feat: add labels for threats, reference controls and applied controls

[melinoix]

Adding labels (filtering-labels) for Threats, ReferenceControls and AppliedControls
+
Fix autocompleteselect

Summary by CodeRabbit

• New Features
  • Introduced filtering labels to allow multiple label associations for key records.
  • Enhanced API responses with support for filtering label data.
  • Updated user forms with dynamic selection components, enabling custom label creation.
  • Expanded data mappings and validation to accommodate the enhanced filtering label functionality.

[coderabbitai]

Walkthrough

The changes introduce a new ManyToMany relationship, filtering_labels, across several backend models and serializers. The models Threat, ReferenceControl, and AppliedControl now include a new mixin to support these relationships. Additionally, the frontend forms have been updated to incorporate an autocomplete component that supports dynamic custom option creation for filtering labels. The utility modules have also been expanded to recognize filtering labels within URL mappings and schema definitions.

Changes

File(s) Changed	Summary of Changes
backend/core/migrations/0059_appliedcontrol_filtering_labels_and_more.py	Added ManyToManyField filtering_labels to appliedcontrol, referencecontrol, and threat models.
backend/core/models.py	Updated Threat, ReferenceControl, and AppliedControl to inherit FilteringLabelMixin with the new filtering_labels field.
backend/core/serializers.py	Added filtering_labels field (as FieldsRelatedField with many=True) to read serializers for applied and reference controls, and threat.
frontend/src/lib/components/Forms/AutocompleteSelect.svelte	Enhanced handleSelectChange to check for missing selected options and append new ones if allowUserOptions is enabled.
frontend/src/lib/components/Forms/ModelForm/AppliedControlPolicyForm.svelte, frontend/src/lib/components/Forms/ModelForm/ReferenceControlForm.svelte, frontend/src/lib/components/Forms/ModelForm/ThreatForm.svelte	Integrated <AutocompleteSelect> components with properties for filtering_labels, enabling multiple selections and custom option creation.
frontend/src/lib/utils/crud.ts	Updated URL_MODEL_MAP to include new foreign key entries for filtering_labels across multiple models (threats, risk-assessments, applied-controls, reference-controls, vulnerabilities).
frontend/src/lib/utils/schemas.ts	Added an optional array property filtering_labels to ThreatSchema, AppliedControlSchema, and ReferenceControlSchema.

Sequence Diagram(s)

sequenceDiagram
    participant U as User
    participant ACS as AutocompleteSelect Component
    participant Options as Options Array

    U->>ACS: Enter/select a custom filtering label
    ACS->>Options: Check if label exists
    Options-->>ACS: Label not found
    ACS->>Options: Append new label option
    Options-->>ACS: Updated options list
    ACS-->>U: Show updated selection

Loading

Suggested labels

data-model

Suggested reviewers

• Mohamed-Hacene
• ab-smith

Poem

Hey, I'm a rabbit with hops so light,
Filtering labels now make our code bright!
From models to forms they gracefully roam,
Adding new options right in our home.
With whiskers twitching at every new sight!
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ec5f222 and 0ca83df.

📒 Files selected for processing (9)

• backend/core/migrations/0059_appliedcontrol_filtering_labels_and_more.py (1 hunks)
• backend/core/models.py (4 hunks)
• backend/core/serializers.py (3 hunks)
• frontend/src/lib/components/Forms/AutocompleteSelect.svelte (1 hunks)
• frontend/src/lib/components/Forms/ModelForm/AppliedControlPolicyForm.svelte (1 hunks)
• frontend/src/lib/components/Forms/ModelForm/ReferenceControlForm.svelte (1 hunks)
• frontend/src/lib/components/Forms/ModelForm/ThreatForm.svelte (1 hunks)
• frontend/src/lib/utils/crud.ts (3 hunks)
• frontend/src/lib/utils/schemas.ts (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (11)

• GitHub Check: startup-functional-test (3.12)
• GitHub Check: startup-docker-compose-test
• GitHub Check: functional-tests (3.12, chromium)
• GitHub Check: test (3.12)
• GitHub Check: enterprise-functional-tests (3.12, chromium)
• GitHub Check: enterprise-startup-functional-test (3.12)
• GitHub Check: build (3.12)
• GitHub Check: enterprise-startup-docker-compose-test
• GitHub Check: ruff (3.12)
• GitHub Check: Analyze (python)
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (19)

frontend/src/lib/components/Forms/AutocompleteSelect.svelte (1)

232-239: Good enhancement to support dynamic option creation!

This new block intelligently handles user-created options by checking if the selected values exist in the options array and adding them if they don't. This implementation creates a seamless user experience for adding custom filtering labels.

frontend/src/lib/components/Forms/ModelForm/ThreatForm.svelte (1)

46-56: Well-configured component for filtering labels.

The AutocompleteSelect component is properly configured with all necessary properties:

• multiple to allow selecting multiple labels
• createFromSelection={true} to enable dynamic creation
• optionsEndpoint="filtering-labels" to fetch from the correct API endpoint
• allowUserOptions="append" to support custom user entries

This implementation aligns well with the PR objective of adding filtering labels to Threats.

backend/core/migrations/0059_appliedcontrol_filtering_labels_and_more.py (1)

11-33: Migration properly implements ManyToMany relationships.

The migration correctly adds filtering_labels ManyToMany fields to the three required models (appliedcontrol, referencecontrol, and threat). The fields are appropriately configured to:

• Allow blank values with blank=True
• Point to the "core.filteringlabel" model
• Include a user-friendly verbose name "Labels"

This aligns with the PR objective of adding labels to these models.

frontend/src/lib/components/Forms/ModelForm/AppliedControlPolicyForm.svelte (1)

64-74: Consistent implementation of filtering labels.

The AutocompleteSelect component is properly configured with identical settings to the ThreatForm implementation, ensuring consistency across the application. The component is correctly placed within the conditional block that checks if the form is not a duplicate.

frontend/src/lib/utils/schemas.ts (3)

116-117: New filtering_labels property added to ThreatSchema

The addition of the filtering_labels property to the ThreatSchema follows the same pattern as the existing filtering labels in other schemas, maintaining consistency across the codebase.

---

161-161: New filtering_labels property added to AppliedControlSchema

Good addition of the filtering_labels property, consistent with the schema design patterns throughout the codebase.

---

188-189: New filtering_labels property added to ReferenceControlSchema

The addition of the filtering_labels property to ReferenceControlSchema is implemented correctly and follows the same pattern as in other schemas.

backend/core/serializers.py (3)

368-368: New filtering_labels field in ReferenceControlReadSerializer

The addition of filtering_labels as a FieldsRelatedField with many=True is appropriate for supporting the many-to-many relationship with FilteringLabel objects. Including the "folder" field in the related objects is good for maintaining context.

---

424-424: New filtering_labels field in ThreatReadSerializer

The addition of filtering_labels field is consistent with the implementation in ReferenceControlReadSerializer, providing a uniform approach across different serializers.

---

559-559: New filtering_labels field in AppliedControlReadSerializer

The addition of filtering_labels field is implemented consistently with the other serializers, ensuring a cohesive API approach for filtering labels across different models.

frontend/src/lib/components/Forms/ModelForm/ReferenceControlForm.svelte (1)

63-73: Added AutocompleteSelect component for filtering labels

The AutocompleteSelect component is well-configured for filtering labels with appropriate properties:

• multiple allows selection of multiple labels
• createFromSelection={true} enables creating new options
• optionsEndpoint="filtering-labels" connects to the correct API
• allowUserOptions="append" enables dynamic label creation

This implementation provides a good user experience for managing labels.

backend/core/models.py (4)

777-781: Good addition of FilteringLabelMixin to Threat model.

The addition of FilteringLabelMixin to the Threat class inheritance adds filtering label functionality, allowing threats to be organized and filtered using custom labels. This aligns well with the PR objective of adding filtering labels for Threats.

---

815-815: Good addition of FilteringLabelMixin to ReferenceControl model.

Adding FilteringLabelMixin to the ReferenceControl class correctly implements the filtering label functionality for reference controls, consistent with the pattern used for the Threat model.

---

1845-1847: Good addition of FilteringLabelMixin to AppliedControl model.

The addition of FilteringLabelMixin to the AppliedControl class completes the implementation of filtering labels across all three target models mentioned in the PR objectives. The implementation is consistent and follows Django's composition pattern using mixins.

---

200-206: Well-designed FilteringLabelMixin implementation.

The FilteringLabelMixin is cleanly implemented with a ManyToMany relationship to the FilteringLabel model. This design allows for flexible and reusable filtering label functionality across multiple models in the application.

frontend/src/lib/utils/crud.ts (4)

212-213: Addition of filtering_labels to threats model looks good.

This change allows threats to be associated with filtering labels, aligning with the PR objective to add labels for Threats.

---

263-264: Appropriate inclusion of filtering_labels in detailViewFields.

Adding filtering_labels to detailViewFields ensures that these labels will be visible in the UI when viewing control details.

---

271-272: Foreign key relationship for filtering_labels properly implemented.

The addition of filtering_labels to foreignKeyFields enables the proper relationship between applied controls and filtering labels.

---

378-379: Consistent implementation of filtering_labels for reference controls.

The filtering_labels addition to reference-controls follows the same pattern as the other models, maintaining consistency across the codebase.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[nas-tabchiche]

Isn't this reinventing the wheel? https://multiselect.janosh.dev/allow-user-options