Skip to content

Commit

Permalink
User can add evidences from applied controls
Browse files Browse the repository at this point in the history 
Formatter

Formatter
  • Loading branch information
@monsieurswag
monsieurswag committed Jun 7, 2024
1 parent 4410b66 commit b508995
Show file tree
Hide file tree
Showing 8 changed files with 261 additions and 7 deletions.
43 changes: 42 additions & 1 deletion backend/core/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,12 @@
from rest_framework.parsers import FileUploadParser
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_403_FORBIDDEN
from rest_framework.status import (
HTTP_204_NO_CONTENT,
HTTP_400_BAD_REQUEST,
HTTP_403_FORBIDDEN,
HTTP_404_NOT_FOUND,
)
from rest_framework.utils.serializer_helpers import ReturnDict
from rest_framework.views import APIView
from weasyprint import HTML
Expand Down Expand Up @@ -555,6 +560,42 @@ class AppliedControlViewSet(BaseModelViewSet):
]
search_fields = ["name", "description", "risk_scenarios", "requirement_assessments"]

@action(detail=True, methods=["post"], name="Add an evidence to an applied control")
def add_evidence(self, request, pk):
evidence = request.data.get("evidence")
if evidence is None:
return Response(status=HTTP_400_BAD_REQUEST)
try:
applied_control = AppliedControl.objects.get(id=pk)
except:
return Response("Applied control not found", status=HTTP_404_NOT_FOUND)
try:
evidence_to_add = Evidence.objects.get(id=evidence)
except:
return Response("Evidence not found", status=HTTP_404_NOT_FOUND)
# It would be faster to directly put an UUID in .add to avoid fetching the evidence from the database for nothing
applied_control.evidences.add(evidence_to_add)
return Response(status=HTTP_204_NO_CONTENT)

@action(
detail=True, methods=["post"], name="Remove an evidence to an applied control"
)
def remove_evidence(self, request, pk):
evidence = request.data.get("evidence")
if evidence is None:
return Response(status=HTTP_400_BAD_REQUEST)
try:
applied_control = AppliedControl.objects.get(id=pk)
except:
return Response("Applied control not found", status=HTTP_404_NOT_FOUND)
try:
evidence_to_remove = Evidence.objects.get(id=evidence)
except:
return Response("Evidence not found", status=HTTP_404_NOT_FOUND)
# It would be faster to directly put an UUID in .remove to avoid fetching the evidence from the database for nothing
applied_control.evidences.remove(evidence_to_remove)
return Response(status=HTTP_204_NO_CONTENT)

@action(detail=False, name="Get status choices")
def status(self, request):
return Response(dict(AppliedControl.Status.choices))
Expand Down
1 change: 1 addition & 0 deletions frontend/src/lib/components/ModelTable/LibraryActions.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@

{#if actionsURLModel === 'stored-libraries' && Object.hasOwn(library, 'is_loaded') && !library.is_loaded}
{#if loading.form && loading.library === library.urn}
<!-- Put this in a snippet once we update to svelte 5 -->
<div class="flex items-center cursor-progress" role="status">
<svg
aria-hidden="true"
Expand Down
12 changes: 10 additions & 2 deletions frontend/src/lib/components/ModelTable/ModelTable.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
import type { SuperValidated } from 'sveltekit-superforms';
import type { AnyZodObject } from 'zod';
import type { TableSource } from './types';
import * as m from '$paraglide/messages';
import { localItems, toCamelCase } from '$lib/utils/locales';
import { languageTag } from '$paraglide/runtime';
import { ISO_8601_REGEX } from '$lib/utils/constants';
Expand Down Expand Up @@ -62,6 +61,11 @@
export let displayActions = true;
export let addOption: boolean = false;
export let containerModel: object | undefined; // Find a better name for this prop ?
export let containerObject: object | undefined; // Find a better name for this prop ?
export let containerReferences: Set<string> = new Set();
function onRowClick(
event: SvelteEvent<MouseEvent | KeyboardEvent, HTMLTableRowElement>,
rowIndex: number
Expand Down Expand Up @@ -282,10 +286,14 @@
URLModel={actionsURLModel}
detailURL={`/${actionsURLModel}/${row.meta[identifierField]}${detailQueryParameter}`}
editURL={!(row.meta.builtin || row.meta.urn) ? `/${actionsURLModel}/${row.meta[identifierField]}/edit?next=${$page.url.pathname}` : undefined}
{row}
row={row.meta}
hasBody={$$slots.actionsBody}
{identifierField}
preventDelete={preventDelete(row)}
{containerModel}
{containerObject}
{containerReferences}
{addOption}
>
<svelte:fragment slot="head">
{#if $$slots.actionsHead}
Expand Down
107 changes: 106 additions & 1 deletion frontend/src/lib/components/TableRowActions/TableRowActions.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
import { getModalStore } from '@skeletonlabs/skeleton';
import type { SuperValidated } from 'sveltekit-superforms';
import type { AnyZodObject } from 'zod';
import * as m from '$paraglide/messages';
const modalStore: ModalStore = getModalStore();
Expand All @@ -22,6 +21,13 @@
export let identifierField = 'id';
export let preventDelete = false;
export let addOption: boolean = false;
export let containerModel: object | undefined; // Find a better name for this prop N
export let containerObject: { id: string; [key: string]: any } | undefined; // Find a better name for this prop ?
export let containerReferences: Set<string>;
let addLoading = false;
let removeLoading = false;
export let hasBody = false;
function stopPropagation(event: Event): void {
Expand Down Expand Up @@ -56,6 +62,14 @@
$: displayEdit =
canEditObject && URLModel && !['frameworks', 'risk-matrices'].includes(URLModel) && editURL;
$: displayDelete = canDeleteObject && deleteForm !== undefined;
const displayAdd =
containerModel &&
containerModel.reverseForeignKeyFields &&
containerModel.reverseForeignKeyFields.filter(
(field) => field.urlModel === model.urlModel && addOption
).length > 0;
let isInsideObject = containerReferences.has(row.id);
</script>

<span
Expand All @@ -64,6 +78,97 @@
<slot name="head" />
<slot name="body" />
{#if !hasBody}
{#if displayAdd && containerObject}
{#if isInsideObject}
<button
class="cursor-pointer hover:text-primary-500"
on:click={(e) => {
const formData = new FormData();
formData.append('evidence', row.id);
addLoading = true;

fetch(`/applied_controls/${containerObject.id}?/remove_evidence`, {
method: 'POST',
body: formData
}).then((res) => {
if (res.ok) {
isInsideObject = false;
} else {
removeLoading = false;
}
});
e.stopPropagation();
}}
>
{#if removeLoading}
<div class="flex items-center cursor-progress" role="status">
<svg
aria-hidden="true"
class="w-5 h-5 text-gray-200 animate-spin dark:text-gray-600 fill-primary-500"
viewBox="0 0 100 101"
fill="none"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z"
fill="currentColor"
/>
<path
d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z"
fill="currentFill"
/>
</svg>
</div>
{:else}
<i class="fa-solid fa-square-minus" />
{/if}
</button>
{:else}
<button
class="cursor-pointer hover:text-primary-500"
on:click={(e) => {
const formData = new FormData();
formData.append('evidence', row.id);
addLoading = true;

fetch(`/applied_controls/${containerObject.id}?/add_evidence`, {
method: 'POST',
body: formData
}).then((res) => {
if (res.ok) {
isInsideObject = true;
} else {
addLoading = false;
}
});
e.stopPropagation();
}}
>
{#if addLoading}
<div class="flex items-center cursor-progress" role="status">
<svg
aria-hidden="true"
class="w-5 h-5 text-gray-200 animate-spin dark:text-gray-600 fill-primary-500"
viewBox="0 0 100 101"
fill="none"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z"
fill="currentColor"
/>
<path
d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z"
fill="currentFill"
/>
</svg>
</div>
{:else}
<i class="fa-solid fa-plus" />
{/if}
</button>
{/if}
{/if}
{#if displayDetail}
<a
href={detailURL}
Expand Down
Loading

0 comments on commit b508995

Please sign in to comment.