Skip to content

feat: created backend checking if the objects on creation/edit are relevant in domain context #1769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: created backend checking if the objects on creation/edit are relevant in domain context #1769

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
78367fb
created backend function checking out of folder manytomany, onetomany…
melinoix Mar 26, 2025
555a4c1
correct function for folders creation and users creation
melinoix Mar 26, 2025
a2a367f
correct perimeters creation and risk scenarios
melinoix Mar 27, 2025
799605c
skip fields related to user
melinoix Mar 27, 2025
c0d0881
correct updates
melinoix Mar 27, 2025
c2dd884
corrected tests
melinoix Mar 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 50 additions & 1 deletion backend/app_tests/api/test_api_compliance_assessments.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,55 @@ def test_create_compliance_assessments(self, test):
def test_update_compliance_assessments(self, test):
"""test to update compliance assessments with the API with authentication"""

EndpointTestsQueries.Auth.import_object(test.admin_client, "Documents")
EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework2")
perimeter = Perimeter.objects.create(name="test", folder=test.folder)
perimeter2 = Perimeter.objects.create(name="test2", folder=test.folder)

EndpointTestsQueries.Auth.update_object(
test.client,
"Compliance Assessments",
ComplianceAssessment,
{
"name": COMPLIANCE_ASSESSMENT_NAME,
"description": COMPLIANCE_ASSESSMENT_DESCRIPTION,
"version": COMPLIANCE_ASSESSMENT_VERSION,
"perimeter": perimeter,
"framework": Framework.objects.all()[0],
},
{
"name": "new " + COMPLIANCE_ASSESSMENT_NAME,
"description": "new " + COMPLIANCE_ASSESSMENT_DESCRIPTION,
"version": COMPLIANCE_ASSESSMENT_VERSION + ".1",
"perimeter": str(perimeter2.id),
"framework": str(Framework.objects.all()[1].id),
},
{
"perimeter": {
"id": str(perimeter.id),
"str": perimeter.folder.name + "/" + perimeter.name,
"folder": {
"id": str(perimeter.folder.id),
"str": perimeter.folder.name,
},
},
"framework": {
"id": str(Framework.objects.all()[0].id),
"str": str(Framework.objects.all()[0]),
"implementation_groups_definition": None,
"reference_controls": [],
"min_score": Framework.objects.all()[0].min_score,
"max_score": Framework.objects.all()[0].max_score,
"ref_id": str(Framework.objects.all()[0].ref_id),
},
},
user_group=test.user_group,
scope=str(test.folder),
)
Comment on lines +191 to +230
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Inconsistency in expected response structure

The test correctly updates the compliance assessment with new perimeter (perimeter2) and framework (Framework.objects.all()[1]), but the expected response structure still references the original objects.

Consider updating the expected response to match the updated values:

            {
                "perimeter": {
-                    "id": str(perimeter.id),
-                    "str": perimeter.folder.name + "/" + perimeter.name,
+                    "id": str(perimeter2.id),
+                    "str": perimeter2.folder.name + "/" + perimeter2.name,
                    "folder": {
-                        "id": str(perimeter.folder.id),
-                        "str": perimeter.folder.name,
+                        "id": str(perimeter2.folder.id),
+                        "str": perimeter2.folder.name,
                    },
                },
                "framework": {
-                    "id": str(Framework.objects.all()[0].id),
-                    "str": str(Framework.objects.all()[0]),
+                    "id": str(Framework.objects.all()[1].id),
+                    "str": str(Framework.objects.all()[1]),
                    "implementation_groups_definition": None,
                    "reference_controls": [],
-                    "min_score": Framework.objects.all()[0].min_score,
-                    "max_score": Framework.objects.all()[0].max_score,
-                    "ref_id": str(Framework.objects.all()[0].ref_id),
+                    "min_score": Framework.objects.all()[1].min_score,
+                    "max_score": Framework.objects.all()[1].max_score,
+                    "ref_id": str(Framework.objects.all()[1].ref_id),
                },
            },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
EndpointTestsQueries.Auth.update_object(
test.client,
"Compliance Assessments",
ComplianceAssessment,
{
"name": COMPLIANCE_ASSESSMENT_NAME,
"description": COMPLIANCE_ASSESSMENT_DESCRIPTION,
"version": COMPLIANCE_ASSESSMENT_VERSION,
"perimeter": perimeter,
"framework": Framework.objects.all()[0],
},
{
"name": "new " + COMPLIANCE_ASSESSMENT_NAME,
"description": "new " + COMPLIANCE_ASSESSMENT_DESCRIPTION,
"version": COMPLIANCE_ASSESSMENT_VERSION + ".1",
"perimeter": str(perimeter2.id),
"framework": str(Framework.objects.all()[1].id),
},
{
"perimeter": {
"id": str(perimeter.id),
"str": perimeter.folder.name + "/" + perimeter.name,
"folder": {
"id": str(perimeter.folder.id),
"str": perimeter.folder.name,
},
},
"framework": {
"id": str(Framework.objects.all()[0].id),
"str": str(Framework.objects.all()[0]),
"implementation_groups_definition": None,
"reference_controls": [],
"min_score": Framework.objects.all()[0].min_score,
"max_score": Framework.objects.all()[0].max_score,
"ref_id": str(Framework.objects.all()[0].ref_id),
},
},
user_group=test.user_group,
scope=str(test.folder),
)
EndpointTestsQueries.Auth.update_object(
test.client,
"Compliance Assessments",
ComplianceAssessment,
{
"name": COMPLIANCE_ASSESSMENT_NAME,
"description": COMPLIANCE_ASSESSMENT_DESCRIPTION,
"version": COMPLIANCE_ASSESSMENT_VERSION,
"perimeter": perimeter,
"framework": Framework.objects.all()[0],
},
{
"name": "new " + COMPLIANCE_ASSESSMENT_NAME,
"description": "new " + COMPLIANCE_ASSESSMENT_DESCRIPTION,
"version": COMPLIANCE_ASSESSMENT_VERSION + ".1",
"perimeter": str(perimeter2.id),
"framework": str(Framework.objects.all()[1].id),
},
{
"perimeter": {
"id": str(perimeter2.id),
"str": perimeter2.folder.name + "/" + perimeter2.name,
"folder": {
"id": str(perimeter2.folder.id),
"str": perimeter2.folder.name,
},
},
"framework": {
"id": str(Framework.objects.all()[1].id),
"str": str(Framework.objects.all()[1]),
"implementation_groups_definition": None,
"reference_controls": [],
"min_score": Framework.objects.all()[1].min_score,
"max_score": Framework.objects.all()[1].max_score,
"ref_id": str(Framework.objects.all()[1].ref_id),
},
},
user_group=test.user_group,
scope=str(test.folder),
)


"""def test_update_compliance_assessments_fails_with_out_of_scope_object(self, test):

EndpointTestsQueries.Auth.import_object(test.admin_client, "Documents")
EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework2")
Expand Down Expand Up @@ -229,7 +278,7 @@ def test_update_compliance_assessments(self, test):
},
user_group=test.user_group,
scope=str(test.folder),
)
)"""

def test_delete_compliance_assessments(self, test):
"""test to delete compliance assessments with the API with authentication"""
Expand Down
48 changes: 47 additions & 1 deletion backend/app_tests/api/test_api_evidences.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,52 @@ def test_create_evidences(self, test):
def test_update_evidences(self, test):
"""test to update evidences with the API with authentication"""

folder = Folder.objects.create(name="test2")
applied_control = AppliedControl.objects.create(name="test", folder=test.folder)
applied_control2 = AppliedControl.objects.create(
name="test2", folder=test.folder
)

Comment on lines +163 to +168
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove unused variable to eliminate code smell.

The variable folder at line 163 is never referenced. This could introduce confusion and should be removed or utilized if intended for further testing.

-        folder = Folder.objects.create(name="test2")
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
folder = Folder.objects.create(name="test2")
applied_control = AppliedControl.objects.create(name="test", folder=test.folder)
applied_control2 = AppliedControl.objects.create(
name="test2", folder=test.folder
)
applied_control = AppliedControl.objects.create(name="test", folder=test.folder)
applied_control2 = AppliedControl.objects.create(
name="test2", folder=test.folder
)
🧰 Tools
🪛 Ruff (0.8.2)

163-163: Local variable folder is assigned to but never used

Remove assignment to unused variable folder

(F841)

with open(
path.join(path.dirname(path.dirname(__file__)), EVIDENCE_ATTACHMENT), "rb"
) as file:
EndpointTestsQueries.Auth.update_object(
test.client,
"Evidences",
Evidence,
{
"name": EVIDENCE_NAME,
"description": EVIDENCE_DESCRIPTION,
"link": EVIDENCE_LINK,
"folder": test.folder,
"applied_controls": [applied_control],
},
{
"name": "new " + EVIDENCE_NAME,
"description": "new " + EVIDENCE_DESCRIPTION,
"link": EVIDENCE_LINK + "/new",
"folder": str(test.folder.id),
"applied_controls": [str(applied_control2.id)],
"attachment": file,
},
{
"folder": {"id": str(test.folder.id), "str": test.folder.name},
"applied_controls": [
{
"id": str(applied_control.id),
"str": applied_control.name,
}
],
},
{
"attachment": EVIDENCE_ATTACHMENT,
},
query_format="multipart",
user_group=test.user_group,
)

"""def test_update_evidences_fails_with_out_of_scope_object(self, test):

folder = Folder.objects.create(name="test2")
applied_control = AppliedControl.objects.create(name="test", folder=test.folder)
applied_control2 = AppliedControl.objects.create(name="test2", folder=folder)
Expand Down Expand Up @@ -200,7 +246,7 @@ def test_update_evidences(self, test):
},
query_format="multipart",
user_group=test.user_group,
)
)"""

def test_delete_evidences(self, test):
"""test to delete evidences with the API with authentication"""
Expand Down
89 changes: 88 additions & 1 deletion backend/app_tests/api/test_api_requirement_assessments.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,93 @@ def test_create_requirement_assessments(self, test):
def test_update_requirement_assessments(self, test):
"""test to update requirement assessments with the API with authentication"""

EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
folder = Folder.objects.create(name="test2")
Comment on lines +212 to +213
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove unused variable to maintain clarity.

The folder variable at line 213 is never used, which can be misleading. Suggest removing it or putting it to actual use.

-        folder = Folder.objects.create(name="test2")
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
folder = Folder.objects.create(name="test2")
EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
🧰 Tools
🪛 Ruff (0.8.2)

213-213: Local variable folder is assigned to but never used

Remove assignment to unused variable folder

(F841)

compliance_assessment = ComplianceAssessment.objects.create(
name="test",
perimeter=Perimeter.objects.create(name="test", folder=test.folder),
framework=Framework.objects.all()[0],
)
compliance_assessment2 = ComplianceAssessment.objects.create(
name="test2",
perimeter=Perimeter.objects.create(name="test2", folder=test.folder),
framework=Framework.objects.all()[0],
)
applied_control = AppliedControl.objects.create(name="test", folder=test.folder)

EndpointTestsQueries.Auth.update_object(
test.client,
"Requirement Assessments",
RequirementAssessment,
{
"status": REQUIREMENT_ASSESSMENT_STATUS,
"observation": REQUIREMENT_ASSESSMENT_OBSERVATION,
"folder": test.folder,
"compliance_assessment": compliance_assessment,
"requirement": RequirementNode.objects.all()[0],
"score": None,
},
{
"status": REQUIREMENT_ASSESSMENT_STATUS2,
"observation": "new " + REQUIREMENT_ASSESSMENT_OBSERVATION,
"folder": str(test.folder.id),
"compliance_assessment": str(compliance_assessment2.id),
"requirement": str(RequirementNode.objects.all()[1].id),
"applied_controls": [str(applied_control.id)],
"score": 3,
},
{
"folder": {"id": str(test.folder.id), "str": test.folder.name},
"compliance_assessment": {
"id": str(compliance_assessment.id),
"str": compliance_assessment.name,
},
"requirement": {
"id": str(RequirementNode.objects.all()[0].id),
"urn": RequirementNode.objects.all()[0].urn,
"annotation": RequirementNode.objects.all()[0].annotation,
"name": RequirementNode.objects.all()[0].name,
"description": RequirementNode.objects.all()[0].description,
"typical_evidence": RequirementNode.objects.all()[
0
].typical_evidence,
"ref_id": RequirementNode.objects.all()[0].ref_id,
"associated_reference_controls": RequirementNode.objects.all()[
0
].associated_reference_controls,
"associated_threats": RequirementNode.objects.all()[
0
].associated_threats,
"parent_requirement": {
"str": RequirementNode.objects.all()[0].parent_requirement.get(
"str"
),
"urn": RequirementNode.objects.all()[0].parent_requirement.get(
"urn"
),
"id": str(
RequirementNode.objects.all()[0].parent_requirement.get(
"id"
)
),
"ref_id": RequirementNode.objects.all()[
0
].parent_requirement.get("ref_id"),
"name": RequirementNode.objects.all()[0].parent_requirement.get(
"name"
),
"description": RequirementNode.objects.all()[
0
].parent_requirement.get("description"),
}
if RequirementNode.objects.all()[0].parent_requirement
else None,
},
},
user_group=test.user_group,
)

"""def test_update_requirement_assessments_fails_with_out_of_scope_object(self, test):
EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
folder = Folder.objects.create(name="test2")
compliance_assessment = ComplianceAssessment.objects.create(
Expand Down Expand Up @@ -293,7 +380,7 @@ def test_update_requirement_assessments(self, test):
},
},
user_group=test.user_group,
)
)"""

def test_get_status_choices(self, test):
"""test to get requirement assessments status choices from the API with authentication"""
Expand Down
52 changes: 51 additions & 1 deletion backend/app_tests/api/test_api_risk_acceptances.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,56 @@ def test_create_risk_acceptances(self, test):
def test_update_risk_acceptances(self, test):
"""test to update risk acceptances with the API with authentication"""

EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
approver = User.objects.create_user(email="[email protected]")
UserGroup.objects.get(name="BI-UG-GAP").user_set.add(approver)
approver2 = User.objects.create_user(email="[email protected]")
UserGroup.objects.get(name="BI-UG-GAP").user_set.add(approver2)
risk_scenario = RiskScenario.objects.create(
name="test scenario",
description="test description",
risk_assessment=RiskAssessment.objects.create(
name="test",
perimeter=Perimeter.objects.create(name="test", folder=test.folder),
risk_matrix=RiskMatrix.objects.create(name="test", folder=test.folder),
),
)

EndpointTestsQueries.Auth.update_object(
test.client,
"Risk Acceptances",
RiskAcceptance,
{
"name": RISK_ACCEPTANCE_NAME,
"description": RISK_ACCEPTANCE_DESCRIPTION,
"expiry_date": RISK_ACCEPTANCE_EXPIRY_DATE,
# 'state': RISK_ACCEPTANCE_STATE[0],
"folder": test.folder,
"approver": approver,
},
{
"name": "new " + RISK_ACCEPTANCE_NAME,
"description": "new " + RISK_ACCEPTANCE_DESCRIPTION,
"expiry_date": "2024-05-05",
"folder": str(test.folder.id),
"approver": str(approver2.id),
"risk_scenarios": [str(risk_scenario.id)],
},
{
"folder": {"id": str(test.folder.id), "str": test.folder.name},
"approver": {
"id": str(approver.id),
"str": approver.email,
"last_name": approver.last_name,
"first_name": approver.first_name,
},
# 'state': RISK_ACCEPTANCE_STATE[1],
},
user_group=test.user_group,
)

"""def test_update_risk_acceptances(self, test):

EndpointTestsQueries.Auth.import_object(test.admin_client, "Framework")
folder = Folder.objects.create(name="test2")
approver = User.objects.create_user(email="[email protected]")
Expand Down Expand Up @@ -227,7 +277,7 @@ def test_update_risk_acceptances(self, test):
# 'state': RISK_ACCEPTANCE_STATE[1],
},
user_group=test.user_group,
)
)"""

def test_delete_risk_acceptances(self, test):
"""test to delete risk acceptances with the API with authentication"""
Expand Down
44 changes: 43 additions & 1 deletion backend/app_tests/api/test_api_risk_assessments.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,48 @@ def test_create_risk_assessments(self, test):
def test_update_risk_assessments(self, test):
"""test to update risk assessments with the API with authentication"""

EndpointTestsQueries.Auth.import_object(test.admin_client, "Risk matrix")
EndpointTestsQueries.Auth.import_object(test.admin_client, "Risk matrix2")
perimeter = Perimeter.objects.create(name="test", folder=test.folder)
perimeter2 = Perimeter.objects.create(name="test2", folder=test.folder)
risk_matrix = RiskMatrix.objects.all()[0]
risk_matrix2 = RiskMatrix.objects.all()[1]

EndpointTestsQueries.Auth.update_object(
test.client,
"Risk Assessment",
RiskAssessment,
{
"name": RISK_ASSESSMENT_NAME,
"description": RISK_ASSESSMENT_DESCRIPTION,
"version": RISK_ASSESSMENT_VERSION,
"perimeter": perimeter,
"risk_matrix": risk_matrix,
},
{
"name": "new " + RISK_ASSESSMENT_NAME,
"description": "new " + RISK_ASSESSMENT_DESCRIPTION,
"version": RISK_ASSESSMENT_VERSION + ".1",
"perimeter": str(perimeter2.id),
"risk_matrix": str(risk_matrix2.id),
},
{
"perimeter": {
"id": str(perimeter.id),
"str": perimeter.folder.name + "/" + perimeter.name,
"folder": {
"id": str(perimeter.folder.id),
"str": perimeter.folder.name,
},
},
"risk_matrix": {"id": str(risk_matrix.id), "str": str(risk_matrix)},
},
user_group=test.user_group,
scope=str(test.folder),
)

"""def test_update_risk_assessments(self, test):

EndpointTestsQueries.Auth.import_object(test.admin_client, "Risk matrix")
EndpointTestsQueries.Auth.import_object(test.admin_client, "Risk matrix2")
perimeter = Perimeter.objects.create(name="test", folder=test.folder)
Expand Down Expand Up @@ -210,7 +252,7 @@ def test_update_risk_assessments(self, test):
},
user_group=test.user_group,
scope=str(test.folder),
)
)"""

def test_delete_risk_assessments(self, test):
"""test to delete risk assessments with the API with authentication"""
Expand Down
Loading
Loading