def reinstate_risk_acceptance(request, eid, raid): risk_acceptance = get_object_or_404(prefetch_for_expiration(Risk_Acceptance.objects.all()), pk=raid) eng = get_object_or_404(Engagement, pk=eid) if not eng.product.enable_full_risk_acceptance: raise PermissionDenied() ra_helper.reinstate(risk_acceptance, risk_acceptance.expiration_date) return redirect_to_return_url_or_else(request, reverse("view_risk_acceptance", args=(eid, raid)))
def view_edit_risk_acceptance(request, eid, raid, edit_mode=False): risk_acceptance = get_object_or_404(Risk_Acceptance, pk=raid) eng = get_object_or_404(Engagement, pk=eid) if edit_mode and not eng.product.enable_full_risk_acceptance: raise PermissionDenied() risk_acceptance_form = None errors = False if request.method == 'POST': # deleting before instantiating the form otherwise django messes up and we end up with an empty path value if len(request.FILES) > 0: logger.debug('new proof uploaded') risk_acceptance.path.delete() if 'decision' in request.POST: old_expiration_date = risk_acceptance.expiration_date risk_acceptance_form = EditRiskAcceptanceForm(request.POST, request.FILES, instance=risk_acceptance) errors = errors or not risk_acceptance_form.is_valid() if not errors: logger.debug('path: %s', risk_acceptance_form.cleaned_data['path']) risk_acceptance_form.save() if risk_acceptance.expiration_date != old_expiration_date: # risk acceptance was changed, check if risk acceptance needs to be reinstated and findings made accepted again ra_helper.reinstate(risk_acceptance, old_expiration_date) messages.add_message( request, messages.SUCCESS, 'Risk Acceptance saved successfully.', extra_tags='alert-success') if 'entry' in request.POST: note_form = NoteForm(request.POST) errors = errors or not note_form.is_valid() if not errors: new_note = note_form.save(commit=False) new_note.author = request.user new_note.date = timezone.now() new_note.save() risk_acceptance.notes.add(new_note) messages.add_message( request, messages.SUCCESS, 'Note added successfully.', extra_tags='alert-success') if 'delete_note' in request.POST: note = get_object_or_404(Notes, pk=request.POST['delete_note_id']) if note.author.username == request.user.username: risk_acceptance.notes.remove(note) note.delete() messages.add_message( request, messages.SUCCESS, 'Note deleted successfully.', extra_tags='alert-success') else: messages.add_message( request, messages.ERROR, "Since you are not the note's author, it was not deleted.", extra_tags='alert-danger') if 'remove_finding' in request.POST: finding = get_object_or_404( Finding, pk=request.POST['remove_finding_id']) ra_helper.remove_finding_from_risk_acceptance(risk_acceptance, finding) messages.add_message( request, messages.SUCCESS, 'Finding removed successfully from risk acceptance.', extra_tags='alert-success') if 'replace_file' in request.POST: replace_form = ReplaceRiskAcceptanceProofForm( request.POST, request.FILES, instance=risk_acceptance) errors = errors or not replace_form.is_valid() if not errors: replace_form.save() messages.add_message( request, messages.SUCCESS, 'New Proof uploaded successfully.', extra_tags='alert-success') else: logger.error(replace_form.errors) if 'add_findings' in request.POST: add_findings_form = AddFindingsRiskAcceptanceForm( request.POST, request.FILES, instance=risk_acceptance) errors = errors or not add_findings_form.is_valid() if not errors: findings = add_findings_form.cleaned_data['accepted_findings'] ra_helper.add_findings_to_risk_acceptance(risk_acceptance, findings) messages.add_message( request, messages.SUCCESS, 'Finding%s added successfully.' % ('s' if len(findings) > 1 else ''), extra_tags='alert-success') if not errors: logger.debug('redirecting to return_url') return redirect_to_return_url_or_else(request, reverse("view_risk_acceptance", args=(eid, raid))) else: logger.error('errors found') else: if edit_mode: risk_acceptance_form = EditRiskAcceptanceForm(instance=risk_acceptance) note_form = NoteForm() replace_form = ReplaceRiskAcceptanceProofForm(instance=risk_acceptance) add_findings_form = AddFindingsRiskAcceptanceForm(instance=risk_acceptance) accepted_findings = risk_acceptance.accepted_findings.order_by('numerical_severity') fpage = get_page_items(request, accepted_findings, 15) unaccepted_findings = Finding.objects.filter(test__in=eng.test_set.all()) \ .exclude(id__in=accepted_findings).order_by("title") add_fpage = get_page_items(request, unaccepted_findings, 10, 'apage') # on this page we need to add unaccepted findings as possible findings to add as accepted add_findings_form.fields[ "accepted_findings"].queryset = add_fpage.object_list product_tab = Product_Tab(eng.product.id, title="Risk Acceptance", tab="engagements") product_tab.setEngagement(eng) return render( request, 'dojo/view_risk_acceptance.html', { 'risk_acceptance': risk_acceptance, 'engagement': eng, 'product_tab': product_tab, 'accepted_findings': fpage, 'notes': risk_acceptance.notes.all(), 'eng': eng, 'edit_mode': edit_mode, 'risk_acceptance_form': risk_acceptance_form, 'note_form': note_form, 'replace_form': replace_form, 'add_findings_form': add_findings_form, # 'show_add_findings_form': len(unaccepted_findings), 'request': request, 'add_findings': add_fpage, 'return_url': get_return_url(request), })