Add functionality to filter calendar by users as well as switching between engagement and test calendar

Author: patriknordlen

dojo/engagement/urls.py

@@ -4,7 +4,8 @@
 
 urlpatterns = [
     #  engagements and calendar
-    url(r'^calendar$', views.calendar, name='calendar'),
+    url(r'^calendar$', views.engagement_calendar, name='calendar'),
+    url(r'^calendar/engagements$', views.engagement_calendar, name='engagement_calendar'),
     url(r'^engagement$', views.engagement, name='engagement'),
     url(r'^engagement/new$', views.new_engagement, name='new_eng'),
     url(r'^engagement/(?P<eid>\d+)$', views.view_engagement,

dojo/engagement/views.py

@@ -23,7 +23,7 @@
 from dojo.models import Finding, Product, Engagement, Test, \
     Check_List, Test_Type, Notes, \
     Risk_Acceptance, Development_Environment, BurpRawRequestResponse, Endpoint, \
-    JIRA_PKey, JIRA_Conf, JIRA_Issue, Cred_User, Cred_Mapping
+    JIRA_PKey, JIRA_Conf, JIRA_Issue, Cred_User, Cred_Mapping, Dojo_User
 from dojo.tools.factory import import_parser_factory
 from dojo.utils import get_page_items, add_breadcrumb, handle_uploaded_threat, \
     FileIterWrapper, get_cal_event, message, get_system_setting
@@ -42,11 +42,17 @@
 
 @user_passes_test(lambda u: u.is_staff)
 @cache_page(60 * 5)  # cache for 5 minutes
-def calendar(request):
-    engagements = Engagement.objects.all()
+def engagement_calendar(request):
+    if not 'lead' in request.GET or '*' in request.GET.getlist('lead'):
+        engagements = Engagement.objects.all()
+    else:
+        engagements = Engagement.objects.filter(lead__username__in=request.GET.getlist('lead', ''))
     add_breadcrumb(title="Calendar", top_level=True, request=request)
     return render(request, 'dojo/calendar.html', {
-        'engagements': engagements})
+        'caltype': 'engagements',
+        'leads': request.GET.getlist('lead', ''),
+        'engagements': engagements,
+        'users': Dojo_User.objects.all()})
 
 
 @user_passes_test(lambda u: u.is_staff)

dojo/templates/dojo/calendar.html

@@ -1,11 +1,45 @@
 {% extends 'base.html' %}
+{% load static from staticfiles %}
+{% block add_css %}
+    <link rel="stylesheet" href="{% static "chosen-bootstrap/chosen.bootstrap.min.css" %}">
+{% endblock %}
 {% block content %}
+    <form method="GET" id="calfilter" action="/calendar">
+        <div class="container-fluid chosen-container side-by-side">
+            <div class="row">
+                <div class="col-lg-6" style="width:200px;">
+                    <select data-placeholder="Calendar type" id="caltype" class="chosen-select">
+                        <option value="engagements">Engagements</option>
+                        <option value="tests">Tests</option>
+                    </select>
+                </div>
+                <div class="col-lg-6" style="width:400px;">
+                    <select data-placeholder="All users" multiple id="lead" name="lead" class="chosen-select">
+                        <option value="*">All users</option>
+                        {% for u in users %}
+                            <option value="{{ u.username }}">{{ u.username }}</option>
+                        {% endfor %}
+                    </select>
+                </div>
+                <div class="col-lg-6">
+                    <button class="btn btn-primary" type="submit">Apply</button>
+                </div>
+            </div>
+        </div>
+    </form>
+    <br/><br/>
     <div id="calendar"></div>
     <br/><br/>
 {% endblock %}
 {% block postscript %}
+    <script type="application/javascript" src="{% static "chosen/chosen.jquery.js" %}"></script>
     <script>
-        $(function () {
+          $(function () {
+            $(".chosen-select").chosen({disable_search_threshold: 10});
+            $('#caltype').val('{{ caltype }}');
+            $('#lead').val([{% for lead in leads %} '{{ lead }}', {% endfor %}]);
+            $('.chosen-select').trigger('chosen:updated');
+            $('#caltype').change(function() { $('#calfilter').attr('action', '/calendar/' + $(this).val()); });
             $('#calendar').fullCalendar({
                 header: {
                     left: 'prev,next today',
@@ -15,16 +49,29 @@
                 editable: false,
                 eventLimit: true, // allow "more" link when too many events
                 events: [
-                    {% for e in engagements %}
-                        {
-                            title: '{{e.product.name}}: {{ e.name|default:"Unknown" }}',
-                            start: '{{e.target_start|date:"c"}}',
-                            end: '{{e.target_end|date:"c"}}',
-                            url: '{% url 'view_engagement' e.id %}',
-                            color: {%  if e.active %}'#337ab7'{% else %}'#b9b9b9'{% endif %},
-                            overlap: true
-                        },
-                    {%  endfor %}
+                    {% if caltype == 'tests' %}
+                        {% for t in tests %}
+                            {
+                                title: '{{t.engagement.product.name}}: {{ t.engagement.name|default:"Unknown" }} - {{ t.test_type }} ({{ t.engagement.lead }})',
+                                start: '{{t.target_start|date:"c"}}',
+                                end: '{{t.target_end|date:"c"}}',
+                                url: '{% url 'view_test' t.id %}',
+                                color: {%  if t.engagement.active %}'#337ab7'{% else %}'#b9b9b9'{% endif %},
+                                overlap: true
+                            },
+                        {%  endfor %}                    
+                    {% else %}
+                        {% for e in engagements %}
+                            {
+                                title: '{{e.product.name}}: {{ e.name|default:"Unknown" }} ({{ e.lead|default:"Unassigned" }})',
+                                start: '{{e.target_start|date:"c"}}',
+                                end: '{{e.target_end|date:"c"}}',
+                                url: '{% url 'view_engagement' e.id %}',
+                                color: {%  if e.active %}'#337ab7'{% else %}'#b9b9b9'{% endif %},
+                                overlap: true
+                            },
+                        {%  endfor %}
+                    {% endif %}
                 ]
             });
 

dojo/test/urls.py

@@ -4,6 +4,7 @@
 
 urlpatterns = [
     #  tests
+    url(r'^calendar/tests$', views.test_calendar, name='test_calendar'),
     url(r'^test/(?P<tid>\d+)$', views.view_test,
         name='view_test'),
     url(r'^test/(?P<tid>\d+)/ics$', views.test_ics,

dojo/test/views.py

@@ -10,14 +10,15 @@
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect, HttpResponseForbidden, Http404, HttpResponse
 from django.shortcuts import render, get_object_or_404
+from django.views.decorators.cache import cache_page
 from pytz import timezone
 
 from dojo.filters import TemplateFindingFilter
 from dojo.forms import NoteForm, TestForm, FindingForm, \
     DeleteTestForm, AddFindingForm, \
     ImportScanForm, ReImportScanForm, FindingBulkUpdateForm, JIRAFindingForm
 from dojo.models import Finding, Test, Notes, \
-    BurpRawRequestResponse, Endpoint, Stub_Finding, Finding_Template, JIRA_PKey, Cred_User, Cred_Mapping
+    BurpRawRequestResponse, Endpoint, Stub_Finding, Finding_Template, JIRA_PKey, Cred_User, Cred_Mapping, Dojo_User
 from dojo.tools.factory import import_parser_factory
 from dojo.utils import get_page_items, add_breadcrumb, get_cal_event, message, process_notifications, get_system_setting
 from dojo.tasks import add_issue_task
@@ -157,6 +158,20 @@ def delete_test_note(request, tid, nid):
     return HttpResponseForbidden()
 
 
+@user_passes_test(lambda u: u.is_staff)
+@cache_page(60 * 5)  # cache for 5 minutes
+def test_calendar(request):
+    if not 'lead' in request.GET or '*' in request.GET.getlist('lead'):
+        tests = Test.objects.all()
+    else:
+        tests = Test.objects.filter(engagement__lead__username__in=request.GET.getlist('lead', ''))
+    add_breadcrumb(title="Calendar", top_level=True, request=request)
+    return render(request, 'dojo/calendar.html', {
+        'caltype': 'tests',
+        'leads': request.GET.getlist('lead', ''),
+        'tests': tests,
+        'users': Dojo_User.objects.all()})
+
 @user_passes_test(lambda u: u.is_staff)
 def test_ics(request, tid):
     test = get_object_or_404(Test, id=tid)