Connecting the access model to audits

GSA-TTS · Feb 27, 2025 · 43e09b7 · 43e09b7
1 parent 1b2c0a0
commit 43e09b7
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 4 deletions.
diff --git a/backend/audit/fixtures/single_audit_checklist.py b/backend/audit/fixtures/single_audit_checklist.py
@@ -17,6 +17,7 @@
 import audit.validators
 
 from audit.fixtures.excel import FORM_SECTIONS
+from audit.models import SubmissionEvent
 from users.models import User
 
 logger = logging.getLogger(__name__)
@@ -126,28 +127,38 @@ def _create_sac(user, auditee_name, submission_status="in_progress"):
         general_information=_fake_general_information(auditee_name),
         submission_status=submission_status,
     )
+    Audit = apps.get_model("audit.Audit")
+    audit = Audit.objects.create(
+        audit={"general_information": _fake_general_information(auditee_name)},
+        submission_status=submission_status,
+        event_user=user,
+        event_type=SubmissionEvent.EventType.CREATED
+    )
 
     Access = apps.get_model("audit.Access")
     Access.objects.create(
         sac=sac,
+        audit=audit,
         user=user,
         email=user.email,
         role="editor",
     )
     Access.objects.create(
         sac=sac,
+        audit=audit,
         user=user,
         email=user.email,
         role="certifying_auditor_contact",
     )
     Access.objects.create(
         sac=sac,
+        audit=audit,
         user=user,
         email=user.email,
         role="certifying_auditee_contact",
     )
-    logger.info("Created single audit checklist %s", sac)
-    return sac
+    logger.info("Created audit %s", audit)
+    return audit
 
 
 def _post_create_federal_awards(this_sac, this_user):

diff --git a/backend/audit/migrations/0017_access_audit_deletedaccess_audit_and_more.py b/backend/audit/migrations/0017_access_audit_deletedaccess_audit_and_more.py
@@ -0,0 +1,53 @@
+# Generated by Django 5.1.2 on 2025-02-26 23:30
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("audit", "0016_audit_history"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="access",
+            name="audit",
+            field=models.ForeignKey(
+                null=True, on_delete=django.db.models.deletion.CASCADE, to="audit.audit"
+            ),
+        ),
+        migrations.AddField(
+            model_name="deletedaccess",
+            name="audit",
+            field=models.ForeignKey(
+                null=True, on_delete=django.db.models.deletion.CASCADE, to="audit.audit"
+            ),
+        ),
+        migrations.AddField(
+            model_name="submissionevent",
+            name="audit",
+            field=models.ForeignKey(
+                null=True, on_delete=django.db.models.deletion.CASCADE, to="audit.audit"
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="access",
+            constraint=models.UniqueConstraint(
+                condition=models.Q(("role", "certifying_auditee_contact")),
+                fields=("audit",),
+                name="audit_access_audit_single_certifying_auditee",
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="access",
+            constraint=models.UniqueConstraint(
+                condition=models.Q(("role", "certifying_auditor_contact")),
+                fields=("audit",),
+                name="audit_access_audit_single_certifying_auditor",
+            ),
+        ),
+    ]
diff --git a/backend/audit/models/access.py b/backend/audit/models/access.py
@@ -51,6 +51,7 @@ def create(self, **obj_data):
         if event_user and event_type:
             SubmissionEvent.objects.create(
                 sac=result.sac,
+                audit=result.audit,
                 user=event_user,
                 event=event_type,
             )
@@ -68,6 +69,10 @@ class Access(models.Model):
 
     ROLES = ACCESS_ROLES
     sac = models.ForeignKey(SingleAuditChecklist, on_delete=models.CASCADE)
+    # TODO: Update Post SOC Launch
+    # setting this temporarily to allow "null" to handle existing rows without audit fields.
+    # We will want to copy "Accesses" from SACs to their correlating Audit models.
+    audit = models.ForeignKey("audit.Audit", on_delete=models.CASCADE, null=True)
     role = models.CharField(
         choices=ROLES,
         help_text="Access type granted to this user",
@@ -90,7 +95,7 @@ def delete(self, *args, **kwds):
         Override method to create DeletedAccess entries upon deletion.
 
         Returns only the result of the Access deletion to maintain compatibility with
-        what all other delete methods return.
+        what all the other delete methods return.
         """
         removing_user = kwds.get("removing_user")
         removal_event = kwds.get("removal_event", "access-change")
@@ -109,6 +114,7 @@ class Meta:
         verbose_name_plural = "accesses"
 
         constraints = [
+            # TODO: Update Post SOC Launch
             # a SAC cannot have multiple certifying auditees
             models.UniqueConstraint(
                 fields=["sac"],
@@ -121,6 +127,18 @@ class Meta:
                 condition=Q(role="certifying_auditor_contact"),
                 name="%(app_label)s_%(class)s_single_certifying_auditor",
             ),
+            # a audit cannot have multiple certifying auditees
+            models.UniqueConstraint(
+                fields=["audit"],
+                condition=Q(role="certifying_auditee_contact"),
+                name="%(app_label)s_%(class)s_audit_single_certifying_auditee",
+            ),
+            # a audit cannot have multiple certifying auditors
+            models.UniqueConstraint(
+                fields=["audit"],
+                condition=Q(role="certifying_auditor_contact"),
+                name="%(app_label)s_%(class)s_audit_single_certifying_auditor",
+            ),
         ]
 
 
@@ -158,6 +176,7 @@ def delete_access_and_create_record(
     removed_by_email = removing_user.email if removing_user else None
     deletion_record = DeletedAccess(
         sac=access.sac,
+        audit=access.audit,
         role=access.role,
         fullname=access.fullname,
         email=access.email,
@@ -168,4 +187,4 @@ def delete_access_and_create_record(
     )
     deletion_record.save()
     access_deletion_return = super(Access, access).delete()
-    return (access_deletion_return, deletion_record)
+    return access_deletion_return, deletion_record
diff --git a/backend/audit/models/deleted_access.py b/backend/audit/models/deleted_access.py
@@ -30,6 +30,9 @@ class RemovalEventType:
 
     # The first five fields are identical to Access:
     sac = models.ForeignKey(SingleAuditChecklist, on_delete=models.CASCADE)
+    # TODO: Update Post SOC Launch
+    # setting this temporarily to allow "null" to handle existing rows without audit fields.
+    audit = models.ForeignKey("audit.Audit", on_delete=models.CASCADE, null=True)
     role = models.CharField(
         choices=ACCESS_ROLES,
         help_text="Access type granted to this user",

diff --git a/backend/audit/models/submission_event.py b/backend/audit/models/submission_event.py
@@ -106,6 +106,9 @@ class EventType:
     )
 
     sac = models.ForeignKey("audit.SingleAuditChecklist", on_delete=models.CASCADE)
+    # TODO: Update Post SOC Launch
+    # setting this temporarily to allow "null" to handle existing rows without audit fields.
+    audit = models.ForeignKey("audit.Audit", on_delete=models.CASCADE, null=True)
     user = models.ForeignKey(User, on_delete=models.PROTECT)
     timestamp = models.DateTimeField(auto_now_add=True)
     event = models.CharField(choices=EVENT_TYPES)