wbcompliance 2.2.1__py2.py3-none-any.whl

wbcompliance/models/compliance_type.py

@@ -0,0 +1,133 @@
+import logging
+from typing import TypeVar
+
+from celery import shared_task
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Group
+from django.contrib.contenttypes.models import ContentType
+from django.core.files.base import ContentFile
+from django.db import models
+from django.db.models import Q
+from django.utils.translation import gettext_lazy as _
+from slugify import slugify
+from wbcore.contrib.documents.models import Document, DocumentType
+from wbcore.contrib.documents.models.mixins import DocumentMixin
+from wbcore.models import WBModel
+
+User = get_user_model()
+SelfComplianceType = TypeVar("SelfComplianceType", bound="ComplianceType")
+
+
+def can_active_request(instance, user: "User") -> bool:
+    if instance.changer:
+        current_profile = instance.changer
+    else:
+        current_profile = instance.creator
+
+    return user.is_superuser or (
+        user.profile != current_profile and user.has_perm("wbcompliance.administrate_compliance")
+    )
+
+
+class ComplianceType(WBModel):
+    class Meta:
+        verbose_name = "Compliance Type"
+        verbose_name_plural = "Compliance Types"
+        permissions = [("administrate_compliance", "Can Administrate Compliance")]
+
+    name = models.CharField(max_length=255, verbose_name=_("Name"), unique=True)
+    description = models.TextField(default="", blank=True, verbose_name=_("Description"))
+    in_charge = models.ManyToManyField(
+        Group,
+        related_name="compliance_types",
+        blank=True,
+        verbose_name=_("Group of administrators"),
+        help_text=_("groups responsible for managing this type of compliance"),
+    )
+
+    def __str__(self) -> str:
+        return "{}".format(self.name)
+
+    @classmethod
+    def get_endpoint_basename(cls) -> str:
+        return "wbcompliance:compliancetype"
+
+    @classmethod
+    def get_representation_endpoint(cls) -> str:
+        return "wbcompliance:compliancetyperepresentation-list"
+
+    @classmethod
+    def get_representation_value_key(cls) -> str:
+        return "id"
+
+    @classmethod
+    def get_representation_label_key(cls) -> str:
+        return "{{name}}"
+
+    @classmethod
+    def get_administrators(cls, type: SelfComplianceType | None = None) -> models.QuerySet["User"]:
+        administrators = (
+            get_user_model()
+            .objects.filter(
+                Q(groups__permissions__codename="administrate_compliance")
+                | Q(user_permissions__codename="administrate_compliance")
+            )
+            .distinct()
+        )
+        if type:
+            administrators = administrators.filter(groups__in=type.in_charge.all())
+        return administrators
+
+    @classmethod
+    def is_administrator(cls, user) -> bool:
+        return user.has_perm("wbcompliance.administrate_compliance")
+
+
+@shared_task
+def update_or_create_compliance_document(user_id: int, content_type_id: int, object_id: int, send_email: bool = True):
+    user = get_user_model().objects.get(id=user_id)
+    content_type = ContentType.objects.get(id=content_type_id)
+    content_object = content_type.model_class().objects.get(id=object_id)
+
+    filename = "{}.pdf".format(slugify(str(content_object)))
+    logging.getLogger("weasyprint").setLevel(logging.CRITICAL)
+    pdf_content = content_object.generate_pdf()
+    logging.getLogger("weasyprint").setLevel(logging.INFO)
+    content_file = ContentFile(pdf_content, name=filename)
+
+    document_type, _ = DocumentType.objects.get_or_create(name="Compliance")
+    document, _ = Document.objects.update_or_create(
+        document_type=document_type,
+        system_created=True,
+        system_key="{}-{}-{}".format(content_type.model, content_object.id, filename),
+        defaults={
+            "file": content_file,
+            "name": filename,
+            "permission_type": Document.PermissionType.PRIVATE,
+            "creator": user,
+        },
+    )
+    document.link(content_object)
+    if send_email:
+        document.send_email(
+            to_emails=user.email,
+            as_link=True,
+            subject="Compliance PDF - {}".format(str(content_object)),
+        )
+
+
+class ComplianceDocumentMixin(DocumentMixin):
+    def get_permissions_for_user_and_document(self, user, view, created):
+        """
+        allows user to access the document associated with this object
+        :return:     The tuple list permission for the corresponding user
+
+        :note: Core implements a signal that automatically calls this function when instantiating the view
+        """
+        if ComplianceType.is_administrator(user):
+            return [
+                ("document.view_document", False),
+                ("document.change_document", False),
+                ("document.delete_document", False),
+            ]
+        return []

wbcompliance/models/enums.py

@@ -0,0 +1,13 @@
+from django.db import models
+from wbcore.contrib.color.enums import WBColor
+
+
+class IncidentSeverity(models.TextChoices):
+    LOW = "LOW", "Low"
+    MEDIUM = "MEDIUM", "Medium"
+    HIGH = "HIGH", "High"
+
+    @classmethod
+    def get_color_map(cls) -> list:
+        colors = [WBColor.GREEN_LIGHT.value, WBColor.YELLOW_LIGHT.value, WBColor.RED_LIGHT.value]
+        return [choice for choice in zip(cls, colors)]

wbcompliance/models/risk_management/__init__.py

@@ -0,0 +1,4 @@
+from .backend import AbstractRuleBackend
+from .checks import RiskCheck
+from .incidents import CheckedObjectIncidentRelationship, RiskIncident, RiskIncidentType
+from .rules import RiskRule, RuleBackend, RuleCheckedObjectRelationship, RuleThreshold

wbcompliance/models/risk_management/backend.py

@@ -0,0 +1,139 @@
+from dataclasses import dataclass
+from datetime import date
+from typing import TYPE_CHECKING, Any, Dict, Generator, Iterable, Optional
+
+from django.contrib.contenttypes.models import ContentType
+from django.db import models
+from wbcore import serializers as wb_serializers
+
+if TYPE_CHECKING:
+    from wbcompliance.models.risk_management.incidents import RiskIncidentType
+
+
+@dataclass(frozen=True)
+class IncidentResult:
+    breached_object: models.Model | None
+    breached_object_repr: str
+    breached_value: str | None
+    report_details: dict[str, Any]
+    severity: "RiskIncidentType"
+
+
+class AbstractRuleBackend:
+    OBJECT_FIELD_NAME = "evaluated_object"
+    evaluated_object: Any
+    evaluation_date: date
+    parameters: dict[str, Any]
+
+    def __init__(
+        self,
+        evaluation_date: date,
+        evaluated_object: Any,
+        json_parameters: Optional[Dict[str, Any]] = None,
+        thresholds: Optional[
+            Iterable
+        ] = None,  # TODO refactor threshold to be a dataclass (DTO) to remove indirect dependency to the module
+        **kwargs
+    ):
+        if not json_parameters:
+            json_parameters = {}
+        self.evaluation_date = evaluation_date
+        setattr(self, self.OBJECT_FIELD_NAME, evaluated_object)
+        self.thresholds = thresholds if thresholds else []
+        self.parameters = self._deserialize_parameters(json_parameters)
+        for k, v in self.parameters.items():
+            setattr(self, k, v)
+
+    @classmethod
+    def get_all_active_relationships(cls) -> Iterable:
+        raise NotImplementedError()
+
+    @classmethod
+    def get_serializer_class(cls) -> wb_serializers.Serializer:
+        """
+        Return the serializer to deserialize the parameters given as json
+        Returns:
+            A serializer class
+        Raises:
+            NotImplementedError
+        """
+        raise NotImplementedError()
+
+    @classmethod
+    def _deserialize_parameters(cls, json_parameters) -> Dict[str, Any]:
+        """
+        The parameters are stored in the rule as a json field.
+
+        E.g. As such, model are stored with their id.
+
+        This allows for the implementing backend to override the default deserialization behavior
+        Args:
+            json_parameters: The serialized dictionary
+
+        Returns:
+            The deserializer dictionary. Default to returning the json parameters untouched
+        """
+        # If parameters are not empty, we expect the backend to define `get_serializer_class. This will crash otherwise
+        serializer = cls.get_serializer_class()(data=json_parameters)
+        if serializer.is_valid():
+            return serializer.validated_data
+        else:
+            raise ValueError(serializer.errors)
+
+    @classmethod
+    def get_allowed_content_type(cls) -> "ContentType":
+        """
+        This function is called upon backend registration in order to determine the allowed checked_object content type
+
+        Returns:
+            The allowed content type
+
+        Raises:
+            NotImplementedError
+        """
+        raise NotImplementedError()
+
+    def _build_dto_args(self):
+        """
+        Can be overrided to define what the default DataTransferObject is going to be
+        It defaults to calling _build_dto on the evaluated object
+        Returns:
+            An object holding the DTO representation
+        """
+        if hasattr(self.evaluated_object, "_build_dto"):
+            return self.evaluated_object._build_dto(self.evaluation_date)
+        return tuple()
+
+    def _process_dto(self, *dtos) -> Generator[IncidentResult, None, None]:
+        """
+        Check the rule against the instantiated backend given the DTO
+
+        Returns:
+            yield the breach object, its string representation, the incident report and the severity as IncidentResult
+
+        Raises:
+            NotImplementedError
+        """
+        raise NotImplementedError()
+
+    def check_rule(self, *dto_args, **kwargs) -> Generator[IncidentResult, None, None]:
+        """
+        Build and Check the rule against the instantiated backend given its attributes
+
+        Returns:
+            yield the breach object, its string representation, the incident report and the severity as IncidentResult
+        """
+        if not dto_args:
+            # We build the data transfer object if it is not provided.
+            dto_args = self._build_dto_args()
+        if any(dto_args):
+            yield from self._process_dto(*dto_args, **kwargs)
+
+    def is_passive_evaluation_valid(self) -> bool:
+        """
+        Determine if the instantiated backend can be evaluated given its attributes
+
+        Returns:
+            True if the backend rule can be evaluated
+        """
+        return True

wbcompliance/models/risk_management/checks.py

@@ -0,0 +1,194 @@
+from contextlib import suppress
+from types import DynamicClassAttribute
+from typing import Self
+
+from celery import shared_task
+from django.contrib.contenttypes.fields import GenericForeignKey
+from django.contrib.contenttypes.models import ContentType
+from django.db import models
+from django.template import Context, Template
+from django.utils.translation import gettext_lazy as _
+from wbcore.contrib.color.enums import WBColor
+from wbcore.contrib.icons import WBIcon
+from wbcore.models import WBModel
+from wbcore.utils.models import ComplexToStringMixin
+
+from .incidents import CheckedObjectIncidentRelationship
+
+
+class RiskCheck(ComplexToStringMixin, WBModel):
+    class CheckStatus(models.TextChoices):
+        PENDING = "PENDING", "Pending"
+        RUNNING = "RUNNING", "Running"
+        FAILED = "FAILED", "Failed"
+        SUCCESS = "SUCCESS", "Success"
+        WARNING = "WARNING", "Warning"
+
+        @DynamicClassAttribute
+        def icon(self):
+            return {
+                "PENDING": WBIcon.PENDING.icon,
+                "RUNNING": WBIcon.RUNNING.icon,
+                "FAILED": WBIcon.REJECT.icon,
+                "SUCCESS": WBIcon.CONFIRM.icon,
+                "WARNING": WBIcon.WARNING.icon,
+            }[self.value]
+
+        @DynamicClassAttribute
+        def color(self):
+            return {
+                "PENDING": WBColor.YELLOW_LIGHT.value,
+                "RUNNING": WBColor.BLUE_LIGHT.value,
+                "FAILED": WBColor.RED_LIGHT.value,
+                "SUCCESS": WBColor.GREEN_LIGHT.value,
+                "WARNING": WBColor.YELLOW_DARK.value,
+            }[self.value]
+
+    rule_checked_object_relationship = models.ForeignKey(
+        "wbcompliance.RuleCheckedObjectRelationship",
+        on_delete=models.CASCADE,
+        verbose_name=_("Rule-Checked Object Relationship"),
+        related_name="checks",
+    )
+
+    creation_datetime = models.DateTimeField(
+        auto_now_add=True,
+        verbose_name=_("Creation Date"),
+        help_text=_("Time at which the check was created/triggered"),
+    )
+    evaluation_date = models.DateField(
+        verbose_name=_("Evaluation Date"), help_text=_("The date at which the rule was evaluated")
+    )
+
+    trigger_content_type = models.ForeignKey(
+        ContentType, on_delete=models.CASCADE, related_name="triggered_checks", blank=True, null=True
+    )
+    trigger_id = models.PositiveIntegerField(blank=True, null=True)
+    trigger = GenericForeignKey("trigger_content_type", "trigger_id")
+
+    status = models.CharField(
+        max_length=32, default=CheckStatus.PENDING, choices=CheckStatus.choices, verbose_name=_("Status")
+    )
+
+    @property
+    def is_active(self) -> bool:
+        return self.trigger is not None
+
+    @property
+    def rule(self):
+        return self.rule_checked_object_relationship.rule
+
+    @property
+    def checked_object(self) -> models.Model:
+        """
+        Return the object from which the rule needs to be check against
+        """
+        return self.rule_checked_object_relationship.checked_object
+
+    @property
+    def previous_check(self) -> Self | None:
+        """
+        Property holding the last valid check
+
+        Returns:
+            The last valid check
+        """
+        with suppress(RiskCheck.DoesNotExist):
+            return (
+                RiskCheck.objects.filter(
+                    evaluation_date__lt=self.evaluation_date,
+                    rule_checked_object_relationship=self.rule_checked_object_relationship,
+                )
+                .order_by("-evaluation_date", "-creation_datetime")
+                .first()
+            )
+
+    def compute_str(self) -> str:
+        return _("{} - {}").format(
+            self.rule_checked_object_relationship.checked_object,
+            self.evaluation_date,
+        )
+
+    def evaluate(
+        self, *explicit_dto, override_incident: bool = False, ignore_informational_threshold: bool = False
+    ) -> list[models.Model]:
+        """
+        Evaluate the check and returns tuple of incidents information
+        Args:
+            override_incident: True if the existing incident needs to be overriden
+
+        Returns:
+
+        """
+        self.status = self.CheckStatus.RUNNING
+        self.save()
+        rule_backend = self.rule.rule_backend.backend(
+            self.evaluation_date, self.checked_object, self.rule.parameters, self.rule.thresholds.all()
+        )
+        self.status = self.CheckStatus.SUCCESS
+        incidents = []
+        report_template = Template(self.rule.rule_backend.incident_report_template)
+        for incident_result in rule_backend.check_rule(*explicit_dto):
+            if (
+                ignore_informational_threshold
+                and incident_result.severity.is_ignorable
+                and incident_result.severity.is_informational
+            ):
+                self.status = self.CheckStatus.WARNING
+            else:
+                self.status = self.CheckStatus.FAILED
+                # If the check is passive, we aggregated incident per breached object and return it for further processing
+            report = report_template.render(Context({"report_details": incident_result.report_details}))
+            if not self.is_active:
+                incident, created = self.rule.get_or_create_incident(
+                    self.evaluation_date,
+                    incident_result.severity,
+                    incident_result.breached_object,
+                    incident_result.breached_object_repr,
+                )
+                incident.update_or_create_relationship(
+                    self,
+                    report,
+                    incident_result.report_details,
+                    incident_result.breached_value,
+                    incident_result.severity,
+                    override_incident=override_incident or created,
+                )
+                incidents.append(incident)
+            else:
+                # If the check is active, the only thing that matter is whether the check led to incident or not
+                CheckedObjectIncidentRelationship.objects.create(
+                    rule_check=self,
+                    report=report,
+                    report_details=incident_result.report_details,
+                    breached_value=incident_result.breached_value,
+                    severity=incident_result.severity,
+                )
+        self.save()
+        return incidents
+
+    class Meta:
+        verbose_name = "Risk Check"
+        verbose_name_plural = "Risk Checks"
+
+    @classmethod
+    def get_endpoint_basename(cls) -> str:
+        return "wbcompliance:riskcheck"
+
+    @classmethod
+    def get_representation_endpoint(cls) -> str:
+        return "wbcompliance:riskcheckrepresentation-list"
+
+    @classmethod
+    def get_representation_value_key(cls) -> str:
+        return "id"
+
+
+@shared_task
+def evaluate_as_task(
+    check_id: int, *dto, override_incident: bool = False, ignore_informational_threshold: bool = False
+):
+    check = RiskCheck.objects.get(id=check_id)
+    check.evaluate(
+        *dto, override_incident=override_incident, ignore_informational_threshold=ignore_informational_threshold
+    )

wbcompliance/models/risk_management/dispatch.py

@@ -0,0 +1,41 @@
+from contextlib import suppress
+
+from django.core.exceptions import MultipleObjectsReturned
+from django.db.utils import ProgrammingError
+
+from .rules import RuleBackend, RuleGroup
+
+
+def register(backend_name: str | None, incident_report_template: str | None = None, rule_group_key: str | None = None):
+    """
+    Decorator to include when a backend need automatic registration
+    Args:
+        backend_name:
+
+    Returns:
+
+    """
+    if not backend_name:
+        raise ValueError("At least one name must be passed to register.")
+
+    def _decorator(backend_class):
+        with suppress(RuntimeError, MultipleObjectsReturned, ProgrammingError):
+            defaults = {
+                "name": backend_name,
+                "allowed_checked_object_content_type": backend_class.get_allowed_content_type(),
+            }
+            if incident_report_template:
+                defaults["incident_report_template"] = incident_report_template
+            if rule_group_key:
+                defaults["rule_group"] = RuleGroup.objects.get_or_create(
+                    key=rule_group_key, defaults={"name": rule_group_key.title()}
+                )[0]
+
+            RuleBackend.objects.update_or_create(
+                backend_class_path=backend_class.__module__,
+                backend_class_name=backend_class.__name__,
+                defaults=defaults,
+            )
+        return backend_class
+
+    return _decorator