diff --git a/backend/app_tests/api/test_utils.py b/backend/app_tests/api/test_utils.py index 448c5073b..a973ebb6c 100644 --- a/backend/app_tests/api/test_utils.py +++ b/backend/app_tests/api/test_utils.py @@ -100,7 +100,7 @@ def expected_request_response( # User has access to the domain return False, expected_status, "ok" else: - return False, expected_status, "outside_scope" + return True, expected_status, "outside_scope" else: # User has not permission to perform the action if ( @@ -771,7 +771,7 @@ def update_object( ), f"{verbose_name} object detail can not be accessed with permission" else: assert ( - response.status_code == status.HTTP_403_FORBIDDEN + response.status_code == status.HTTP_404_NOT_FOUND ), f"{verbose_name} object detail can be accessed without permission" if not (fails or user_perm_fails): @@ -911,7 +911,7 @@ def delete_object( ), f"{verbose_name} object detail can not be accessed with permission" else: assert ( - response.status_code == status.HTTP_403_FORBIDDEN + response.status_code == status.HTTP_404_NOT_FOUND ), f"{verbose_name} object detail can be accessed without permission" # Asserts that the object was deleted successfully diff --git a/backend/core/helpers.py b/backend/core/helpers.py index 6745f371b..4b4afd492 100644 --- a/backend/core/helpers.py +++ b/backend/core/helpers.py @@ -1,25 +1,22 @@ +import json from collections.abc import MutableMapping from datetime import date, timedelta +from typing import Optional +from django.core.exceptions import NON_FIELD_ERRORS as DJ_NON_FIELD_ERRORS +from django.core.exceptions import ValidationError as DjValidationError from django.db.models import Count from django.shortcuts import get_object_or_404 -from iam.models import Folder, Permission, RoleAssignment, User +from rest_framework.exceptions import ValidationError as DRFValidationError +from rest_framework.views import api_settings +from rest_framework.views import exception_handler as drf_exception_handler +from iam.models import Folder, Permission, RoleAssignment, User from library.helpers import get_referential_translation from .models import * from .utils import camel_case -from typing import List, Dict, Optional - -import json - -from django.core.exceptions import NON_FIELD_ERRORS as DJ_NON_FIELD_ERRORS -from django.core.exceptions import ValidationError as DjValidationError -from rest_framework.exceptions import ValidationError as DRFValidationError -from rest_framework.views import api_settings -from rest_framework.views import exception_handler as drf_exception_handler - DRF_NON_FIELD_ERRORS = api_settings.NON_FIELD_ERRORS_KEY @@ -1142,6 +1139,30 @@ def threats_count_per_name(user: User): return {"labels": labels, "values": values} +def get_folder_content(folder: Folder): + content = [] + for f in Folder.objects.filter(parent_folder=folder).distinct(): + content.append({"name": f.name, "children": get_folder_content(f)}) + for p in Project.objects.filter(folder=folder).distinct(): + content.append( + { + "name": p.name, + "children": [ + { + "name": "audits", + "value": ComplianceAssessment.objects.filter(project=p).count(), + }, + { + "name": "risk assessments", + "value": RiskAssessment.objects.filter(project=p).count(), + }, + ], + } + ) + + return content + + def handle(exc, context): # translate django validation error which ... # .. causes HTTP 500 status ==> DRF validation which will cause 400 HTTP status diff --git a/backend/core/startup.py b/backend/core/startup.py index ec5079096..e87468a4c 100644 --- a/backend/core/startup.py +++ b/backend/core/startup.py @@ -11,28 +11,32 @@ logger = get_logger(__name__) READER_PERMISSIONS_LIST = [ - "view_project", - "view_riskassessment", "view_appliedcontrol", - "view_policy", - "view_riskscenario", - "view_riskacceptance", "view_asset", - "view_threat", - "view_referencecontrol", - "view_folder", - "view_usergroup", - "view_riskmatrix", "view_complianceassessment", - "view_requirementassessment", - "view_requirementnode", + "view_entity", + "view_entityassessment", "view_evidence", + "view_folder", "view_framework", "view_loadedlibrary", + "view_policy", + "view_project", + "view_referencecontrol", + "view_representative", + "view_requirementassessment", + "view_requirementmapping", + "view_requirementmappingset", + "view_requirementnode", + "view_riskacceptance", + "view_riskassessment", + "view_riskmatrix", + "view_riskscenario", + "view_solution", "view_storedlibrary", + "view_threat", "view_user", - "view_requirementmappingset", - "view_requirementmapping", + "view_usergroup", ] APPROVER_PERMISSIONS_LIST = [ @@ -62,120 +66,153 @@ ] ANALYST_PERMISSIONS_LIST = [ + "add_appliedcontrol", + "add_asset", + "add_complianceassessment", + "add_evidence", + "add_policy", "add_project", - "view_project", - "change_project", - "delete_project", + "add_riskacceptance", "add_riskassessment", - "view_riskassessment", - "change_riskassessment", - "delete_riskassessment", - "add_appliedcontrol", - "view_appliedcontrol", + "add_riskscenario", + "add_solution", + "add_threat", "change_appliedcontrol", - "delete_appliedcontrol", - "add_policy", - "view_policy", + "change_asset", + "change_complianceassessment", + "change_entity", + "change_entityassessment", + "change_evidence", "change_policy", - "delete_policy", - "add_riskscenario", - "view_riskscenario", - "change_riskscenario", - "delete_riskscenario", - "add_riskacceptance", - "view_riskacceptance", + "change_project", + "change_referencecontrol", + "change_representative", + "change_requirementassessment", "change_riskacceptance", - "delete_riskacceptance", - "add_complianceassessment", - "view_complianceassessment", - "change_complianceassessment", + "change_riskassessment", + "change_riskscenario", + "change_solution", + "change_threat", + "delete_appliedcontrol", + "delete_asset", "delete_complianceassessment", - "view_requirementassessment", - "change_requirementassessment", - "add_evidence", - "view_evidence", - "change_evidence", + "delete_entity", + "delete_entityassessment", "delete_evidence", - "add_asset", - "view_asset", - "change_asset", - "delete_asset", - "add_threat", - "view_threat", - "change_threat", + "delete_policy", + "delete_project", + "delete_referencecontrol", + "delete_representative", + "delete_riskacceptance", + "delete_riskassessment", + "delete_riskscenario", + "delete_solution", "delete_threat", - "view_referencecontrol", + "view_appliedcontrol", + "view_asset", + "view_complianceassessment", + "view_entity", + "view_entityassessment", + "view_evidence", "view_folder", - "view_usergroup", - "view_riskmatrix", - "view_requirementnode", "view_framework", - "view_storedlibrary", "view_loadedlibrary", - "view_user", - "view_requirementmappingset", + "view_policy", + "view_project", + "view_referencecontrol", + "view_representative", + "view_requirementassessment", "view_requirementmapping", + "view_requirementmappingset", + "view_requirementnode", + "view_riskacceptance", + "view_riskassessment", + "view_riskmatrix", + "view_riskscenario", + "view_solution", + "view_storedlibrary", + "view_threat", + "view_user", + "view_usergroup", ] DOMAIN_MANAGER_PERMISSIONS_LIST = [ - "change_usergroup", - "view_usergroup", - "add_project", - "change_project", - "delete_project", - "view_project", - "add_riskassessment", - "view_riskassessment", - "change_riskassessment", - "delete_riskassessment", "add_appliedcontrol", - "view_appliedcontrol", - "change_appliedcontrol", - "delete_appliedcontrol", + "add_asset", + "add_complianceassessment", + "add_entity", + "add_entityassessment", + "add_evidence", + "add_folder", "add_policy", - "view_policy", - "change_policy", - "delete_policy", - "add_riskscenario", - "view_riskscenario", - "change_riskscenario", - "delete_riskscenario", + "add_project", "add_riskacceptance", - "view_riskacceptance", - "change_riskacceptance", - "delete_riskacceptance", - "add_asset", - "view_asset", - "change_asset", - "delete_asset", + "add_riskassessment", + "add_riskmatrix", + "add_riskscenario", + "add_solution", "add_threat", - "view_threat", - "change_threat", - "delete_threat", - "view_referencecontrol", - "view_folder", + "change_appliedcontrol", + "change_asset", + "change_complianceassessment", + "change_entity", + "change_entityassessment", + "change_evidence", "change_folder", - "add_riskmatrix", - "view_riskmatrix", + "change_policy", + "change_project", + "change_referencecontrol", + "change_representative", + "change_requirementassessment", + "change_riskacceptance", + "change_riskassessment", "change_riskmatrix", + "change_riskscenario", + "change_solution", + "change_threat", + "delete_appliedcontrol", + "delete_asset", + "delete_complianceassessment", + "delete_entity", + "delete_entityassessment", + "delete_evidence", + "delete_folder", + "delete_policy", + "delete_project", + "delete_referencecontrol", + "delete_representative", + "delete_riskacceptance", + "delete_riskassessment", "delete_riskmatrix", - "add_complianceassessment", + "delete_riskscenario", + "delete_solution", + "delete_threat", + "view_appliedcontrol", + "view_asset", "view_complianceassessment", - "change_complianceassessment", - "delete_complianceassessment", - "view_requirementassessment", - "change_requirementassessment", - "add_evidence", + "view_entity", + "view_entityassessment", "view_evidence", - "change_evidence", - "delete_evidence", - "view_requirementnode", + "view_folder", "view_framework", - "view_storedlibrary", "view_loadedlibrary", - "view_user", - "view_requirementmappingset", + "view_policy", + "view_project", + "view_referencecontrol", + "view_representative", + "view_requirementassessment", "view_requirementmapping", + "view_requirementmappingset", + "view_requirementnode", + "view_riskacceptance", + "view_riskassessment", + "view_riskmatrix", + "view_riskscenario", + "view_solution", + "view_storedlibrary", + "view_threat", + "view_user", + "view_usergroup", ] ADMINISTRATOR_PERMISSIONS_LIST = [ diff --git a/backend/core/views.py b/backend/core/views.py index 892264fee..b5f901bee 100644 --- a/backend/core/views.py +++ b/backend/core/views.py @@ -1156,32 +1156,12 @@ def org_tree(self, request): object_type=Folder, ) folders_list = list() - for folder in Folder.objects.exclude(content_type="GL").filter( - id__in=viewable_objects + for folder in ( + Folder.objects.exclude(content_type="GL") + .filter(id__in=viewable_objects, parent_folder=Folder.get_root_folder()) + .distinct() ): - entry = {"name": folder.name} - children = [] - for project in Project.objects.filter(folder=folder): - children.append( - { - "name": project.name, - "children": [ - { - "name": "audits", - "value": ComplianceAssessment.objects.filter( - project=project - ).count(), - }, - { - "name": "risk assessments", - "value": RiskAssessment.objects.filter( - project=project - ).count(), - }, - ], - } - ) - entry.update({"children": children}) + entry = {"name": folder.name, "children": get_folder_content(folder)} folders_list.append(entry) tree.update({"children": folders_list}) diff --git a/backend/library/management/commands/storelibraries.py b/backend/library/management/commands/storelibraries.py index 4ac126240..617c74877 100644 --- a/backend/library/management/commands/storelibraries.py +++ b/backend/library/management/commands/storelibraries.py @@ -1,12 +1,14 @@ from pathlib import Path -import structlog +import structlog, signal from ciso_assistant.settings import LIBRARIES_PATH from core.models import StoredLibrary from django.core.management.base import BaseCommand logger = structlog.getLogger(__name__) +signal.signal(signal.SIGINT, signal.SIG_DFL) + class Command(BaseCommand): help = "Store libraries in the database" diff --git a/enterprise/frontend/src/lib/components/Forms/ModelForm.svelte b/enterprise/frontend/src/lib/components/Forms/ModelForm.svelte deleted file mode 100644 index 1ca3994eb..000000000 --- a/enterprise/frontend/src/lib/components/Forms/ModelForm.svelte +++ /dev/null @@ -1,1418 +0,0 @@ - - - createModalCache.deleteCache(model.urlModel)} - {...$$restProps} -> - - - - {#if shape.reference_control} - { - if (e.detail) { - await fetch(`/reference-controls/${e.detail}`) - .then((r) => r.json()) - .then((r) => { - form.form.update((currentData) => { - if ( - context === 'edit' && - currentData['reference_control'] === initialData['reference_control'] && - !updated_fields.has('reference_control') - ) { - return currentData; // Keep the current values in the edit form. - } - updated_fields.add('reference_control'); - return { ...currentData, category: r.category, csf_function: r.csf_function }; - }); - }); - } - }} - /> - {/if} - {#if shape.name} - - {/if} - {#if shape.description} -