API: allow filtering incidents NOT in a specific status, add option t…

…o order incidents based on last comment's date
security-geeks · Dec 29, 2024 · fdcb7cc · fdcb7cc
1 parent 67ae95a
commit fdcb7cc
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/fir_api/README.md b/fir_api/README.md
@@ -28,7 +28,6 @@ Python:
 ```
 import requests
 requests.post("http(s)://YOURFIRINSTALL/api/comments", headers={"X-API": "Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b"}, json={"comment": "This is a comment made via API", "incident": 1, "action": "Info"}).json()
-
 ```
 
 curl:

diff --git a/fir_api/filters.py b/fir_api/filters.py
@@ -69,6 +69,9 @@ class IncidentFilter(FilterSet):
     created_after = DateTimeFilter(field_name="date", lookup_expr="gte")
     subject = CharFilter(field_name="subject", lookup_expr="icontains")
     status = ValueChoiceFilter(field_name="status", choices=STATUS_CHOICES)
+    status__not = ValueChoiceFilter(
+        field_name="status", choices=STATUS_CHOICES, exclude=True
+    )
     confidentiality = ValueChoiceFilter(
         field_name="confidentiality", choices=CONFIDENTIALITY_LEVEL
     )

diff --git a/fir_api/views.py b/fir_api/views.py
@@ -8,7 +8,7 @@
 from django.shortcuts import get_object_or_404
 from django.core.files import File as FileWrapper
 from django.contrib.auth.models import User
-from django.db.models import Q
+from django.db.models import Q, Max
 
 from rest_framework.renderers import JSONRenderer
 from rest_framework.permissions import IsAuthenticated, IsAdminUser
@@ -94,16 +94,29 @@ class IncidentViewSet(
     API endpoints for viewing, creating and editing incidents
     """
 
-    queryset = Incident.objects.all()
+    queryset = (
+        Incident.objects.all()
+    )  # Will be overriden by get_queryset(). We still need to define this property as DRF use it to get the basename
     serializer_class = IncidentSerializer
     permission_classes = (IsAuthenticated, IsIncidentHandler)
     filter_backends = [DjangoFilterBackend, OrderingFilter]
-    ordering_fields = ["id", "date", "status", "subject", "concerned_business_lines"]
+    ordering_fields = [
+        "id",
+        "date",
+        "status",
+        "subject",
+        "concerned_business_lines",
+        "last_comment_date",
+    ]
     filterset_class = IncidentFilter
 
     def get_queryset(self):
-        queryset = Incident.authorization.for_user(
-            self.request.user, "incidents.view_incidents"
+        queryset = (
+            Incident.authorization.for_user(
+                self.request.user, "incidents.view_incidents"
+            )
+            .annotate(last_comment_date=Max("comments__date"))
+            .order_by("-id")
         )
         return queryset
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,7 +28,6 @@ Python: @@
     ```
     import requests
     requests.post("http(s)://YOURFIRINSTALL/api/comments", headers={"X-API": "Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b"}, json={"comment": "This is a comment made via API", "incident": 1, "action": "Info"}).json()
     ```
     curl:
@@ Expand Down @@