feat: DORA ROI report and multiple new concepts for third parties

backend/core/models.py

@@ -52,6 +52,7 @@
     validate_file_size,
     JSONSchemaInstanceValidator,
 )
+from . import dora
 from collections import defaultdict, deque
 
 logger = get_logger(__name__)
@@ -2165,6 +2166,34 @@ class Type(models.TextChoices):
     is_published = models.BooleanField(_("published"), default=True)
     observation = models.TextField(null=True, blank=True, verbose_name=_("Observation"))
 
+    is_business_function = models.BooleanField("is_business_function", default=False)
+    dora_licenced_activity = models.CharField(
+        max_length=50,
+        choices=dora.DORA_LICENSED_ACTIVITY_CHOICES,
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Licensed Activity"),
+    )
+    dora_criticality_assessment = models.CharField(
+        max_length=50,
+        choices=dora.DORA_FUNCTION_CRITICALITY_CHOICES,
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Criticality Assessment"),
+    )
+    dora_criticality_justification = models.TextField(
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Criticality Justification"),
+    )
+    dora_discontinuing_impact = models.CharField(
+        max_length=50,
+        choices=dora.DORA_DISCONTINUING_IMPACT_CHOICES,
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Discontinuing Impact"),
+    )
+
     fields_to_check = ["name"]
 
     class Meta:

backend/core/serializers.py

@@ -14,6 +14,7 @@
 )
 from core.utils import time_state
 from ebios_rm.models import EbiosRMStudy, Stakeholder
+from tprm.models import Contract, Solution
 from global_settings.utils import ff_is_enabled
 from iam.models import *
 from django.contrib.auth.models import Permission
@@ -390,6 +391,11 @@ class AssetWriteSerializer(BaseModelSerializer):
         queryset=Asset.objects.all(),
         required=False,
     )
+    solutions = serializers.PrimaryKeyRelatedField(
+        many=True,
+        queryset=Solution.objects.all(),
+        required=False,
+    )
 
     class Meta:
         model = Asset
@@ -454,6 +460,7 @@ class AssetReadSerializer(AssetWriteSerializer):
     personal_data = FieldsRelatedField(many=True)
     asset_class = FieldsRelatedField(["name"])
     overridden_children_capabilities = FieldsRelatedField(many=True)
+    solutions = FieldsRelatedField(many=True)
 
     children_assets = serializers.SerializerMethodField()
     security_objectives = serializers.SerializerMethodField()
@@ -1413,6 +1420,7 @@ class EvidenceReadSerializer(BaseModelSerializer):
     folder = FieldsRelatedField()
     applied_controls = FieldsRelatedField(many=True)
     requirement_assessments = FieldsRelatedField(many=True)
+    contracts = FieldsRelatedField(many=True)
     filtering_labels = FieldsRelatedField(["folder"], many=True)
     owner = FieldsRelatedField(many=True)
     status = serializers.CharField(source="get_status_display")
@@ -1449,6 +1457,9 @@ class EvidenceWriteSerializer(BaseModelSerializer):
     timeline_entries = serializers.PrimaryKeyRelatedField(
         many=True, queryset=TimelineEntry.objects.all(), required=False
     )
+    contracts = serializers.PrimaryKeyRelatedField(
+        many=True, queryset=Contract.objects.all(), required=False
+    )
     owner = serializers.PrimaryKeyRelatedField(
         many=True, queryset=User.objects.all(), required=False
     )

backend/core/startup.py

@@ -34,6 +34,7 @@
     "view_riskmatrix",
     "view_riskscenario",
     "view_solution",
+    "view_contract",
     "view_storedlibrary",
     "view_threat",
     "view_vulnerability",
@@ -175,6 +176,7 @@
     "add_riskassessment",
     "add_riskscenario",
     "add_solution",
+    "add_contract",
     "add_threat",
     "add_vulnerability",
     "change_appliedcontrol",
@@ -193,6 +195,7 @@
     "change_riskassessment",
     "change_riskscenario",
     "change_solution",
+    "change_contract",
     "change_threat",
     "delete_appliedcontrol",
     "delete_asset",
@@ -209,6 +212,7 @@
     "delete_riskassessment",
     "delete_riskscenario",
     "delete_solution",
+    "delete_contract",
     "delete_threat",
     "view_appliedcontrol",
     "view_asset",
@@ -233,6 +237,7 @@
     "view_riskmatrix",
     "view_riskscenario",
     "view_solution",
+    "view_contract",
     "view_storedlibrary",
     "view_threat",
     "view_user",
@@ -414,6 +419,7 @@
     "add_riskmatrix",
     "add_riskscenario",
     "add_solution",
+    "add_contract",
     "add_threat",
     "change_appliedcontrol",
     "change_asset",
@@ -432,6 +438,7 @@
     "change_riskmatrix",
     "change_riskscenario",
     "change_solution",
+    "change_contract",
     "change_threat",
     "delete_appliedcontrol",
     "delete_asset",
@@ -453,6 +460,7 @@
     "delete_vulnerability",
     "delete_riskscenario",
     "delete_solution",
+    "delete_contract",
     "delete_threat",
     "view_appliedcontrol",
     "view_asset",
@@ -476,6 +484,7 @@
     "view_riskmatrix",
     "view_riskscenario",
     "view_solution",
+    "view_contract",
     "view_storedlibrary",
     "view_threat",
     "view_user",
@@ -770,6 +779,10 @@
     "change_solution",
     "view_solution",
     "delete_solution",
+    "add_contract",
+    "change_contract",
+    "view_contract",
+    "delete_contract",
     "add_entityassessment",
     "change_entityassessment",
     "view_entityassessment",

backend/core/urls.py

@@ -4,6 +4,7 @@
     RepresentativeViewSet,
     SolutionViewSet,
     EntityAssessmentViewSet,
+    ContractViewSet,
 )
 from library.views import (
     MappingLibrariesList,
@@ -27,6 +28,7 @@
 )
 router.register(r"solutions", SolutionViewSet, basename="solutions")
 router.register(r"representatives", RepresentativeViewSet, basename="representatives")
+router.register(r"contracts", ContractViewSet, basename="contracts")
 router.register(r"perimeters", PerimeterViewSet, basename="perimeters")
 router.register(r"risk-matrices", RiskMatrixViewSet, basename="risk-matrices")
 router.register(r"vulnerabilities", VulnerabilityViewSet, basename="vulnerabilities")

backend/core/views.py

@@ -137,6 +137,7 @@
 from .serializers import *
 
 from .models import Severity
+from . import dora
 
 from serdes.utils import (
     get_domain_export_objects,
@@ -676,6 +677,10 @@ class Meta:
             "filtering_labels",
             "asset_class",
             "personal_data",
+            "is_business_function",
+            "dora_licenced_activity",
+            "dora_criticality_assessment",
+            "dora_discontinuing_impact",
         ]
 
 
@@ -852,6 +857,21 @@ def asset_class(self, request):
             ]
         )
 
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=False, name="Get DORA licensed activity choices")
+    def dora_licenced_activity(self, request):
+        return Response(dict(dora.DORA_LICENSED_ACTIVITY_CHOICES))
+
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=False, name="Get DORA criticality assessment choices")
+    def dora_criticality_assessment(self, request):
+        return Response(dict(dora.DORA_FUNCTION_CRITICALITY_CHOICES))
+
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=False, name="Get DORA discontinuing impact choices")
+    def dora_discontinuing_impact(self, request):
+        return Response(dict(dora.DORA_DISCONTINUING_IMPACT_CHOICES))
+
     @action(detail=True, name="Get asset write data")
     def object(self, request, pk):
         serializer_class = self.get_serializer_class(action="update")
@@ -5830,6 +5850,7 @@ class EvidenceViewSet(BaseModelViewSet):
         "owner",
         "status",
         "expiry_date",
+        "contracts",
     ]
 
     @action(detail=False, name="Get all evidences owners")