Add is_locked indication in the UI #310

Also, remove edit permissions when Product is_locked

Signed-off-by: tdruez <[email protected]>

Author: tdruez

component_catalog/forms.py

@@ -625,7 +625,9 @@ def __init__(self, user, *args, **kwargs):
 
         product_field = self.fields["product"]
         perms = ["view_product", "change_product"]
-        product_field.queryset = Product.objects.get_queryset(user, perms=perms)
+        product_field.queryset = Product.objects.get_queryset(user, perms=perms).filter(
+            is_locked=False
+        )
 
         if relation_instance:
             help_text = f'"{relation_instance}" will be assigned to the selected product.'
@@ -708,9 +710,11 @@ def __init__(self, request, model, relation_model, *args, **kwargs):
         self.model = model
         self.relation_model = relation_model
         self.dataspace = request.user.dataspace
-        self.fields["product"].queryset = Product.objects.get_queryset(
-            request.user, perms=["view_product", "change_product"]
+        product_qs = Product.objects.get_queryset(
+            user=request.user,
+            perms=["view_product", "change_product"],
         )
+        self.fields["product"].queryset = product_qs.filter(is_locked=False)
 
     def get_selected_objects(self):
         ids = self.initial.get("ids") or self.cleaned_data["ids"]

dejacode/static/css/dejacode_bootstrap.css

@@ -368,7 +368,7 @@ table.packages-table .column-primary_language {
   width: 130px;
 }
 .list-inline-margin-sm .list-inline-item:not(:last-child) {
-  margin-right: 0.3rem;
+  margin-right: 0.125rem;
 }
 
 /* -- Vulnerability List -- */

product_portfolio/migrations/0013_product_is_locked_and_more.py

@@ -15,7 +15,7 @@ class Migration(migrations.Migration):
         migrations.AddField(
             model_name='product',
             name='is_locked',
-            field=models.BooleanField(db_index=True, default=False, help_text='Marks this product vertsion as read-only, preventing any modifications to its inventory.', verbose_name='Locked'),
+            field=models.BooleanField(db_index=True, default=False, help_text='Marks this product version as read-only, preventing any modifications to its inventory.', verbose_name='Locked'),
         ),
         migrations.AlterField(
             model_name='productdependency',

product_portfolio/models.py

@@ -226,7 +226,7 @@ class Product(BaseProductMixin, FieldChangesMixin, KeywordsMixin, DataspacedMode
         default=False,
         db_index=True,
         help_text=_(
-            "Marks this product vertsion as read-only, preventing any modifications to "
+            "Marks this product version as read-only, preventing any modifications to "
             "its inventory."
         ),
     )

product_portfolio/templates/product_portfolio/product_details.html

@@ -111,6 +111,11 @@
 {% endblock %}
 
 {% block content %}
+  {% if product.is_locked %}
+    <small class="d-inline-flex mb-3 px-2 py-1 fw-semibold text-warning-emphasis bg-warning-subtle border border-warning-subtle rounded-2">
+      This product version is marked as read-only, preventing any modifications to its inventory.
+    </small>
+  {% endif %}
   {{ block.super }}
   {% if has_scan_all_packages %}
     {% include 'product_portfolio/modals/scan_all_packages_modal.html' %}

product_portfolio/templates/product_portfolio/tables/product_list_table.html

@@ -19,6 +19,11 @@
           </th>
           <th scope="row">
             <ul class="list-inline float-end mb-0 list-inline-margin-sm">
+              {% if product.is_locked %}
+                <li class="list-inline-item text-secondary">
+                  <i class="fas fa-lock" data-bs-toggle="tooltip" title="Inventory is locked"></i>
+                </li>
+              {% endif %}
               {% if request.user.is_authenticated and product.request_count %}
                 <li class="list-inline-item">
                   <a href="{% inject_preserved_filters product.get_absolute_url %}#activity" class="r-link"><span class="badge text-bg-request">R</span></a>

product_portfolio/views.py

@@ -648,56 +648,55 @@ def tab_imports(self):
         }
 
     def get_context_data(self, **kwargs):
+        product = self.object
         user = self.request.user
         dataspace = user.dataspace
 
         # This behavior does not works well in the context of getting informed about
         # tasks completion on the Product.
         if user.is_authenticated:
-            self.object.mark_all_notifications_as_read(user)
+            product.mark_all_notifications_as_read(user)
 
         context = super().get_context_data(**kwargs)
-
-        context["has_change_codebaseresource_permission"] = user.has_perm(
-            "product_portfolio.change_codebaseresource"
-        )
-
         context["filter_productcomponent"] = self.filter_productcomponent
         context["filter_productpackage"] = self.filter_productpackage
         # The reference data label and help does not make sense in the Product context
         context["is_reference_data"] = None
 
-        perms = guardian_get_perms(user, self.object)
+        perms = guardian_get_perms(user, product)
         context["has_change_permission"] = "change_product" in perms
         context["has_delete_permission"] = "delete_product" in perms
 
-        context["has_edit_productpackage"] = all(
-            [
-                user.has_perm("product_portfolio.change_productpackage"),
-                context["has_change_permission"],
-            ]
-        )
-        context["has_delete_productpackage"] = user.has_perm(
-            "product_portfolio.delete_productpackage"
-        )
-
-        context["has_add_productcomponent"] = all(
-            [
-                user.has_perm("product_portfolio.add_productcomponent"),
-                context["has_change_permission"],
-            ]
-        )
-        context["has_edit_productcomponent"] = all(
-            [
-                user.has_perm("product_portfolio.change_productcomponent"),
-                context["has_change_permission"],
-            ]
-        )
-        context["has_delete_productcomponent"] = user.has_perm(
-            "product_portfolio.delete_productcomponent"
-        )
+        if not product.is_locked:
+            context["has_edit_productpackage"] = all(
+                [
+                    user.has_perm("product_portfolio.change_productpackage"),
+                    context["has_change_permission"],
+                ]
+            )
+            context["has_delete_productpackage"] = user.has_perm(
+                "product_portfolio.delete_productpackage"
+            )
+            context["has_add_productcomponent"] = all(
+                [
+                    user.has_perm("product_portfolio.add_productcomponent"),
+                    context["has_change_permission"],
+                ]
+            )
+            context["has_edit_productcomponent"] = all(
+                [
+                    user.has_perm("product_portfolio.change_productcomponent"),
+                    context["has_change_permission"],
+                ]
+            )
+            context["has_delete_productcomponent"] = user.has_perm(
+                "product_portfolio.delete_productcomponent"
+            )
+            context["has_change_codebaseresource_permission"] = user.has_perm(
+                "product_portfolio.change_codebaseresource"
+            )
 
-        if context["has_edit_productpackage"] or context["has_edit_productcomponent"]:
+        if context.get("has_edit_productpackage") or context.get("has_edit_productcomponent"):
             all_licenses = License.objects.scope(dataspace).filter(is_active=True)
             add_client_data(self.request, license_data=all_licenses.data_for_expression_builder())
 
@@ -741,12 +740,13 @@ class ProductTabInventoryView(
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
+        product = self.object
         user = self.request.user
         dataspace = user.dataspace
-        context["inventory_count"] = self.object.productinventoryitem_set.count()
+        context["inventory_count"] = product.productinventoryitem_set.count()
 
         license_qs = License.objects.select_related("usage_policy")
-        declared_dependencies_qs = ProductDependency.objects.product(self.object)
+        declared_dependencies_qs = ProductDependency.objects.product(product)
         package_qs = (
             Package.objects.select_related(
                 "dataspace",
@@ -762,7 +762,7 @@ def get_context_data(self, **kwargs):
         ).with_vulnerability_count()
 
         productpackage_qs = (
-            self.object.productpackages.select_related(
+            product.productpackages.select_related(
                 "review_status",
                 "purpose",
             )
@@ -783,13 +783,13 @@ def get_context_data(self, **kwargs):
         filter_productpackage = ProductPackageFilterSet(
             self.request.GET,
             queryset=productpackage_qs,
-            dataspace=self.object.dataspace,
+            dataspace=product.dataspace,
             prefix=self.tab_id,
             anchor="#inventory",
         )
 
         productcomponent_qs = (
-            self.object.productcomponents.select_related(
+            product.productcomponents.select_related(
                 "review_status",
                 "purpose",
             )
@@ -811,7 +811,7 @@ def get_context_data(self, **kwargs):
         filter_productcomponent = ProductComponentFilterSet(
             self.request.GET,
             queryset=productcomponent_qs,
-            dataspace=self.object.dataspace,
+            dataspace=product.dataspace,
             prefix=self.tab_id,
             anchor="#inventory",
         )
@@ -878,26 +878,27 @@ def get_context_data(self, **kwargs):
             }
         )
 
-        perms = guardian_get_perms(user, self.object)
-        has_product_change_permission = "change_product" in perms
-        context["has_edit_productcomponent"] = all(
-            [
-                has_product_change_permission,
-                user.has_perm("product_portfolio.change_productcomponent"),
-            ]
-        )
-        context["has_edit_productpackage"] = all(
-            [
-                has_product_change_permission,
-                user.has_perm("product_portfolio.change_productpackage"),
-            ]
-        )
-        context["has_delete_productpackage"] = user.has_perm(
-            "product_portfolio.delete_productpackage"
-        )
-        context["has_delete_productcomponent"] = user.has_perm(
-            "product_portfolio.delete_productcomponent"
-        )
+        if not product.is_locked:
+            perms = guardian_get_perms(user, product)
+            has_product_change_permission = "change_product" in perms
+            context["has_edit_productcomponent"] = all(
+                [
+                    has_product_change_permission,
+                    user.has_perm("product_portfolio.change_productcomponent"),
+                ]
+            )
+            context["has_edit_productpackage"] = all(
+                [
+                    has_product_change_permission,
+                    user.has_perm("product_portfolio.change_productpackage"),
+                ]
+            )
+            context["has_delete_productpackage"] = user.has_perm(
+                "product_portfolio.delete_productpackage"
+            )
+            context["has_delete_productcomponent"] = user.has_perm(
+                "product_portfolio.delete_productcomponent"
+            )
 
         if page_obj:
             previous_url, next_url = self.get_previous_next(page_obj)