Develop aspen poam demo

.gitignore

@@ -1,6 +1,7 @@
 # GovReady-Q App
 __pycache__/
 /local
+data/*
 /modules/local
 apps/
 static_root/*

CHANGELOG.md

@@ -58,6 +58,7 @@ and provides a solid foundation for even more exciting innovations to come.
 
 **UI changes**
 
+* Change to Aspen UI.
 * Change label 'certified statement' to 'reference statement'.
 * Warning Message appears at the top of home page and login page while using an Internet Explorer browser informing the user of Internet Explorer not being supported.
 * Indicate private components with lock icon.
@@ -68,6 +69,7 @@ and provides a solid foundation for even more exciting innovations to come.
 * Only Component owner can edit user permissions.
 * Display the control framework along side of controls in component control listing page.
 * Remove icons from project listing.
+* Change 'Template Library' to 'Questionnaires'.
 * Add Component search filter to filter results to components owned by user.
 * Add form to create system from string or URLs.
 * Change language in interface to 'system, systems' instead of 'project, projects'.

api/controls/serializers/poam.py

@@ -1,9 +1,16 @@
+import pathlib
+import pandas
+import structlog
+from structlog import get_logger
+from structlog.stdlib import LoggerFactory
 from rest_framework import serializers
-from api.base.serializers.types import ReadOnlySerializer
-from api.controls.serializers.statements import DetailedStatementSerializer
-from controls.models import Poam
 
+from api.base.serializers.types import ReadOnlySerializer, WriteOnlySerializer
+from api.controls.serializers.statements import DetailedStatementSerializer
+from controls.models import Poam, System
 
+structlog.configure(logger_factory=LoggerFactory())
+logger = get_logger()
 class SimplePoamSerializer(ReadOnlySerializer):
     statement = serializers.SerializerMethodField('get_statement')
 
@@ -37,7 +44,58 @@ class Meta:
                   'remediation_plan', 'scheduled_completion_date', 'milestones','milestone_changes',
                   'risk_rating_original', 'risk_rating_adjusted', 'poam_group', 'statement']
 
+class SimpleSpreadsheetPoamSerializer(ReadOnlySerializer):
+    spreadsheet_poams = serializers.SerializerMethodField('get_spreadsheet_poams')
 
+    def get_spreadsheet_poams(self, system):
+        print(2, "======== system.id, system", system.id, system)
+        poams_list = []
+        counter = 1;
+        fn = "local/poams_list.xlsx"
+        if pathlib.Path(fn).is_file():
+            try:
+                df_dict = pandas.read_excel(fn, header=1)
+                for index, row in df_dict.iterrows():
+                    # import ipdb; ipdb.set_trace()
+                    if system.id == row.get('CSAM ID', ""):
+                        poam_dict = {
+                            "id": index,
+                            "csam_id": row.get('CSAM ID', ""),
+                            "inherited": "No",
+                            "org": row.get('Org', ""),
+                            "sub_org": row.get('Sub Org', ""),
+                            "system_name": row.get('System Name', ""),
+                            "poam_id": row.get('POAM ID', ""   ),
+                            "poam_title": row.get('POAM Title', ""),
+                            "system_type": row.get('System Type', ""),
+                            "detailed_weakness_description": row.get('Detailed Weakness Description', ""),
+                            "status": row.get('Status', "")
+                        }
+                        counter += 1
+                        # Enhance data
+                        # Test for control inheritance
+                        inherited = "No"
+                        if "CA-8" in row.get('POAM Title', ""):
+                            poam_dict['inherited'] = "Yes"
+                            poam_dict['system_name'] = f"{poam_dict['system_name']} inherits from Central Log Server"
+                        poams_list.append(poam_dict)
+            except FileNotFoundError as e:
+                logger.error(f"Error reading file {fn}: {e}")
+            except Exception as e:
+                logger.error(f"Other Error reading file {fn}: {e}")
+        return poams_list
+    class Meta:
+        model = System
+        fields = ['spreadsheet_poams']
+
+class SimpleUpdatePoamSpreadsheetSerializer(WriteOnlySerializer):
+    row = serializers.IntegerField(max_value=None, min_value=None)
+    column = serializers.CharField(min_length=None, max_length=None, allow_blank=True, trim_whitespace=True)
+    value = serializers.CharField(min_length=None, max_length=None, allow_blank=True, trim_whitespace=True)
+
+    class Meta:
+        model = System
+        fields = ['row', 'column', 'value']
 class DetailedPoamSerializer(SimplePoamSerializer):
     statement = DetailedStatementSerializer()
 

api/controls/serializers/readiness_level.py

@@ -0,0 +1,11 @@
+from api.base.serializers.types import ReadOnlySerializer
+from controls.models import Statement
+
+
+class SimpleReadinessLevelSerializer(ReadOnlySerializer):
+
+    class Meta:
+        model = Element
+        fields = ['readiness_level']
+
+

api/controls/urls.py

@@ -3,7 +3,7 @@
 from rest_framework import routers
 from rest_framework_nested.routers import NestedSimpleRouter
 from api.controls.views.element import ElementViewSet, ElementWithPermissionsViewSet
-from api.controls.views.system import SystemViewSet, SystemControlsViewSet, SystemAssessmentViewSet, SystemPoamViewSet
+from api.controls.views.system import SystemViewSet, SystemControlsViewSet, SystemAssessmentViewSet, SystemPoamViewSet, SystemPoamSpreadsheetViewSet
 
 router = routers.DefaultRouter()
 router.register(r'elements', ElementViewSet)
@@ -14,7 +14,7 @@
 systems_router.register(r'controls', SystemControlsViewSet, basename='systems-controls')
 systems_router.register(r'assessments', SystemAssessmentViewSet, basename='systems-assessments')
 systems_router.register(r'poams', SystemPoamViewSet, basename='systems-poams')
-
+systems_router.register(r'spreadsheet-poams', SystemPoamSpreadsheetViewSet, basename='systems-spreadsheet-poams')
 urlpatterns = [
     url(r'^', include(router.urls)),
     url(r'^', include(systems_router.urls))

api/controls/views/system.py

@@ -1,10 +1,14 @@
+from os import system
+import pathlib
+import pandas
+from openpyxl import load_workbook
 from rest_framework.decorators import action
 from rest_framework.response import Response
 
 from api.base.views.base import SerializerClasses
 from api.base.views.viewsets import ReadOnlyViewSet
 from api.controls.serializers.element import SimpleElementControlSerializer, DetailedElementControlSerializer
-from api.controls.serializers.poam import DetailedPoamSerializer, SimplePoamSerializer
+from api.controls.serializers.poam import DetailedPoamSerializer, SimplePoamSerializer, SimpleSpreadsheetPoamSerializer, SimpleUpdatePoamSpreadsheetSerializer
 from api.controls.serializers.system import DetailedSystemSerializer, SimpleSystemSerializer, SystemCreateAndSetProposalSerializer, SystemRetrieveProposalsSerializer
 from api.controls.serializers.system_assement_results import DetailedSystemAssessmentResultSerializer, \
     SimpleSystemAssessmentResultSerializer
@@ -71,3 +75,45 @@ class SystemPoamViewSet(ReadOnlyViewSet):
 
     NESTED_ROUTER_PKS = [{'pk': 'systems_pk', 'model_field': 'statement.consumer_element.system'}]
 
+class SystemPoamSpreadsheetViewSet(ReadOnlyViewSet):
+    queryset = System.objects.all()
+    # queryset = System.objects.filter(pk=9)
+    serializer_classes = SerializerClasses(
+        retrieve=SimpleSpreadsheetPoamSerializer,
+        list=SimpleSpreadsheetPoamSerializer,
+        updateSpreadsheet=SimpleUpdatePoamSpreadsheetSerializer)
+
+    @action(detail=True, url_path="updateSpreadsheet", methods=["PUT"])
+    def updateSpreadsheet(self, request, **kwargs):
+        system, validated_data = self.validate_serializer_and_get_object(request)
+        for key, value in validated_data.items():
+            if key == 'row':
+                row = value
+            if key == 'column':
+                column = value
+            if key == 'value':
+                value = value
+        print(row, column, value)
+
+        system.save()
+        fn = "local/poams_list.xlsx"
+        #load excel file
+        workbook = load_workbook(filename=fn)
+        sheet = workbook.active
+
+        #open workbook
+        colNames = {}
+        current = 0
+        for col in sheet.iter_cols(min_row=2, max_row=2, min_col=1, max_col=sheet.max_column):
+            colNames[col[0].value.lower()] = current
+            current += 1
+
+        #modify the desired cell
+        sheet.cell(row=row+2, column=colNames[column]+1).value = value
+
+        #save the file
+        workbook.save(fn)
+
+        serializer_class = self.get_serializer_class('updateSpreadsheet')
+        serializer = self.get_serializer(serializer_class, system)
+        return Response(serializer.data)

controls/urls.py

@@ -42,10 +42,14 @@
     url(r'^statement_history/(?P<smt_id>.*)/$', views.statement_history, name="statement_history"),
     url(r'^restore_to/(?P<smt_id>.*)/(?P<history_id>.*)/$', views.restore_to_history, name="restore_to"),
 
-    url(r'^(?P<system_id>.*)/aspen/summary/fake$', views.system_summary_1_aspen, name="system_summary_1"),
     url(r'^(?P<system_id>.*)/aspen/summary$', views.system_summary_aspen, name="system_summary"),
+    url(r'^(?P<system_id>.*)/aspen/summary/fake$', views.system_summary_1_aspen, name="system_summary_1"),
     url(r'^(?P<system_id>.*)/aspen/integrations$', views.system_integrations_aspen, name="system_integrations"),
 
+    url(r'^(?P<system_id>.*)/aspen/summary/poams$', views.system_poams_aspen, name="system_summary_poams"),
+    url(r'^import-poams$', views.import_poams_xlsx, name="import_poams_xlsx"),
+    url(r'^export-poams-xlsx$', views.export_poams_xlsx, name="export_poams_xlsx"),
+
     url(r'^new', views.create_system_from_string, name="create_system_from_string"),
 
     # Systems Assessment Results

controls/utils/views_helper.py

@@ -0,0 +1,15 @@
+from api.siteapp.serializers.projects import DetailedProjectsSerializer
+from django.db import transaction
+from siteapp.models import Project, ProjectMembership
+from controls.models import Element, System, Statement, Deployment
+
+import logging
+logging.basicConfig()
+import structlog
+from structlog import get_logger
+from structlog.stdlib import LoggerFactory
+
+structlog.configure(logger_factory=LoggerFactory())
+structlog.configure(processors=[structlog.processors.JSONRenderer()])
+logger = get_logger()
+

controls/views.py

@@ -3302,14 +3302,6 @@ def poams_list(request, system_id):
         controls = system.root_element.controls.all()
         poam_smts = system.root_element.statements_consumed.filter(statement_type="POAM").order_by('-updated')
 
-
-        # impl_smts_count = {}
-        # ikeys = system.smts_control_implementation_as_dict.keys()
-        # for c in controls:
-        #     impl_smts_count[c.oscal_ctl_id] = 0
-        #     if c.oscal_ctl_id in ikeys:
-        #         impl_smts_count[c.oscal_ctl_id] = len(system.smts_control_implementation_as_dict[c.oscal_ctl_id]['control_impl_smts'])
-
         # Return the controls
         context = {
             "system": system,
@@ -4340,6 +4332,19 @@ def import_poams_xlsx(request):
         messages.add_message(request, messages.ERROR, f"POA&Ms spreadsheet file required.")
         return JsonResponse({ "status": "ok", "redirect": redirect_url })
 
+@login_required
+@transaction.atomic
+def export_poams_xlsx(request):
+
+    from django.utils.encoding import smart_str
+
+    poams_xlsx_filepath = "local/poams_list.xlsx"
+    file_name = f"poams_list_{datetime.now().strftime('%Y-%m-%d-%H-%M')}.xlsx"
+    path = open(poams_xlsx_filepath, 'rb')
+    response = HttpResponse(path, content_type='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet') # mimetype is replaced by content_type for django 1.7
+    response['Content-Disposition'] = 'attachment; filename=%s' % smart_str(file_name)
+    return response
+
 # System Deployments
 @login_required
 def system_deployments_aspen(request, system_id):

frontend/src/components/system-summary/component.js

@@ -1,6 +1,7 @@
 import React, {useState} from 'react';
 import ReactDOM from 'react-dom';
 import { SystemSummary } from './system_summary';
+import { SystemSummarySpreadsheet } from './system_summary_spreadsheet';
 import { Provider } from "react-redux";
 import store from "../../store";
 
@@ -11,4 +12,13 @@ window.system_summary = ( systemId, projectId ) => {
         </Provider>,
         document.getElementById('system-summary-poam-datagrid')
     );
+};
+
+window.system_summary_spreadsheet = ( systemId, projectId ) => {
+    ReactDOM.render(
+        <Provider store={store}>
+            <SystemSummarySpreadsheet systemId={systemId} projectId={projectId} />
+        </Provider>,
+        document.getElementById('system-summary-poam-spreadsheet-datagrid')
+    );
 };