def clear_finding_review(request, fid):
finding = get_object_or_404(Finding, id=fid)
user = get_object_or_404(Dojo_User, id=request.user.id)
# in order to clear a review for a finding, we need to capture why and how it was reviewed
# we can do this with a Note
if user == finding.review_requested_by or user in finding.reviewers.all():
pass
else:
return HttpResponseForbidden()
if request.method == 'POST':
form = ClearFindingReviewForm(request.POST, instance=finding)
if form.is_valid():
now = timezone.now()
new_note = Notes()
new_note.entry = "Review Cleared: " + form.cleaned_data['entry']
new_note.author = request.user
new_note.date = now
new_note.save()
finding = form.save(commit=False)
finding.under_review = False
finding.last_reviewed = now
finding.last_reviewed_by = request.user
finding.reviewers = []
finding.save()
finding.notes.add(new_note)
messages.add_message(request,
messages.SUCCESS,
'Finding review has been updated successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_finding', args=(finding.id,)))
else:
form = ClearFindingReviewForm(instance=finding)
add_breadcrumb(parent=finding, title="Clear Finding Review", top_level=False, request=request)
return render(request, 'dojo/clear_finding_review.html',
{'finding': finding,
'user': user, 'form': form})
def clear_finding_review(request, fid):
finding = get_object_or_404(Finding, id=fid)
user = get_object_or_404(Dojo_User, id=request.user.id)
# in order to clear a review for a finding, we need to capture why and how it was reviewed
# we can do this with a Note
if user == finding.review_requested_by or user in finding.reviewers.all():
pass
else:
return HttpResponseForbidden()
if request.method == 'POST':
form = ClearFindingReviewForm(request.POST, instance=finding)
if form.is_valid():
now = datetime.now(tz=localtz)
new_note = Notes()
new_note.entry = "Review Cleared: " + form.cleaned_data['entry']
new_note.author = request.user
new_note.date = now
new_note.save()
finding = form.save(commit=False)
finding.under_review = False
finding.last_reviewed = now
finding.last_reviewed_by = request.user
finding.reviewers = []
finding.save()
finding.notes.add(new_note)
messages.add_message(
request,
messages.SUCCESS,
'Finding review has been updated successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_finding', args=(finding.id, )))
else:
form = ClearFindingReviewForm(instance=finding)
add_breadcrumb(parent=finding,
title="Clear Finding Review",
top_level=False,
request=request)
return render(request, 'dojo/clear_finding_review.html', {
'finding': finding,
'user': user,
'form': form
})