Merge branch 'main' into word_export

intuitem · Dec 6, 2024 · f7a8934 · f7a8934
2 parents 9e6dcd0 + fa206e5
commit f7a8934
Show file tree

Hide file tree

Showing 51 changed files with 2,709 additions and 254 deletions.
diff --git a/backend/ciso_assistant/settings.py b/backend/ciso_assistant/settings.py
@@ -138,9 +138,9 @@ def set_ciso_assistant_url(_, __, event_dict):
     "tailwind",
     "iam",
     "global_settings",
+    "ebios_rm",
     "tprm",
     "core",
-    "ebios_rm",
     "cal",
     "django_filters",
     "library",
@@ -154,7 +154,7 @@ def set_ciso_assistant_url(_, __, event_dict):
     "allauth.socialaccount",
     "allauth.socialaccount.providers.saml",
     "allauth.mfa",
-    "huey.contrib.djhuey",
+    # "huey.contrib.djhuey",
 ]
 
 MIDDLEWARE = [

diff --git a/backend/core/helpers.py b/backend/core/helpers.py
@@ -1049,9 +1049,9 @@ def build_scenario_clusters(risk_assessment: RiskAssessment):
         "created_at"
     ):
         if ri.current_level >= 0:
-            risk_matrix_current[ri.current_proba][ri.current_impact].add(ri.rid)
+            risk_matrix_current[ri.current_proba][ri.current_impact].add(ri.ref_id)
         if ri.residual_level >= 0:
-            risk_matrix_residual[ri.residual_proba][ri.residual_impact].add(ri.rid)
+            risk_matrix_residual[ri.residual_proba][ri.residual_impact].add(ri.ref_id)
 
     return {"current": risk_matrix_current, "residual": risk_matrix_residual}
 

diff --git a/backend/core/serializers.py b/backend/core/serializers.py
@@ -5,6 +5,7 @@
 
 from core.models import *
 from iam.models import *
+from ebios_rm.models import EbiosRMStudy
 
 from rest_framework import serializers
 from rest_framework.exceptions import PermissionDenied
@@ -600,6 +601,13 @@ class ComplianceAssessmentWriteSerializer(BaseModelSerializer):
         required=False,
         allow_null=True,
     )
+    ebios_rm_studies = serializers.PrimaryKeyRelatedField(
+        many=True,
+        queryset=EbiosRMStudy.objects.all(),
+        required=False,
+        allow_null=True,
+        write_only=True,
+    )
     create_applied_controls_from_suggestions = serializers.BooleanField(
         write_only=True, required=False, default=False
     )
@@ -712,3 +720,13 @@ class FilteringLabelWriteSerializer(BaseModelSerializer):
     class Meta:
         model = FilteringLabel
         exclude = ["folder", "is_published"]
+
+
+class QualificationReadSerializer(ReferentialSerializer):
+    class Meta:
+        model = Qualification
+        exclude = ["translations"]
+
+
+class QualificationWriteSerializer(QualificationReadSerializer):
+    pass
diff --git a/backend/core/startup.py b/backend/core/startup.py
@@ -363,6 +363,10 @@
     "view_operationalscenario",
     "change_operationalscenario",
     "delete_operationalscenario",
+    "view_qualification",
+    "add_qualification",
+    "change_qualification",
+    "delete_qualification",
 ]
 
 THIRD_PARTY_RESPONDENT_PERMISSIONS_LIST = [

diff --git a/backend/core/templates/snippets/mp_data.html b/backend/core/templates/snippets/mp_data.html
@@ -24,7 +24,7 @@
             {% for scenario in context %}
             <tr class="bg-gray-100">
                 <td class="text-lg p-3" colspan="9">
-                    <p class="text-indigo-500 hover:text-indigo-700">{{ scenario.rid }}: {{ scenario.name }}</p>
+                    <p class="text-indigo-500 hover:text-indigo-700">{{ scenario.ref_id }}: {{ scenario.name }}</p>
                     <span class="text-xs text-center p-1 mx-1 rounded"
                     {% if scenario.treatment == 'open' %}
                     style="background-color: #fed7aa"

diff --git a/backend/core/templates/snippets/ri_list_nested.html b/backend/core/templates/snippets/ri_list_nested.html
@@ -38,7 +38,7 @@
         {% for scenario in scenarios %}
             <tr class="hover:text-indigo-500 cursor-pointer hover:scale-[0.99] duration-500 text-center">
                 <td class="px-5 py-5 border-b border-gray-200 text-sm">
-                    {{ scenario.rid }}
+                    {{ scenario.ref_id }}
                 </td>
                 <td class="px-4 py-5 border-b border-gray-200 text-sm">
                     <div class="flex items-center">

diff --git a/backend/core/urls.py b/backend/core/urls.py
@@ -66,6 +66,11 @@
     FilteringLabelViewSet,
     basename="filtering-labels",
 )
+router.register(
+    r"qualifications",
+    QualificationViewSet,
+    basename="qualifications",
+)
 
 ROUTES = settings.ROUTES
 MODULES = settings.MODULES.values()

diff --git a/backend/core/views.py b/backend/core/views.py
@@ -366,7 +366,13 @@ class AssetViewSet(BaseModelViewSet):
     """
 
     model = Asset
-    filterset_fields = ["folder", "parent_assets", "type", "risk_scenarios"]
+    filterset_fields = [
+        "folder",
+        "parent_assets",
+        "type",
+        "risk_scenarios",
+        "ebios_rm_studies",
+    ]
     search_fields = ["name", "description", "business_value"]
 
     @action(detail=False, name="Get type choices")
@@ -858,21 +864,20 @@ def duplicate(self, request, pk):
                     residual_impact=scenario.residual_impact,
                     strength_of_knowledge=scenario.strength_of_knowledge,
                     justification=scenario.justification,
+                    ref_id=scenario.ref_id,
                 )
 
                 for field in ["applied_controls", "threats", "assets"]:
                     duplicate_related_objects(
                         scenario,
                         duplicate_scenario,
-                        duplicate_risk_assessment.project.folder,
+                        duplicate_risk_assessment.folder,
                         field,
                     )
 
-                if (
-                    duplicate_risk_assessment.project.folder
-                    in [risk_assessment.project.folder]
-                    + risk_assessment.project.folder.sub_folders()
-                ):
+                if duplicate_risk_assessment.folder in [risk_assessment.folder] + [
+                    folder for folder in risk_assessment.folder.get_sub_folders()
+                ]:
                     duplicate_scenario.owner.set(scenario.owner.all())
 
                 duplicate_scenario.save()
@@ -2055,13 +2060,22 @@ def post(self, request, *args, **kwargs):
         return Response(status=status.HTTP_400_BAD_REQUEST)
 
 
+class QualificationViewSet(BaseModelViewSet):
+    """
+    API endpoint that allows qualifications to be viewed or edited.
+    """
+
+    model = Qualification
+    search_fields = ["name"]
+
+
 class ComplianceAssessmentViewSet(BaseModelViewSet):
     """
     API endpoint that allows compliance assessments to be viewed or edited.
     """
 
     model = ComplianceAssessment
-    filterset_fields = ["framework", "project", "status"]
+    filterset_fields = ["framework", "project", "status", "ebios_rm_studies"]
     search_fields = ["name", "description", "ref_id"]
     ordering_fields = ["name", "description"]
 

diff --git a/backend/ebios_rm/migrations/0001_initial.py b/backend/ebios_rm/migrations/0001_initial.py
@@ -163,6 +163,7 @@ class Migration(migrations.Migration):
                         related_name="ebios_rm_studies",
                         to="core.riskmatrix",
                         verbose_name="Risk matrix",
+                        blank=True,
                     ),
                 ),
             ],

diff --git a/backend/ebios_rm/models.py b/backend/ebios_rm/models.py
@@ -31,6 +31,7 @@ class Status(models.TextChoices):
         help_text=_(
             "Risk matrix used as a reference for the study. Defaults to `urn:intuitem:risk:library:risk-matrix-4x4-ebios-rm`"
         ),
+        blank=True,
     )
     assets = models.ManyToManyField(
         Asset,
@@ -100,6 +101,10 @@ class Meta:
         verbose_name_plural = _("Ebios RM Studies")
         ordering = ["created_at"]
 
+    @property
+    def parsed_matrix(self):
+        return self.risk_matrix.parse_json_translated()
+
 
 class FearedEvent(NameDescriptionMixin, FolderMixin):
     ebios_rm_study = models.ForeignKey(
@@ -136,6 +141,28 @@ def save(self, *args, **kwargs):
         self.folder = self.ebios_rm_study.folder
         super().save(*args, **kwargs)
 
+    @property
+    def risk_matrix(self):
+        return self.ebios_rm_study.risk_matrix
+
+    @property
+    def parsed_matrix(self):
+        return self.risk_matrix.parse_json_translated()
+
+    def get_gravity_display(self):
+        if self.gravity < 0:
+            return {
+                "abbreviation": "--",
+                "name": "--",
+                "description": "not rated",
+                "value": -1,
+            }
+        risk_matrix = self.parsed_matrix
+        return {
+            **risk_matrix["impact"][self.gravity],
+            "value": self.gravity,
+        }
+
 
 class RoTo(AbstractBaseModel, FolderMixin):
     class RiskOrigin(models.TextChoices):

diff --git a/backend/ebios_rm/serializers.py b/backend/ebios_rm/serializers.py
@@ -71,8 +71,10 @@ class Meta:
 
 
 class FearedEventReadSerializer(BaseModelSerializer):
-    str = serializers.CharField(source="__str__")
     ebios_rm_study = FieldsRelatedField()
+    qualifications = FieldsRelatedField(["name"], many=True)
+    assets = FieldsRelatedField(many=True)
+    gravity = serializers.JSONField(source="get_gravity_display")
     folder = FieldsRelatedField()
 
     class Meta:

diff --git a/backend/ebios_rm/views.py b/backend/ebios_rm/views.py
@@ -1,3 +1,4 @@
+from core.serializers import RiskMatrixReadSerializer
 from core.views import BaseModelViewSet as AbstractBaseModelViewSet
 from .models import (
     EbiosRMStudy,
@@ -31,10 +32,47 @@ class EbiosRMStudyViewSet(BaseModelViewSet):
     def status(self, request):
         return Response(dict(EbiosRMStudy.Status.choices))
 
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=True, name="Get gravity choices")
+    def gravity(self, request, pk):
+        study: EbiosRMStudy = self.get_object()
+        undefined = dict([(-1, "--")])
+        _choices = dict(
+            zip(
+                list(range(0, 64)),
+                [x["name"] for x in study.parsed_matrix["impact"]],
+            )
+        )
+        choices = undefined | _choices
+        return Response(choices)
+
 
 class FearedEventViewSet(BaseModelViewSet):
     model = FearedEvent
 
+    filterset_fields = [
+        "ebios_rm_study",
+    ]
+
+    @action(detail=True, name="Get risk matrix", url_path="risk-matrix")
+    def risk_matrix(self, request, pk=None):
+        feared_event = self.get_object()
+        return Response(RiskMatrixReadSerializer(feared_event.risk_matrix).data)
+
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=True, name="Get gravity choices")
+    def gravity(self, request, pk):
+        feared_event: FearedEvent = self.get_object()
+        undefined = dict([(-1, "--")])
+        _choices = dict(
+            zip(
+                list(range(0, 64)),
+                [x["name"] for x in feared_event.parsed_matrix["impact"]],
+            )
+        )
+        choices = undefined | _choices
+        return Response(choices)
+
 
 class RoToViewSet(BaseModelViewSet):
     model = RoTo