feat: UI improvements

Author: StefanFl

backend/application/core/api/filters.py

@@ -290,9 +290,9 @@ class ObservationLogFilter(FilterSet):
         fields=(
             ("id", "id"),
             ("user__full_name", "user_full_name"),
-            ("product__name", "product_name"),
-            ("product__product_group__name", "product.product_group_name"),
-            ("branch__name", "branch_name"),
+            ("observation__product__name", "product_name"),
+            ("observation__product__product_group__name", "product.product_group_name"),
+            ("observation__branch__name", "branch_name"),
             ("observation__title", "observation_title"),
             ("severity", "severity"),
             ("status", "status"),

backend/application/core/api/serializers_observation.py

@@ -537,10 +537,8 @@ class Meta:
 
 
 class ObservationLogListSerializer(ModelSerializer):
-    observation_title = SerializerMethodField()
-    product_name = SerializerMethodField()
+    observation_data = ObservationListSerializer(source="observation")
     branch_name = SerializerMethodField()
-    origin_component_name_version = SerializerMethodField()
     user_full_name = SerializerMethodField()
     approval_user_full_name = SerializerMethodField()
 
@@ -550,24 +548,15 @@ def get_user_full_name(self, obj: Observation_Log) -> Optional[str]:
 
         return None
 
-    def get_observation_title(self, obj: Observation_Log) -> str:
-        return obj.observation.title
-
     def get_approval_user_full_name(self, obj: Observation_Log) -> Optional[str]:
         if obj.approval_user:
             return obj.approval_user.full_name
 
         return None
 
-    def get_product_name(self, obj: Observation_Log) -> str:
-        return obj.observation.product.name
-
     def get_branch_name(self, obj: Observation_Log) -> str:
         return get_branch_name(obj.observation)
 
-    def get_origin_component_name_version(self, obj: Observation_Log) -> str:
-        return get_origin_component_name_version(obj.observation)
-
     class Meta:
         model = Observation_Log
         fields = "__all__"
@@ -586,7 +575,7 @@ class ObservationLogBulkApprovalSerializer(Serializer):
     )
     approval_remark = CharField(max_length=255, required=True)
     observation_logs = ListField(
-        child=IntegerField(min_value=1), min_length=0, max_length=10000, required=True
+        child=IntegerField(min_value=1), min_length=0, max_length=100, required=True
     )
 
 

backend/application/core/services/observations_bulk_actions.py

@@ -3,19 +3,18 @@
 
 from django.db.models.query import QuerySet
 from django.utils import timezone
-from rest_framework.exceptions import NotFound, ValidationError
+from rest_framework.exceptions import ValidationError
 
-from application.access_control.services.authorization import (
-    user_has_permission,
-    user_has_permission_or_403,
-)
+from application.access_control.services.authorization import user_has_permission
 from application.access_control.services.roles_permissions import Permissions
 from application.commons.services.global_request import get_current_user
-from application.core.models import Observation, Potential_Duplicate, Product
-from application.core.queries.observation import (
-    get_current_observation_log,
-    get_observation_log_by_id,
+from application.core.models import (
+    Observation,
+    Observation_Log,
+    Potential_Duplicate,
+    Product,
 )
+from application.core.queries.observation import get_current_observation_log
 from application.core.services.assessment import assessment_approval, save_assessment
 from application.core.services.potential_duplicates import (
     set_potential_duplicate,
@@ -150,17 +149,44 @@ def _check_observations(
 def observation_logs_bulk_approval(
     assessment_status: str,
     approval_remark: str,
-    observation_logs: list[int],
+    observation_log_ids: list[int],
 ) -> None:
-    for observation_log_id in observation_logs:
-        observation_log = get_observation_log_by_id(observation_log_id)
-        if not observation_log:
-            raise NotFound(f"Observation Log {observation_log_id} not found")
+    observation_logs = _check_observation_logs(None, observation_log_ids)
+    for observation_log in observation_logs:
+        assessment_approval(observation_log, assessment_status, approval_remark)
+        set_potential_duplicate_both_ways(observation_log.observation)
 
-        user_has_permission_or_403(
-            observation_log, Permissions.Observation_Log_Approval
-        )
 
-        assessment_approval(observation_log, assessment_status, approval_remark)
+def _check_observation_logs(
+    product: Optional[Product], observation_log_ids: list[int]
+) -> QuerySet[Observation_Log]:
+    observation_logs = Observation_Log.objects.filter(id__in=observation_log_ids)
+    if len(observation_logs) != len(observation_log_ids):
+        raise ValidationError("Some observation logs do not exist")
 
-        set_potential_duplicate_both_ways(observation_log.observation)
+    for observation_log in observation_logs:
+        if product:
+            if observation_log.observation.product != product:
+                raise ValidationError(
+                    f"Observation log {observation_log.pk} does not belong to product {product.pk}"
+                )
+        else:
+            if not user_has_permission(
+                observation_log, Permissions.Observation_Log_Approval
+            ):
+                raise ValidationError(
+                    f"First observation log without approval permission: {observation_log.pk}"
+                )
+            if (
+                not observation_log.assessment_status
+                == Assessment_Status.ASSESSMENT_STATUS_NEEDS_APPROVAL
+            ):
+                raise ValidationError(
+                    f"First observation log that does not need approval: {observation_log.pk}"
+                )
+            if get_current_user() == observation_log.user:
+                raise ValidationError(
+                    f"First observation log where user cannot approve their own assessment: {observation_log.pk}"
+                )
+
+    return observation_logs

frontend/src/core/observation_logs/ObservationLogApprovalEmbeddedList.tsx

@@ -0,0 +1,178 @@
+import {
+    AutocompleteInput,
+    Datagrid,
+    DateField,
+    FilterForm,
+    FunctionField,
+    ListContextProvider,
+    ReferenceInput,
+    ResourceContextProvider,
+    TextField,
+    TextInput,
+    useListController,
+} from "react-admin";
+
+import { CustomPagination } from "../../commons/custom_fields/CustomPagination";
+import { feature_vex_enabled } from "../../commons/functions";
+import { AutocompleteInputMedium, AutocompleteInputWide } from "../../commons/layout/themes";
+import { getSettingListSize } from "../../commons/user_settings/functions";
+import { ASSESSMENT_STATUS_NEEDS_APPROVAL } from "../types";
+import { OBSERVATION_SEVERITY_CHOICES, OBSERVATION_STATUS_CHOICES } from "../types";
+import { commentShortened } from "./functions";
+
+function listFilters(product: any) {
+    const filters = [];
+    if (product && product.has_branches) {
+        filters.push(
+            <ReferenceInput
+                source="branch"
+                reference="branches"
+                queryOptions={{ meta: { api_resource: "branch_names" } }}
+                sort={{ field: "name", order: "ASC" }}
+                filter={{ product: product.id }}
+                alwaysOn
+            >
+                <AutocompleteInputMedium optionText="name" label="Branch / Version" />
+            </ReferenceInput>
+        );
+    }
+    filters.push(<TextInput source="observation_title" label="Observation title" alwaysOn />);
+
+    if (product && product.has_component) {
+        filters.push(<TextInput source="origin_component_name_version" label="Component" alwaysOn />);
+    }
+    if (product && product.has_docker_image) {
+        filters.push(<TextInput source="origin_docker_image_name_tag_short" label="Container" alwaysOn />);
+    }
+    if (product && product.has_endpoint) {
+        filters.push(<TextInput source="origin_endpoint_hostname" label="Host" alwaysOn />);
+    }
+    if (product && product.has_source) {
+        filters.push(<TextInput source="origin_source_file" label="Source" alwaysOn />);
+    }
+    if (product && product.has_cloud_resource) {
+        filters.push(<TextInput source="origin_cloud_qualified_resource" label="Cloud resource" alwaysOn />);
+    }
+    if (product && product.has_kubernetes_resource) {
+        filters.push(<TextInput source="origin_kubernetes_qualified_resource" label="Kubernetes resource" alwaysOn />);
+    }
+
+    filters.push(
+        <ReferenceInput source="user" reference="users" sort={{ field: "full_name", order: "ASC" }} alwaysOn>
+            <AutocompleteInputMedium optionText="full_name" />
+        </ReferenceInput>,
+        <AutocompleteInput source="severity" label="Severity" choices={OBSERVATION_SEVERITY_CHOICES} alwaysOn />,
+        <AutocompleteInput source="status" label="Status" choices={OBSERVATION_STATUS_CHOICES} alwaysOn />
+    );
+    return filters;
+}
+
+type ObservationLogApprovalEmbeddedListProps = {
+    product: any;
+};
+
+const ObservationLogApprovalEmbeddedList = ({ product }: ObservationLogApprovalEmbeddedListProps) => {
+    const listContext = useListController({
+        filter: { product: Number(product.id), assessment_status: ASSESSMENT_STATUS_NEEDS_APPROVAL },
+        perPage: 25,
+        resource: "observation_logs",
+        sort: { field: "created", order: "ASC" },
+        disableSyncWithLocation: true,
+        storeKey: "observation_logs.approvalembedded",
+    });
+
+    if (listContext.isLoading) {
+        return <div>Loading...</div>;
+    }
+
+    const ShowObservationLogs = (id: any) => {
+        return "../../../../observation_logs/" + id + "/show";
+    };
+
+    localStorage.setItem("observationlogapprovalembeddedlist", "true");
+    localStorage.removeItem("observationlogapprovallist");
+    localStorage.removeItem("observationlogembeddedlist");
+
+    return (
+        <ResourceContextProvider value="observation_logs">
+            <ListContextProvider value={listContext}>
+                <div style={{ width: "100%" }}>
+                    <FilterForm filters={listFilters(product)} />
+                    <Datagrid
+                        size={getSettingListSize()}
+                        sx={{ width: "100%" }}
+                        bulkActionButtons={false}
+                        rowClick={ShowObservationLogs}
+                        resource="observation_logs"
+                    >
+                        {product && product.has_branches && <TextField source="branch_name" label="Branch / Version" />}
+                        <TextField source="observation_data.title" label="Observation" />
+                        {product && product.has_component && (
+                            <TextField
+                                source="observation_data.origin_component_name_version"
+                                label="Component"
+                                sx={{ wordBreak: "break-word" }}
+                            />
+                        )}
+                        {product && product.has_docker_image && (
+                            <TextField
+                                source="observation_data.origin_docker_image_name_tag_short"
+                                label="Container"
+                                sx={{ wordBreak: "break-word" }}
+                            />
+                        )}
+                        {product && product.has_endpoint && (
+                            <TextField
+                                source="observation_data.origin_endpoint_hostname"
+                                label="Host"
+                                sx={{ wordBreak: "break-word" }}
+                            />
+                        )}
+                        {product && product.has_source && (
+                            <TextField
+                                source="observation_data.origin_source_file"
+                                label="Source"
+                                sx={{ wordBreak: "break-word" }}
+                            />
+                        )}
+                        {product && product.has_cloud_resource && (
+                            <TextField
+                                source="observation_data.origin_cloud_qualified_resource"
+                                label="Cloud resource"
+                                sx={{ wordBreak: "break-word" }}
+                            />
+                        )}
+                        {product && product.has_kubernetes_resource && (
+                            <TextField
+                                source="observation_data.origin_kubernetes_qualified_resource"
+                                label="Kubernetes resource"
+                                sx={{ wordBreak: "break-word" }}
+                            />
+                        )}
+                        <TextField source="user_full_name" label="User" />
+                        <TextField source="severity" emptyText="---" />
+                        <TextField source="status" emptyText="---" />
+                        {feature_vex_enabled() && (
+                            <TextField
+                                label="VEX justification"
+                                source="vex_justification"
+                                emptyText="---"
+                                sx={{ wordBreak: "break-word" }}
+                            />
+                        )}
+                        <FunctionField
+                            label="Comment"
+                            render={(record) => commentShortened(record.comment)}
+                            sortable={false}
+                            sx={{ wordBreak: "break-word" }}
+                        />
+                        <DateField source="created" showTime />
+                    </Datagrid>
+                    <CustomPagination />
+                </div>
+            </ListContextProvider>
+        </ResourceContextProvider>
+    );
+};
+
+export default ObservationLogApprovalEmbeddedList;