST = [
"change_usergroup",
"view_usergroup",
"add_project",
"change_project",
"delete_project",
"view_project",
"add_riskassessment",
"view_riskassessment",
"change_riskassessment",
"delete_riskassessment",
"add_appliedcontrol",
"view_appliedcontrol",
"change_appliedcontrol",
"delete_appliedcontrol",
"add_asset",
"add_complianceassessment",
"add_entity",
"add_entityassessment",
"add_evidence",
"add_folder",
"add_policy",
"view_policy",
"change_policy",
"delete_policy",
"add_riskscenario",
"view_riskscenario",
"change_riskscenario",
"delete_riskscenario",
"add_project",
"add_riskacceptance",
"view_riskacceptance",
"change_riskacceptance",
"delete_riskacceptance",
"add_asset",
"view_asset",
"change_asset",
"delete_asset",
"add_riskassessment",
"add_riskmatrix",
"add_riskscenario",
"add_solution",
"add_threat",
"view_threat",
"change_threat",
"delete_threat",
"view_referencecontrol",
"view_folder",
"change_appliedcontrol",
"change_asset",
"change_complianceassessment",
"change_entity",
"change_entityassessment",
"change_evidence",
"change_folder",
"add_riskmatrix",
"view_riskmatrix",
"change_policy",
"change_project",
"change_referencecontrol",
"change_representative",
"change_requirementassessment",
"change_riskacceptance",
"change_riskassessment",
"change_riskmatrix",
"change_riskscenario",
"change_solution",
"change_threat",
"delete_appliedcontrol",
"delete_asset",
"delete_complianceassessment",
"delete_entity",
"delete_entityassessment",
"delete_evidence",
"delete_folder",
"delete_policy",
"delete_project",
"delete_referencecontrol",
"delete_representative",
"delete_riskacceptance",
"delete_riskassessment",
"delete_riskmatrix",
"add_complianceassessment",
"delete_riskscenario",
"delete_solution",
"delete_threat",
"view_appliedcontrol",
"view_asset",
"view_complianceassessment",
"change_complianceassessment",
"delete_complianceassessment",
"view_requirementassessment",
"change_requirementassessment",
"add_evidence",
"view_entity",
"view_entityassessment",
"view_evidence",
"change_evidence",
"delete_evidence",
"view_requirementnode",
"view_folder",
"view_framework",
"view_storedlibrary",
"view_loadedlibrary",
"view_user",
"view_requirementmappingset",
"view_policy",
"view_project",
"view_referencecontrol",
"view_representative",
"view_requirementassessment",
"view_requirementmapping",
"view_requirementmappingset",
"view_requirementnode",
"view_riskacceptance",
"view_riskassessment",
"view_riskmatrix",
"view_riskscenario",
"view_solution",
"view_storedlibrary",
"view_threat",
"view_user",
"view_usergroup",
]

ADMINISTRATOR_PERMISSIONS_LIST = [
Expand Down
Loading

0 comments on commit 55a8878

Please sign in to comment.