Add anonymous questionnaire to engagement (#10734)

* add-anonymous-questionnaire-to-engagement initial scaffolding for new feature

* add-anonymous-questionnaire-to-engagement Add templats and form, update to actually perform linking

* add-anonymous-questionnaire-to-engagement wording change on form

* add-anonymous-questionnaire-to-engagement comments, wording change

* add-anonymous-questionnaire-to-engagement redirect to engagement view rather than edit after linking

* add-anonymous-questionnaire-to-engagement Allow relinking (reassociating) of questionnaires to another engagement. add link to contextual menu on engagement q listing

* add-anonymous-questionnaire-to-engagement linter fixes

* add-anonymous-questionnaire-to-engagement formatting

* add-anonymous-questionnaire-to-engagement fix typo

Author: dogboat

dojo/forms.py

@@ -31,6 +31,7 @@
 import dojo.jira_link.helper as jira_helper
 from dojo.authorization.roles_permissions import Permissions
 from dojo.endpoint.utils import endpoint_filter, endpoint_get_or_create, validate_endpoints_to_add
+from dojo.engagement.queries import get_authorized_engagements
 from dojo.finding.queries import get_authorized_findings
 from dojo.group.queries import get_authorized_groups, get_group_member_roles
 from dojo.models import (
@@ -3550,6 +3551,18 @@ def __init__(self, *args, **kwargs):
         self.fields["product"].queryset = get_authorized_products(Permissions.Engagement_Add)
 
 
+class ExistingEngagementForm(forms.Form):
+    engagement = forms.ModelChoiceField(
+        queryset=Engagement.objects.none(),
+        required=True,
+        widget=forms.widgets.Select(),
+        help_text="Select which Engagement to link the Questionnaire to")
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields["engagement"].queryset = get_authorized_engagements(Permissions.Engagement_Edit).order_by("-target_start")
+
+
 class ConfigurationPermissionsForm(forms.Form):
 
     def __init__(self, *args, **kwargs):

dojo/survey/urls.py

@@ -77,4 +77,7 @@
     re_path(r"^empty_questionnaire/(?P<esid>\d+)/new_engagement$",
         views.engagement_empty_survey,
         name="engagement_empty_survey"),
+    re_path(r"^empty_questionnaire/(?P<esid>\d+)/existing_engagement$",
+        views.ExistingEngagementEmptySurveyView.as_view(),
+        name="existing_engagement_empty_survey"),
 ]

dojo/survey/views.py

@@ -11,6 +11,7 @@
 from django.urls import reverse
 from django.utils import timezone as tz
 from django.utils.html import escape
+from django.views import View
 
 from dojo.authorization.authorization import (
     user_has_configuration_permission,
@@ -36,6 +37,7 @@
     EditChoiceQuestionForm,
     EditQuestionnaireQuestionsForm,
     EditTextQuestionForm,
+    ExistingEngagementForm,
 )
 from dojo.models import (
     Answer,
@@ -866,3 +868,57 @@ def engagement_empty_survey(request, esid):
         top_level=False,
         request=request)
     return render(request, "defectDojo-engagement-survey/add_engagement.html", {"form": form})
+
+
+class ExistingEngagementEmptySurveyView(View):
+    def get(self, request, esid):
+        survey = get_object_or_404(Answered_Survey, id=esid)
+        if survey.engagement:
+            # If the questionnaire is already linked to a survey, ensure the user has permission to edit it
+            user_has_permission_or_403(request.user, survey.engagement, Permissions.Engagement_Edit)
+            # Prepopulate the form with the current engagement
+            form = self.get_form_class()({"engagement": survey.engagement})
+        else:
+            form = self.get_form_class()()
+        self.add_breadcrumb(request)
+        return render(request, self.get_template(), {"form": form})
+
+    def post(self, request, esid):
+        survey = get_object_or_404(Answered_Survey, id=esid)
+        form = self.get_form_class()(request.POST)
+        if form.is_valid():
+            # Validate perms on the target engagement
+            engagement = form.cleaned_data.get("engagement")
+            user_has_permission_or_403(request.user, engagement, Permissions.Engagement_Edit)
+            # If we're moving a questionnaire, make sure the user can edit the 'source' engagement too
+            if survey.engagement:
+                user_has_permission_or_403(request.user, survey.engagement, Permissions.Engagement_Edit)
+            # Link and save
+            survey.engagement = engagement
+            survey.save()
+            messages.add_message(
+                request,
+                messages.SUCCESS,
+                "Questionnaire successfully linked to Engagement.",
+                extra_tags="alert-success")
+            return HttpResponseRedirect(reverse("view_engagement", args=(engagement.id,)))
+
+        messages.add_message(
+            request,
+            messages.ERROR,
+            "Questionnaire could not be linked to the selected Engagement.",
+            extra_tags="alert-danger")
+        self.add_breadcrumb(request)
+        return render(request, self.get_template(), {"form": form})
+
+    def add_breadcrumb(self, request):
+        add_breadcrumb(
+            title="Link Questionnaire to existing Engagement",
+            top_level=False,
+            request=request)
+
+    def get_form_class(self):
+        return ExistingEngagementForm
+
+    def get_template(self):
+        return "defectDojo-engagement-survey/existing_engagement.html"

dojo/templates/defectDojo-engagement-survey/existing_engagement.html

@@ -0,0 +1,15 @@
+{% extends "base.html" %}
+{% block content %}
+    {{ block.super }}
+	<h3>Link Questionnaire to Existing Engagement</h3>
+    <br />
+	<form class="form-horizontal" method="post">
+		{% csrf_token %}
+		{% include "dojo/form_fields.html" with form=form %}
+		<div class="form-group">
+			<div class="col-sm-offset-2 col-sm-10">
+				<input class="btn btn-primary" type="submit" label="existing_engagement" name="existing_engagement" value="Link to Engagement"/>
+			</div>
+		</div>
+	</form>
+{% endblock %}

dojo/templates/defectDojo-engagement-survey/surveys.html

@@ -40,6 +40,13 @@
                                         <i class="fa-solid fa-plus"></i> Assign User</a>
                                 </li>
                                 {% endif %}
+                                {% if survey.engagement|has_object_permission:"Engagement_Edit" %}
+                                <li role="presentation">
+                                    <a class="" href="/empty_questionnaire/{{ survey.id }}/existing_engagement">
+                                        <i class="fa-solid fa-link"></i> Link to a Different Engagement
+                                    </a>
+                                </li>
+                                {% endif %}
                                 <li>
                                     <a class="" data-toggle="modal"
                                     data-target="#shareQuestionnaireModal"

dojo/templates/dojo/dashboard.html

@@ -208,6 +208,7 @@
                                                         <a class="btn btn-sm btn-secondary"
                                                         href="/empty_questionnaire/{{ survey.id }}">{% trans "View Responses" %}</a>
                                                         <a class="btn btn-sm btn-success" href="/empty_questionnaire/{{ survey.id }}/new_engagement">{% trans "Create Engagement" %}</a>
+                                                        <a class="btn btn-sm btn-success" href="/empty_questionnaire/{{ survey.id }}/existing_engagement">{% trans "Link to Existing Engagement" %}</a>
                                                         <button class="btn btn-sm btn-info" disabled
                                                         href="/engagement/{{ survey.engagement.id }}/questionnaire/{{ survey.id }}/assign">{% trans "Assign User" %}</button>
                                                     {% endif %}