Fix conflicts

intuitem · Dec 4, 2024 · b413b5f · b413b5f
2 parents 40cd65a + ac16103
commit b413b5f
Show file tree

Hide file tree

Showing 27 changed files with 552 additions and 72 deletions.
diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml
@@ -70,7 +70,6 @@ jobs:
         run: |
           touch .env
           echo PUBLIC_BACKEND_API_URL=http://localhost:8000/api >> .env
-
       - name: Create backend environment variables file
         working-directory: ${{ env.backend-directory }}
         run: |

diff --git a/.github/workflows/startup-tests.yml b/.github/workflows/startup-tests.yml
@@ -136,7 +136,9 @@ jobs:
         working-directory: ${{ env.frontend-directory }}
         run: |
           response=$(curl -d "[email protected]&password=1234" -H "Origin: https://localhost:8443" https://localhost:8443/login\?/login -k)
-          server_reponse='{"type":"redirect","status":302,"location":""}'
+          server_reponse='{"type":"redirect","status":302,"location":"/"}'
+          echo "[SERVER_RESPONSE] $response"
+          echo "[EXPECTED_RESPONSE] $server_reponse"
           if [[ "$response" == "$server_reponse" ]]; then
             echo "Success"
             exit 0
@@ -265,7 +267,9 @@ jobs:
         working-directory: ${{ env.frontend-directory }}
         run: |
           response=$(curl -d "[email protected]&password=1234" -H "Origin: https://localhost:8443" https://localhost:8443/login\?/login -k)
-          server_reponse='{"type":"redirect","status":302,"location":""}'
+          server_reponse='{"type":"redirect","status":302,"location":"/"}'
+          echo "[SERVER_RESPONSE] $response"
+          echo "[EXPECTED_RESPONSE] $server_reponse"
           if [[ "$response" == "$server_reponse" ]]; then
             echo "Success"
             exit 0

diff --git a/backend/.meta b/backend/.meta
diff --git a/backend/ciso_assistant/.meta b/backend/ciso_assistant/.meta
diff --git a/backend/ciso_assistant/settings.py b/backend/ciso_assistant/settings.py
@@ -306,7 +306,7 @@ def set_ciso_assistant_url(_, __, event_dict):
     ("es", "Spanish"),
     ("de", "German"),
     ("it", "Italian"),
-    ("nd", "Dutch"),
+    ("nl", "Dutch"),
     ("pl", "Polish"),
     ("pt", "Portuguese"),
     ("ar", "Arabic"),

diff --git a/backend/core/startup.py b/backend/core/startup.py
@@ -339,6 +339,30 @@
     "view_filteringlabel",
     "change_filteringlabel",
     "delete_filteringlabel",
+    "add_ebiosrmstudy",
+    "view_ebiosrmstudy",
+    "change_ebiosrmstudy",
+    "delete_ebiosrmstudy",
+    "add_fearedevent",
+    "view_fearedevent",
+    "change_fearedevent",
+    "delete_fearedevent",
+    "add_roto",
+    "view_roto",
+    "change_roto",
+    "delete_roto",
+    "add_stakeholder",
+    "view_stakeholder",
+    "change_stakeholder",
+    "delete_stakeholder",
+    "add_attackpath",
+    "view_attackpath",
+    "change_attackpath",
+    "delete_attackpath",
+    "add_operationalscenario",
+    "view_operationalscenario",
+    "change_operationalscenario",
+    "delete_operationalscenario",
 ]
 
 THIRD_PARTY_RESPONDENT_PERMISSIONS_LIST = [

diff --git a/backend/core/urls.py b/backend/core/urls.py
@@ -83,6 +83,8 @@
     path("iam/", include("iam.urls")),
     path("serdes/", include("serdes.urls")),
     path("settings/", include("global_settings.urls")),
+    path("user-preferences/", UserPreferencesView.as_view(), name="user-preferences"),
+    path("ebios-rm/", include("ebios_rm.urls")),
     path("csrf/", get_csrf_token, name="get_csrf_token"),
     path("build/", get_build, name="get_build"),
     path("evidences/<uuid:pk>/upload/", UploadAttachmentView.as_view(), name="upload"),

diff --git a/backend/core/views.py b/backend/core/views.py
@@ -50,11 +50,6 @@
 from rest_framework.renderers import JSONRenderer
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.status import (
-    HTTP_400_BAD_REQUEST,
-    HTTP_403_FORBIDDEN,
-    HTTP_404_NOT_FOUND,
-)
 from rest_framework.utils.serializer_helpers import ReturnDict
 from rest_framework.views import APIView
 from rest_framework.permissions import AllowAny
@@ -106,7 +101,10 @@ def get_queryset(self):
             return None
         object_ids_view = None
         if self.request.method == "GET":
-            if q := re.match("/api/[\w-]+/([0-9a-f-]+)", self.request.path):
+            if q := re.match(
+                "/api/[\w-]+/([\w-]+/)?([0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}(,[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12})+)",
+                self.request.path,
+            ):
                 """"get_queryset is called by Django even for an individual object via get_object
                 https://stackoverflow.com/questions/74048193/why-does-a-retrieve-request-end-up-calling-get-queryset"""
                 id = UUID(q.group(1))
@@ -300,7 +298,7 @@ def quality_check_detail(self, request, pk):
                 }
             return Response(res)
         else:
-            return Response(status=HTTP_403_FORBIDDEN)
+            return Response(status=status.HTTP_403_FORBIDDEN)
 
     @action(detail=False, methods=["get"])
     def ids(self, request):
@@ -607,7 +605,7 @@ def quality_check_detail(self, request, pk):
             risk_assessment = self.get_object()
             return Response(risk_assessment.quality_check())
         else:
-            return Response(status=HTTP_403_FORBIDDEN)
+            return Response(status=status.HTTP_403_FORBIDDEN)
 
     @action(detail=True, methods=["get"], name="Get treatment plan data")
     def plan(self, request, pk):
@@ -640,7 +638,7 @@ def plan(self, request, pk):
             return Response(risk_assessment)
 
         else:
-            return Response(status=HTTP_403_FORBIDDEN)
+            return Response(status=status.HTTP_403_FORBIDDEN)
 
     @action(detail=True, name="Get treatment plan CSV")
     def treatment_plan_csv(self, request, pk):
@@ -700,7 +698,9 @@ def treatment_plan_csv(self, request, pk):
 
             return response
         else:
-            return Response({"error": "Permission denied"}, status=HTTP_403_FORBIDDEN)
+            return Response(
+                {"error": "Permission denied"}, status=status.HTTP_403_FORBIDDEN
+            )
 
     @action(detail=True, name="Get risk assessment CSV")
     def risk_assessment_csv(self, request, pk):
@@ -762,7 +762,9 @@ def risk_assessment_csv(self, request, pk):
 
             return response
         else:
-            return Response({"error": "Permission denied"}, status=HTTP_403_FORBIDDEN)
+            return Response(
+                {"error": "Permission denied"}, status=status.HTTP_403_FORBIDDEN
+            )
 
     @action(detail=True, name="Get risk assessment PDF")
     def risk_assessment_pdf(self, request, pk):
@@ -1164,7 +1166,7 @@ def duplicate(self, request, pk):
         )
         if UUID(pk) not in object_ids_view:
             return Response(
-                {"results": "applied control duplicated"}, status=HTTP_404_NOT_FOUND
+                {"results": "applied control duplicated"}, status=status.HTTP_404_NOT_FOUND
             )
 
         applied_control = self.get_object()
@@ -1370,7 +1372,7 @@ def update(self, request, *args, **kwargs):
             _data = {
                 "non_field_errors": "The justification can only be edited by the approver"
             }
-            return Response(data=_data, status=HTTP_400_BAD_REQUEST)
+            return Response(data=_data, status=status.HTTP_400_BAD_REQUEST)
         else:
             return super().update(request, *args, **kwargs)
 
@@ -1482,7 +1484,7 @@ def update(self, request: Request, *args, **kwargs) -> Response:
                 if str(admin_group.pk) not in new_user_groups:
                     return Response(
                         {"error": "attemptToRemoveOnlyAdminUserGroup"},
-                        status=HTTP_403_FORBIDDEN,
+                        status=status.HTTP_403_FORBIDDEN,
                     )
 
         return super().update(request, *args, **kwargs)
@@ -1494,7 +1496,7 @@ def destroy(self, request, *args, **kwargs):
             if number_of_admin_users == 1:
                 return Response(
                     {"error": "attemptToDeleteOnlyAdminAccountError"},
-                    status=HTTP_403_FORBIDDEN,
+                    status=status.HTTP_403_FORBIDDEN,
                 )
 
         return super().destroy(request, *args, **kwargs)
@@ -1723,6 +1725,29 @@ def my_assignments(self, request):
         )
 
 
+class UserPreferencesView(APIView):
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get(self, request) -> Response:
+        return Response(request.user.preferences, status=status.HTTP_200_OK)
+
+    def patch(self, request) -> Response:
+        new_language = request.data.get("lang")
+        if new_language is None or new_language not in (
+            lang[0] for lang in settings.LANGUAGES
+        ):
+            logger.error(
+                f"Error in UserPreferencesView: new_language={new_language} available languages={[lang[0] for lang in settings.LANGUAGES]}"
+            )
+            return Response(
+                {"error": "This language doesn't exist."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        request.user.preferences["lang"] = new_language
+        request.user.save()
+        return Response({}, status=status.HTTP_200_OK)
+
+
 @cache_page(60 * SHORT_CACHE_TTL)
 @vary_on_cookie
 @api_view(["GET"])

diff --git a/backend/ebios_rm/migrations/0001_initial.py b/backend/ebios_rm/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 5.1.1 on 2024-12-03 12:57
+# Generated by Django 5.1.1 on 2024-12-04 13:02
 
 import django.core.validators
 import django.db.models.deletion
@@ -54,7 +54,7 @@ class Migration(migrations.Migration):
                     "due_date",
                     models.DateField(blank=True, null=True, verbose_name="Due date"),
                 ),
-                ("ref_id", models.CharField(max_length=100)),
+                ("ref_id", models.CharField(blank=True, max_length=100)),
                 (
                     "version",
                     models.CharField(
@@ -205,6 +205,15 @@ class Migration(migrations.Migration):
                     "justification",
                     models.TextField(blank=True, verbose_name="Justification"),
                 ),
+                (
+                    "folder",
+                    models.ForeignKey(
+                        default=iam.models.Folder.get_root_folder_id,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="%(class)s_folder",
+                        to="iam.folder",
+                    ),
+                ),
                 (
                     "ebios_rm_study",
                     models.ForeignKey(
@@ -249,7 +258,7 @@ class Migration(migrations.Migration):
                     "description",
                     models.TextField(blank=True, null=True, verbose_name="Description"),
                 ),
-                ("ref_id", models.CharField(max_length=100)),
+                ("ref_id", models.CharField(blank=True, max_length=100)),
                 (
                     "gravity",
                     models.SmallIntegerField(default=-1, verbose_name="Gravity"),
@@ -280,6 +289,15 @@ class Migration(migrations.Migration):
                         verbose_name="EBIOS RM study",
                     ),
                 ),
+                (
+                    "folder",
+                    models.ForeignKey(
+                        default=iam.models.Folder.get_root_folder_id,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="%(class)s_folder",
+                        to="iam.folder",
+                    ),
+                ),
                 (
                     "qualifications",
                     models.ManyToManyField(
@@ -352,6 +370,15 @@ class Migration(migrations.Migration):
                         verbose_name="EBIOS RM study",
                     ),
                 ),
+                (
+                    "folder",
+                    models.ForeignKey(
+                        default=iam.models.Folder.get_root_folder_id,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="%(class)s_folder",
+                        to="iam.folder",
+                    ),
+                ),
                 (
                     "threats",
                     models.ManyToManyField(
@@ -488,6 +515,15 @@ class Migration(migrations.Migration):
                         verbose_name="Feared events",
                     ),
                 ),
+                (
+                    "folder",
+                    models.ForeignKey(
+                        default=iam.models.Folder.get_root_folder_id,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="%(class)s_folder",
+                        to="iam.folder",
+                    ),
+                ),
             ],
             options={
                 "verbose_name": "RO/TO couple",
@@ -655,6 +691,15 @@ class Migration(migrations.Migration):
                         verbose_name="Entity",
                     ),
                 ),
+                (
+                    "folder",
+                    models.ForeignKey(
+                        default=iam.models.Folder.get_root_folder_id,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="%(class)s_folder",
+                        to="iam.folder",
+                    ),
+                ),
             ],
             options={
                 "verbose_name": "Stakeholder",