feat: begin to add possibility to draft risk acceptances

This is not finished yet, some little things remain to be done.
intuitem · Dec 30, 2024 · 81db15b · 81db15b
1 parent 7d6bea3
commit 81db15b
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 16 deletions.
diff --git a/backend/core/views.py b/backend/core/views.py
@@ -1612,6 +1612,16 @@ def to_review(self, request):
 
         return Response({"results": acceptances})
 
+    @action(detail=True, methods=["post"], name="Submit risk acceptance")
+    def submit(self, request, pk):
+        if self.get_object().approver:
+            self.get_object().set_state("submitted")
+            return Response({"results": "state updated to submitted"})
+        else:
+            return Response(
+                {"error": "Missing 'approver' field"}, status=status.HTTP_403_FORBIDDEN
+            )
+
     @action(detail=True, methods=["post"], name="Accept risk acceptance")
     def accept(self, request, pk):
         if request.user == self.get_object().approver:
@@ -1637,23 +1647,20 @@ def waiting(self, request):
         ).count()
         return Response({"count": acceptance_count})
 
-    def perform_create(self, serializer):
+    def perform_update(self, serializer):
         risk_acceptance = serializer.validated_data
-        submitted = False
+
         if risk_acceptance.get("approver"):
-            submitted = True
-        for scenario in risk_acceptance.get("risk_scenarios"):
-            if not RoleAssignment.is_access_allowed(
-                risk_acceptance.get("approver"),
-                Permission.objects.get(codename="approve_riskacceptance"),
-                scenario.risk_assessment.project.folder,
-            ):
-                raise ValidationError(
-                    "The approver is not allowed to approve this risk acceptance"
-                )
+            for scenario in risk_acceptance.get("risk_scenarios"):
+                if not RoleAssignment.is_access_allowed(
+                    risk_acceptance.get("approver"),
+                    Permission.objects.get(codename="approve_riskacceptance"),
+                    scenario.risk_assessment.project.folder,
+                ):
+                    raise ValidationError(
+                        "The approver is not allowed to approve this risk acceptance"
+                    )
         risk_acceptance = serializer.save()
-        if submitted:
-            risk_acceptance.set_state("submitted")
 
 
 class UserFilter(df.FilterSet):

diff --git a/frontend/src/lib/components/DetailView/DetailView.svelte b/frontend/src/lib/components/DetailView/DetailView.svelte
@@ -215,7 +215,26 @@
 </script>
 
 <div class="flex flex-col space-y-2">
-	{#if data.data.state === m.submitted() && $page.data.user.id === data.data.approver.id}
+	{#if data.data.state === 'Created'}
+		<div
+			class="flex flex-row space-x-4 items-center bg-yellow-100 rounded-container-token shadow px-6 py-2 mb-2 justify-between"
+		>
+			<div class="text-yellow-900">
+				{'Remember to review approver before submitting'}
+			</div>
+			<div class="flex space-x-2">
+				<button
+					on:click={(_) => {
+						modalConfirm(data.data.id, data.data.name, '?/submit');
+					}}
+					on:keydown={(_) => modalConfirm(data.data.id, data.data.name, '?/submit')}
+					class="btn variant-filled-secondary"
+				>
+					<i class="fas fa-paper-plane mr-2" /> {'Submit'}</button
+				>
+			</div>
+		</div>
+	{:else if data.data.state === m.submitted() && $page.data.user.id === data.data.approver.id}
 		<div
 			class="flex flex-row space-x-4 items-center bg-yellow-100 rounded-container-token shadow px-6 py-2 mb-2 justify-between"
 		>

diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
@@ -160,7 +160,7 @@ export const RiskAcceptanceSchema = z.object({
 	folder: z.string(),
 	expiry_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
 	justification: z.string().optional().nullable(),
-	approver: z.string(),
+	approver: z.string().optional().nullable(),
 	risk_scenarios: z.array(z.string())
 });
 

diff --git a/frontend/src/routes/(app)/(internal)/[model=urlmodel]/[id=uuid]/+page.server.ts b/frontend/src/routes/(app)/(internal)/[model=urlmodel]/[id=uuid]/+page.server.ts
@@ -150,6 +150,41 @@ export const actions: Actions = {
 			})
 		);
 	},
+	submit: async ({ request, fetch, params }) => {
+		const formData = await request.formData();
+		const schema = z.object({ urlmodel: z.string(), id: z.string().uuid() });
+		const submitForm = await superValidate(formData, zod(schema));
+
+		const urlmodel = submitForm.data.urlmodel;
+		const id = submitForm.data.id;
+		const endpoint = `${BASE_API_URL}/${urlmodel}/${id}/submit/`;
+
+		if (!submitForm.valid) {
+			return fail(400, { form: submitForm });
+		}
+
+		const requestInitOptions: RequestInit = {
+			method: 'POST'
+		};
+		const res = await fetch(endpoint, requestInitOptions);
+		if (!res.ok) {
+			const response = await res.json();
+			if (response.non_field_errors) {
+				setError(submitForm, 'non_field_errors', response.non_field_errors);
+			}
+			return fail(400, { form: submitForm });
+		}
+		const model: string = urlParamModelVerboseName(params.model!);
+		// TODO: reference object by name instead of id
+		return message(
+			submitForm,
+			m.successfullyValidatedObject({
+				object: safeTranslate(model).toLowerCase(),
+				id: id
+			})
+		);
+	},
+
 	accept: async ({ request, fetch, params }) => {
 		const formData = await request.formData();
 		const schema = z.object({ urlmodel: z.string(), id: z.string().uuid() });