Add OWASP compliance mapping and security test case templates, and document version control implementation phases

2025-12-22 09:51:09 -05:00 · 2025-02-07 10:51:11 -05:00
parent 2c82489691
commit c083f54afb
38 changed files with 5313 additions and 94 deletions
--- a/reviews/models.py
+++ b/reviews/models.py
@@ -1,9 +1,12 @@
 from django.db import models
+from django.urls import reverse
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.contenttypes.models import ContentType
 from django.core.validators import MinValueValidator, MaxValueValidator
+from history_tracking.models import HistoricalModel, VersionBranch, ChangeSet
+from history_tracking.signals import get_current_branch, ChangesetContextManager

-class Review(models.Model):
+class Review(HistoricalModel):
    # Generic relation to allow reviews on different types (rides, parks)
    content_type = models.ForeignKey(ContentType, on_delete=models.CASCADE)
    object_id = models.PositiveIntegerField()
@@ -47,6 +50,58 @@ class Review(models.Model):
    def __str__(self):
        return f"Review of {self.content_object} by {self.user.username}"

+    def save(self, *args, **kwargs) -> None:
+        # Get the branch from context or use default
+        current_branch = get_current_branch()
+        
+        if current_branch:
+            # Save in the context of the current branch
+            super().save(*args, **kwargs)
+        else:
+            # If no branch context, save in main branch
+            main_branch, _ = VersionBranch.objects.get_or_create(
+                name='main',
+                defaults={'metadata': {'type': 'default_branch'}}
+            )
+            
+            with ChangesetContextManager(branch=main_branch):
+                super().save(*args, **kwargs)
+
+    def get_version_info(self) -> dict:
+        """Get version control information for this review and its reviewed object"""
+        content_type = ContentType.objects.get_for_model(self)
+        latest_changes = ChangeSet.objects.filter(
+            content_type=content_type,
+            object_id=self.pk,
+            status='applied'
+        ).order_by('-created_at')[:5]
+        
+        active_branches = VersionBranch.objects.filter(
+            changesets__content_type=content_type,
+            changesets__object_id=self.pk,
+            is_active=True
+        ).distinct()
+
+        # Get version info for the reviewed object if it's version controlled
+        reviewed_object_branch = None
+        if hasattr(self.content_object, 'get_version_info'):
+            reviewed_object_branch = self.content_object.get_version_info().get('current_branch')
+        
+        return {
+            'latest_changes': latest_changes,
+            'active_branches': active_branches,
+            'current_branch': get_current_branch(),
+            'total_changes': latest_changes.count(),
+            'reviewed_object_branch': reviewed_object_branch
+        }
+        
+    def get_absolute_url(self) -> str:
+        """Get the absolute URL for this review"""
+        if hasattr(self.content_object, 'get_absolute_url'):
+            base_url = self.content_object.get_absolute_url()
+            return f"{base_url}#review-{self.pk}"
+        return reverse('reviews:review_detail', kwargs={'pk': self.pk})
+
 class ReviewImage(models.Model):
    review = models.ForeignKey(
        Review,
--- a/reviews/templates/reviews/review_detail.html
+++ b/reviews/templates/reviews/review_detail.html
@@ -0,0 +1,136 @@
+{% extends "base.html" %}
+{% load static %}
+
+{% block title %}Review of {{ review.content_object.name }} by {{ review.user.username }} - ThrillWiki{% endblock %}
+
+{% block content %}
+<div class="container mx-auto px-4 py-8">
+    <div class="grid grid-cols-1 lg:grid-cols-3 gap-8">
+        <!-- Main Content Column -->
+        <div class="lg:col-span-2">
+            <!-- Version Control UI -->
+            {% include "history_tracking/includes/version_control_ui.html" %}
+
+            <!-- Review Information -->
+            <div class="bg-white rounded-lg shadow-sm p-6">
+                <div class="flex justify-between items-start mb-4">
+                    <h1 class="text-2xl font-bold text-gray-900">Review of {{ review.content_object.name }}</h1>
+                    <div class="flex items-center">
+                        <span class="px-3 py-1 rounded text-sm 
+                            {% if review.is_published %}
+                                bg-green-100 text-green-800
+                            {% else %}
+                                bg-red-100 text-red-800
+                            {% endif %}">
+                            {{ review.is_published|yesno:"Published,Unpublished" }}
+                        </span>
+                    </div>
+                </div>
+
+                <div class="mb-4">
+                    <div class="flex items-center space-x-4">
+                        <div class="text-2xl font-bold text-blue-600">{{ review.rating }}/10</div>
+                        <div class="text-sm text-gray-500">Visited on {{ review.visit_date|date:"F j, Y" }}</div>
+                    </div>
+                </div>
+
+                <h2 class="text-xl font-semibold mb-2">{{ review.title }}</h2>
+
+                <div class="prose max-w-none">
+                    {{ review.content|linebreaks }}
+                </div>
+
+                <!-- Review Images -->
+                {% if review.images.exists %}
+                <div class="mt-6">
+                    <h3 class="text-lg font-semibold mb-3">Photos</h3>
+                    <div class="grid grid-cols-2 md:grid-cols-3 gap-4">
+                        {% for image in review.images.all %}
+                        <div class="aspect-w-16 aspect-h-9">
+                            <img src="{{ image.image.url }}" 
+                                 alt="{{ image.caption|default:'Review photo' }}"
+                                 class="object-cover rounded-lg"
+                                 loading="lazy"
+                                 decoding="async">
+                        </div>
+                        {% endfor %}
+                    </div>
+                </div>
+                {% endif %}
+            </div>
+
+            <!-- Moderation Information -->
+            {% if review.moderated_by %}
+            <div class="mt-6 bg-white rounded-lg shadow-sm p-6">
+                <h3 class="text-lg font-semibold mb-3">Moderation Details</h3>
+                <div class="space-y-2 text-sm">
+                    <p><span class="text-gray-600">Moderated by:</span> {{ review.moderated_by.username }}</p>
+                    <p><span class="text-gray-600">Moderated on:</span> {{ review.moderated_at|date:"F j, Y H:i" }}</p>
+                    {% if review.moderation_notes %}
+                    <div class="mt-2">
+                        <span class="text-gray-600">Notes:</span>
+                        <p class="mt-1 text-gray-700">{{ review.moderation_notes|linebreaks }}</p>
+                    </div>
+                    {% endif %}
+                </div>
+            </div>
+            {% endif %}
+        </div>
+
+        <!-- Sidebar -->
+        <div class="lg:col-span-1">
+            <!-- Reviewed Item -->
+            <div class="bg-white rounded-lg shadow-sm p-6 mb-6">
+                <h2 class="text-lg font-semibold mb-3">{{ review.content_object|class_name }}</h2>
+                <div>
+                    <a href="{{ review.content_object.get_absolute_url }}" 
+                       class="text-blue-600 hover:underline text-lg">
+                        {{ review.content_object.name }}
+                    </a>
+                    {% if review.content_object.park %}
+                    <p class="text-gray-600 mt-1">
+                        at 
+                        <a href="{{ review.content_object.park.get_absolute_url }}" 
+                           class="hover:underline">
+                            {{ review.content_object.park.name }}
+                        </a>
+                    </p>
+                    {% endif %}
+                </div>
+            </div>
+
+            <!-- Reviewer Information -->
+            <div class="bg-white rounded-lg shadow-sm p-6 mb-6">
+                <h2 class="text-lg font-semibold mb-3">Reviewer</h2>
+                <div class="flex items-center space-x-3">
+                    {% if review.user.avatar %}
+                    <img src="{{ review.user.avatar.url }}" 
+                         alt="{{ review.user.username }}"
+                         class="w-12 h-12 rounded-full">
+                    {% endif %}
+                    <div>
+                        <div class="font-medium">{{ review.user.username }}</div>
+                        <div class="text-sm text-gray-500">Member since {{ review.user.date_joined|date:"F Y" }}</div>
+                    </div>
+                </div>
+                <div class="mt-4 text-sm">
+                    <p><span class="text-gray-600">Reviews:</span> {{ review.user.reviews.count }}</p>
+                    <p><span class="text-gray-600">Helpful votes:</span> {{ review.user.review_likes.count }}</p>
+                </div>
+            </div>
+
+            <!-- Review Metadata -->
+            <div class="bg-white rounded-lg shadow-sm p-6">
+                <h2 class="text-lg font-semibold mb-3">Review Details</h2>
+                <div class="space-y-2 text-sm">
+                    <p><span class="text-gray-600">Created:</span> {{ review.created_at|date:"F j, Y H:i" }}</p>
+                    {% if review.created_at != review.updated_at %}
+                    <p><span class="text-gray-600">Last updated:</span> {{ review.updated_at|date:"F j, Y H:i" }}</p>
+                    {% endif %}
+                    <p><span class="text-gray-600">Helpful votes:</span> {{ review.likes.count }}</p>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}
--- a/reviews/templates/reviews/review_list.html
+++ b/reviews/templates/reviews/review_list.html
@@ -0,0 +1,154 @@
+{% extends "base.html" %}
+{% load static %}
+
+{% block title %}Reviews - ThrillWiki{% endblock %}
+
+{% block content %}
+<div class="container mx-auto px-4 py-8">
+    <!-- Version Control UI -->
+    {% include "history_tracking/includes/version_control_ui.html" %}
+
+    <div class="mb-8">
+        <h1 class="text-3xl font-bold text-gray-900">Reviews</h1>
+        {% if object %}
+        <p class="text-gray-600 mt-2">Reviews for {{ object.name }}</p>
+        {% endif %}
+    </div>
+
+    <!-- Filters -->
+    <div class="bg-white rounded-lg shadow-sm p-4 mb-6">
+        <form method="get" class="grid grid-cols-1 md:grid-cols-4 gap-4">
+            <div>
+                <label for="rating" class="block text-sm font-medium text-gray-700">Rating</label>
+                <select name="rating" id="rating" class="mt-1 block w-full rounded-md border-gray-300 shadow-sm">
+                    <option value="">All Ratings</option>
+                    {% for i in "12345678910"|make_list %}
+                    <option value="{{ i }}" {% if rating == i %}selected{% endif %}>{{ i }}/10 or higher</option>
+                    {% endfor %}
+                </select>
+            </div>
+            <div>
+                <label for="type" class="block text-sm font-medium text-gray-700">Type</label>
+                <select name="type" id="type" class="mt-1 block w-full rounded-md border-gray-300 shadow-sm">
+                    <option value="">All Types</option>
+                    <option value="park" {% if type == 'park' %}selected{% endif %}>Parks</option>
+                    <option value="ride" {% if type == 'ride' %}selected{% endif %}>Rides</option>
+                </select>
+            </div>
+            <div>
+                <label for="order" class="block text-sm font-medium text-gray-700">Sort By</label>
+                <select name="order" id="order" class="mt-1 block w-full rounded-md border-gray-300 shadow-sm">
+                    <option value="-created_at" {% if order == '-created_at' %}selected{% endif %}>Newest First</option>
+                    <option value="created_at" {% if order == 'created_at' %}selected{% endif %}>Oldest First</option>
+                    <option value="-rating" {% if order == '-rating' %}selected{% endif %}>Highest Rated</option>
+                    <option value="rating" {% if order == 'rating' %}selected{% endif %}>Lowest Rated</option>
+                    <option value="-likes" {% if order == '-likes' %}selected{% endif %}>Most Helpful</option>
+                </select>
+            </div>
+            <div class="flex items-end">
+                <button type="submit" class="w-full bg-blue-600 hover:bg-blue-700 text-white font-medium py-2 px-4 rounded">
+                    Apply Filters
+                </button>
+            </div>
+        </form>
+    </div>
+
+    <!-- Reviews Grid -->
+    {% if reviews %}
+    <div class="grid grid-cols-1 gap-6">
+        {% for review in reviews %}
+        <div class="bg-white rounded-lg shadow-sm overflow-hidden">
+            <div class="p-6">
+                <div class="flex justify-between items-start mb-4">
+                    <div>
+                        <h2 class="text-xl font-semibold mb-1">
+                            <a href="{{ review.get_absolute_url }}" class="text-blue-600 hover:underline">
+                                {{ review.title }}
+                            </a>
+                        </h2>
+                        <p class="text-gray-600">
+                            Review of 
+                            <a href="{{ review.content_object.get_absolute_url }}" class="hover:underline">
+                                {{ review.content_object.name }}
+                            </a>
+                            {% if review.content_object.park %}
+                            at 
+                            <a href="{{ review.content_object.park.get_absolute_url }}" class="hover:underline">
+                                {{ review.content_object.park.name }}
+                            </a>
+                            {% endif %}
+                        </p>
+                    </div>
+                    <div class="flex items-center">
+                        <div class="text-2xl font-bold text-blue-600 mr-3">{{ review.rating }}/10</div>
+                        <span class="px-3 py-1 rounded text-sm 
+                            {% if review.is_published %}
+                                bg-green-100 text-green-800
+                            {% else %}
+                                bg-red-100 text-red-800
+                            {% endif %}">
+                            {{ review.is_published|yesno:"Published,Unpublished" }}
+                        </span>
+                    </div>
+                </div>
+
+                <div class="prose max-w-none mb-4">
+                    {{ review.content|truncatewords:50 }}
+                </div>
+
+                <!-- Version Control Status -->
+                {% with version_info=review.get_version_info %}
+                {% if version_info.active_branches.count > 1 %}
+                <div class="mt-3 text-sm">
+                    <span class="text-yellow-600">
+                        {{ version_info.active_branches.count }} active branches
+                    </span>
+                </div>
+                {% endif %}
+                {% endwith %}
+
+                <div class="mt-4 flex items-center justify-between text-sm text-gray-500">
+                    <div class="flex items-center space-x-4">
+                        <div>
+                            by <span class="font-medium">{{ review.user.username }}</span>
+                        </div>
+                        <div>{{ review.visit_date|date:"F j, Y" }}</div>
+                        <div>{{ review.likes.count }} helpful votes</div>
+                    </div>
+                    <div>
+                        {{ review.created_at|date:"F j, Y" }}
+                    </div>
+                </div>
+            </div>
+        </div>
+        {% endfor %}
+    </div>
+
+    <!-- Pagination -->
+    {% if is_paginated %}
+    <div class="mt-8 flex justify-center">
+        <nav class="inline-flex rounded-md shadow">
+            {% if page_obj.has_previous %}
+            <a href="?page={{ page_obj.previous_page_number }}{% if request.GET.rating %}&rating={{ request.GET.rating }}{% endif %}{% if request.GET.type %}&type={{ request.GET.type }}{% endif %}{% if request.GET.order %}&order={{ request.GET.order }}{% endif %}"
+               class="px-3 py-2 rounded-l-md border border-gray-300 bg-white text-sm font-medium text-gray-700 hover:bg-gray-50">
+                Previous
+            </a>
+            {% endif %}
+
+            {% if page_obj.has_next %}
+            <a href="?page={{ page_obj.next_page_number }}{% if request.GET.rating %}&rating={{ request.GET.rating }}{% endif %}{% if request.GET.type %}&type={{ request.GET.type }}{% endif %}{% if request.GET.order %}&order={{ request.GET.order }}{% endif %}"
+               class="px-3 py-2 rounded-r-md border border-gray-300 bg-white text-sm font-medium text-gray-700 hover:bg-gray-50">
+                Next
+            </a>
+            {% endif %}
+        </nav>
+    </div>
+    {% endif %}
+
+    {% else %}
+    <div class="text-center py-12">
+        <p class="text-gray-600">No reviews found matching your criteria.</p>
+    </div>
+    {% endif %}
+</div>
+{% endblock %}