Skip to content

Expose created/updated date filters for Risk Acceptance API (created_before/after, updated_before/after) #14786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
PDFour4 wants to merge 4 commits into
base: dev
Choose a base branch
from
+63 −0
Open

Expose created/updated date filters for Risk Acceptance API (created_before/after, updated_before/after) #14786

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7a0ed0a
align ApiRiskAcceptanceFilter date params with API conventions
PDFour4 Apr 24, 2026
5ce06e8
Merge branch 'dev' into testing/risk-acceptance-filter
PDFour4 May 1, 2026
60c7c69
style: fix ruff issues in risk acceptance tests
PDFour4 May 2, 2026
d61e006
Merge branch 'dev' into testing/risk-acceptance-filter
PDFour4 May 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions dojo/filters.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3129,6 +3129,10 @@ class Meta:
class ApiRiskAcceptanceFilter(DojoFilter):
created = DateRangeFilter()
updated = DateRangeFilter()
created_before = DateTimeFilter(field_name="created", lookup_expr="lt")
created_after = DateTimeFilter(field_name="created", lookup_expr="gt")
updated_before = DateTimeFilter(field_name="updated", lookup_expr="lt")
updated_after = DateTimeFilter(field_name="updated", lookup_expr="gt")

o = OrderingFilter(
# tuple-mapping retains order
Expand Down
59 changes: 59 additions & 0 deletions unittests/test_risk_acceptance_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,19 @@ def setUp(self):
self.client.credentials(HTTP_AUTHORIZATION="Token " + self.token.key)
self.url = reverse("risk_acceptance-list")

# Helper method to create a risk acceptance for testing filters
def create_risk_acceptance(self):
risk_acceptance = Risk_Acceptance.objects.create(
name="Filter Test RA",
recommendation="A",
decision="A",
accepted_by="Test User",
owner=self.user,
)
risk_acceptance.accepted_findings.add(self.finding_a1)
self.engagement_a.risk_acceptance.add(risk_acceptance)
return risk_acceptance

def test_create_risk_acceptance_links_to_engagement(self):
"""Test that risk acceptance created via API appears in engagement.risk_acceptance"""
payload = {
Expand Down Expand Up @@ -358,3 +371,49 @@ def test_update_risk_acceptance_add_cross_engagement_fails(self):
response = self.client.put(f"{self.url}{ra.id}/", payload, format="json")
self.assertEqual(403, response.status_code, response.content)
self.assertIn("multiple engagements", str(response.data))

def test_risk_acceptance_created_filter(self):
# 1. Create a baseline Risk Acceptance using the existing test setup
risk_acceptance = self.create_risk_acceptance()

# 2. Manually backdate the created date to test ranges
past_date = datetime.datetime.now(datetime.UTC) - datetime.timedelta(days=10)
risk_acceptance.created = past_date
risk_acceptance.save()

# 3. Test `created_before` (Less than / Before)
# Should return the risk acceptance because it was created 10 days ago
future_date = datetime.datetime.now(datetime.UTC).strftime("%Y-%m-%dT%H:%M:%S.%fZ")
response = self.client.get(reverse("risk_acceptance-list") + f"?created_before={future_date}")
self.assertEqual(response.status_code, 200)
result_ids = {item["id"] for item in response.json()["results"]}
self.assertIn(risk_acceptance.id, result_ids)

# 4. Test `created_after` (Greater than / After)
# Should NOT return the risk acceptance because it is not newer than today
response = self.client.get(reverse("risk_acceptance-list") + f"?created_after={future_date}")
self.assertEqual(response.status_code, 200)
result_ids = {item["id"] for item in response.json()["results"]}
self.assertNotIn(risk_acceptance.id, result_ids)

def test_risk_acceptance_updated_filter(self):
risk_acceptance = self.create_risk_acceptance()

# Manually backdate the updated date
past_date = datetime.datetime.now(datetime.UTC) - datetime.timedelta(days=10)
# We use .update() to bypass the auto_now=True behavior on the updated field
type(risk_acceptance).objects.filter(pk=risk_acceptance.id).update(updated=past_date)

future_date = datetime.datetime.now(datetime.UTC).strftime("%Y-%m-%dT%H:%M:%S.%fZ")

# Test updated_before
response = self.client.get(reverse("risk_acceptance-list") + f"?updated_before={future_date}")
self.assertEqual(response.status_code, 200)
result_ids = {item["id"] for item in response.json()["results"]}
self.assertIn(risk_acceptance.id, result_ids)

# Test updated_after
response = self.client.get(reverse("risk_acceptance-list") + f"?updated_after={future_date}")
self.assertEqual(response.status_code, 200)
result_ids = {item["id"] for item in response.json()["results"]}
self.assertNotIn(risk_acceptance.id, result_ids)
Loading