Merge pull request #323 from patriknordlen/calendar

devGregA · web-flow · commit 9ab31209bcbc · 2017-07-19T16:01:40.000-05:00
View and filter tests/engagements and users in calendar
diff --git a/dojo/engagement/urls.py b/dojo/engagement/urls.py
@@ -4,7 +4,8 @@
 
 urlpatterns = [
     #  engagements and calendar
-    url(r'^calendar$', views.calendar, name='calendar'),
+    url(r'^calendar$', views.engagement_calendar, name='calendar'),
+    url(r'^calendar/engagements$', views.engagement_calendar, name='engagement_calendar'),
     url(r'^engagement$', views.engagement, name='engagement'),
     url(r'^engagement/new$', views.new_engagement, name='new_eng'),
     url(r'^engagement/(?P<eid>\d+)$', views.view_engagement,
diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py
@@ -2,6 +2,7 @@
 import logging
 import os
 from datetime import datetime, timedelta
+import operator
 
 from django.contrib.auth.models import User
 from django.conf import settings
@@ -23,7 +24,7 @@
 from dojo.models import Finding, Product, Engagement, Test, \
     Check_List, Test_Type, Notes, \
     Risk_Acceptance, Development_Environment, BurpRawRequestResponse, Endpoint, \
-    JIRA_PKey, JIRA_Conf, JIRA_Issue, Cred_User, Cred_Mapping
+    JIRA_PKey, JIRA_Conf, JIRA_Issue, Cred_User, Cred_Mapping, Dojo_User
 from dojo.tools.factory import import_parser_factory
 from dojo.utils import get_page_items, add_breadcrumb, handle_uploaded_threat, \
     FileIterWrapper, get_cal_event, message, get_system_setting
@@ -42,11 +43,24 @@
 
 @user_passes_test(lambda u: u.is_staff)
 @cache_page(60 * 5)  # cache for 5 minutes
-def calendar(request):
-    engagements = Engagement.objects.all()
-    add_breadcrumb(title="Calendar", top_level=True, request=request)
+def engagement_calendar(request):
+    if not 'lead' in request.GET or '0' in request.GET.getlist('lead'):
+        engagements = Engagement.objects.all()
+    else:
+        filters = []
+        leads = request.GET.getlist('lead','')
+        if '-1' in request.GET.getlist('lead'):
+            leads.remove('-1')
+            filters.append(Q(lead__isnull=True))
+        filters.append(Q(lead__in=leads))
+        engagements = Engagement.objects.filter(reduce(operator.or_, filters))
+
+    add_breadcrumb(title="Engagement Calendar", top_level=True, request=request)
     return render(request, 'dojo/calendar.html', {
-        'engagements': engagements})
+        'caltype': 'engagements',
+        'leads': request.GET.getlist('lead', ''),
+        'engagements': engagements,
+        'users': Dojo_User.objects.all()})
 
 
 @user_passes_test(lambda u: u.is_staff)
diff --git a/dojo/forms.py b/dojo/forms.py
@@ -568,7 +568,7 @@ def __init__(self, *args, **kwargs):
 
     class Meta:
         model = Test
-        fields = ['test_type', 'target_start', 'target_end', 'environment', 'percent_complete', 'tags']
+        fields = ['test_type', 'target_start', 'target_end', 'environment', 'percent_complete', 'tags', 'lead']
 
 
 class DeleteTestForm(forms.ModelForm):
diff --git a/dojo/templates/base.html b/dojo/templates/base.html
@@ -240,7 +240,7 @@
                             {% endif %}
                             {% if request.user.is_staff %}
                                 <li>
-                                    <a href="{% url 'calendar' %}"><i class="fa fa-calendar fa-fw"></i>
+                                    <a href="{% url 'engagement_calendar' %}"><i class="fa fa-calendar fa-fw"></i>
                                         <span>Calendar</span></a>
                                 </li>
                                 <li>
diff --git a/dojo/templates/dojo/calendar.html b/dojo/templates/dojo/calendar.html
@@ -1,11 +1,46 @@
 {% extends 'base.html' %}
+{% load static from staticfiles %}
+{% block add_css %}
+    <link rel="stylesheet" href="{% static "chosen-bootstrap/chosen.bootstrap.min.css" %}">
+{% endblock %}
 {% block content %}
+    <form method="GET" id="calfilter" action="/calendar">
+        <div class="container-fluid chosen-container side-by-side">
+            <div class="row">
+                <div class="col-lg-6" style="width:200px;">
+                    <select data-placeholder="Calendar type" id="caltype" class="chosen-select">
+                        <option value="engagements">Engagements</option>
+                        <option value="tests">Tests</option>
+                    </select>
+                </div>
+                <div class="col-lg-6" style="width:400px;">
+                    <select data-placeholder="All users" multiple id="lead" name="lead" class="chosen-select">
+                        <option value="0">All users</option>
+                        <option value="-1">Unassigned</option>
+                        {% for u in users %}
+                            <option value="{{ u.id }}">{{ u.username }}</option>
+                        {% endfor %}
+                    </select>
+                </div>
+                <div class="col-lg-6">
+                    <button class="btn btn-primary" type="submit">Apply</button>
+                </div>
+            </div>
+        </div>
+    </form>
+    <br/><br/>
     <div id="calendar"></div>
     <br/><br/>
 {% endblock %}
 {% block postscript %}
+    <script type="application/javascript" src="{% static "chosen/chosen.jquery.min.js" %}"></script>
     <script>
-        $(function () {
+          $(function () {
+            $('#caltype').change(function() { $('#calfilter').attr('action', '/calendar/' + $(this).val()); });
+            $(".chosen-select").chosen({disable_search_threshold: 10});
+            $('#caltype').val('{{ caltype }}'); $('#caltype').trigger('change');
+            $('#lead').val([{% for lead in leads %} '{{ lead }}', {% endfor %}]);
+            $('.chosen-select').trigger('chosen:updated');
             $('#calendar').fullCalendar({
                 header: {
                     left: 'prev,next today',
@@ -15,16 +50,29 @@
                 editable: false,
                 eventLimit: true, // allow "more" link when too many events
                 events: [
-                    {% for e in engagements %}
-                        {
-                            title: '{{e.product.name}}: {{ e.name|default:"Unknown" }}',
-                            start: '{{e.target_start|date:"c"}}',
-                            end: '{{e.target_end|date:"c"}}',
-                            url: '{% url 'view_engagement' e.id %}',
-                            color: {%  if e.active %}'#337ab7'{% else %}'#b9b9b9'{% endif %},
-                            overlap: true
-                        },
-                    {%  endfor %}
+                    {% if caltype == 'tests' %}
+                        {% for t in tests %}
+                            {
+                                title: '{{t.engagement.product.name}}: {{ t.engagement.name|default:"Unknown" }} - {{ t.test_type }} ({{ t.lead|default:"Unassigned" }})',
+                                start: '{{t.target_start|date:"c"}}',
+                                end: '{{t.target_end|date:"c"}}',
+                                url: '{% url 'view_test' t.id %}',
+                                color: {%  if t.engagement.active %}'#337ab7'{% else %}'#b9b9b9'{% endif %},
+                                overlap: true
+                            },
+                        {%  endfor %}                    
+                    {% else %}
+                        {% for e in engagements %}
+                            {
+                                title: '{{e.product.name}}: {{ e.name|default:"Unknown" }} ({{ e.lead|default:"Unassigned" }})',
+                                start: '{{e.target_start|date:"c"}}',
+                                end: '{{e.target_end|date:"c"}}',
+                                url: '{% url 'view_engagement' e.id %}',
+                                color: {%  if e.active %}'#337ab7'{% else %}'#b9b9b9'{% endif %},
+                                overlap: true
+                            },
+                        {%  endfor %}
+                    {% endif %}
                 ]
             });
 
diff --git a/dojo/test/urls.py b/dojo/test/urls.py
@@ -4,6 +4,7 @@
 
 urlpatterns = [
     #  tests
+    url(r'^calendar/tests$', views.test_calendar, name='test_calendar'),
     url(r'^test/(?P<tid>\d+)$', views.view_test,
         name='view_test'),
     url(r'^test/(?P<tid>\d+)/ics$', views.test_ics,
diff --git a/dojo/test/views.py b/dojo/test/views.py
@@ -2,22 +2,25 @@
 
 import logging
 import sys
+import operator
 from datetime import datetime
 
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.decorators import user_passes_test
 from django.core.urlresolvers import reverse
+from django.db.models import Q
 from django.http import HttpResponseRedirect, HttpResponseForbidden, Http404, HttpResponse
 from django.shortcuts import render, get_object_or_404
+from django.views.decorators.cache import cache_page
 from pytz import timezone
 
 from dojo.filters import TemplateFindingFilter
 from dojo.forms import NoteForm, TestForm, FindingForm, \
     DeleteTestForm, AddFindingForm, \
     ImportScanForm, ReImportScanForm, FindingBulkUpdateForm, JIRAFindingForm
 from dojo.models import Finding, Test, Notes, \
-    BurpRawRequestResponse, Endpoint, Stub_Finding, Finding_Template, JIRA_PKey, Cred_User, Cred_Mapping
+    BurpRawRequestResponse, Endpoint, Stub_Finding, Finding_Template, JIRA_PKey, Cred_User, Cred_Mapping, Dojo_User
 from dojo.tools.factory import import_parser_factory
 from dojo.utils import get_page_items, add_breadcrumb, get_cal_event, message, process_notifications, get_system_setting
 from dojo.tasks import add_issue_task
@@ -157,6 +160,26 @@ def delete_test_note(request, tid, nid):
     return HttpResponseForbidden()
 
 
+@user_passes_test(lambda u: u.is_staff)
+@cache_page(60 * 5)  # cache for 5 minutes
+def test_calendar(request):
+    if not 'lead' in request.GET or '0' in request.GET.getlist('lead'):
+        tests = Test.objects.all()
+    else:
+        filters = []
+        leads = request.GET.getlist('lead','')
+        if '-1' in request.GET.getlist('lead'):
+            leads.remove('-1')
+            filters.append(Q(lead__isnull=True))
+        filters.append(Q(lead__in=leads))
+        tests = Test.objects.filter(reduce(operator.or_, filters))
+    add_breadcrumb(title="Test Calendar", top_level=True, request=request)
+    return render(request, 'dojo/calendar.html', {
+        'caltype': 'tests',
+        'leads': request.GET.getlist('lead', ''),
+        'tests': tests,
+        'users': Dojo_User.objects.all()})
+
 @user_passes_test(lambda u: u.is_staff)
 def test_ics(request, tid):
     test = get_object_or_404(Test, id=tid)
