Feat/manage strength of knowledge

backend/core/migrations/0003_alter_riskscenario_strength_of_knowledge.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0.2 on 2024-02-26 14:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0002_initial'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='riskscenario',
+            name='strength_of_knowledge',
+            field=models.IntegerField(default=-1, help_text='The strength of the knowledge supporting the assessment', verbose_name='Strength of Knowledge'),
+        ),
+    ]

backend/core/models.py

@@ -22,6 +22,7 @@
 
 ########################### Referential objects #########################
 
+
 class ReferentialObjectMixin(NameDescriptionMixin, FolderMixin):
     """
     Mixin for referential objects.
@@ -355,6 +356,7 @@ class Meta:
 
 ########################### Domain objects #########################
 
+
 class Project(NameDescriptionMixin, FolderMixin):
     PRJ_LC_STATUS = [
         ("undefined", _("--")),
@@ -672,7 +674,7 @@ def save(self, *args, **kwargs):
 
 
 ########################### Secondary objects #########################
-        
+
 
 class Assessment(NameDescriptionMixin):
     class Status(models.TextChoices):
@@ -993,12 +995,42 @@ class RiskScenario(NameDescriptionMixin):
         ("transfer", _("Transfer")),
     ]
 
-    SOK_OPTIONS = [
-        ("--", _("--")),
-        ("0", _("Low")),
-        ("1", _("Medium")),
-        ("2", _("High")),
-    ]
+    DEFAULT_SOK_OPTIONS = {
+        -1: {
+            "name": _("--"),
+            "description": _(
+                "The strength of the knowledge supporting the assessment is undefined"
+            ),
+        },
+        0: {
+            "name": _("Low"),
+            "description": _(
+                "The strength of the knowledge supporting the assessment is low"
+            ),
+            "symbol": "◔",
+        },
+        1: {
+            "name": _("Medium"),
+            "description": _(
+                "The strength of the knowledge supporting the assessment is medium"
+            ),
+            "symbol": "◑",
+        },
+        2: {
+            "name": _("High"),
+            "description": _(
+                "The strength of the knowledge supporting the assessment is high"
+            ),
+            "symbol": "◕",
+        },
+        3: {
+            "name": _("Very High"),
+            "description": _(
+                "The strength of the knowledge supporting the assessment is very high"
+            ),
+            "symbol": "●",
+        },
+    }
 
     risk_assessment = models.ForeignKey(
         RiskAssessment,
@@ -1071,11 +1103,10 @@ class RiskScenario(NameDescriptionMixin):
         verbose_name=_("Treatment status"),
     )
 
-    strength_of_knowledge = models.CharField(
-        max_length=20,
-        choices=SOK_OPTIONS,
-        default="--",
+    strength_of_knowledge = models.IntegerField(
+        default=-1,
         verbose_name=_("Strength of Knowledge"),
+        help_text=_("The strength of the knowledge supporting the assessment"),
     )
     justification = models.CharField(
         max_length=500, blank=True, null=True, verbose_name=_("Justification")
@@ -1143,6 +1174,11 @@ def get_residual_proba(self):
         risk_matrix = self.get_matrix()
         return risk_matrix["probability"][self.residual_proba]
 
+    def get_strength_of_knowledge(self):
+        if self.strength_of_knowledge < 0:
+            return self.DEFAULT_SOK_OPTIONS[-1]
+        return self.DEFAULT_SOK_OPTIONS[self.strength_of_knowledge]
+
     def __str__(self):
         return (
             str(self.parent_project().folder)
@@ -1408,7 +1444,7 @@ class Meta:
 
 
 ########################### RiskAcesptance is a domain object relying on secondary objects #########################
-        
+
 
 class RiskAcceptance(NameDescriptionMixin, FolderMixin):
     ACCEPTANCE_STATE = [
@@ -1495,4 +1531,3 @@ def set_state(self, state):
         elif state == "revoked":
             self.revoked_at = datetime.now()
         self.save()
-

backend/core/serializers.py

@@ -197,7 +197,10 @@ class RiskScenarioReadSerializer(RiskScenarioWriteSerializer):
     residual_impact = serializers.CharField(source="get_residual_impact.name")
     residual_level = serializers.JSONField(source="get_residual_risk")
 
+    strength_of_knowledge = serializers.JSONField(source="get_strength_of_knowledge")
+
     security_measures = FieldsRelatedField(many=True)
+    rid = serializers.CharField()
 
 
 class SecurityMeasureWriteSerializer(BaseModelSerializer):
@@ -463,6 +466,7 @@ class Meta:
         model = RequirementAssessment
         fields = "__all__"
 
+
 class LibraryReadSerializer(BaseModelSerializer):
     class Meta:
         model = Library

backend/core/views.py

@@ -681,6 +681,29 @@ def impact(self, request, pk):
         choices = undefined | _choices
         return Response(choices)
 
+    @action(detail=True, name="Get strength of knowledge choices")
+    def strength_of_knowledge(self, request, pk):
+        undefined = {-1: RiskScenario.DEFAULT_SOK_OPTIONS[-1]}
+        _sok_choices = self.get_object().get_matrix().get("strength_of_knowledge")
+        if _sok_choices is not None:
+            sok_choices = dict(
+                zip(
+                    list(range(0, 64)),
+                    [
+                        {
+                            "name": x["name"],
+                            "description": x.get("description"),
+                            "symbol": x.get("symbol"),
+                        }
+                        for x in _sok_choices
+                    ],
+                )
+            )
+        else:
+            sok_choices = RiskScenario.DEFAULT_SOK_OPTIONS
+        choices = undefined | sok_choices
+        return Response(choices)
+
     @action(detail=False, name="Get risk count per level")
     def count_per_level(self, request):
         return Response({"results": risks_count_per_level(request.user)})
@@ -766,10 +789,10 @@ class UserFilter(df.FilterSet):
     is_approver = df.BooleanFilter(method="filter_approver", label="Approver")
 
     def filter_approver(self, queryset, name, value):
-        """ we don't know yet which folders will be used, so filter on any folder"""
+        """we don't know yet which folders will be used, so filter on any folder"""
         approvers_id = []
         for candidate in User.objects.all():
-            if 'approve_riskacceptance' in candidate.permissions:
+            if "approve_riskacceptance" in candidate.permissions:
                 approvers_id.append(candidate.id)
         if value:
             return queryset.filter(id__in=approvers_id)

backend/library/libraries/critical_matrix_3x3.yaml

@@ -8,50 +8,63 @@ provider: intuitem
 packager: intuitem
 objects:
   risk_matrix:
-  - urn: urn:intuitem:risk:matrix:critical_risk_matrix_3x3
-    ref_id: critical_3x3
-    name: critical 3x3
-    description: critical risk matrix 3x3
-    probability:
-    - abbreviation: L
-      name: Low
-      description: Unfrequent event
-    - abbreviation: M
-      name: Medium
-      description: Occasional event
-    - abbreviation: H
-      name: High
-      description: Frequent event
-    impact:
-    - abbreviation: L
-      name: Low
-      description: Low impact
-    - abbreviation: M
-      name: Medium
-      description: Medium impact
-    - abbreviation: H
-      name: High
-      description: High impact
-    risk:
-    - abbreviation: L
-      name: Low
-      description: acceptable risk
-      hexcolor: "#00FF00"
-    - abbreviation: M
-      name: Medium
-      description: risk requiring mitigation within 2 years
-      hexcolor: "#FFFF00"
-    - abbreviation: H
-      name: High
-      description: unacceptable risk
-      hexcolor: "#FF0000"
-    grid:
-    - - 0
-      - 1
-      - 1
-    - - 1
-      - 1
-      - 2
-    - - 1
-      - 2
-      - 2
+    - urn: urn:intuitem:risk:matrix:critical_risk_matrix_3x3
+      ref_id: critical_3x3
+      name: critical 3x3
+      description: critical risk matrix 3x3
+      probability:
+        - abbreviation: L
+          name: Low
+          description: Unfrequent event
+        - abbreviation: M
+          name: Medium
+          description: Occasional event
+        - abbreviation: H
+          name: High
+          description: Frequent event
+      impact:
+        - abbreviation: L
+          name: Low
+          description: Low impact
+        - abbreviation: M
+          name: Medium
+          description: Medium impact
+        - abbreviation: H
+          name: High
+          description: High impact
+      risk:
+        - abbreviation: L
+          name: Low
+          description: acceptable risk
+          hexcolor: "#00FF00"
+        - abbreviation: M
+          name: Medium
+          description: risk requiring mitigation within 2 years
+          hexcolor: "#FFFF00"
+        - abbreviation: H
+          name: High
+          description: unacceptable risk
+          hexcolor: "#FF0000"
+      grid:
+        - - 0
+          - 1
+          - 1
+        - - 1
+          - 1
+          - 2
+        - - 1
+          - 2
+          - 2
+      strength_of_knowledge:
+        - name: Low
+          description: Low strength of knowledge
+          symbol: ◔
+        - name: Medium
+          description: Medium strength of knowledge
+          symbol: ◑
+        - name: High
+          description: High strength of knowledge
+          symbol: ◕
+        - name: Very high
+          description: Very high strength of knowledge
+          symbol: ●