def view_risk(request, eid, raid):
risk_approval = get_object_or_404(Risk_Acceptance, pk=raid)
eng = get_object_or_404(Engagement, pk=eid)
if request.user.is_staff or check_auth_users_list(request.user, eng):
pass
else:
raise PermissionDenied
a_file = risk_approval.path
if request.method == 'POST':
note_form = NoteForm(request.POST)
if note_form.is_valid():
new_note = note_form.save(commit=False)
new_note.author = request.user
new_note.date = timezone.now()
new_note.save()
risk_approval.notes.add(new_note)
messages.add_message(request,
messages.SUCCESS,
'Note added successfully.',
extra_tags='alert-success')
if 'delete_note' in request.POST:
note = get_object_or_404(Notes, pk=request.POST['delete_note_id'])
if note.author.username == request.user.username:
risk_approval.notes.remove(note)
note.delete()
messages.add_message(request,
messages.SUCCESS,
'Note deleted successfully.',
extra_tags='alert-success')
else:
messages.add_message(
request,
messages.ERROR,
"Since you are not the note's author, it was not deleted.",
extra_tags='alert-danger')
if 'remove_finding' in request.POST:
finding = get_object_or_404(Finding,
pk=request.POST['remove_finding_id'])
risk_approval.accepted_findings.remove(finding)
finding.active = True
finding.save()
messages.add_message(request,
messages.SUCCESS,
'Finding removed successfully.',
extra_tags='alert-success')
if 'replace_file' in request.POST:
replace_form = ReplaceRiskAcceptanceForm(request.POST,
request.FILES,
instance=risk_approval)
if replace_form.is_valid():
risk_approval.path.delete(save=False)
risk_approval.path = replace_form.cleaned_data['path']
risk_approval.save()
messages.add_message(request,
messages.SUCCESS,
'File replaced successfully.',
extra_tags='alert-success')
if 'add_findings' in request.POST:
add_findings_form = AddFindingsRiskAcceptanceForm(
request.POST, request.FILES, instance=risk_approval)
if add_findings_form.is_valid():
findings = add_findings_form.cleaned_data['accepted_findings']
for finding in findings:
finding.active = False
finding.save()
risk_approval.accepted_findings.add(finding)
risk_approval.save()
messages.add_message(request,
messages.SUCCESS,
'Finding%s added successfully.' %
('s' if len(findings) > 1 else ''),
extra_tags='alert-success')
note_form = NoteForm()
replace_form = ReplaceRiskAcceptanceForm()
add_findings_form = AddFindingsRiskAcceptanceForm()
accepted_findings = risk_approval.accepted_findings.order_by(
'numerical_severity')
fpage = get_page_items(request, accepted_findings, 15)
unaccepted_findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=accepted_findings).order_by("title")
add_fpage = get_page_items(request, unaccepted_findings, 10, 'apage')
# on this page we need to add unaccepted findings as possible findings to add as accepted
add_findings_form.fields[
"accepted_findings"].queryset = add_fpage.object_list
authorized = (request.user == risk_approval.owner.username
or request.user.is_staff)
product_tab = Product_Tab(eng.product.id,
title="Risk Exception",
tab="engagements")
product_tab.setEngagement(eng)
return render(
request,
'dojo/view_risk.html',
{
'risk_approval': risk_approval,
'product_tab': product_tab,
'accepted_findings': fpage,
'notes': risk_approval.notes.all(),
'a_file': a_file,
'eng': eng,
'note_form': note_form,
'replace_form': replace_form,
'add_findings_form': add_findings_form,
# 'show_add_findings_form': len(unaccepted_findings),
'request': request,
'add_findings': add_fpage,
'authorized': authorized,
})
def view_risk(request, eid, raid):
risk_approval = get_object_or_404(Risk_Acceptance, pk=raid)
eng = get_object_or_404(Engagement, pk=eid)
if (request.user.is_staff
or request.user in eng.product.authorized_users.all()):
pass
else:
raise PermissionDenied
a_file = risk_approval.path
if request.method == 'POST':
note_form = NoteForm(request.POST)
if note_form.is_valid():
new_note = note_form.save(commit=False)
new_note.author = request.user
new_note.date = datetime.now(tz=localtz)
new_note.save()
risk_approval.notes.add(new_note)
messages.add_message(request,
messages.SUCCESS,
'Note added successfully.',
extra_tags='alert-success')
if 'delete_note' in request.POST:
note = get_object_or_404(Notes, pk=request.POST['delete_note_id'])
if note.author.username == request.user.username:
risk_approval.notes.remove(note)
note.delete()
messages.add_message(request,
messages.SUCCESS,
'Note deleted successfully.',
extra_tags='alert-success')
else:
messages.add_message(
request,
messages.ERROR,
"Since you are not the note's author, it was not deleted.",
extra_tags='alert-danger')
if 'remove_finding' in request.POST:
finding = get_object_or_404(Finding,
pk=request.POST['remove_finding_id'])
risk_approval.accepted_findings.remove(finding)
finding.active = True
finding.save()
messages.add_message(request,
messages.SUCCESS,
'Finding removed successfully.',
extra_tags='alert-success')
if 'replace_file' in request.POST:
replace_form = ReplaceRiskAcceptanceForm(request.POST,
request.FILES,
instance=risk_approval)
if replace_form.is_valid():
risk_approval.path.delete(save=False)
risk_approval.path = replace_form.cleaned_data['path']
risk_approval.save()
messages.add_message(request,
messages.SUCCESS,
'File replaced successfully.',
extra_tags='alert-success')
if 'add_findings' in request.POST:
add_findings_form = AddFindingsRiskAcceptanceForm(
request.POST, request.FILES, instance=risk_approval)
if add_findings_form.is_valid():
findings = add_findings_form.cleaned_data['accepted_findings']
for finding in findings:
finding.active = False
finding.save()
risk_approval.accepted_findings.add(finding)
risk_approval.save()
messages.add_message(request,
messages.SUCCESS,
'Finding%s added successfully.' %
('s' if len(findings) > 1 else ''),
extra_tags='alert-success')
note_form = NoteForm()
replace_form = ReplaceRiskAcceptanceForm()
add_findings_form = AddFindingsRiskAcceptanceForm()
exclude_findings = [
finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()
]
findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by("title")
add_fpage = get_page_items(request, findings, 10, 'apage')
add_findings_form.fields[
"accepted_findings"].queryset = add_fpage.object_list
fpage = get_page_items(
request,
risk_approval.accepted_findings.order_by('numerical_severity'), 15)
authorized = (request.user == risk_approval.reporter.username
or request.user.is_staff)
add_breadcrumb(parent=risk_approval, top_level=False, request=request)
return render(
request, 'dojo/view_risk.html', {
'risk_approval': risk_approval,
'accepted_findings': fpage,
'notes': risk_approval.notes.all(),
'a_file': a_file,
'eng': eng,
'note_form': note_form,
'replace_form': replace_form,
'add_findings_form': add_findings_form,
'show_add_findings_form': len(findings),
'request': request,
'add_findings': add_fpage,
'authorized': authorized,
})
def view_risk(request, eid, raid):
risk_approval = get_object_or_404(Risk_Acceptance, pk=raid)
eng = get_object_or_404(Engagement, pk=eid)
if (request.user.is_staff or
request.user in eng.product.authorized_users.all()):
pass
else:
raise PermissionDenied
a_file = risk_approval.path
if request.method == 'POST':
note_form = NoteForm(request.POST)
if note_form.is_valid():
new_note = note_form.save(commit=False)
new_note.author = request.user
new_note.date = datetime.now(tz=localtz)
new_note.save()
risk_approval.notes.add(new_note)
messages.add_message(request,
messages.SUCCESS,
'Note added successfully.',
extra_tags='alert-success')
if 'delete_note' in request.POST:
note = get_object_or_404(Notes, pk=request.POST['delete_note_id'])
if note.author.username == request.user.username:
risk_approval.notes.remove(note)
note.delete()
messages.add_message(request,
messages.SUCCESS,
'Note deleted successfully.',
extra_tags='alert-success')
else:
messages.add_message(
request,
messages.ERROR,
"Since you are not the note's author, it was not deleted.",
extra_tags='alert-danger')
if 'remove_finding' in request.POST:
finding = get_object_or_404(Finding,
pk=request.POST['remove_finding_id'])
risk_approval.accepted_findings.remove(finding)
finding.active = True
finding.save()
messages.add_message(request,
messages.SUCCESS,
'Finding removed successfully.',
extra_tags='alert-success')
if 'replace_file' in request.POST:
replace_form = ReplaceRiskAcceptanceForm(
request.POST,
request.FILES,
instance=risk_approval)
if replace_form.is_valid():
risk_approval.path.delete(save=False)
risk_approval.path = replace_form.cleaned_data['path']
risk_approval.save()
messages.add_message(request,
messages.SUCCESS,
'File replaced successfully.',
extra_tags='alert-success')
if 'add_findings' in request.POST:
add_findings_form = AddFindingsRiskAcceptanceForm(
request.POST,
request.FILES,
instance=risk_approval)
if add_findings_form.is_valid():
findings = add_findings_form.cleaned_data[
'accepted_findings']
for finding in findings:
finding.active = False
finding.save()
risk_approval.accepted_findings.add(finding)
risk_approval.save()
messages.add_message(
request,
messages.SUCCESS,
'Finding%s added successfully.' % ('s'
if len(findings) > 1 else ''),
extra_tags='alert-success')
note_form = NoteForm()
replace_form = ReplaceRiskAcceptanceForm()
add_findings_form = AddFindingsRiskAcceptanceForm()
exclude_findings = [finding.id for ra in eng.risk_acceptance.all()
for finding in ra.accepted_findings.all()]
findings = Finding.objects.filter(test__in=eng.test_set.all()) \
.exclude(id__in=exclude_findings).order_by("title")
add_fpage = get_page_items(request, findings, 10, 'apage')
add_findings_form.fields[
"accepted_findings"].queryset = add_fpage.object_list
fpage = get_page_items(request, risk_approval.accepted_findings.order_by(
'numerical_severity'), 15)
authorized = (request.user == risk_approval.reporter.username
or request.user.is_staff)
add_breadcrumb(parent=risk_approval, top_level=False, request=request)
return render(request, 'dojo/view_risk.html',
{'risk_approval': risk_approval,
'accepted_findings': fpage,
'notes': risk_approval.notes.all(),
'a_file': a_file,
'eng': eng,
'note_form': note_form,
'replace_form': replace_form,
'add_findings_form': add_findings_form,
'show_add_findings_form': len(findings),
'request': request,
'add_findings': add_fpage,
'authorized': authorized,
})