From b95b533a467bf13c028367ddd26fdaa9b73195b0 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 14:36:34 +0200
Subject: [PATCH 01/37] Write first implementation of
 RequirementAssessment.create_applied_controls_from_suggestions

---
 backend/core/models.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/backend/core/models.py b/backend/core/models.py
index b2ca68536..fc67d69d2 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -2581,6 +2581,33 @@ def infer_result(
                 return (RequirementAssessment.Result.NON_COMPLIANT, None)
         return (None, None)
 
+    def create_applied_controls_from_suggestions(self) -> list[AppliedControl]:
+        applied_controls: list[AppliedControl] = []
+        for reference_control in self.requirement.reference_controls.all():
+            try:
+                # TODO: handle name unicity in scope
+                _name = reference_control.name or reference_control.ref_id
+                applied_control = AppliedControl.objects.create(
+                    name=_name,
+                    folder=self.folder,
+                    reference_control=reference_control,
+                    category=reference_control.category,
+                    description=reference_control.description,
+                )
+                logger.info(
+                    "Successfully created applied control from reference_control",
+                    applied_control=applied_control,
+                    reference_control=reference_control,
+                )
+                applied_controls.append(applied_control)
+            except Exception as e:
+                logger.error(
+                    "An error occurred while creating applied control from reference control",
+                    reference_control=reference_control,
+                    exc_info=e,
+                )
+        return applied_controls
+
     class Meta:
         verbose_name = _("Requirement assessment")
         verbose_name_plural = _("Requirement assessments")

From e6329e72d623155f7fba934d27eb9ae133336b22 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 14:52:17 +0200
Subject: [PATCH 02/37] Skip applied control creation if it already exists

---
 backend/core/models.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/backend/core/models.py b/backend/core/models.py
index fc67d69d2..916ea557b 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -2587,18 +2587,25 @@ def create_applied_controls_from_suggestions(self) -> list[AppliedControl]:
             try:
                 # TODO: handle name unicity in scope
                 _name = reference_control.name or reference_control.ref_id
-                applied_control = AppliedControl.objects.create(
+                applied_control, created = AppliedControl.objects.get_or_create(
                     name=_name,
                     folder=self.folder,
                     reference_control=reference_control,
                     category=reference_control.category,
                     description=reference_control.description,
                 )
-                logger.info(
-                    "Successfully created applied control from reference_control",
-                    applied_control=applied_control,
-                    reference_control=reference_control,
-                )
+                if created:
+                    logger.info(
+                        "Successfully created applied control from reference_control",
+                        applied_control=applied_control,
+                        reference_control=reference_control,
+                    )
+                else:
+                    logger.info(
+                        "Applied control already exists, skipping creation and using existing one",
+                        applied_control=applied_control,
+                        reference_control=reference_control,
+                    )
                 applied_controls.append(applied_control)
             except Exception as e:
                 logger.error(

From e74034a188a81c39d8eb69b2c2bc4204b707e5b4 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 14:52:52 +0200
Subject: [PATCH 03/37] Serialize create_applied_controls_from_suggestions
 boolean field

---
 backend/core/serializers.py | 3 +++
 backend/core/views.py       | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/backend/core/serializers.py b/backend/core/serializers.py
index d23ded61c..1842aa2d8 100644
--- a/backend/core/serializers.py
+++ b/backend/core/serializers.py
@@ -559,6 +559,9 @@ class ComplianceAssessmentWriteSerializer(BaseModelSerializer):
         required=False,
         allow_null=True,
     )
+    create_applied_controls_from_suggestions = serializers.BooleanField(
+        write_only=True, required=False, default=False
+    )
 
     def create(self, validated_data: Any):
         return super().create(validated_data)
diff --git a/backend/core/views.py b/backend/core/views.py
index 501f584dd..a8a0ed6ae 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1661,6 +1661,9 @@ def perform_create(self, serializer):
         Create RequirementAssessment objects for the newly created ComplianceAssessment
         """
         baseline = serializer.validated_data.pop("baseline", None)
+        create_applied_controls = serializer.validated_data.pop(
+            "create_applied_controls_from_suggestions", False
+        )
         instance: ComplianceAssessment = serializer.save()
         instance.create_requirement_assessments(baseline)
         if baseline and baseline.framework != instance.framework:
@@ -1688,6 +1691,9 @@ def perform_create(self, serializer):
                     ]
                 )
                 requirement_assessment.save()
+        if create_applied_controls:
+            for requirement_assessment in instance.requirement_assessments.all():
+                requirement_assessment.create_applied_controls_from_suggestions()
 
     @action(detail=False, name="Compliance assessments per status")
     def per_status(self, request):

From 8f68b0dd22b57932289dac7771a06fc4031310b3 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 15:29:06 +0200
Subject: [PATCH 04/37] Set requirement assessment applied controls after
 creating or getting them

---
 backend/core/models.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/core/models.py b/backend/core/models.py
index 916ea557b..f3ade3331 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -2613,6 +2613,8 @@ def create_applied_controls_from_suggestions(self) -> list[AppliedControl]:
                     reference_control=reference_control,
                     exc_info=e,
                 )
+                continue
+        self.applied_controls.set(applied_controls)
         return applied_controls
 
     class Meta:

From 27f2aac5d1c3e51a077738a5c8313e9cb1205504 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 15:29:22 +0200
Subject: [PATCH 05/37] Implement create_applied_controls_from_suggestions
 field in UI

---
 frontend/messages/en.json                                | 4 +++-
 .../Forms/ModelForm/ComplianceAssessmentForm.svelte      | 9 +++++++++
 frontend/src/lib/utils/schemas.ts                        | 1 +
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 1e469a5ef..cf879d260 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -739,5 +739,7 @@
 	"nameDuplicate": "Name already exists",
 	"noAnswer": "No answer",
 	"successfullyUpdatedClientSettings": "Client settings successfully updated, please refresh the page.",
-	"xRaysEmptyMessage": "You have to create at least one project to use X-rays."
+	"xRaysEmptyMessage": "You have to create at least one project to use X-rays.",
+	"createAppliedControlsFromSuggestions": "Create applied controls from suggestions",
+	"createAppliedControlsFromSuggestionsHelpText": "Create applied controls from the framework's requirements' suggested reference controls"
 }
diff --git a/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
index 5d3fd22ae..70b0fa891 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
@@ -7,6 +7,7 @@
 	import type { SuperValidated } from 'sveltekit-superforms';
 	import type { ModelInfo, CacheLock } from '$lib/utils/types';
 	import * as m from '$paraglide/messages.js';
+	import Checkbox from '../Checkbox.svelte';
 
 	export let form: SuperValidated<any>;
 	export let model: ModelInfo;
@@ -130,3 +131,11 @@
 	cacheLock={cacheLocks['observation']}
 	bind:cachedValue={formDataCache['observation']}
 />
+<Checkbox
+	{form}
+	field="create_applied_controls_from_suggestions"
+	label={m.createAppliedControlsFromSuggestions()}
+	helpText={m.createAppliedControlsFromSuggestionsHelpText()}
+	cacheLock={cacheLocks['create_applied_controls_from_suggestions']}
+	bind:cachedValue={formDataCache['create_applied_controls_from_suggestions']}
+/>
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 176d1e429..9ae54d643 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -222,6 +222,7 @@ export const ComplianceAssessmentSchema = baseNamedObject({
 	authors: z.array(z.string().optional()).optional(),
 	reviewers: z.array(z.string().optional()).optional(),
 	baseline: z.string().optional().nullable(),
+	create_applied_controls_from_suggestions: z.boolean().optional().default(false),
 	observation: z.string().optional().nullable()
 });
 

From 3d73a4ccf4ada854f6bdc091069667bc1451860f Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 16:22:06 +0200
Subject: [PATCH 06/37] Only display create_applied_controls_from_suggestions
 on create form

---
 .../ModelForm/ComplianceAssessmentForm.svelte  | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
index 70b0fa891..41d42cb05 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
@@ -131,11 +131,13 @@
 	cacheLock={cacheLocks['observation']}
 	bind:cachedValue={formDataCache['observation']}
 />
-<Checkbox
-	{form}
-	field="create_applied_controls_from_suggestions"
-	label={m.createAppliedControlsFromSuggestions()}
-	helpText={m.createAppliedControlsFromSuggestionsHelpText()}
-	cacheLock={cacheLocks['create_applied_controls_from_suggestions']}
-	bind:cachedValue={formDataCache['create_applied_controls_from_suggestions']}
-/>
+{#if context === 'create'}
+	<Checkbox
+		{form}
+		field="create_applied_controls_from_suggestions"
+		label={m.createAppliedControlsFromSuggestions()}
+		helpText={m.createAppliedControlsFromSuggestionsHelpText()}
+		cacheLock={cacheLocks['create_applied_controls_from_suggestions']}
+		bind:cachedValue={formDataCache['create_applied_controls_from_suggestions']}
+	/>
+{/if}

From 8943e3e936cdcff79e681155d2063a9a680f614e Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 16:23:22 +0200
Subject: [PATCH 07/37] Display a loading placeholder while RecursiveTreeView
 component is being mounted

This greatly reduces the First Contentful Paint and Blocking Time of the
compliance assessment detail page.
---
 .../components/TreeView/RecursiveTreeView.svelte    | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/frontend/src/lib/components/TreeView/RecursiveTreeView.svelte b/frontend/src/lib/components/TreeView/RecursiveTreeView.svelte
index f5c7a1381..b99031fbd 100644
--- a/frontend/src/lib/components/TreeView/RecursiveTreeView.svelte
+++ b/frontend/src/lib/components/TreeView/RecursiveTreeView.svelte
@@ -1,9 +1,9 @@
 <script lang="ts">
-	import { createEventDispatcher, setContext } from 'svelte';
+	import { createEventDispatcher, onMount, setContext } from 'svelte';
 
 	// Types
-	import type { CssClasses, TreeViewNode } from '@skeletonlabs/skeleton';
 	import RecursiveTreeViewItem from '$lib/components/TreeView/RecursiveTreeViewItem.svelte';
+	import type { CssClasses, TreeViewNode } from '@skeletonlabs/skeleton';
 
 	// Props (parent)
 	/** Enable tree-view selection. */
@@ -112,6 +112,11 @@
 
 	// Reactive
 	$: classesBase = `${width} ${spacing} ${$$props.class ?? ''}`;
+
+	let mounted = false;
+	onMount(() => {
+		mounted = true;
+	});
 </script>
 
 <div
@@ -122,7 +127,7 @@
 	aria-label={labelledby}
 	aria-disabled={disabled}
 >
-	{#if nodes && nodes.length > 0}
+	{#if mounted && nodes && nodes.length > 0}
 		<RecursiveTreeViewItem
 			{nodes}
 			bind:expandedNodes
@@ -132,5 +137,7 @@
 			on:click={onClick}
 			on:toggle={onToggle}
 		/>
+	{:else}
+		<div class="placeholder animate-pulse"></div>
 	{/if}
 </div>

From 34c6987caa07a278d329ca09b278f0f21bad7c35 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 19:01:10 +0200
Subject: [PATCH 08/37] Write create_suffested_applied_controls action

---
 backend/core/views.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/backend/core/views.py b/backend/core/views.py
index a8a0ed6ae..cdfd27355 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1825,6 +1825,18 @@ def donut_data(self, request, pk):
         compliance_assessment = ComplianceAssessment.objects.get(id=pk)
         return Response(compliance_assessment.donut_render())
 
+    @action(
+        detail=True,
+        methods=["post"],
+        url_path="suggestions/applied-controls",
+    )
+    def create_suggested_applied_controls(self, request, pk):
+        compliance_assessment = self.get_object()
+        requirement_assessments = compliance_assessment.requirement_assessments.all()
+        for requirement_assessment in requirement_assessments:
+            requirement_assessment.create_applied_controls_from_suggestions()
+        return Response(status=status.HTTP_200_OK)
+
 
 class RequirementAssessmentViewSet(BaseModelViewSet):
     """

From d216d47c75e2ec4ec124cc4fff5c37636f51cd4e Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 19:03:21 +0200
Subject: [PATCH 09/37] Allow creating suggested controls from an existing
 audit

---
 frontend/messages/en.json                     |  4 ++-
 .../[id=uuid]/+page.svelte                    | 27 ++++++++++++++++++
 .../suggestions/applied-controls/+server.ts   | 28 +++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/suggestions/applied-controls/+server.ts

diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index cf879d260..f315df2c8 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -741,5 +741,7 @@
 	"successfullyUpdatedClientSettings": "Client settings successfully updated, please refresh the page.",
 	"xRaysEmptyMessage": "You have to create at least one project to use X-rays.",
 	"createAppliedControlsFromSuggestions": "Create applied controls from suggestions",
-	"createAppliedControlsFromSuggestionsHelpText": "Create applied controls from the framework's requirements' suggested reference controls"
+	"createAppliedControlsFromSuggestionsHelpText": "Create applied controls from the framework's requirements' suggested reference controls",
+	"createAppliedControlsFromSuggestionsSuccess": "Applied controls successfully created from the suggested reference controls",
+	"createAppliedControlsFromSuggestionsError": "An error occured while creating applied controls from the suggested reference controls"
 }
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index aad68ae6e..7dc9f4d7c 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -174,6 +174,25 @@
 		};
 		modalStore.trigger(modal);
 	}
+
+	async function createAppliedControlsFromSuggestions() {
+		const response = await fetch(
+			`/compliance-assessments/${data.compliance_assessment.id}/suggestions/applied-controls`,
+			{
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json'
+				}
+			}
+		);
+		toastStore.trigger({
+			message: response.ok
+				? m.createAppliedControlsFromSuggestionsSuccess()
+				: m.createAppliedControlsFromSuggestionsError(),
+			background: response.ok ? 'variant-filled-success' : 'variant-filled-error'
+		});
+		return;
+	}
 </script>
 
 <div class="flex flex-col space-y-4 whitespace-pre-line">
@@ -343,6 +362,14 @@
 					><i class="fa-solid fa-diagram-project mr-2" /> {m.mapping()}
 				</button>
 			{/if}
+			{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}
+				<button
+					class="btn text-gray-100 bg-gradient-to-l from-pink-500 to-tertiary-500 h-fit whitespace-normal"
+					on:click={(_) => createAppliedControlsFromSuggestions()}
+					><i class="fa-solid fa-fire-extinguisher mr-2" />
+					{m.createAppliedControlsFromSuggestions()}
+				</button>
+			{/if}
 		</div>
 	</div>
 	{#if !$page.data.user.is_third_party}
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/suggestions/applied-controls/+server.ts b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/suggestions/applied-controls/+server.ts
new file mode 100644
index 000000000..26851da6a
--- /dev/null
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/suggestions/applied-controls/+server.ts
@@ -0,0 +1,28 @@
+import { BASE_API_URL } from '$lib/utils/constants';
+import type { RequestHandler } from './$types';
+
+export const POST: RequestHandler = async (event) => {
+	const requestInitOptions: RequestInit = {
+		method: 'POST'
+	};
+
+	const endpoint = `${BASE_API_URL}/compliance-assessments/${event.params.id}/suggestions/applied-controls/`;
+	const res = await event.fetch(endpoint, requestInitOptions);
+
+	if (!res.ok) {
+		const response = await res.json();
+		console.error(response);
+		return new Response(JSON.stringify(response), {
+			status: res.status,
+			headers: {
+				'Content-Type': 'application/json'
+			}
+		});
+	}
+
+	return new Response(null, {
+		headers: {
+			'Content-Type': 'application/json'
+		}
+	});
+};

From 01ea960b3e3ba5d9da5f27f1ddcb08d6da05c69a Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 23:34:46 +0200
Subject: [PATCH 10/37] PoC: Create suggested controls from requirement
 assessment edit

---
 backend/core/urls.py                          |  4 ++
 backend/core/views.py                         | 41 +++++++++++--------
 .../[id=uuid]/edit/+page.svelte               | 33 ++++++++++++++-
 .../suggestions/applied-controls/+server.ts   | 28 +++++++++++++
 4 files changed, 87 insertions(+), 19 deletions(-)
 create mode 100644 frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/suggestions/applied-controls/+server.ts

diff --git a/backend/core/urls.py b/backend/core/urls.py
index eb8b57965..d4e198b0a 100644
--- a/backend/core/urls.py
+++ b/backend/core/urls.py
@@ -90,6 +90,10 @@
     ),  # NOTE: This has to be placed before the allauth urls, otherwise our ACS implementation will not be used
     path("accounts/", include("allauth.urls")),
     path("_allauth/", include("allauth.headless.urls")),
+    path(
+        "requirement-assessments/<uuid:pk>/suggestions/applied-controls/",
+        RequirementAssessmentViewSet.create_suggested_applied_controls,
+    ),
 ]
 
 # Additional modules take precedence over the default modules
diff --git a/backend/core/views.py b/backend/core/views.py
index cdfd27355..c4c419766 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1,44 +1,37 @@
 import csv
-import importlib
 import mimetypes
 import re
 import tempfile
 import uuid
 import zipfile
-from datetime import datetime
+from datetime import date, datetime, timedelta
 from typing import Any, Tuple
 from uuid import UUID
-from datetime import date, timedelta
 
 import django_filters as df
-from ciso_assistant.settings import (
-    BUILD,
-    VERSION,
-)
-
-from django.utils.decorators import method_decorator
-from django.views.decorators.cache import cache_page
-from django.views.decorators.vary import vary_on_cookie, vary_on_headers
-from django.core.cache import cache
-
+from django.conf import settings
 from django.contrib.auth.models import Permission
+from django.core.cache import cache
 from django.core.files.storage import default_storage
 from django.db import models
 from django.forms import ValidationError
 from django.http import FileResponse, HttpResponse
 from django.middleware import csrf
 from django.template.loader import render_to_string
+from django.utils.decorators import method_decorator
 from django.utils.functional import Promise
-from django.utils import translation
+from django.views.decorators.cache import cache_page
+from django.views.decorators.vary import vary_on_cookie
 from django_filters.rest_framework import DjangoFilterBackend
-from iam.models import Folder, RoleAssignment, User, UserGroup
 from rest_framework import filters, permissions, status, viewsets
 from rest_framework.decorators import (
     action,
     api_view,
     permission_classes,
+    renderer_classes,
 )
 from rest_framework.parsers import FileUploadParser
+from rest_framework.renderers import JSONRenderer
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_403_FORBIDDEN
@@ -46,21 +39,23 @@
 from rest_framework.views import APIView
 from weasyprint import HTML
 
+from ciso_assistant.settings import (
+    BUILD,
+    VERSION,
+)
 from core.helpers import *
 from core.models import (
     AppliedControl,
     ComplianceAssessment,
     RequirementMappingSet,
-    ReferentialObjectMixin,
 )
 from core.serializers import ComplianceAssessmentReadSerializer
 from core.utils import RoleCodename, UserGroupCodename
+from iam.models import Folder, RoleAssignment, User, UserGroup
 
 from .models import *
 from .serializers import *
 
-from django.conf import settings
-
 User = get_user_model()
 
 SHORT_CACHE_TTL = 2  # mn
@@ -1927,6 +1922,16 @@ def status(self, request):
     def result(self, request):
         return Response(dict(RequirementAssessment.Result.choices))
 
+    @staticmethod
+    @api_view(["POST"])
+    @renderer_classes([JSONRenderer])
+    def create_suggested_applied_controls(request, pk):
+        if request.method == "POST":
+            requirement_assessment = RequirementAssessment.objects.get(id=pk)
+            requirement_assessment.create_applied_controls_from_suggestions()
+            return Response(status=status.HTTP_200_OK)
+        return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
+
 
 class RequirementMappingSetViewSet(BaseModelViewSet):
     model = RequirementMappingSet
diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index 926160ef4..2f44a573f 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -43,6 +43,7 @@
 	import { getRequirementTitle } from '$lib/utils/helpers';
 	import { zod } from 'sveltekit-superforms/adapters';
 	import Question from '$lib/components/Forms/Question.svelte';
+	import { invalidateAll } from '$app/navigation';
 
 	function cancel(): void {
 		var currentUrl = window.location.href;
@@ -126,6 +127,25 @@
 		}
 	}
 
+	async function createAppliedControlsFromSuggestions() {
+		const response = await fetch(
+			`/requirement-assessments/${data.requirementAssessment.id}/suggestions/applied-controls`,
+			{
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json'
+				}
+			}
+		);
+		toastStore.trigger({
+			message: response.ok
+				? m.createAppliedControlsFromSuggestionsSuccess()
+				: m.createAppliedControlsFromSuggestionsError(),
+			background: response.ok ? 'variant-filled-success' : 'variant-filled-error'
+		});
+		invalidateAll();
+	}
+
 	let { form: measureCreateForm, message: measureCreateMessage } = {
 		form: {},
 		message: {}
@@ -339,7 +359,18 @@
 							<div
 								class="h-full flex flex-col space-y-2 variant-outline-surface rounded-container-token p-4"
 							>
-								<span class="flex flex-row justify-end items-center">
+								<span class="flex flex-row justify-end items-center space-x-2">
+									{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}
+										<button
+											class="btn text-gray-100 bg-gradient-to-l from-pink-500 to-tertiary-500 h-fit whitespace-normal"
+											on:click={(e) => {
+												e.preventDefault();
+												createAppliedControlsFromSuggestions();
+											}}
+											><i class="fa-solid fa-fire-extinguisher mr-2" />
+											{m.createAppliedControlsFromSuggestions()}
+										</button>
+									{/if}
 									<button
 										class="btn variant-filled-primary self-end"
 										on:click={modalMeasureCreateForm}
diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/suggestions/applied-controls/+server.ts b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/suggestions/applied-controls/+server.ts
new file mode 100644
index 000000000..999617170
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/suggestions/applied-controls/+server.ts
@@ -0,0 +1,28 @@
+import { BASE_API_URL } from '$lib/utils/constants';
+import type { RequestHandler } from './$types';
+
+export const POST: RequestHandler = async (event) => {
+	const requestInitOptions: RequestInit = {
+		method: 'POST'
+	};
+
+	const endpoint = `${BASE_API_URL}/requirement-assessments/${event.params.id}/suggestions/applied-controls/`;
+	const res = await event.fetch(endpoint, requestInitOptions);
+
+	if (!res.ok) {
+		const response = await res.text();
+		console.error(response);
+		return new Response(JSON.stringify(response), {
+			status: res.status,
+			headers: {
+				'Content-Type': 'application/json'
+			}
+		});
+	}
+
+	return new Response(null, {
+		headers: {
+			'Content-Type': 'application/json'
+		}
+	});
+};

From d5bf48aed658410b84705d7bcc995c3246a39484 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 25 Sep 2024 23:51:56 +0200
Subject: [PATCH 11/37] Give create_applied_controls_from_suggestions methods
 their own routes

---
 backend/core/urls.py  |  4 ++++
 backend/core/views.py | 12 +++++-------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/backend/core/urls.py b/backend/core/urls.py
index d4e198b0a..75cd024e3 100644
--- a/backend/core/urls.py
+++ b/backend/core/urls.py
@@ -94,6 +94,10 @@
         "requirement-assessments/<uuid:pk>/suggestions/applied-controls/",
         RequirementAssessmentViewSet.create_suggested_applied_controls,
     ),
+    path(
+        "compliance-assessments/<uuid:pk>/suggestions/applied-controls/",
+        ComplianceAssessmentViewSet.create_suggested_applied_controls,
+    ),
 ]
 
 # Additional modules take precedence over the default modules
diff --git a/backend/core/views.py b/backend/core/views.py
index c4c419766..2a8e423f8 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1820,13 +1820,11 @@ def donut_data(self, request, pk):
         compliance_assessment = ComplianceAssessment.objects.get(id=pk)
         return Response(compliance_assessment.donut_render())
 
-    @action(
-        detail=True,
-        methods=["post"],
-        url_path="suggestions/applied-controls",
-    )
-    def create_suggested_applied_controls(self, request, pk):
-        compliance_assessment = self.get_object()
+    @staticmethod
+    @api_view(["POST"])
+    @renderer_classes([JSONRenderer])
+    def create_suggested_applied_controls(request, pk):
+        compliance_assessment = ComplianceAssessment.objects.get(id=pk)
         requirement_assessments = compliance_assessment.requirement_assessments.all()
         for requirement_assessment in requirement_assessments:
             requirement_assessment.create_applied_controls_from_suggestions()

From aa71f534c98d0d50c5302104a426ac3ab7e04047 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 00:03:49 +0200
Subject: [PATCH 12/37] Implement RBAC for create_suggested_applied_controls
 methods

---
 backend/core/views.py | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/backend/core/views.py b/backend/core/views.py
index 2a8e423f8..fc6c21fd1 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1825,6 +1825,12 @@ def donut_data(self, request, pk):
     @renderer_classes([JSONRenderer])
     def create_suggested_applied_controls(request, pk):
         compliance_assessment = ComplianceAssessment.objects.get(id=pk)
+        if not RoleAssignment.is_access_allowed(
+            user=request.user,
+            perm=Permission.objects.get(codename="create_appliedcontrol"),
+            folder=compliance_assessment.folder,
+        ):
+            return Response(status=status.HTTP_403_FORBIDDEN)
         requirement_assessments = compliance_assessment.requirement_assessments.all()
         for requirement_assessment in requirement_assessments:
             requirement_assessment.create_applied_controls_from_suggestions()
@@ -1924,11 +1930,15 @@ def result(self, request):
     @api_view(["POST"])
     @renderer_classes([JSONRenderer])
     def create_suggested_applied_controls(request, pk):
-        if request.method == "POST":
-            requirement_assessment = RequirementAssessment.objects.get(id=pk)
-            requirement_assessment.create_applied_controls_from_suggestions()
-            return Response(status=status.HTTP_200_OK)
-        return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
+        requirement_assessment = RequirementAssessment.objects.get(id=pk)
+        if not RoleAssignment.is_access_allowed(
+            user=request.user,
+            perm=Permission.objects.get(codename="create_appliedcontrol"),
+            folder=requirement_assessment.folder,
+        ):
+            return Response(status=status.HTTP_403_FORBIDDEN)
+        requirement_assessment.create_applied_controls_from_suggestions()
+        return Response(status=status.HTTP_200_OK)
 
 
 class RequirementMappingSetViewSet(BaseModelViewSet):

From 9662b069e3e504b101c1d99e4cc1da54ff8d23ad Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 14:37:15 +0200
Subject: [PATCH 13/37] Change create applied controls from suggestions button
 style

---
 .../requirement-assessments/[id=uuid]/edit/+page.svelte         | 2 +-
 .../(third-party)/compliance-assessments/[id=uuid]/+page.svelte | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index 2f44a573f..9dadd951a 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -362,7 +362,7 @@
 								<span class="flex flex-row justify-end items-center space-x-2">
 									{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}
 										<button
-											class="btn text-gray-100 bg-gradient-to-l from-pink-500 to-tertiary-500 h-fit whitespace-normal"
+											class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
 											on:click={(e) => {
 												e.preventDefault();
 												createAppliedControlsFromSuggestions();
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index 7dc9f4d7c..cae5e9f99 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -364,7 +364,7 @@
 			{/if}
 			{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}
 				<button
-					class="btn text-gray-100 bg-gradient-to-l from-pink-500 to-tertiary-500 h-fit whitespace-normal"
+					class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
 					on:click={(_) => createAppliedControlsFromSuggestions()}
 					><i class="fa-solid fa-fire-extinguisher mr-2" />
 					{m.createAppliedControlsFromSuggestions()}

From 8f0cb4149ed34480b883711aeb88e986ac950f70 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 14:39:23 +0200
Subject: [PATCH 14/37] Display create applied controls from suggestions button
 only if requirement assessment has suggested controls

---
 .../requirement-assessments/[id=uuid]/edit/+page.svelte         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index 9dadd951a..1d8e453fc 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -360,7 +360,7 @@
 								class="h-full flex flex-col space-y-2 variant-outline-surface rounded-container-token p-4"
 							>
 								<span class="flex flex-row justify-end items-center space-x-2">
-									{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}
+									{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol') && reference_controls.length > 0}
 										<button
 											class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
 											on:click={(e) => {

From 74cf5962c956cefb1c0ee72f163ab6647e0f0525 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 15:15:02 +0200
Subject: [PATCH 15/37] Tidy unit tests

---
 backend/core/tests/fixtures.py    | 39 +++++++++++++++++++++++++++++++
 backend/core/tests/test_models.py | 34 +--------------------------
 2 files changed, 40 insertions(+), 33 deletions(-)
 create mode 100644 backend/core/tests/fixtures.py

diff --git a/backend/core/tests/fixtures.py b/backend/core/tests/fixtures.py
new file mode 100644
index 000000000..d21220d3f
--- /dev/null
+++ b/backend/core/tests/fixtures.py
@@ -0,0 +1,39 @@
+import pytest
+
+from core.models import (
+    Project,
+    StoredLibrary,
+)
+from iam.models import Folder
+
+
+@pytest.fixture
+def domain_project_fixture():
+    folder = Folder.objects.create(
+        name="test folder", description="test folder description"
+    )
+    project = Project.objects.create(name="test project", folder=folder)
+    return project
+
+
+@pytest.fixture
+def risk_matrix_fixture():
+    library = StoredLibrary.objects.filter(
+        urn="urn:intuitem:risk:library:critical_risk_matrix_5x5"
+    ).last()
+    assert library is not None
+    library.load()
+
+
+@pytest.fixture
+def iso27001_csf1_1_frameworks_fixture():
+    iso27001_library = StoredLibrary.objects.get(
+        urn="urn:intuitem:risk:library:iso27001-2022", locale="en"
+    )
+    assert iso27001_library is not None
+    iso27001_library.load()
+    csf_1_1_library = StoredLibrary.objects.get(
+        urn="urn:intuitem:risk:library:nist-csf-1.1", locale="en"
+    )
+    assert csf_1_1_library is not None
+    csf_1_1_library.load()
diff --git a/backend/core/tests/test_models.py b/backend/core/tests/test_models.py
index 4cdbb84fa..1478c7cf9 100644
--- a/backend/core/tests/test_models.py
+++ b/backend/core/tests/test_models.py
@@ -18,7 +18,6 @@
     Evidence,
     RiskAcceptance,
     Asset,
-    StoredLibrary,
     Threat,
     RiskMatrix,
     LoadedLibrary,
@@ -28,43 +27,12 @@
 from django.core.files.uploadedfile import SimpleUploadedFile
 from iam.models import Folder
 
+
 User = get_user_model()
 
 SAMPLE_640x480_JPG = BASE_DIR / "app_tests" / "sample_640x480.jpg"
 
 
-@pytest.fixture
-def domain_project_fixture():
-    folder = Folder.objects.create(
-        name="test folder", description="test folder description"
-    )
-    project = Project.objects.create(name="test project", folder=folder)
-    return project
-
-
-@pytest.fixture
-def risk_matrix_fixture():
-    library = StoredLibrary.objects.filter(
-        urn="urn:intuitem:risk:library:critical_risk_matrix_5x5"
-    ).last()
-    assert library is not None
-    library.load()
-
-
-@pytest.fixture
-def iso27001_csf1_1_frameworks_fixture():
-    iso27001_library = StoredLibrary.objects.get(
-        urn="urn:intuitem:risk:library:iso27001-2022", locale="en"
-    )
-    assert iso27001_library is not None
-    iso27001_library.load()
-    csf_1_1_library = StoredLibrary.objects.get(
-        urn="urn:intuitem:risk:library:nist-csf-1.1", locale="en"
-    )
-    assert csf_1_1_library is not None
-    csf_1_1_library.load()
-
-
 @pytest.mark.django_db
 class TestEvidence:
     pytestmark = pytest.mark.django_db

From e7fbd805163fca03673efe70b85fbae5e66ecd90 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 15:15:15 +0200
Subject: [PATCH 16/37] Write unit test for
 create_applied_controls_from_suggestions

---
 backend/core/tests/__init__.py                |  0
 .../core/tests/test_requirement_assessment.py | 55 +++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 backend/core/tests/__init__.py
 create mode 100644 backend/core/tests/test_requirement_assessment.py

diff --git a/backend/core/tests/__init__.py b/backend/core/tests/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/core/tests/test_requirement_assessment.py b/backend/core/tests/test_requirement_assessment.py
new file mode 100644
index 000000000..5ab724a5b
--- /dev/null
+++ b/backend/core/tests/test_requirement_assessment.py
@@ -0,0 +1,55 @@
+import pytest
+from django.contrib.auth import get_user_model
+from core.models import (
+    StoredLibrary,
+    Framework,
+    ComplianceAssessment,
+    Project,
+    RequirementAssessment,
+)
+from iam.models import Folder
+
+from .fixtures import *
+
+User = get_user_model()
+
+
+@pytest.fixture
+def enisa_5g_scm_framework_fixture():
+    enisa_5g_scm_library = StoredLibrary.objects.get(
+        urn="urn:intuitem:risk:library:enisa-5g-scm-v1.3", locale="en"
+    )
+    assert enisa_5g_scm_library is not None
+    enisa_5g_scm_library.load()
+
+
+@pytest.mark.django_db
+class TestRequirementAssessment:
+    @pytest.mark.usefixtures("domain_project_fixture", "enisa_5g_scm_framework_fixture")
+    def test_create_applied_controls_from_suggestions(self):
+        enisa_5g_scm = Framework.objects.first()
+        compliance_assessment = ComplianceAssessment.objects.create(
+            name="test compliance assessment",
+            framework=enisa_5g_scm,
+            folder=Folder.objects.filter(
+                content_type=Folder.ContentType.DOMAIN
+            ).first(),
+            project=Project.objects.first(),
+        )
+
+        requirement_assessments: list[
+            RequirementAssessment
+        ] = compliance_assessment.create_requirement_assessments()
+        assert requirement_assessments is not None
+        assert len(requirement_assessments) > 0
+
+        for requirement_assessment in requirement_assessments:
+            requirement_assessment.create_applied_controls_from_suggestions()
+            if len(requirement_assessment.requirement.reference_controls.all()) > 0:
+                assert requirement_assessment.applied_controls.all() is not None
+                assert len(requirement_assessment.applied_controls.all()) > 0
+                for control in requirement_assessment.applied_controls.all():
+                    assert (
+                        control.reference_control
+                        in requirement_assessment.requirement.reference_controls.all()
+                    )

From 252ac29a8cd861b93aceec5014b78cf56a5a8e1d Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 15:15:26 +0200
Subject: [PATCH 17/37] Type create_requirement_assessments method

---
 backend/core/models.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/core/models.py b/backend/core/models.py
index f3ade3331..79ea78385 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -2080,7 +2080,9 @@ def save(self, *args, **kwargs) -> None:
             self.scores_definition = self.framework.scores_definition
         super().save(*args, **kwargs)
 
-    def create_requirement_assessments(self, baseline: Self | None = None):
+    def create_requirement_assessments(
+        self, baseline: Self | None = None
+    ) -> list["RequirementAssessment"]:
         requirements = RequirementNode.objects.filter(framework=self.framework)
         requirement_assessments = []
         for requirement in requirements:

From 97e7c7256a6348c4a6f29d6629b1d2e971e53853 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 17:24:02 +0200
Subject: [PATCH 18/37] Update unit test for
 create_applied_controls_from_suggestions

---
 .../core/tests/test_requirement_assessment.py | 32 ++++++++++++++-----
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/backend/core/tests/test_requirement_assessment.py b/backend/core/tests/test_requirement_assessment.py
index 5ab724a5b..36591f82a 100644
--- a/backend/core/tests/test_requirement_assessment.py
+++ b/backend/core/tests/test_requirement_assessment.py
@@ -45,11 +45,27 @@ def test_create_applied_controls_from_suggestions(self):
 
         for requirement_assessment in requirement_assessments:
             requirement_assessment.create_applied_controls_from_suggestions()
-            if len(requirement_assessment.requirement.reference_controls.all()) > 0:
-                assert requirement_assessment.applied_controls.all() is not None
-                assert len(requirement_assessment.applied_controls.all()) > 0
-                for control in requirement_assessment.applied_controls.all():
-                    assert (
-                        control.reference_control
-                        in requirement_assessment.requirement.reference_controls.all()
-                    )
+
+            if len(requirement_assessment.requirement.reference_controls.all()) == 0:
+                assert requirement_assessment.applied_controls.all().count() == 0
+                return
+
+            assert requirement_assessment.applied_controls.all() is not None
+            assert len(requirement_assessment.applied_controls.all()) > 0
+            for control in requirement_assessment.applied_controls.all():
+                assert (
+                    control.reference_control
+                    in requirement_assessment.requirement.reference_controls.all()
+                )
+
+            # NOTE: running create_applied_controls_from_suggestions agani MUST not create
+            # any new applied control.
+
+            applied_controls_count: int = (
+                requirement_assessment.applied_controls.all().count()
+            )
+            requirement_assessment.create_applied_controls_from_suggestions()
+            assert (
+                requirement_assessment.applied_controls.all().count()
+                == applied_controls_count
+            )

From d662eeacf213b823d5c811aa39b994991519154a Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 17:40:39 +0200
Subject: [PATCH 19/37] Fix add_appliedcontrol permission codename

---
 backend/core/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/core/views.py b/backend/core/views.py
index fc6c21fd1..6af9f6117 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1827,7 +1827,7 @@ def create_suggested_applied_controls(request, pk):
         compliance_assessment = ComplianceAssessment.objects.get(id=pk)
         if not RoleAssignment.is_access_allowed(
             user=request.user,
-            perm=Permission.objects.get(codename="create_appliedcontrol"),
+            perm=Permission.objects.get(codename="add_appliedcontrol"),
             folder=compliance_assessment.folder,
         ):
             return Response(status=status.HTTP_403_FORBIDDEN)
@@ -1933,7 +1933,7 @@ def create_suggested_applied_controls(request, pk):
         requirement_assessment = RequirementAssessment.objects.get(id=pk)
         if not RoleAssignment.is_access_allowed(
             user=request.user,
-            perm=Permission.objects.get(codename="create_appliedcontrol"),
+            perm=Permission.objects.get(codename="add_appliedcontrol"),
             folder=requirement_assessment.folder,
         ):
             return Response(status=status.HTTP_403_FORBIDDEN)

From 29dabc24ac9febabfed2e27a07119695f291786e Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 17:40:52 +0200
Subject: [PATCH 20/37] Add loading spinner while applied controls are being
 created

---
 .../[id=uuid]/edit/+page.svelte               | 21 +++++++++++++++++--
 .../[id=uuid]/+page.svelte                    | 13 +++++++++++-
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index 1d8e453fc..acd0f88c9 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -31,7 +31,8 @@
 		type ModalComponent,
 		type ModalSettings,
 		type ModalStore,
-		type ToastStore
+		type ToastStore,
+		ProgressRadial
 	} from '@skeletonlabs/skeleton';
 	import { superForm } from 'sveltekit-superforms';
 
@@ -127,7 +128,10 @@
 		}
 	}
 
+	$: createAppliedControlsLoading = false;
+
 	async function createAppliedControlsFromSuggestions() {
+		createAppliedControlsLoading = true;
 		const response = await fetch(
 			`/requirement-assessments/${data.requirementAssessment.id}/suggestions/applied-controls`,
 			{
@@ -137,6 +141,7 @@
 				}
 			}
 		);
+		createAppliedControlsLoading = false;
 		toastStore.trigger({
 			message: response.ok
 				? m.createAppliedControlsFromSuggestionsSuccess()
@@ -367,7 +372,19 @@
 												e.preventDefault();
 												createAppliedControlsFromSuggestions();
 											}}
-											><i class="fa-solid fa-fire-extinguisher mr-2" />
+										>
+											<span class="mr-2">
+												{#if createAppliedControlsLoading}
+													<ProgressRadial
+														class="-ml-2"
+														width="w-6"
+														meter="stroke-white"
+														stroke={80}
+													/>
+												{:else}
+													<i class="fa-solid fa-fire-extinguisher" />
+												{/if}
+											</span>
 											{m.createAppliedControlsFromSuggestions()}
 										</button>
 									{/if}
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index cae5e9f99..ff719f9a8 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -175,7 +175,10 @@
 		modalStore.trigger(modal);
 	}
 
+	$: createAppliedControlsLoading = false;
+
 	async function createAppliedControlsFromSuggestions() {
+		createAppliedControlsLoading = true;
 		const response = await fetch(
 			`/compliance-assessments/${data.compliance_assessment.id}/suggestions/applied-controls`,
 			{
@@ -185,6 +188,7 @@
 				}
 			}
 		);
+		createAppliedControlsLoading = false;
 		toastStore.trigger({
 			message: response.ok
 				? m.createAppliedControlsFromSuggestionsSuccess()
@@ -366,7 +370,14 @@
 				<button
 					class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
 					on:click={(_) => createAppliedControlsFromSuggestions()}
-					><i class="fa-solid fa-fire-extinguisher mr-2" />
+				>
+					<span class="mr-2">
+						{#if createAppliedControlsLoading}
+							<ProgressRadial class="-ml-2" width="w-6" meter="stroke-white" stroke={80} />
+						{:else}
+							<i class="fa-solid fa-fire-extinguisher" />
+						{/if}
+					</span>
 					{m.createAppliedControlsFromSuggestions()}
 				</button>
 			{/if}

From ce93394ce290d558c7b99aefe6dfbb813f7c1658 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 17:41:47 +0200
Subject: [PATCH 21/37] chore: Run ruff format

---
 backend/core/tests/test_requirement_assessment.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/core/tests/test_requirement_assessment.py b/backend/core/tests/test_requirement_assessment.py
index 36591f82a..ceeb844ad 100644
--- a/backend/core/tests/test_requirement_assessment.py
+++ b/backend/core/tests/test_requirement_assessment.py
@@ -37,9 +37,9 @@ def test_create_applied_controls_from_suggestions(self):
             project=Project.objects.first(),
         )
 
-        requirement_assessments: list[
-            RequirementAssessment
-        ] = compliance_assessment.create_requirement_assessments()
+        requirement_assessments: list[RequirementAssessment] = (
+            compliance_assessment.create_requirement_assessments()
+        )
         assert requirement_assessments is not None
         assert len(requirement_assessments) > 0
 

From 7218136d5cba2d3307426af6ba4e87c467036ae0 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Thu, 26 Sep 2024 17:43:12 +0200
Subject: [PATCH 22/37] Remove done TODO

---
 backend/core/models.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/core/models.py b/backend/core/models.py
index 79ea78385..7ec691f45 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -2587,7 +2587,6 @@ def create_applied_controls_from_suggestions(self) -> list[AppliedControl]:
         applied_controls: list[AppliedControl] = []
         for reference_control in self.requirement.reference_controls.all():
             try:
-                # TODO: handle name unicity in scope
                 _name = reference_control.name or reference_control.ref_id
                 applied_control, created = AppliedControl.objects.get_or_create(
                     name=_name,

From 8426c55b8749c09403120836190f90007b0fda66 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 12:15:36 +0200
Subject: [PATCH 23/37] Import fixtures in test_models

---
 backend/core/tests/test_models.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/core/tests/test_models.py b/backend/core/tests/test_models.py
index 1478c7cf9..215fdbb3b 100644
--- a/backend/core/tests/test_models.py
+++ b/backend/core/tests/test_models.py
@@ -27,6 +27,8 @@
 from django.core.files.uploadedfile import SimpleUploadedFile
 from iam.models import Folder
 
+from .fixtures import *
+
 
 User = get_user_model()
 

From b71d536947519fd3f9007b9b05edfd7d6d1043f1 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 13:14:58 +0200
Subject: [PATCH 24/37] Re implement suggested applied controls creation using
 form action

---
 .../lib/components/Modals/ConfirmModal.svelte | 15 ++-
 .../[id=uuid]/edit/+page.server.ts            | 39 ++++++++
 .../[id=uuid]/edit/+page.svelte               | 65 +++++++-----
 .../[id=uuid]/+page.server.ts                 | 50 +++++++++-
 .../[id=uuid]/+page.svelte                    | 99 ++++++++-----------
 5 files changed, 173 insertions(+), 95 deletions(-)

diff --git a/frontend/src/lib/components/Modals/ConfirmModal.svelte b/frontend/src/lib/components/Modals/ConfirmModal.svelte
index 788a68b33..6e225e710 100644
--- a/frontend/src/lib/components/Modals/ConfirmModal.svelte
+++ b/frontend/src/lib/components/Modals/ConfirmModal.svelte
@@ -19,7 +19,12 @@
 	export let formAction: string;
 	import { superForm } from 'sveltekit-superforms';
 
-	const { form /*, message*/, enhance } = superForm(_form);
+	import SuperForm from '$lib/components/Forms/Form.svelte';
+
+	const { form, enhance } = superForm(_form, {
+		dataType: 'json',
+		id: 'confirm-modal-form'
+	});
 
 	// Base Classes
 	const cBase = 'card p-4 w-modal shadow-xl space-y-4';
@@ -35,15 +40,15 @@
 		<header class={cHeader}>{$modalStore[0].title ?? '(title missing)'}</header>
 		<article>{$modalStore[0].body ?? '(body missing)'}</article>
 		<!-- Enable for debugging: -->
-		<form method="POST" action={formAction} class="modal-form {cForm}" use:enhance>
+		<SuperForm dataType="json" action={formAction} data={_form} class="modal-form {cForm}">
 			<!-- prettier-ignore -->
 			<footer class="modal-footer {parent.regionFooter}">
         <button type="button" class="btn {parent.buttonNeutral}" on:click={parent.onClose}>{m.cancel()}</button>
         <input type="hidden" name="urlmodel" value={URLModel} />
         <input type="hidden" name="id" value={id} />
-        <button class="btn variant-filled-error" type="submit" on:click={parent.onClose}>{m.submit()}</button>
-    </footer>
-		</form>
+        <button class="btn variant-filled-error" type="submit" on:click={parent.onConfirm}>{m.submit()}</button>
+      </footer>
+		</SuperForm>
 		{#if debug === true}
 			<SuperDebug data={$form} />
 		{/if}
diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.server.ts b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.server.ts
index b8aef03fc..a6f9d3e3f 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.server.ts
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.server.ts
@@ -13,6 +13,7 @@ import { setFlash } from 'sveltekit-flash-message/server';
 import { setError, superValidate } from 'sveltekit-superforms';
 import { zod } from 'sveltekit-superforms/adapters';
 import type { PageServerLoad } from './$types';
+import { z } from 'zod';
 
 export const load = (async ({ fetch, params }) => {
 	const URLModel = 'requirement-assessments';
@@ -295,5 +296,43 @@ export const actions: Actions = {
 	},
 	createEvidence: async (event) => {
 		return nestedWriteFormAction({ event, action: 'create' });
+	},
+	createSuggestedControls: async (event) => {
+		const formData = await event.request.formData();
+
+		if (!formData) {
+			return fail(400, { form: null });
+		}
+
+		const schema = z.object({ id: z.string().uuid() });
+		const form = await superValidate(formData, zod(schema));
+
+		const response = await event.fetch(
+			`/requirement-assessments/${event.params.id}/suggestions/applied-controls`,
+			{
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json'
+				}
+			}
+		);
+		if (response.ok) {
+			setFlash(
+				{
+					type: 'success',
+					message: m.createAppliedControlsFromSuggestionsSuccess()
+				},
+				event
+			);
+		} else {
+			setFlash(
+				{
+					type: 'error',
+					message: m.createAppliedControlsFromSuggestionsError()
+				},
+				event
+			);
+		}
+		return { form };
 	}
 };
diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index acd0f88c9..c9406bf22 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -1,9 +1,11 @@
 <script lang="ts">
 	import { safeTranslate } from '$lib/utils/i18n';
 	import { RequirementAssessmentSchema } from '$lib/utils/schemas';
-	import type { PageData } from '../[id=uuid]/edit/$types';
+	import type { ActionData, PageData } from './$types';
 
 	export let data: PageData;
+	export let form: ActionData;
+
 	const threats = data.requirement.threats;
 	const reference_controls = data.requirement.reference_controls;
 	const annotation = data.requirement.annotation;
@@ -24,6 +26,7 @@
 	import { getSecureRedirect } from '$lib/utils/helpers';
 	import { breadcrumbObject } from '$lib/utils/stores';
 	import {
+		ProgressRadial,
 		Tab,
 		TabGroup,
 		getModalStore,
@@ -31,8 +34,7 @@
 		type ModalComponent,
 		type ModalSettings,
 		type ModalStore,
-		type ToastStore,
-		ProgressRadial
+		type ToastStore
 	} from '@skeletonlabs/skeleton';
 	import { superForm } from 'sveltekit-superforms';
 
@@ -41,10 +43,10 @@
 	import { hideSuggestions } from '$lib/utils/stores';
 	import * as m from '$paraglide/messages';
 
+	import Question from '$lib/components/Forms/Question.svelte';
+	import ConfirmModal from '$lib/components/Modals/ConfirmModal.svelte';
 	import { getRequirementTitle } from '$lib/utils/helpers';
 	import { zod } from 'sveltekit-superforms/adapters';
-	import Question from '$lib/components/Forms/Question.svelte';
-	import { invalidateAll } from '$app/navigation';
 
 	function cancel(): void {
 		var currentUrl = window.location.href;
@@ -128,29 +130,34 @@
 		}
 	}
 
-	$: createAppliedControlsLoading = false;
+	let createAppliedControlsLoading = false;
 
-	async function createAppliedControlsFromSuggestions() {
-		createAppliedControlsLoading = true;
-		const response = await fetch(
-			`/requirement-assessments/${data.requirementAssessment.id}/suggestions/applied-controls`,
-			{
-				method: 'POST',
-				headers: {
-					'Content-Type': 'application/json'
-				}
+	function modalConfirmCreateSuggestedControls(id: string, name: string, action: string): void {
+		const modalComponent: ModalComponent = {
+			ref: ConfirmModal,
+			props: {
+				_form: data.form,
+				id: id,
+				debug: false,
+				URLModel: 'requirement-assessments',
+				formAction: action
+			}
+		};
+		const modal: ModalSettings = {
+			type: 'component',
+			component: modalComponent,
+			// Data
+			title: m.confirmModalTitle(),
+			body: `${m.confirmModalMessage()}: ${name}?`,
+			response: (r: boolean) => {
+				createAppliedControlsLoading = r;
 			}
-		);
-		createAppliedControlsLoading = false;
-		toastStore.trigger({
-			message: response.ok
-				? m.createAppliedControlsFromSuggestionsSuccess()
-				: m.createAppliedControlsFromSuggestionsError(),
-			background: response.ok ? 'variant-filled-success' : 'variant-filled-error'
-		});
-		invalidateAll();
+		};
+		modalStore.trigger(modal);
 	}
 
+	$: if (createAppliedControlsLoading === true && form) createAppliedControlsLoading = false;
+
 	let { form: measureCreateForm, message: measureCreateMessage } = {
 		form: {},
 		message: {}
@@ -368,9 +375,13 @@
 									{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol') && reference_controls.length > 0}
 										<button
 											class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
-											on:click={(e) => {
-												e.preventDefault();
-												createAppliedControlsFromSuggestions();
+											type="button"
+											on:click={() => {
+												modalConfirmCreateSuggestedControls(
+													data.requirementAssessment.id,
+													data.requirementAssessment.name,
+													'?/createSuggestedControls'
+												);
 											}}
 										>
 											<span class="mr-2">
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.server.ts b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.server.ts
index 5e0725601..b6f80ecb4 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.server.ts
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.server.ts
@@ -2,10 +2,13 @@ import { nestedWriteFormAction } from '$lib/utils/actions';
 import { BASE_API_URL } from '$lib/utils/constants';
 import { getModelInfo } from '$lib/utils/crud';
 import { ComplianceAssessmentSchema } from '$lib/utils/schemas';
-import { type Actions } from '@sveltejs/kit';
-import { superValidate } from 'sveltekit-superforms';
+import { json, type Actions } from '@sveltejs/kit';
+import { fail, superValidate } from 'sveltekit-superforms';
 import { zod } from 'sveltekit-superforms/adapters';
 import type { PageServerLoad } from './$types';
+import { z } from 'zod';
+import { setFlash } from 'sveltekit-flash-message/server';
+import * as m from '$paraglide/messages';
 
 export const load = (async ({ fetch, params }) => {
 	const URLModel = 'compliance-assessments';
@@ -79,6 +82,8 @@ export const load = (async ({ fetch, params }) => {
 
 	auditModel.selectOptions = selectOptions;
 
+	const form = await superValidate(zod(z.object({ id: z.string().uuid() })));
+
 	return {
 		URLModel,
 		compliance_assessment,
@@ -87,12 +92,51 @@ export const load = (async ({ fetch, params }) => {
 		object,
 		tree,
 		compliance_assessment_donut_values,
-		global_score
+		global_score,
+		form
 	};
 }) satisfies PageServerLoad;
 
 export const actions: Actions = {
 	create: async (event) => {
 		return nestedWriteFormAction({ event, action: 'create' });
+	},
+	createSuggestedControls: async (event) => {
+		const formData = await event.request.formData();
+
+		if (!formData) {
+			return fail(400, { form: null });
+		}
+
+		const schema = z.object({ id: z.string().uuid() });
+		const form = await superValidate(formData, zod(schema));
+
+		const response = await event.fetch(
+			`/compliance-assessments/${event.params.id}/suggestions/applied-controls`,
+			{
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json'
+				}
+			}
+		);
+		if (response.ok) {
+			setFlash(
+				{
+					type: 'success',
+					message: m.createAppliedControlsFromSuggestionsSuccess()
+				},
+				event
+			);
+		} else {
+			setFlash(
+				{
+					type: 'error',
+					message: m.createAppliedControlsFromSuggestionsError()
+				},
+				event
+			);
+		}
+		return { form };
 	}
 };
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index ff719f9a8..18e228037 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -11,7 +11,7 @@
 		TreeViewNode
 	} from '@skeletonlabs/skeleton';
 	import { getModalStore, getToastStore, popup } from '@skeletonlabs/skeleton';
-	import type { PageData } from './$types';
+	import type { ActionData, PageData } from './$types';
 	import TreeViewItemContent from './TreeViewItemContent.svelte';
 	import TreeViewItemLead from './TreeViewItemLead.svelte';
 
@@ -23,10 +23,12 @@
 	import { URL_MODEL_MAP } from '$lib/utils/crud';
 	import type { Node } from './types';
 
-	import * as m from '$paraglide/messages';
 	import { localItems, toCamelCase } from '$lib/utils/locales';
+	import * as m from '$paraglide/messages';
 
 	export let data: PageData;
+	export let form: ActionData;
+
 	breadcrumbObject.set(data.compliance_assessment);
 	const tree = data.tree;
 
@@ -106,10 +108,10 @@
 
 	let expandedNodes: TreeViewNode[] = [];
 
-	import { ProgressRadial } from '@skeletonlabs/skeleton';
-	import { expandedNodesState } from '$lib/utils/stores';
+	import ConfirmModal from '$lib/components/Modals/ConfirmModal.svelte';
 	import { displayScoreColor } from '$lib/utils/helpers';
-	import { superForm } from 'sveltekit-superforms';
+	import { expandedNodesState } from '$lib/utils/stores';
+	import { ProgressRadial } from '@skeletonlabs/skeleton';
 
 	expandedNodes = $expandedNodesState;
 	$: expandedNodesState.set(expandedNodes);
@@ -121,40 +123,6 @@
 	};
 
 	const modalStore: ModalStore = getModalStore();
-	const toastStore: ToastStore = getToastStore();
-
-	function handleFormUpdated({
-		form,
-		pageStatus,
-		closeModal
-	}: {
-		form: any;
-		pageStatus: number;
-		closeModal: boolean;
-	}) {
-		if (closeModal && form.valid) {
-			$modalStore[0] ? modalStore.close() : null;
-		}
-		if (form.message) {
-			const toast: { message: string; background: string } = {
-				message: form.message,
-				background: pageStatus === 200 ? 'variant-filled-success' : 'variant-filled-error'
-			};
-			toastStore.trigger(toast);
-		}
-	}
-
-	let { form: createForm, message: createMessage } = {
-		form: {},
-		message: {}
-	};
-
-	$: {
-		({ form: createForm, message: createMessage } = superForm(data.auditCreateForm, {
-			onUpdated: ({ form }) =>
-				handleFormUpdated({ form, pageStatus: $page.status, closeModal: true })
-		}));
-	}
 
 	function modalCreateForm(): void {
 		const modalComponent: ModalComponent = {
@@ -175,28 +143,33 @@
 		modalStore.trigger(modal);
 	}
 
-	$: createAppliedControlsLoading = false;
+	let createAppliedControlsLoading = false;
 
-	async function createAppliedControlsFromSuggestions() {
-		createAppliedControlsLoading = true;
-		const response = await fetch(
-			`/compliance-assessments/${data.compliance_assessment.id}/suggestions/applied-controls`,
-			{
-				method: 'POST',
-				headers: {
-					'Content-Type': 'application/json'
-				}
+	function modalConfirmCreateSuggestedControls(id: string, name: string, action: string): void {
+		const modalComponent: ModalComponent = {
+			ref: ConfirmModal,
+			props: {
+				_form: data.form,
+				id: id,
+				debug: false,
+				URLModel: 'compliance-assessments',
+				formAction: action
 			}
-		);
-		createAppliedControlsLoading = false;
-		toastStore.trigger({
-			message: response.ok
-				? m.createAppliedControlsFromSuggestionsSuccess()
-				: m.createAppliedControlsFromSuggestionsError(),
-			background: response.ok ? 'variant-filled-success' : 'variant-filled-error'
-		});
-		return;
+		};
+		const modal: ModalSettings = {
+			type: 'component',
+			component: modalComponent,
+			// Data
+			title: m.confirmModalTitle(),
+			body: `${m.confirmModalMessage()}: ${name}?`,
+			response: (r: boolean) => {
+				createAppliedControlsLoading = r;
+			}
+		};
+		modalStore.trigger(modal);
 	}
+
+	$: if (createAppliedControlsLoading === true && form) createAppliedControlsLoading = false;
 </script>
 
 <div class="flex flex-col space-y-4 whitespace-pre-line">
@@ -362,14 +335,20 @@
 			{#if !$page.data.user.is_third_party}
 				<button
 					class="btn text-gray-100 bg-gradient-to-l from-sky-500 to-green-600 h-fit"
-					on:click={(_) => modalCreateForm()}
+					on:click={() => modalCreateForm()}
 					><i class="fa-solid fa-diagram-project mr-2" /> {m.mapping()}
 				</button>
 			{/if}
 			{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}
 				<button
 					class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
-					on:click={(_) => createAppliedControlsFromSuggestions()}
+					on:click={() => {
+						modalConfirmCreateSuggestedControls(
+							data.compliance_assessment.id,
+							data.compliance_assessment.name,
+							'?/createSuggestedControls'
+						);
+					}}
 				>
 					<span class="mr-2">
 						{#if createAppliedControlsLoading}

From b70f212e0931da517d0d2eaba3b849288eeb085b Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 18:17:19 +0200
Subject: [PATCH 25/37] Add a random uuid at the end of confirm modal id

This prevents conflicting ids in the case there are multiple confirm modals
that can be triggered on the same page.
---
 frontend/src/lib/components/Modals/ConfirmModal.svelte | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/lib/components/Modals/ConfirmModal.svelte b/frontend/src/lib/components/Modals/ConfirmModal.svelte
index 6e225e710..7653f26af 100644
--- a/frontend/src/lib/components/Modals/ConfirmModal.svelte
+++ b/frontend/src/lib/components/Modals/ConfirmModal.svelte
@@ -21,9 +21,9 @@
 
 	import SuperForm from '$lib/components/Forms/Form.svelte';
 
-	const { form, enhance } = superForm(_form, {
+	const { form } = superForm(_form, {
 		dataType: 'json',
-		id: 'confirm-modal-form'
+		id: `confirm-modal-form-${crypto.randomUUID()}`
 	});
 
 	// Base Classes

From a4245e279ab28eb184016e2dfc793a08cdcfd3e7 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 19:03:20 +0200
Subject: [PATCH 26/37] Rename create suggested applied controls CTA to suggest
 controls

---
 frontend/messages/en.json                                       | 2 +-
 .../components/Forms/ModelForm/ComplianceAssessmentForm.svelte  | 2 +-
 .../requirement-assessments/[id=uuid]/edit/+page.svelte         | 2 +-
 .../(third-party)/compliance-assessments/[id=uuid]/+page.svelte | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 38f160fd4..1772e6ee5 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -740,7 +740,7 @@
 	"noAnswer": "No answer",
 	"successfullyUpdatedClientSettings": "Client settings successfully updated, please refresh the page.",
 	"xRaysEmptyMessage": "You have to create at least one project to use X-rays.",
-	"createAppliedControlsFromSuggestions": "Create applied controls from suggestions",
+	"suggestControls": "Suggest controls",
 	"createAppliedControlsFromSuggestionsHelpText": "Create applied controls from the framework's requirements' suggested reference controls",
 	"createAppliedControlsFromSuggestionsSuccess": "Applied controls successfully created from the suggested reference controls",
 	"createAppliedControlsFromSuggestionsError": "An error occured while creating applied controls from the suggested reference controls",
diff --git a/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
index 41d42cb05..6b77f02c5 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
@@ -135,7 +135,7 @@
 	<Checkbox
 		{form}
 		field="create_applied_controls_from_suggestions"
-		label={m.createAppliedControlsFromSuggestions()}
+		label={m.suggestControls()}
 		helpText={m.createAppliedControlsFromSuggestionsHelpText()}
 		cacheLock={cacheLocks['create_applied_controls_from_suggestions']}
 		bind:cachedValue={formDataCache['create_applied_controls_from_suggestions']}
diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index c9406bf22..3c1e84072 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -396,7 +396,7 @@
 													<i class="fa-solid fa-fire-extinguisher" />
 												{/if}
 											</span>
-											{m.createAppliedControlsFromSuggestions()}
+											{m.suggestControls()}
 										</button>
 									{/if}
 									<button
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index 18e228037..d7b5e3a12 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -357,7 +357,7 @@
 							<i class="fa-solid fa-fire-extinguisher" />
 						{/if}
 					</span>
-					{m.createAppliedControlsFromSuggestions()}
+					{m.suggestControls()}
 				</button>
 			{/if}
 		</div>

From 3f063c236eaf1710ec40ef4b77aa50699f9be6af Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 20:52:04 +0200
Subject: [PATCH 27/37] Allow passing a component as prop to ConfirmModal
 component

---
 frontend/src/lib/components/Modals/ConfirmModal.svelte | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/frontend/src/lib/components/Modals/ConfirmModal.svelte b/frontend/src/lib/components/Modals/ConfirmModal.svelte
index 7653f26af..3ba8f0f38 100644
--- a/frontend/src/lib/components/Modals/ConfirmModal.svelte
+++ b/frontend/src/lib/components/Modals/ConfirmModal.svelte
@@ -17,6 +17,9 @@
 	export let URLModel: urlModel;
 	export let id: string;
 	export let formAction: string;
+	export let bodyComponent: ComponentType | undefined;
+	export let bodyProps: Record<string, unknown> = {};
+
 	import { superForm } from 'sveltekit-superforms';
 
 	import SuperForm from '$lib/components/Forms/Form.svelte';
@@ -32,6 +35,7 @@
 	const cForm = 'p-4 space-y-4 rounded-container-token';
 
 	import SuperDebug from 'sveltekit-superforms';
+	import type { ComponentType } from 'svelte';
 	export let debug = false;
 </script>
 
@@ -39,6 +43,11 @@
 	<div class="modal-example-form {cBase}">
 		<header class={cHeader}>{$modalStore[0].title ?? '(title missing)'}</header>
 		<article>{$modalStore[0].body ?? '(body missing)'}</article>
+		{#if bodyComponent}
+			<div class="max-h-96 overflow-y-scroll scroll card">
+				<svelte:component this={bodyComponent} {...bodyProps} />
+			</div>
+		{/if}
 		<!-- Enable for debugging: -->
 		<SuperForm dataType="json" action={formAction} data={_form} class="modal-form {cForm}">
 			<!-- prettier-ignore -->

From a8a669a0a3bdb1186554f7e2f575e017a4e2d689 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 20:52:11 +0200
Subject: [PATCH 28/37] Write List component

---
 frontend/src/lib/components/List/List.svelte | 26 ++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 frontend/src/lib/components/List/List.svelte

diff --git a/frontend/src/lib/components/List/List.svelte b/frontend/src/lib/components/List/List.svelte
new file mode 100644
index 000000000..5d28a60ed
--- /dev/null
+++ b/frontend/src/lib/components/List/List.svelte
@@ -0,0 +1,26 @@
+<script lang="ts">
+	import List from '$lib/components/List/List.svelte';
+	type NestedArray<T> = Array<T | NestedArray<T>>;
+	export let items: NestedArray<Record<string, string> | string>;
+	export let message: string = '';
+	export let classesMessage: string = 'bg-surface-100 bg-opacity-80 backdrop-blur-sm';
+</script>
+
+<article {...$$restProps}>
+	{#if message}
+		<p class="sticky top-0 p-2 {classesMessage}">{message}</p>
+	{/if}
+	<ul class="list-disc ml-8 mr-4">
+		{#each items as item}
+			{#if item instanceof Array}
+				<li>
+					<svelte:component this={List} items={item} />
+				</li>
+			{:else if typeof item === 'object' && Object.hasOwn(item, 'str')}
+				<li>{item.str}</li>
+			{:else}
+				<li>{item}</li>
+			{/if}
+		{/each}
+	</ul>
+</article>

From 68c09974b47531fcd01363e55162e42c738989c8 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 20:52:36 +0200
Subject: [PATCH 29/37] Serialize framework reference controls

---
 backend/core/models.py      | 36 +++++++++++++++++++++---------------
 backend/core/serializers.py |  9 ++++++++-
 2 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/backend/core/models.py b/backend/core/models.py
index 7ec691f45..1b5267133 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -9,19 +9,6 @@
 from django.apps import apps
 from django.contrib.auth import get_user_model
 from django.core import serializers
-from django.utils.translation import get_language
-from library.helpers import (
-    update_translations_in_object,
-    update_translations_as_string,
-    update_translations,
-    get_referential_translation,
-)
-
-import os
-import json
-import yaml
-import re
-
 from django.core.exceptions import ValidationError
 from django.core.validators import MaxValueValidator
 from django.db import models, transaction
@@ -29,11 +16,18 @@
 from django.forms.models import model_to_dict
 from django.urls import reverse
 from django.utils.html import format_html
+from django.utils.translation import get_language
 from django.utils.translation import gettext_lazy as _
-from iam.models import Folder, FolderMixin, PublishInRootFolderMixin
-from library.helpers import update_translations, update_translations_in_object
 from structlog import get_logger
 
+from iam.models import Folder, FolderMixin, PublishInRootFolderMixin
+from library.helpers import (
+    get_referential_translation,
+    update_translations,
+    update_translations_as_string,
+    update_translations_in_object,
+)
+
 from .base_models import AbstractBaseModel, ETADueDateMixin, NameDescriptionMixin
 from .utils import camel_case, sha256
 from .validators import validate_file_name, validate_file_size
@@ -925,6 +919,18 @@ def library_entry(self):
 
         return res
 
+    @property
+    def reference_controls(self):
+        _reference_controls = ReferenceControl.objects.filter(
+            requirements__framework=self
+        ).distinct()
+        reference_controls = []
+        for control in _reference_controls:
+            reference_controls.append(
+                {"str": control.display_long, "urn": control.urn, "id": control.id}
+            )
+        return reference_controls
+
     def get_requirement_nodes(self):
         # Prefetch related objects if they exist to reduce database queries.
         # Adjust prefetch_related paths according to your model relationships.
diff --git a/backend/core/serializers.py b/backend/core/serializers.py
index e6fdcbcbc..038896e04 100644
--- a/backend/core/serializers.py
+++ b/backend/core/serializers.py
@@ -541,7 +541,14 @@ class ComplianceAssessmentReadSerializer(AssessmentReadSerializer):
     project = FieldsRelatedField(["id", "folder"])
     folder = FieldsRelatedField()
     framework = FieldsRelatedField(
-        ["id", "min_score", "max_score", "implementation_groups_definition", "ref_id"]
+        [
+            "id",
+            "min_score",
+            "max_score",
+            "implementation_groups_definition",
+            "ref_id",
+            "reference_controls",
+        ]
     )
     selected_implementation_groups = serializers.ReadOnlyField(
         source="get_selected_implementation_groups"

From 0b7efbf12dbd2ed66c9811dd68925cdcf2a2e665 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 20:52:50 +0200
Subject: [PATCH 30/37] Improve suggest controls confirm modal display

---
 frontend/messages/en.json                         |  2 ++
 .../[id=uuid]/edit/+page.svelte                   | 15 ++++++++++++---
 .../compliance-assessments/[id=uuid]/+page.svelte | 14 +++++++++++---
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 1772e6ee5..6f9aa93b1 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -744,5 +744,7 @@
 	"createAppliedControlsFromSuggestionsHelpText": "Create applied controls from the framework's requirements' suggested reference controls",
 	"createAppliedControlsFromSuggestionsSuccess": "Applied controls successfully created from the suggested reference controls",
 	"createAppliedControlsFromSuggestionsError": "An error occured while creating applied controls from the suggested reference controls",
+	"createAppliedControlsFromSuggestionsConfirmMessage": "{count} applied controls will be created from the suggested reference controls. Do you want to proceed?",
+	"theFollowingControlsWillBeAddedColon": "The following controls will be added:",
 	"NoPreviewMessage": "No preview available."
 }
diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index 3c1e84072..852348ee6 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -47,6 +47,7 @@
 	import ConfirmModal from '$lib/components/Modals/ConfirmModal.svelte';
 	import { getRequirementTitle } from '$lib/utils/helpers';
 	import { zod } from 'sveltekit-superforms/adapters';
+	import List from '$lib/components/List/List.svelte';
 
 	function cancel(): void {
 		var currentUrl = window.location.href;
@@ -140,15 +141,23 @@
 				id: id,
 				debug: false,
 				URLModel: 'requirement-assessments',
-				formAction: action
+				formAction: action,
+				bodyComponent: List,
+				bodyProps: {
+					items: reference_controls,
+					message: m.theFollowingControlsWillBeAddedColon()
+				}
 			}
 		};
 		const modal: ModalSettings = {
 			type: 'component',
 			component: modalComponent,
 			// Data
-			title: m.confirmModalTitle(),
-			body: `${m.confirmModalMessage()}: ${name}?`,
+			title: m.suggestControls(),
+			body: m.createAppliedControlsFromSuggestionsConfirmMessage({
+				count: reference_controls.length,
+				message: m.theFollowingControlsWillBeAddedColon()
+			}),
 			response: (r: boolean) => {
 				createAppliedControlsLoading = r;
 			}
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index d7b5e3a12..678b5f4f5 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -112,6 +112,7 @@
 	import { displayScoreColor } from '$lib/utils/helpers';
 	import { expandedNodesState } from '$lib/utils/stores';
 	import { ProgressRadial } from '@skeletonlabs/skeleton';
+	import List from '$lib/components/List/List.svelte';
 
 	expandedNodes = $expandedNodesState;
 	$: expandedNodesState.set(expandedNodes);
@@ -153,15 +154,22 @@
 				id: id,
 				debug: false,
 				URLModel: 'compliance-assessments',
-				formAction: action
+				formAction: action,
+				bodyComponent: List,
+				bodyProps: {
+					items: data.compliance_assessment.framework.reference_controls,
+					message: m.theFollowingControlsWillBeAddedColon()
+				}
 			}
 		};
 		const modal: ModalSettings = {
 			type: 'component',
 			component: modalComponent,
 			// Data
-			title: m.confirmModalTitle(),
-			body: `${m.confirmModalMessage()}: ${name}?`,
+			title: m.suggestControls(),
+			body: m.createAppliedControlsFromSuggestionsConfirmMessage({
+				count: data.compliance_assessment.framework.reference_controls.length
+			}),
 			response: (r: boolean) => {
 				createAppliedControlsLoading = r;
 			}

From b9e5b21524b5d9791ed8b8c7d7ff3b0633c99443 Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Fri, 27 Sep 2024 21:06:23 +0200
Subject: [PATCH 31/37] Update API tests for compliance assessments

---
 backend/app_tests/api/test_api_compliance_assessments.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/app_tests/api/test_api_compliance_assessments.py b/backend/app_tests/api/test_api_compliance_assessments.py
index 992fc5b76..780e71346 100644
--- a/backend/app_tests/api/test_api_compliance_assessments.py
+++ b/backend/app_tests/api/test_api_compliance_assessments.py
@@ -129,6 +129,7 @@ def test_get_compliance_assessments(self, test):
                     "id": str(Framework.objects.all()[0].id),
                     "str": str(Framework.objects.all()[0]),
                     "implementation_groups_definition": None,
+                    "reference_controls": [],
                     "min_score": 1,
                     "max_score": 4,
                     "ref_id": str(Framework.objects.all()[0].ref_id),
@@ -168,6 +169,7 @@ def test_create_compliance_assessments(self, test):
                     "id": str(Framework.objects.all()[0].id),
                     "str": str(Framework.objects.all()[0]),
                     "implementation_groups_definition": None,
+                    "reference_controls": [],
                     "min_score": Framework.objects.all()[0].min_score,
                     "max_score": Framework.objects.all()[0].max_score,
                     "ref_id": str(Framework.objects.all()[0].ref_id),
@@ -219,6 +221,7 @@ def test_update_compliance_assessments(self, test):
                     "id": str(Framework.objects.all()[0].id),
                     "str": str(Framework.objects.all()[0]),
                     "implementation_groups_definition": None,
+                    "reference_controls": [],
                     "min_score": Framework.objects.all()[0].min_score,
                     "max_score": Framework.objects.all()[0].max_score,
                     "ref_id": str(Framework.objects.all()[0].ref_id),

From 5626f1eeabf63690dc3f657f948af8daecffc9bf Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 28 Sep 2024 13:51:32 +0200
Subject: [PATCH 32/37] minor strings adjustment

---
 frontend/messages/en.json                                 | 1 +
 frontend/messages/fr.json                                 | 8 +++++++-
 .../compliance-assessments/[id=uuid]/+page.svelte         | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 6f9aa93b1..c449c47d2 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -650,6 +650,7 @@
 	"suggestionColon": "Suggestion:",
 	"annotationColon": "Annotation:",
 	"mapping": "Mapping",
+	"applyMapping": "Apply mapping",
 	"mappingInference": "Mapping inference",
 	"mappingInferenceTip": "Mapping suggestion is available for this requirement",
 	"additionalInformation": "Additional information",
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 9adbe855a..0053f6bdb 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -673,5 +673,11 @@
 	"waitingRiskAcceptances": "Bonjour ! Vous avez actuellement {number} risque{s} en attente d'acceptation. Vous pouvez les retrouver dans l'onglet risque.",
 	"successfullyUpdatedClientSettings": "Paramètres du client mis à jour avec succès. Vous pouvez rafrachir la page.",
 	"xRaysEmptyMessage": "Vous devez créer au moins un projet pour utiliser X-rays.",
-	"NoPreviewMessage": "Aucun aperçu disponible."
+	"NoPreviewMessage": "Aucun aperçu disponible.",
+	"suggestControls": "Mesures recommendées",
+  "createAppliedControlsFromSuggestionsHelpText": "Créer des mesures appliquées à partir des mesures de référence suggérées",
+  "createAppliedControlsFromSuggestionsSuccess": "Mesures appliquées créées avec succès à partir des suggestions",
+  "createAppliedControlsFromSuggestionsError": "Une erreur s'est produite lors de la création des mesures appliquées depuis les suggestions",
+  "createAppliedControlsFromSuggestionsConfirmMessage": "{count} mesures appliquées seront créées à partir des suggestions. Voulez-vous continuer ?",
+  "theFollowingControlsWillBeAddedColon": "Les mesures suivantes seront appliquées :",
 }
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index 678b5f4f5..959318763 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -344,7 +344,7 @@
 				<button
 					class="btn text-gray-100 bg-gradient-to-l from-sky-500 to-green-600 h-fit"
 					on:click={() => modalCreateForm()}
-					><i class="fa-solid fa-diagram-project mr-2" /> {m.mapping()}
+					><i class="fa-solid fa-diagram-project mr-2" /> {m.applyMapping()}
 				</button>
 			{/if}
 			{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}

From 6f95b08014618fd2954f3db395b7d03708833203 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 28 Sep 2024 14:06:17 +0200
Subject: [PATCH 33/37] switch gradient

---
 .../requirement-assessments/[id=uuid]/edit/+page.svelte         | 2 +-
 .../(third-party)/compliance-assessments/[id=uuid]/+page.svelte | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
index 852348ee6..506f18f2b 100644
--- a/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/requirement-assessments/[id=uuid]/edit/+page.svelte
@@ -383,7 +383,7 @@
 								<span class="flex flex-row justify-end items-center space-x-2">
 									{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol') && reference_controls.length > 0}
 										<button
-											class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
+											class="btn text-gray-100 bg-gradient-to-r from-fuchsia-500 to-pink-500 h-fit whitespace-normal"
 											type="button"
 											on:click={() => {
 												modalConfirmCreateSuggestedControls(
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index 959318763..06a12cee1 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -349,7 +349,7 @@
 			{/if}
 			{#if Object.hasOwn($page.data.user.permissions, 'add_appliedcontrol')}
 				<button
-					class="btn text-gray-100 bg-gradient-to-l from-tertiary-400 to-orange-600 h-fit whitespace-normal"
+					class="btn text-gray-100 bg-gradient-to-r from-fuchsia-500 to-pink-500 h-fit whitespace-normal"
 					on:click={() => {
 						modalConfirmCreateSuggestedControls(
 							data.compliance_assessment.id,

From 3e9329f094b109bc6120b2021b86bc2a151ca4fb Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 28 Sep 2024 14:10:51 +0200
Subject: [PATCH 34/37] run formatter

---
 frontend/messages/fr.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 0053f6bdb..9f32ec20e 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -675,9 +675,9 @@
 	"xRaysEmptyMessage": "Vous devez créer au moins un projet pour utiliser X-rays.",
 	"NoPreviewMessage": "Aucun aperçu disponible.",
 	"suggestControls": "Mesures recommendées",
-  "createAppliedControlsFromSuggestionsHelpText": "Créer des mesures appliquées à partir des mesures de référence suggérées",
-  "createAppliedControlsFromSuggestionsSuccess": "Mesures appliquées créées avec succès à partir des suggestions",
-  "createAppliedControlsFromSuggestionsError": "Une erreur s'est produite lors de la création des mesures appliquées depuis les suggestions",
-  "createAppliedControlsFromSuggestionsConfirmMessage": "{count} mesures appliquées seront créées à partir des suggestions. Voulez-vous continuer ?",
-  "theFollowingControlsWillBeAddedColon": "Les mesures suivantes seront appliquées :",
+	"createAppliedControlsFromSuggestionsHelpText": "Créer des mesures appliquées à partir des mesures de référence suggérées",
+	"createAppliedControlsFromSuggestionsSuccess": "Mesures appliquées créées avec succès à partir des suggestions",
+	"createAppliedControlsFromSuggestionsError": "Une erreur s'est produite lors de la création des mesures appliquées depuis les suggestions",
+	"createAppliedControlsFromSuggestionsConfirmMessage": "{count} mesures appliquées seront créées à partir des suggestions. Voulez-vous continuer ?",
+	"theFollowingControlsWillBeAddedColon": "Les mesures suivantes seront appliquées :"
 }

From 62f0091cff98db645e99bee7c087c1f4631ef023 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 28 Sep 2024 14:19:27 +0200
Subject: [PATCH 35/37] fixup

---
 frontend/messages/fr.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 897fdd518..729936af9 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -679,7 +679,7 @@
 	"createAppliedControlsFromSuggestionsSuccess": "Mesures appliquées créées avec succès à partir des suggestions",
 	"createAppliedControlsFromSuggestionsError": "Une erreur s'est produite lors de la création des mesures appliquées depuis les suggestions",
 	"createAppliedControlsFromSuggestionsConfirmMessage": "{count} mesures appliquées seront créées à partir des suggestions. Voulez-vous continuer ?",
-	"theFollowingControlsWillBeAddedColon": "Les mesures suivantes seront appliquées :"
+	"theFollowingControlsWillBeAddedColon": "Les mesures suivantes seront appliquées :",
 	"ShowAllNodesMessage": "Tous les noeuds",
 	"ShowOnlyAssessable": "uniquement les nœuds évaluables",
 }

From 633b26618c29fbda9c5f70e5ae5ac39d83edcb37 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 28 Sep 2024 14:23:42 +0200
Subject: [PATCH 36/37] formatter again

---
 frontend/messages/fr.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 729936af9..931c4304e 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -681,5 +681,5 @@
 	"createAppliedControlsFromSuggestionsConfirmMessage": "{count} mesures appliquées seront créées à partir des suggestions. Voulez-vous continuer ?",
 	"theFollowingControlsWillBeAddedColon": "Les mesures suivantes seront appliquées :",
 	"ShowAllNodesMessage": "Tous les noeuds",
-	"ShowOnlyAssessable": "uniquement les nœuds évaluables",
+	"ShowOnlyAssessable": "uniquement les nœuds évaluables"
 }

From ff61b64f912cb9f4579ae02a34247a11d7a21bb8 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 28 Sep 2024 15:10:24 +0200
Subject: [PATCH 37/37] visual improvements

---
 frontend/messages/en.json                     |  4 +-
 frontend/messages/fr.json                     |  4 +-
 .../[id=uuid]/+page.svelte                    | 42 +++++++++----------
 3 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 55e1ccf79..6d71c79a4 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -747,7 +747,7 @@
 	"createAppliedControlsFromSuggestionsError": "An error occured while creating applied controls from the suggested reference controls",
 	"createAppliedControlsFromSuggestionsConfirmMessage": "{count} applied controls will be created from the suggested reference controls. Do you want to proceed?",
 	"theFollowingControlsWillBeAddedColon": "The following controls will be added:",
-	"ShowAllNodesMessage": "Show all nodes",
-	"ShowOnlyAssessable": "Only assessable nodes",
+	"ShowAllNodesMessage": "Show all",
+	"ShowOnlyAssessable": "Only assessable",
 	"NoPreviewMessage": "No preview available."
 }
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 931c4304e..ead1bfa1b 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -680,6 +680,6 @@
 	"createAppliedControlsFromSuggestionsError": "Une erreur s'est produite lors de la création des mesures appliquées depuis les suggestions",
 	"createAppliedControlsFromSuggestionsConfirmMessage": "{count} mesures appliquées seront créées à partir des suggestions. Voulez-vous continuer ?",
 	"theFollowingControlsWillBeAddedColon": "Les mesures suivantes seront appliquées :",
-	"ShowAllNodesMessage": "Tous les noeuds",
-	"ShowOnlyAssessable": "uniquement les nœuds évaluables"
+	"ShowAllNodesMessage": "Tous afficher",
+	"ShowOnlyAssessable": "uniquement évaluables"
 }
diff --git a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
index 5091b9050..7b70bda79 100644
--- a/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
+++ b/frontend/src/routes/(app)/(third-party)/compliance-assessments/[id=uuid]/+page.svelte
@@ -382,34 +382,34 @@
 	</div>
 	{#if !$page.data.user.is_third_party}
 		<div class="card px-6 py-4 bg-white flex flex-col shadow-lg">
-			<h4 class="h4 flex items-center font-semibold">
-				{m.associatedRequirements()}
+			<div class=" flex items-center font-semibold">
+				<span class="h4">{m.associatedRequirements()}</span>
 				<span class="badge variant-soft-primary ml-1">
 					{assessableNodesCount(treeViewNodes)}
 				</span>
-			</h4>
-
-			<div class="flex items-center justify-center space-x-4">
-				{#if $displayOnlyAssessableNodes}
-					<p class="font-bold text-sm">{m.ShowAllNodesMessage()}</p>
-				{:else}
-					<p class="font-bold text-sm text-green-500">{m.ShowAllNodesMessage()}</p>
-				{/if}
-				<SlideToggle
-					name="questionnaireToggle"
-					class="flex flex-row items-center justify-center"
-					active="bg-primary-500"
-					background="bg-green-500"
-					bind:checked={$displayOnlyAssessableNodes}
-					on:click={() => ($displayOnlyAssessableNodes = !$displayOnlyAssessableNodes)}
-				>
+				<div id="toggle" class="flex items-center justify-center space-x-4 text-xs ml-auto mr-4">
 					{#if $displayOnlyAssessableNodes}
-						<p class="font-bold text-sm text-primary-500">{m.ShowOnlyAssessable()}</p>
+						<p class="font-bold">{m.ShowAllNodesMessage()}</p>
 					{:else}
-						<p class="font-bold text-sm">{m.ShowOnlyAssessable()}</p>
+						<p class="font-bold text-green-500">{m.ShowAllNodesMessage()}</p>
 					{/if}
-				</SlideToggle>
+					<SlideToggle
+						name="questionnaireToggle"
+						class="flex flex-row items-center justify-center"
+						active="bg-primary-500"
+						background="bg-green-500"
+						bind:checked={$displayOnlyAssessableNodes}
+						on:click={() => ($displayOnlyAssessableNodes = !$displayOnlyAssessableNodes)}
+					>
+						{#if $displayOnlyAssessableNodes}
+							<p class="font-bold text-primary-500">{m.ShowOnlyAssessable()}</p>
+						{:else}
+							<p class="font-bold">{m.ShowOnlyAssessable()}</p>
+						{/if}
+					</SlideToggle>
+				</div>
 			</div>
+
 			<div class="flex items-center my-2 text-xs space-x-2 text-gray-500">
 				<i class="fa-solid fa-diagram-project" />
 				<p>{m.mappingInferenceTip()}</p>