Open
Conversation
Move 7 RBAC models (Role, Global_Role, Dojo_Group_Member, Product_Member, Product_Group, Product_Type_Member, Product_Type_Group) from dojo/models.py into dojo/authorization/models.py with app_label='dojo' to maintain migration compatibility. Update all imports across 47 files. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move dojo/api_v2/permissions.py and dojo/location/api/permissions.py into dojo/authorization/api_permissions.py. Delete the original files and update all imports across consumers and tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…rs.py Extract filter functions from dojo/templatetags/authorization_tags.py into dojo/authorization/template_filters.py. The templatetags file becomes a thin registration proxy that imports and registers the filters with Django's template library. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create dojo/authorization/query_filters.py with a registry pattern and dojo/authorization/query_registrations.py with all RBAC filter logic extracted from 14 queries.py files. Each get_authorized_* function becomes a thin wrapper that checks the registry and falls back to returning unfiltered querysets when RBAC is not present. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tors Create dojo/authorization/url_permissions.py mapping ~198 URL names to their permission checks, and dojo/authorization/middleware.py with AuthorizationMiddleware using process_view to enforce permissions. Add middleware to settings after crum.CurrentRequestUserMiddleware. Remove all @user_is_authorized, @user_has_global_permission, and @user_is_configuration_authorized decorators from 26 view files. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Export public API surface (user_has_permission, Permissions, etc.) and import query_registrations to trigger RBAC filter registration at startup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix import sorting (I001), unused imports (F401), explicit return None (RET501), and add noqa comments for intentional lazy imports (PLC0415) used to avoid circular dependencies. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace lambda fallbacks with def (E731) - Rename _impl to impl (RUF052) - Fix undefined name references in models.py (F821) by using string FK reference and adding late import for admin registrations - Auto-fix import sorting and formatting (I001) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update @patch targets in test files to point to new module locations: - queries.get_current_user → query_registrations.get_current_user - authorization_tags.user_has_permission → template_filters.user_has_permission Convert test_apply_finding_template tests from direct view calls to Django test client requests so middleware authorization runs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add inline permission checks to 4 view functions that are called directly by unit tests (bypassing middleware): mktemplate, apply_template_to_finding, choose_finding_template_options, and add_finding_from_template. Revert test changes to keep original test pattern using impersonate + direct view calls. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We don't want to waste your time, so if you're unsure whether your hypothetical enhancement meets the criteria for approval, please file an issue to get pre-approval before beginning work on a PR.
Learn more here: https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md#submission-pre-approval
Description
Describe the feature / bug fix implemented by this PR.
If this is a new parser, the parser guide may be worth (re)reading.
Test results
Ideally you extend the test suite in
tests/anddojo/unitteststo cover the changed in this PR.Alternatively, describe what you have and haven't tested.
Documentation
Please update any documentation when needed in the documentation folder)
Checklist
This checklist is for your information.
dev.dev.bugfixbranch.Extra information
Please clear everything below when submitting your pull request, it's here purely for your information.
Moderators: Labels currently accepted for PRs:
Contributors: Git Tips
Rebase on dev branch
If the dev branch has changed since you started working on it, please rebase your work after the current dev.
On your working branch
mybranch:In case of conflict:
When everything's fine on your local branch, force push to your
myOriginremote:To cancel everything:
Squashing commits
pickbyfixupon the commits you want squashed outpickbyrewordon the first commit if you want to change the commit messageForce push to your
myOriginremote: