def clear_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) # in order to clear a review for a finding, we need to capture why and how it was reviewed # we can do this with a Note if user == finding.review_requested_by or user in finding.reviewers.all(): pass else: return HttpResponseForbidden() if request.method == 'POST': form = ClearFindingReviewForm(request.POST, instance=finding) if form.is_valid(): now = timezone.now() new_note = Notes() new_note.entry = "Review Cleared: " + form.cleaned_data['entry'] new_note.author = request.user new_note.date = now new_note.save() finding = form.save(commit=False) finding.under_review = False finding.last_reviewed = now finding.last_reviewed_by = request.user finding.reviewers = [] finding.save() finding.notes.add(new_note) messages.add_message(request, messages.SUCCESS, 'Finding review has been updated successfully.', extra_tags='alert-success') return HttpResponseRedirect(reverse('view_finding', args=(finding.id,))) else: form = ClearFindingReviewForm(instance=finding) add_breadcrumb(parent=finding, title="Clear Finding Review", top_level=False, request=request) return render(request, 'dojo/clear_finding_review.html', {'finding': finding, 'user': user, 'form': form})
def clear_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) # in order to clear a review for a finding, we need to capture why and how it was reviewed # we can do this with a Note if user == finding.review_requested_by or user in finding.reviewers.all(): pass else: return HttpResponseForbidden() if request.method == 'POST': form = ClearFindingReviewForm(request.POST, instance=finding) if form.is_valid(): now = datetime.now(tz=localtz) new_note = Notes() new_note.entry = "Review Cleared: " + form.cleaned_data['entry'] new_note.author = request.user new_note.date = now new_note.save() finding = form.save(commit=False) finding.under_review = False finding.last_reviewed = now finding.last_reviewed_by = request.user finding.reviewers = [] finding.save() finding.notes.add(new_note) messages.add_message( request, messages.SUCCESS, 'Finding review has been updated successfully.', extra_tags='alert-success') return HttpResponseRedirect( reverse('view_finding', args=(finding.id, ))) else: form = ClearFindingReviewForm(instance=finding) add_breadcrumb(parent=finding, title="Clear Finding Review", top_level=False, request=request) return render(request, 'dojo/clear_finding_review.html', { 'finding': finding, 'user': user, 'form': form })