You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Manage role responsibilities from the UI: the role detail page now lets you add, edit and delete responsibilities (description, RACI type, related activity) directly from the Responsibilities section. An Add button in the section header and per-row edit / delete actions open an HTMX drawer; the section refreshes in place after each change. Actions are gated by the context.role.update permission. Previously responsibilities could only be managed through the API / MCP tools (create_responsibility, update_responsibility, delete_responsibility), which remain available. Changing a role's responsibilities now sends the role back to its draft state (resetting approval and bumping the version) so it is re-validated; the demotion is recorded in the role's change history. This applies whether the change is made from the UI or through the REST API, except for roles in a terminal state (archived / cancelled), which are left untouched. The role's History section now also merges its responsibilities' own history into the role timeline, so adding, editing or deleting a responsibility is visible there (a deletion shows the removed responsibility's details, tagged as a "Responsibility" entry).
Generic CSV bulk import (suppliers first): a new reusable, entity-by-entity bulk-import framework (core/imports) modelled on the framework import. Each importable entity declares an EntityImporter with its column specification and registers it; the generic views, URLs (/imports/<entity>/), templates and sample-file generation then drive the same upload -> preview -> confirm wizard for every entity. Suppliers are the first consumer: an Import button above the supplier list opens a CSV upload in a modal, the file is validated row by row (type coercion, allowed values, FK/M2M resolution) and a preview lists the rows to import (flagging those that already exist) and the rows skipped with their errors before confirmation. Owners are resolved by email (blank falls back to the importing user), supplier types by name (must exist), scopes by reference or name (must exist) and tags by name (created on the fly). Duplicate handling is decided per row in the preview: a row whose exact name already matches an existing supplier shows a Replace checkbox, so for each match the user chooses to overwrite the existing supplier or keep it unchanged (a name matching several existing suppliers is reported as an ambiguous error). On replacement the supplier's original creation date is preserved. The importer can also carry over the original creation date of newly created suppliers from a legacy tool (a created_at column written via a post-save update so it is not overwritten by auto_now_add). A downloadable CSV sample with a per-column documentation panel is provided. Suppliers already expose programmatic bulk creation through the existing batch_create_suppliers MCP tool and the /api/v1/assets/suppliers/ batch endpoint.
Fixed
Role detail page crashed (500): the assigned-users list referenced the non-existent user.username attribute (the User model is email-based with no username field), raising a VariableDoesNotExist on every /context/roles/<id>/ view. It now falls back to user.email.
Dashboard progress-bar heights aligned: the "Active objectives progression" bars used the Bootstrap default height (16px) while the "Compliance by framework" bars were 8px. Both now render at 8px for a consistent look.
Modal select dropdowns clipped / hidden behind the modal: TomSelect dropdowns opened inside a form drawer were clipped by the scrollable modal body and could render behind the modal. They are now attached to <body> (dropdownParent) with a z-index above the modal, so the full option list is always visible regardless of the field's position in the form.
