Add administration site for main scanpipe models (#1323)

Signed-off-by: tdruez <tdruez@nexb.com>

Author: tdruez

CHANGELOG.rst

@@ -18,6 +18,11 @@ v34.7.1 (unreleased)
   The `package_uid` is now included in each BOM Component as a property.
   https://github.com/nexB/scancode.io/issues/1316
 
+- Add administration interface. Can be enabled with the SCANCODEIO_ENABLE_ADMIN_SITE
+  setting.
+  Add ``--admin`` and ``--super`` options to the ``create-user`` management command.
+  https://github.com/nexB/scancode.io/pull/1323
+
 - Add ``results_url`` and ``summary_url`` on the API ProjectSerializer.
   https://github.com/nexB/scancode.io/issues/1325
 

docs/command-line-interface.rst

@@ -351,6 +351,8 @@ API key.
 Optional arguments:
 
 - ``--no-input`` Does not prompt the user for input of any kind.
+- ``--admin`` Specifies that the user should be created as an admin user.
+- ``--super`` Specifies that the user should be created as a superuser.
 
 .. _cli_run:
 

scancodeio/settings.py

@@ -56,6 +56,8 @@
     "SCANCODEIO_REQUIRE_AUTHENTICATION", default=False
 )
 
+SCANCODEIO_ENABLE_ADMIN_SITE = env.bool("SCANCODEIO_ENABLE_ADMIN_SITE", default=False)
+
 SECURE_CONTENT_TYPE_NOSNIFF = env.bool("SECURE_CONTENT_TYPE_NOSNIFF", default=True)
 
 X_FRAME_OPTIONS = env.str("X_FRAME_OPTIONS", default="DENY")

scancodeio/urls.py

@@ -28,6 +28,7 @@
 
 from rest_framework.routers import DefaultRouter
 
+from scanpipe.admin import admin_site
 from scanpipe.api.views import ProjectViewSet
 from scanpipe.api.views import RunViewSet
 from scanpipe.views import AccountProfileView
@@ -53,5 +54,10 @@
     path("", RedirectView.as_view(url="project/")),
 ]
 
+
+if settings.SCANCODEIO_ENABLE_ADMIN_SITE:
+    urlpatterns.append(path("admin/", admin_site.urls))
+
+
 if settings.DEBUG and settings.DEBUG_TOOLBAR:
     urlpatterns.append(path("__debug__/", include("debug_toolbar.urls")))

scanpipe/admin.py

@@ -0,0 +1,189 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# http://nexb.com and https://github.com/nexB/scancode.io
+# The ScanCode.io software is licensed under the Apache License version 2.0.
+# Data generated with ScanCode.io is provided as-is without warranties.
+# ScanCode is a trademark of nexB Inc.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# Data Generated with ScanCode.io is provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+# ScanCode.io should be considered or used as legal advice. Consult an Attorney
+# for any legal advice.
+#
+# ScanCode.io is a free software code scanning tool from nexB Inc. and others.
+# Visit https://github.com/nexB/scancode.io for support and download.
+
+from django.contrib import admin
+from django.urls import reverse
+from django.utils.html import format_html
+
+from scanpipe.models import CodebaseResource
+from scanpipe.models import DiscoveredDependency
+from scanpipe.models import DiscoveredPackage
+from scanpipe.models import Project
+
+
+class ScanPipeBaseAdmin(admin.ModelAdmin):
+    """Common ModelAdmin attributes."""
+
+    actions_on_top = False
+    actions_on_bottom = True
+    show_facets = admin.ShowFacets.ALWAYS
+
+    def has_add_permission(self, request):
+        return False
+
+
+class ProjectAdmin(ScanPipeBaseAdmin):
+    list_display = [
+        "name",
+        "label_list",
+        "packages_link",
+        "dependencies_link",
+        "resources_link",
+        "is_archived",
+    ]
+    search_fields = ["uuid", "name"]
+    list_filter = ["is_archived", "labels"]
+    ordering = ["-created_date"]
+    fieldsets = [
+        ("", {"fields": ("name", "slug", "notes", "extra_data", "settings", "uuid")}),
+        ("Links", {"fields": ("packages_link", "dependencies_link", "resources_link")}),
+    ]
+    readonly_fields = ["packages_link", "dependencies_link", "resources_link", "uuid"]
+
+    def get_queryset(self, request):
+        return (
+            super()
+            .get_queryset(request)
+            .prefetch_related("labels")
+            .with_counts(
+                "codebaseresources",
+                "discoveredpackages",
+                "discovereddependencies",
+            )
+        )
+
+    @admin.display(description="Labels")
+    def label_list(self, obj):
+        return ", ".join(label.name for label in obj.labels.all())
+
+    @staticmethod
+    def make_filtered_link(obj, value, url_name):
+        """Return a link to the provided ``url_name`` filtered by this project."""
+        url = reverse(f"admin:scanpipe_{url_name}_changelist")
+        return format_html(
+            '<a href="{}?project__uuid__exact={}">{}</a>', url, obj.uuid, value
+        )
+
+    @admin.display(description="Packages", ordering="discoveredpackages_count")
+    def packages_link(self, obj):
+        count = obj.discoveredpackages_count
+        return self.make_filtered_link(obj, count, "discoveredpackage")
+
+    @admin.display(description="Dependencies", ordering="discovereddependencies_count")
+    def dependencies_link(self, obj):
+        count = obj.discovereddependencies_count
+        return self.make_filtered_link(obj, count, "discovereddependency")
+
+    @admin.display(description="Resources", ordering="codebaseresources_count")
+    def resources_link(self, obj):
+        count = obj.codebaseresources_count
+        return self.make_filtered_link(obj, count, "codebaseresource")
+
+
+class CodebaseResourceAdmin(ScanPipeBaseAdmin):
+    list_display = [
+        "path",
+        "status",
+        "type",
+        "name",
+        "extension",
+        "programming_language",
+        "mime_type",
+        "tag",
+        "detected_license_expression",
+        "compliance_alert",
+        "project",
+    ]
+    search_fields = [
+        "path",
+    ]
+    list_filter = ["project", "type", "programming_language", "compliance_alert"]
+    ordering = ["project", "path"]
+
+
+class DiscoveredPackageAdmin(ScanPipeBaseAdmin):
+    list_display = [
+        "__str__",
+        "declared_license_expression",
+        "primary_language",
+        "project",
+    ]
+    search_fields = [
+        "uuid",
+        "package_uid",
+        "type",
+        "namespace",
+        "name",
+        "version",
+        "filename",
+        "declared_license_expression",
+        "other_license_expression",
+        "tag",
+        "keywords",
+    ]
+    list_filter = ["project", "type", "primary_language", "compliance_alert"]
+    exclude = ["codebase_resources"]
+    ordering = ["project", "type", "namespace", "name", "version"]
+
+
+class DiscoveredDependencyAdmin(ScanPipeBaseAdmin):
+    list_display = [
+        "dependency_uid",
+        "type",
+        "scope",
+        "is_runtime",
+        "is_optional",
+        "is_resolved",
+        "is_direct",
+        "project",
+    ]
+    search_fields = [
+        "uuid",
+        "dependency_uid",
+        "namespace",
+        "name",
+        "version",
+        "datasource_id",
+        "extracted_requirement",
+    ]
+    list_filter = [
+        "project",
+        "type",
+        "scope",
+        "is_runtime",
+        "is_optional",
+        "is_resolved",
+        "is_direct",
+    ]
+    ordering = ["project", "dependency_uid"]
+
+
+class ScanCodeIOAdminSite(admin.AdminSite):
+    site_header = "ScanCode.io administration"
+    site_title = "ScanCode.io administration"
+
+
+admin_site = ScanCodeIOAdminSite(name="scancodeio_admin")
+admin_site.register(Project, ProjectAdmin)
+admin_site.register(CodebaseResource, CodebaseResourceAdmin)
+admin_site.register(DiscoveredPackage, DiscoveredPackageAdmin)
+admin_site.register(DiscoveredDependency, DiscoveredDependencyAdmin)

scanpipe/management/commands/create-user.py

@@ -50,9 +50,21 @@ def add_arguments(self, parser):
             dest="interactive",
             help="Do not prompt the user for input of any kind.",
         )
+        parser.add_argument(
+            "--admin",
+            action="store_true",
+            help="Specifies that the user should be created as an admin user.",
+        )
+        parser.add_argument(
+            "--super",
+            action="store_true",
+            help="Specifies that the user should be created as a superuser.",
+        )
 
     def handle(self, *args, **options):
         username = options["username"]
+        is_admin = options["admin"]
+        is_superuser = options["super"]
 
         error_msg = self._validate_username(username)
         if error_msg:
@@ -62,7 +74,14 @@ def handle(self, *args, **options):
         if options["interactive"]:
             password = self.get_password_from_stdin(username)
 
-        user = self.UserModel._default_manager.create_user(username, password=password)
+        user_kwargs = {
+            "username": username,
+            "password": password,
+            "is_staff": is_admin or is_superuser,
+            "is_superuser": is_superuser,
+        }
+
+        user = self.UserModel._default_manager.create_user(**user_kwargs)
         token, _ = Token._default_manager.get_or_create(user=user)
 
         if options["verbosity"] > 0:

scanpipe/models.py

@@ -55,6 +55,7 @@
 from django.db.models.functions import Lower
 from django.dispatch import receiver
 from django.forms import model_to_dict
+from django.urls import NoReverseMatch
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.functional import cached_property
@@ -448,6 +449,33 @@ def update(self, **kwargs):
         self.save(update_fields=list(kwargs.keys()))
 
 
+class AdminURLMixin:
+    """
+    A mixin to provide an admin URL for a model instance.
+
+    This mixin adds a method to generate the admin URL for a model instance,
+    which can be useful for linking to the admin interface directly from
+    the model instances.
+    """
+
+    def get_admin_url(self):
+        """
+        Return the URL for the admin change view of the instance.
+        The admin URL is only constructed and returned if the
+        SCANCODEIO_ENABLE_ADMIN_SITE setting is enabled.
+        """
+        if not settings.SCANCODEIO_ENABLE_ADMIN_SITE:
+            return
+
+        opts = self._meta
+        viewname = f"admin:{opts.app_label}_{opts.model_name}_change"
+        try:
+            url = reverse(viewname, args=[self.pk])
+        except NoReverseMatch:
+            return
+        return url
+
+
 def get_project_slug(project):
     """
     Return a "slug" value for the provided ``project`` based on the slugify name
@@ -2412,6 +2440,7 @@ class CodebaseResource(
     UpdateFromDataMixin,
     HashFieldsMixin,
     ComplianceAlertMixin,
+    AdminURLMixin,
     models.Model,
 ):
     """
@@ -3146,6 +3175,7 @@ class DiscoveredPackage(
     PackageURLMixin,
     VulnerabilityMixin,
     ComplianceAlertMixin,
+    AdminURLMixin,
     AbstractPackage,
 ):
     """
@@ -3495,6 +3525,7 @@ class DiscoveredDependency(
     SaveProjectMessageMixin,
     UpdateFromDataMixin,
     VulnerabilityMixin,
+    AdminURLMixin,
     PackageURLMixin,
 ):
     """

scanpipe/templates/scanpipe/includes/admin_edit_link.html

@@ -0,0 +1,11 @@
+{% if user.is_superuser %}
+  {% with object.get_admin_url as admin_url %}
+    {% if admin_url %}
+      <span class="icon is-size-6">
+        <a href="{{ object.get_admin_url }}" target="_blank" title="Edit in Admin">
+          <i class="fa-regular fa-pen-to-square"></i>
+        </a>
+      </span>
+    {% endif %}
+  {% endwith %}
+{% endif %}

scanpipe/templates/scanpipe/includes/breadcrumb_detail_view.html

@@ -11,6 +11,7 @@
   {% if object_title %}
     <h1 class="is-size-5 break-all has-text-weight-semibold has-text-grey-darker">
       {{ object_title }}
+      {% include 'scanpipe/includes/admin_edit_link.html' %}
     </h1>
   {% elif template_title %}
     {% include template_title %}

scanpipe/templates/scanpipe/includes/resource_path_links.html

@@ -13,5 +13,6 @@ <h1 class="is-size-5 break-word">
       <span class="has-text-weight-semibold">{{ segment }}{% if is_extract %}-extract{% endif %}</span>
     {% endif %}
   {% endfor %}
+  {% include 'scanpipe/includes/admin_edit_link.html' %}
 </h1>
 {% endspaceless %}