wbcompliance 2.2.1__py2.py3-none-any.whl

wbcompliance/serializers/risk_management/incidents.py

@@ -0,0 +1,227 @@
+from datetime import timedelta
+
+from django.utils.translation import gettext as _
+from psycopg.types.range import NumericRange
+from rest_framework import serializers
+from rest_framework.reverse import reverse
+from wbcompliance.models.risk_management import (
+    CheckedObjectIncidentRelationship,
+    RiskIncident,
+    RiskIncidentType,
+    RuleThreshold,
+)
+from wbcore import serializers as wb_serializers
+from wbcore.content_type.serializers import ContentTypeRepresentationSerializer
+from wbcore.contrib.authentication.serializers import GroupRepresentationSerializer
+from wbcore.contrib.directory.serializers import PersonRepresentationSerializer
+
+from .checks import RiskCheckRepresentationSerializer
+from .rules import RiskRuleRepresentationSerializer
+
+
+class RiskIncidentTypeRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = RiskIncidentType
+        fields = ("id", "name")
+
+
+class RiskIncidentRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = RiskIncident
+        fields = ("id", "computed_str")
+
+
+class CheckedObjectIncidentRelationshipRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = CheckedObjectIncidentRelationship
+        fields = ("id", "computed_str")
+
+
+class RuleThresholdModelSerializer(wb_serializers.ModelSerializer):
+    _rule = RiskRuleRepresentationSerializer(source="rule")
+    _notifiable_users = PersonRepresentationSerializer(source="notifiable_users", many=True)
+    _notifiable_groups = GroupRepresentationSerializer(source="notifiable_groups", many=True)
+    _severity = RiskIncidentTypeRepresentationSerializer(source="severity")
+    range_lower = wb_serializers.FloatField(source="range.lower", allow_null=True, required=False, precision=4)
+    range_upper = wb_serializers.FloatField(source="range.upper", allow_null=True, required=False, precision=4)
+    range = wb_serializers.DecimalRangeField(required=False)
+
+    def validate(self, data):
+        range_upper, range_lower = None, None
+        if (range_dict := data.get("range", None)) and isinstance(range_dict, dict):
+            range_upper = range_dict.pop("upper", self.instance.range.upper if self.instance else None)
+            range_lower = range_dict.pop("lower", self.instance.range.lower if self.instance else None)
+        if range_upper and range_lower and range_upper < range_lower:
+            raise serializers.ValidationError({"range": "Lower needs to be strictly lower than upper bound"})
+        data["range"] = NumericRange(lower=range_lower, upper=range_upper)
+        return data
+
+    class Meta:
+        model = RuleThreshold
+        read_only_fields = ("computed_str",)
+        fields = (
+            "id",
+            "rule",
+            "_rule",
+            "range_lower",
+            "range_upper",
+            "range",
+            "severity",
+            "notifiable_users",
+            "_notifiable_users",
+            "notifiable_groups",
+            "_notifiable_groups",
+            "computed_str",
+            "upgradable_after_days",
+            "_severity",
+            "severity",
+        )
+
+
+class RiskIncidentModelSerializer(wb_serializers.ModelSerializer):
+    # Extra fields to accommodate the multi level tree view with the CheckedIncidentRelationship class
+    _group_key = wb_serializers.CharField(read_only=True)
+    checked_date = wb_serializers.DateField(read_only=True)
+    object_repr = wb_serializers.CharField(read_only=True)
+    threshold_repr = wb_serializers.CharField(read_only=True, required=False)
+    breached_value = wb_serializers.TextField(read_only=True, default="Open to see details")
+    report = wb_serializers.TextField(read_only=True, default="Open to see details")
+
+    _resolved_by = PersonRepresentationSerializer(source="resolved_by")
+    _breached_content_type = ContentTypeRepresentationSerializer(source="breached_content_type")
+    _rule = RiskRuleRepresentationSerializer(source="rule")
+    _severity = RiskIncidentTypeRepresentationSerializer(source="severity")
+    date_range = wb_serializers.DateRangeField(outward_bounds_transform="[]")
+    ignore_until = wb_serializers.DateField(
+        read_only=True, label="Ignore Until (Included)", help_text=_("Ignore until this date (included)")
+    )
+    ignore_duration_in_days = wb_serializers.IntegerField(
+        required=False,
+        label=_("Ignore for X days"),
+        help_text=_(
+            "If set to a value different than 0, will ignore the forthcoming incidents for the specified number of days"
+        ),
+    )
+
+    @wb_serializers.register_resource()
+    def additional_resources(self, instance, request, user):
+        res = {}
+        if instance.checked_object_relationships.exists():
+            res["relationships"] = reverse(
+                "wbcompliance:riskincident-relationship-list",
+                args=[instance.id],
+                request=request,
+            )
+        return res
+
+    def validate(self, data):
+        if (ignore_duration_in_days := data.get("ignore_duration_in_days", None)) is not None:
+            data["ignore_duration"] = timedelta(days=ignore_duration_in_days)
+        return data
+
+    class Meta:
+        model = RiskIncident
+        only_fsm_transition_on_instance = True
+
+        fields = (
+            "id",
+            "date_range",
+            "last_ignored_date",
+            "ignore_until",
+            "rule",
+            "_rule",
+            "breached_content_type",
+            "_breached_content_type",
+            "breached_object_id",
+            "breached_object_repr",
+            "ignore_duration",
+            "ignore_duration_in_days",
+            "status",
+            "severity",
+            "comment",
+            "resolved_by",
+            "_resolved_by",
+            "_severity",
+            "severity",
+            "is_notified",
+            "_additional_resources",
+            "_group_key",
+            "checked_date",
+            "object_repr",
+            "threshold_repr",
+            "breached_value",
+            "report",
+        )
+        read_only_fields = (
+            "id",
+            "date_range",
+            "last_ignored_date",
+            "ignore_until",
+            "rule",
+            "breached_content_type",
+            "breached_object_id",
+            "breached_object_repr",
+            "status",
+            "severity",
+            "resolved_by",
+            "_severity",
+            "severity",
+            "is_notified",
+        )
+
+
+class CheckedObjectIncidentRelationshipModelSerializer(wb_serializers.ModelSerializer):
+    _resolved_by = PersonRepresentationSerializer(source="resolved_by")
+    _incident = RiskIncidentRepresentationSerializer(source="incident")
+    _rule_check = RiskCheckRepresentationSerializer(source="rule_check")
+    _severity = RiskIncidentTypeRepresentationSerializer(source="severity")
+    breached_value = wb_serializers.TextField()
+    # extra annotation to play properly with the tree table
+    checked_date = wb_serializers.DateField(read_only=True, required=False)
+    # rule = wb_serializers.PrimaryKeyRelatedField()
+    # _rule = RiskRuleRepresentationSerializer(source="rule")
+    object_repr = wb_serializers.CharField(read_only=True, required=False)
+    date_range = wb_serializers.DateRangeField(read_only=True, outward_bounds_transform="[]", required=False)
+    threshold_repr = wb_serializers.CharField(read_only=True, required=False)
+
+    class Meta:
+        model = CheckedObjectIncidentRelationship
+        read_only_fields = (
+            "computed_str",
+            "incident",
+            "status",
+            "severity",
+            "rule_check",
+            "report",
+            "_severity",
+            "resolved_by",
+            "checked_date",
+            "rule",
+            "_rule",
+            "object_repr",
+            "date_range",
+            "breached_value",
+        )
+        fields = (
+            "id",
+            "computed_str",
+            "rule_check",
+            "_rule_check",
+            "incident",
+            "_incident",
+            "report",
+            "status",
+            "comment",
+            "resolved_by",
+            "_resolved_by",
+            "_severity",
+            "severity",
+            "_additional_resources",
+            "checked_date",
+            # "rule",
+            # "_rule",
+            "object_repr",
+            "date_range",
+            "threshold_repr",
+            "breached_value",
+        )

wbcompliance/serializers/risk_management/rules.py

@@ -0,0 +1,158 @@
+from django.contrib.contenttypes.models import ContentType
+from rest_framework.reverse import reverse
+from wbcompliance.models.risk_management import (
+    RiskRule,
+    RuleBackend,
+    RuleCheckedObjectRelationship,
+    RuleThreshold,
+)
+from wbcompliance.models.risk_management.rules import RuleGroup
+from wbcore import serializers as wb_serializers
+from wbcore.content_type.serializers import (
+    ContentTypeRepresentationSerializer,
+    DynamicObjectIDRepresentationSerializer,
+)
+from wbcore.contrib.authentication.serializers import UserRepresentationSerializer
+
+
+class RuleGroupRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = RuleGroup
+        fields = ("id", "name")
+
+
+class RuleCheckedObjectRelationshipRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = RuleCheckedObjectRelationship
+        fields = ("id", "computed_str", "checked_object_repr")
+
+
+class RuleBackendRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = RuleBackend
+        fields = ("id", "name")
+
+
+class RuleThresholdRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = RuleThreshold
+        fields = ("id", "computed_str")
+
+
+class RiskRuleRepresentationSerializer(wb_serializers.RepresentationSerializer):
+    class Meta:
+        model = RiskRule
+        fields = ("id", "name")
+
+
+class GetContentTypeFromKwargs:
+    requires_context = True
+
+    def __call__(self, serializer_instance):
+        if (view := serializer_instance.view) and (rule_id := view.kwargs.get("rule_id", None)):
+            rule = RiskRule.objects.get(id=rule_id)
+            if content_type := rule.rule_backend.allowed_checked_object_content_type:
+                return content_type.id
+        return None
+
+
+class RuleCheckedObjectRelationshipModelSerializer(wb_serializers.ModelSerializer):
+    checked_object_content_type = wb_serializers.PrimaryKeyRelatedField(
+        queryset=ContentType.objects.all(), default=GetContentTypeFromKwargs()
+    )
+    _checked_object_content_type = ContentTypeRepresentationSerializer(source="checked_object_content_type")
+    _checked_object_id = DynamicObjectIDRepresentationSerializer(
+        content_type_field_name="checked_object_content_type",
+        source="checked_object_id",
+        optional_get_parameters={"checked_object_content_type": "content_type"},
+        depends_on=[{"field": "checked_object_content_type", "options": {}}],
+    )
+
+    class Meta:
+        model = RuleCheckedObjectRelationship
+        # dependency_map = {
+        #     "checked_object_content_type": ["checked_object_id"],
+        # }
+        read_only_fields = ("computed_str", "checked_object_repr")
+        fields = (
+            "id",
+            "rule",
+            "checked_object_content_type",
+            "_checked_object_content_type",
+            "checked_object_id",
+            "_checked_object_id",
+            "checked_object_repr",
+            "computed_str",
+        )
+
+
+class RuleBackendModelSerializer(wb_serializers.ModelSerializer):
+    class Meta:
+        model = RuleBackend
+        fields = ("id", "name", "backend_class_path", "backend_class_name", "allowed_checked_object_content_type")
+        read_only_fields = fields
+
+
+class RiskRuleModelSerializer(wb_serializers.ModelSerializer):
+    parameters__group_by = wb_serializers.CharField(read_only=True)
+    _rule_backend = RuleBackendRepresentationSerializer(source="rule_backend")
+    _creator = UserRepresentationSerializer(source="creator")
+    parameters = wb_serializers.JSONTableField()
+    open_incidents_count = wb_serializers.IntegerField(default=0, read_only=True)
+    in_breach = wb_serializers.ChoiceField(
+        default=False,
+        read_only=True,
+        choices=[("BREACH", "In Breach"), ("PASSED", "Passed"), ("INACTIVE", "Inactive")],
+    )
+
+    def validate(self, data):
+        if (not self.instance or not self.instance.creator) and (request := self.context.get("request")):
+            data["creator"] = request.user
+        return super().validate(data)
+
+    @wb_serializers.register_resource()
+    def additional_resources(self, instance, request, user):
+        return {
+            "relationships": reverse(
+                "wbcompliance:riskrule-relationship-list",
+                args=[instance.id],
+                request=request,
+            ),
+            "thresholds": reverse(
+                "wbcompliance:riskrule-threshold-list",
+                args=[instance.id],
+                request=request,
+            ),
+            "incidents": reverse(
+                "wbcompliance:riskrule-incident-list",
+                args=[instance.id],
+                request=request,
+            ),
+        }
+
+    class Meta:
+        model = RiskRule
+        read_only_fields = ("creator",)
+        fields = (
+            "id",
+            "parameters__group_by",
+            "permission_type",
+            "creator",
+            "_creator",
+            "name",
+            "description",
+            "rule_backend",
+            "_rule_backend",
+            "is_enable",
+            "only_passive_check_allowed",
+            "automatically_close_incident",
+            "is_silent",
+            "is_mandatory",
+            "apply_to_all_active_relationships",
+            "parameters",
+            "open_incidents_count",
+            "in_breach",
+            "frequency",
+            "activation_date",
+            "_additional_resources",
+        )

wbcompliance/tasks.py

@@ -0,0 +1,112 @@
+from collections import defaultdict
+from datetime import date, datetime
+
+from celery import shared_task
+from django.contrib.contenttypes.models import ContentType
+from django.db.models import Q
+from tqdm import tqdm
+from wbcompliance.models import ComplianceTask, ReviewComplianceTask
+from wbcompliance.models.risk_management.rules import (
+    RiskRule,
+    RuleCheckedObjectRelationship,
+)
+
+
+@shared_task
+def check_passive_rules(
+    from_date: date | None = None,
+    to_date: date | None = None,
+    override_incident: bool | None = False,
+    extra_process_kwargs: dict | None = None,
+    silent_notification: bool = False,
+    debug: bool = False,
+):
+    """
+    Periodic function that call all active passive rules and trigger the check workflow
+    """
+    if not to_date:
+        to_date = datetime.today().date()
+
+    # cleanup relationship before continuing
+    clean_dynamic_rule_relationships(debug=debug)
+
+    process_kwargs = {
+        "override_incident": override_incident,
+    }
+    if isinstance(extra_process_kwargs, dict):
+        process_kwargs.update(extra_process_kwargs)
+
+    res = []
+    for rule in RiskRule.objects.filter(is_enable=True):
+        for relationship in rule.checked_object_relationships.iterator():
+            res.append((rule, relationship))
+    gen = res
+    if debug:
+        gen = tqdm(gen, total=len(res))
+    date_to_notify = defaultdict(set)
+    for rule, relationship in gen:
+        for evaluation_date in relationship.get_unchecked_dates(from_date=from_date, to_date=to_date):
+            if relationship.process_rule(evaluation_date, **process_kwargs):
+                date_to_notify[rule].add(evaluation_date)
+
+    if not silent_notification:
+        for rule, dates in date_to_notify.items():
+            for checked_date in dates:
+                rule.notify(checked_date)
+
+
+@shared_task
+def clean_dynamic_rule_relationships(debug: bool = False):
+    """
+    Periodic function to check reverse generic object that don't exist anymore. Furthermore, get the queryset representing all the active relationship for all backend and ensure that every object have a relationship (e.g. new object creation)
+    """
+    gen = RiskRule.objects.filter(apply_to_all_active_relationships=True)
+    if debug:
+        gen = tqdm(gen, total=gen.count())
+
+    for rule in gen:
+        leftover_relationships = rule.checked_object_relationships.all()
+        for content_object in rule.rule_backend.get_all_active_relationships():
+            rel, _ = RuleCheckedObjectRelationship.objects.get_or_create(
+                rule=rule,
+                checked_object_content_type=ContentType.objects.get_for_model(content_object),
+                checked_object_id=content_object.id,
+            )
+            leftover_relationships = leftover_relationships.exclude(id=rel.id)
+
+        for leftover_relationship in leftover_relationships.iterator():
+            leftover_relationship.delete()
+
+
+@shared_task
+def periodic_quaterly_or_monthly_compliance_task():
+    today = datetime.now()
+    qs = ComplianceTask.objects.filter(active=True)
+    qs_review = ReviewComplianceTask.objects.filter(
+        Q(status=ReviewComplianceTask.Status.VALIDATED) & Q(is_instance=False)
+    )
+    if today.month == 1 and today.day == 1:
+        qs = qs.filter(
+            Q(occurrence=ComplianceTask.Occurrence.YEARLY) | Q(occurrence=ComplianceTask.Occurrence.MONTHLY)
+        )
+        qs_review = qs_review.filter(
+            Q(occurrence=ReviewComplianceTask.Occurrence.YEARLY)
+            | Q(occurrence=ReviewComplianceTask.Occurrence.MONTHLY)
+        )
+    elif today.month % 3 == 0:
+        qs = qs.filter(
+            Q(occurrence=ComplianceTask.Occurrence.QUARTERLY) | Q(occurrence=ComplianceTask.Occurrence.MONTHLY)
+        )
+        qs_review = qs_review.filter(
+            Q(occurrence=ReviewComplianceTask.Occurrence.QUARTERLY)
+            | Q(occurrence=ReviewComplianceTask.Occurrence.MONTHLY)
+        )
+    else:
+        qs = qs.filter(occurrence=ComplianceTask.Occurrence.MONTHLY)
+        qs_review = qs_review.filter(occurrence=ReviewComplianceTask.Occurrence.MONTHLY)
+
+    for review_task in qs_review:
+        review_task.generate_review_compliance_task_instance(notify_admin=True)
+
+    for task in qs:
+        task.generate_compliance_task_instance(link_instance_review=True)

wbcompliance/tests/conftest.py

@@ -0,0 +1,63 @@
+from django.apps import apps
+from django.db.models.signals import pre_migrate
+from pytest_factoryboy import register
+from wbcompliance.factories import (
+    ComplianceActionFactory,
+    ComplianceEventFactory,
+    ComplianceFormFactory,
+    ComplianceFormRuleFactory,
+    ComplianceFormSectionFactory,
+    ComplianceFormSignatureFactory,
+    ComplianceFormTypeFactory,
+    ComplianceTaskFactory,
+    ComplianceTaskGroupFactory,
+    ComplianceTaskInstanceFactory,
+    ComplianceTypeFactory,
+    UnsignedComplianceFormSignatureFactory,
+)
+from wbcompliance.factories.risk_management import (
+    CheckedObjectIncidentRelationshipFactory,
+    RiskCheckFactory,
+    RiskIncidentFactory,
+    RiskIncidentTypeFactory,
+    RiskRuleFactory,
+    RuleBackendFactory,
+    RuleCheckedObjectRelationshipFactory,
+    RuleThresholdFactory,
+)
+from wbcore.contrib.authentication.factories import (
+    AuthenticatedPersonFactory,
+    UserFactory,
+)
+from wbcore.contrib.directory.factories import PersonFactory
+
+from wbcore.tests.conftest import *  # isort:skip
+
+register(ComplianceFormRuleFactory)
+register(ComplianceFormSectionFactory)
+register(ComplianceFormTypeFactory)
+register(ComplianceFormFactory)
+register(ComplianceFormSignatureFactory)
+register(UnsignedComplianceFormSignatureFactory)
+register(ComplianceTaskFactory)
+register(ComplianceTaskInstanceFactory)
+register(ComplianceActionFactory)
+register(ComplianceEventFactory)
+register(ComplianceTypeFactory)
+register(ComplianceTaskGroupFactory)
+register(RiskCheckFactory)
+register(RiskIncidentFactory)
+register(CheckedObjectIncidentRelationshipFactory)
+register(RuleBackendFactory)
+register(RiskRuleFactory)
+register(RuleThresholdFactory)
+register(RuleCheckedObjectRelationshipFactory)
+register(RiskIncidentTypeFactory)
+register(PersonFactory)
+register(UserFactory)
+register(AuthenticatedPersonFactory)
+
+
+from .signals import *
+
+pre_migrate.connect(app_pre_migration, sender=apps.get_app_config("wbcompliance"))

wbcompliance/tests/disable_signals.py

@@ -0,0 +1,82 @@
+from collections import defaultdict
+
+from django.db.models.signals import *
+
+
+class DisableSignals(object):
+    def __init__(self, disabled_signals=None):
+        self.stashed_signals = defaultdict(list)
+        self.disabled_signals = disabled_signals or [
+            pre_init,
+            post_init,
+            pre_save,
+            post_save,
+            pre_delete,
+            post_delete,
+            pre_migrate,
+            post_migrate,
+        ]
+
+    def __enter__(self):
+        for signal in self.disabled_signals:
+            self.disconnect(signal)
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        for signal in list(self.stashed_signals):
+            self.reconnect(signal)
+
+    def disconnect(self, signal):
+        self.stashed_signals[signal] = signal.receivers
+        signal.receivers = []
+
+    def reconnect(self, signal):
+        signal.receivers = self.stashed_signals.get(signal, [])
+        del self.stashed_signals[signal]
+
+
+# https://stackoverflow.com/questions/55578230/django-how-to-visualize-signals-and-save-overrides
+# RECEIVER_MODELS = re.compile(r"sender=(\w+)\W")
+
+
+# class DisableSignalsNotification_OLD_VERSION(DisableSignals):
+#     def __enter__(self):
+#         for signal in self.disabled_signals:
+#             if not isinstance(signal, ModelSignal):
+#                 continue
+#             for _, receiver in signal.receivers:
+#                 rcode = inspect.getsource(receiver())
+#                 rmodel = RECEIVER_MODELS.findall(rcode)
+#                 if "Notification" in rmodel:
+#                     self.disconnect(signal)
+
+
+class temp_disconnect_signal:
+    """Temporarily disconnect a model from a signal"""
+
+    def __init__(self, signal, receiver, sender, dispatch_uid=None):
+        self.signal = signal
+        self.receiver = receiver
+        self.sender = sender
+        self.dispatch_uid = dispatch_uid
+
+    def __enter__(self):
+        self.signal.disconnect(
+            receiver=self.receiver,
+            sender=self.sender,
+            dispatch_uid=self.dispatch_uid,
+        )
+
+    def __exit__(self, type, value, traceback):
+        self.signal.connect(
+            receiver=self.receiver,
+            sender=self.sender,
+            dispatch_uid=self.dispatch_uid,
+        )
+
+
+class DisableSignalsNotification(temp_disconnect_signal):
+    def __init__(self, dispatch_uid=None):
+        self.signal = post_save
+        self.receiver = post_create_notification
+        self.sender = Notification
+        self.dispatch_uid = dispatch_uid

wbcompliance/tests/mixins.py

@@ -0,0 +1,17 @@
+import pytest
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Group
+from faker import Faker
+from wbcore.contrib.authentication.factories import InternalUserFactory
+
+fake = Faker()
+User = get_user_model()
+
+
+class UserTestMixin:
+    @pytest.fixture()
+    def user(self):
+        user = InternalUserFactory.create()
+        group = Group.objects.create(name="Compliance Position")
+        user.groups.add(group)
+        return user