intuitem · eric-intuitem · Mar 15, 2024 · Mar 14, 2024 · Mar 14, 2024 · Mar 14, 2024
diff --git a/backend/core/models.py b/backend/core/models.py
@@ -9,7 +9,7 @@
 from .base_models import *
 from .validators import validate_file_size, validate_file_name
 from .utils import camel_case
-from iam.models import FolderMixin
+from iam.models import FolderMixin, PublishInRootFolderMixin
 from django.core import serializers
 
 import os
@@ -162,7 +162,7 @@ def delete(self, *args, **kwargs):
         super(Library, self).delete(*args, **kwargs)
 
 
-class Threat(ReferentialObjectMixin):
+class Threat(ReferentialObjectMixin, PublishInRootFolderMixin):
     library = models.ForeignKey(
         Library, on_delete=models.CASCADE, null=True, blank=True, related_name="threats"
     )
@@ -484,7 +484,7 @@ def __str__(self):
         return self.name
 
 
-class Asset(NameDescriptionMixin, FolderMixin):
+class Asset(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
     class Type(models.TextChoices):
         """
         The type of the asset.
@@ -535,7 +535,7 @@ def ancestors_plus_self(self) -> list[Self]:
         return list(result)
 
 
-class Evidence(NameDescriptionMixin, FolderMixin):
+class Evidence(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
     # TODO: Manage file upload to S3/MiniO
     attachment = models.FileField(
         #        upload_to=settings.LOCAL_STORAGE_DIRECTORY,
@@ -570,7 +570,7 @@ def filename(self):
         return os.path.basename(self.attachment.name)
 
 
-class AppliedControl(NameDescriptionMixin, FolderMixin):
+class AppliedControl(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
     class Status(models.TextChoices):
         PLANNED = "planned", _("Planned")
         ACTIVE = "active", _("Active")
@@ -757,7 +757,7 @@ class Status(models.TextChoices):
         default=Status.PLANNED,
         verbose_name=_("Status"),
         blank=True,
-        null=True
+        null=True,
     )
     authors = models.ManyToManyField(
         User,
@@ -1284,7 +1284,6 @@ class Result(models.TextChoices):
         verbose_name=_("Result"),
     )
 
-
     class Meta:
         verbose_name = _("Compliance assessment")
         verbose_name_plural = _("Compliance assessments")
@@ -1513,7 +1512,7 @@ class Meta:
 ########################### RiskAcesptance is a domain object relying on secondary objects #########################
 
 
-class RiskAcceptance(NameDescriptionMixin, FolderMixin):
+class RiskAcceptance(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
     ACCEPTANCE_STATE = [
         ("created", _("Created")),
         ("submitted", _("Submitted")),

diff --git a/backend/core/views.py b/backend/core/views.py
@@ -887,31 +887,31 @@ def perform_create(self, serializer):
                 role=Role.objects.get(name=RoleCodename.AUDITOR),
                 builtin=True,
                 folder=Folder.get_root_folder(),
-                is_recursive=True
+                is_recursive=True,
             )
             ra1.perimeter_folders.add(folder)
             ra2 = RoleAssignment.objects.create(
                 user_group=approvers,
                 role=Role.objects.get(name=RoleCodename.APPROVER),
                 builtin=True,
                 folder=Folder.get_root_folder(),
-                is_recursive=True
+                is_recursive=True,
             )
             ra2.perimeter_folders.add(folder)
             ra3 = RoleAssignment.objects.create(
                 user_group=analysts,
                 role=Role.objects.get(name=RoleCodename.ANALYST),
                 builtin=True,
                 folder=Folder.get_root_folder(),
-                is_recursive=True
+                is_recursive=True,
             )
             ra3.perimeter_folders.add(folder)
             ra4 = RoleAssignment.objects.create(
                 user_group=managers,
                 role=Role.objects.get(name=RoleCodename.DOMAIN_MANAGER),
                 builtin=True,
                 folder=Folder.get_root_folder(),
-                is_recursive=True
+                is_recursive=True,
             )
             ra4.perimeter_folders.add(folder)
 

diff --git a/backend/iam/models.py b/backend/iam/models.py
@@ -183,6 +183,24 @@ class Meta:
         abstract = True
 
 
+class PublishInRootFolderMixin(models.Model):
+    """
+    Set is_published to True if object is attached to the root folder
+    """
+
+    class Meta:
+        abstract = True
+
+    def save(self, *args, **kwargs):
+        if (
+            getattr(self, "folder") == Folder.get_root_folder()
+            and hasattr(self, "is_published")
+            and not self.is_published
+        ):
+            self.is_published = True
+        super().save(*args, **kwargs)
+
+
 class UserGroup(NameDescriptionMixin, FolderMixin):
     """UserGroup objects contain users and can be used as principals in role assignments"""
 
@@ -201,7 +219,7 @@ def __str__(self) -> str:
 
     def get_name_display(self) -> str:
         return self.name
-    
+
     def get_localization_dict(self) -> dict:
         return {
             "folder": self.folder.name,
@@ -509,7 +527,10 @@ def is_access_allowed(
         for ra in RoleAssignment.get_role_assignments(user):
             f = folder
             while f is not None:
-                if f in ra.perimeter_folders.all() and perm in ra.role.permissions.all():
+                if (
+                    f in ra.perimeter_folders.all()
+                    and perm in ra.role.permissions.all()
+                ):
                     return True
                 f = f.parent_folder
         return False

diff --git a/documentation/architecture/data-model.md b/documentation/architecture/data-model.md
@@ -29,21 +29,22 @@ erDiagram
 ```mermaid
 erDiagram
 
-    ROOT_FOLDER    ||--o{ DOMAIN                      : contains
-    DOMAIN         ||--o{ PROJECT                     : contains
-    DOMAIN         ||--o{ APPLIED_CONTROL             : contains  
-    ROOT_FOLDER    ||--o{ THREAT                      : contains
-    DOMAIN         ||--o{ RISK_ACCEPTANCE             : contains
-    DOMAIN         ||--o{ RISK_ASSESSMENT_REVIEW      : contains
-    DOMAIN         ||--o{ COMPLIANCE_ASSESSMENT_REVIEW: contains
-    DOMAIN         ||--o{ EVIDENCE                    : contains
-    ROOT_FOLDER    ||--o{ FRAMEWORK                   : contains
-    ROOT_FOLDER    ||--o{ REFERENCE_CONTROL           : contains
-    ROOT_FOLDER    ||--o{ LIBRARY                     : contains
-    ROOT_FOLDER    ||--o{ USER                        : contains
-    ROOT_FOLDER    ||--o{ USER_GROUP                  : contains
-    ROOT_FOLDER    ||--o{ ROLE                        : contains
-    ROOT_FOLDER    ||--o{ ROLE_ASSIGNMENT             : contains
+    ROOT_FOLDER           ||--o{ DOMAIN                      : contains
+    DOMAIN                ||--o{ PROJECT                     : contains
+    DOMAIN                ||--o{ RISK_ASSESSMENT_REVIEW      : contains
+    DOMAIN                ||--o{ COMPLIANCE_ASSESSMENT_REVIEW: contains
+    ROOT_FOLDER           ||--o{ FRAMEWORK                   : contains
+    ROOT_FOLDER           ||--o{ REFERENCE_CONTROL           : contains
+    ROOT_FOLDER           ||--o{ LIBRARY                     : contains
+    ROOT_FOLDER           ||--o{ USER                        : contains
+    ROOT_FOLDER           ||--o{ USER_GROUP                  : contains
+    ROOT_FOLDER           ||--o{ ROLE                        : contains
+    ROOT_FOLDER           ||--o{ ROLE_ASSIGNMENT             : contains
+    ROOT_FOLDER_OR_DOMAIN ||--o{ EVIDENCE                    : contains
+    ROOT_FOLDER_OR_DOMAIN ||--o{ APPLIED_CONTROL             : contains  
+    ROOT_FOLDER_OR_DOMAIN ||--o{ RISK_ACCEPTANCE             : contains
+    ROOT_FOLDER_OR_DOMAIN ||--o{ ASSET                       : contains
+    ROOT_FOLDER_OR_DOMAIN ||--o{ THREAT                      : contains
 
     DOMAIN {
         string name