project(ui): confine users to projects and standardize slug usage

[psyray]

fixes #71
fixes #173

I've added the possibility to confine users to projects

User creation/update with projects to assign

Project creation/update with users to assign

If user try to access a non assign project it returns a 403 page

Project display is restricted to their assigned projects for user

I've also remove the * import for the views.py in favor of defined import
It's a bad practice to use *

• User creation with project assign
• Project creation with user assign
• Permissions test
• Fully test functionalities after * import remove

If someone could also test on his side it could be good

Summary by Sourcery

Confine users to specific projects and standardize slug usage across the application. Introduce project-based user management, restrict project access, and enhance user interface for project and user management. Refactor code for improved readability and maintainability, and update tests to cover new features.

New Features:

• Introduce user confinement to projects, allowing users to be assigned to specific projects and restricting their access to only those projects.
• Implement project-based user management, enabling the assignment of users to projects during project creation or update.
• Add functionality to return a 403 error page when a user attempts to access a project they are not assigned to.
• Restrict project display to only those projects assigned to the user.
• Introduce a new Project model with a description field and a many-to-many relationship with users.
• Add middleware to manage project access and ensure users can only access projects they are assigned to.

Bug Fixes:

• Fix various URL and path issues by removing unnecessary slug parameters and updating URL patterns.
• Correct error handling in API views to provide more informative error messages.

Enhancements:

• Standardize slug usage across the application to improve URL consistency and readability.
• Refactor views to remove redundant code and improve readability, including the use of helper functions for repeated logic.
• Enhance user interface for project and user management, including the addition of project descriptions and user role management.
• Improve logging for error handling in various views to aid in debugging and monitoring.

Tests:

• Add tests for new user and project management features, including user creation, update, and deletion.
• Update existing tests to accommodate changes in URL patterns and project management logic.

Chores:

• Remove wildcard imports in favor of explicit imports to improve code clarity and maintainability.
• Update templates to use new URL patterns and context variables for improved consistency.

[psyray]

@AnonymousWP Could you test the functionality on your side.
I will test the import * modification

[0b3ud]

I've tested the feature
Seems to work well

• When I try to access other projects that my user is not assigned to I get a permission denied

Thus being said on first login for a new user
The user is automatically redirected to default/dashboard if you have a default project
Then they're met with a permission denied

Maybe Users should be redirected to a project they are allowed to access
So they should click on projects and then go in the project they are assigned to

But it is a matter of UX
Other than that all works fine

[psyray]

Thanks for testing

Thus being said on first login for a new user The user is automatically redirected to default/dashboard if you have a default project Then they're met with a permission denied
Maybe Users should be redirected to a project they are allowed to access So they should click on projects and then go in the project they are assigned to

You're right I will modify it.
I will redirect the user to the first project he is allowed

[psyray]

@sourcery-ai review

[sourcery-ai]

Hey @psyray - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider adding more comprehensive unit tests to cover the new project access control functionality, especially in the ProjectAccessMiddleware and SlugMiddleware.
• It might be beneficial to add more detailed inline documentation for some of the more complex functions, particularly in the dashboard/utils.py file, to explain the logic behind the project access checks.

Here's what I looked at during the review

• 🟡 General issues: 1 issue found
• 🟡 Security: 3 issues found
• 🟡 Testing: 7 issues found
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.}

[sourcery-ai]

Hey @psyray - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider adding caching mechanisms to the new middleware, especially for project access checks, to optimize performance.
• Ensure thorough testing of the new project access controls and URL routing changes to prevent any regressions.

Here's what I looked at during the review

• 🟡 General issues: 4 issues found
• 🟢 Security: all looks good
• 🟡 Testing: 8 issues found
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.}

[sourcery-ai]

suggestion: Improve error handling and response structure in OllamaManager GET method

Consider using a consistent error response structure and add logging for better debugging. This will make the API more robust and easier to maintain.

    def get(self, request):
        try:
            model_name = request.query_params.get('model')
            if not model_name:
                return Response({'error': 'Model name is required'}, status=400)
            # Rest of the method implementation
        except Exception as e:
            logger.error(f"Error in OllamaManager GET: {str(e)}")
            return Response({'error': 'An unexpected error occurred'}, status=500)

[sourcery-ai]

suggestion: Enhance error handling in GPTAttackSuggestion class

Implement more robust error handling, particularly for API calls and data processing. This will improve the reliability of the attack suggestion feature.

class GPTAttackSuggestion(APIView):
    def get(self, request):
        try:
            # API call and data processing logic here
            pass
        except Exception as e:
            return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

[sourcery-ai]

suggestion (performance): Consider adding a max_length to the description field

While TextField doesn't require a max_length, it's often good practice to set one to prevent excessively long descriptions. This can help with database optimization and front-end display.

Suggested change

	description = models.TextField(blank=True, null=True)
	description = models.TextField(max_length=5000, blank=True, null=True)

[sourcery-ai]

suggestion: Consider adding logging to ProjectAccessMiddleware

Adding logging to this middleware could help with debugging and monitoring access control issues in production. Consider logging attempts to access projects without proper permissions.

import logging

logger = logging.getLogger(__name__)

class ProjectAccessMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response
        logger.info("ProjectAccessMiddleware initialized")

[sourcery-ai]

suggestion (testing): Update profile view test to remove slug parameter and add template assertion

The test has been updated to reflect changes in the view, but it might be beneficial to add more assertions to verify the content of the response.

Suggested change

	def test_profile_view(self):
	"""Test the profile view."""
	response = self.client.get(reverse('profile', kwargs={'slug': self.data_generator.project.slug}))
	response = self.client.get(reverse('profile')) # Suppression du paramètre 'slug'
	self.assertEqual(response.status_code, 200)
	self.assertIn('form', response.context)
	self.assertEqual(response.context['current_project'], self.data_generator.project)
	self.assertTemplateUsed(response, 'dashboard/profile.html') # Vérification du modèle utilisé
	def test_profile_view(self):
	"""Test the profile view."""
	response = self.client.get(reverse('profile'))
	self.assertEqual(response.status_code, 200)
	self.assertTemplateUsed(response, 'dashboard/profile.html')
	self.assertContains(response, 'Profile')
	self.assertContains(response, self.user.username)
	self.assertContains(response, self.user.email)

[sourcery-ai]

suggestion (testing): Update assertion for API response in case of model download failure

The test has been updated to expect a 400 status code instead of 200. Ensure this change aligns with the actual API behavior.

[sourcery-ai]

issue (code-quality): Avoid conditionals in tests. (no-conditionals-in-tests)

Explanation

Avoid complex code, like conditionals, in test functions.

Google's software engineering guidelines says:
"Clear tests are trivially correct upon inspection"
To reach that avoid complex code in tests:

• loops
• conditionals

Some ways to fix this:

• Use parametrized tests to get rid of the loop.
• Move the complex logic into helpers.
• Move the complex part into pytest fixtures.

Complexity is most often introduced in the form of logic. Logic is defined via the imperative parts of programming languages such as operators, loops, and conditionals. When a piece of code contains logic, you need to do a bit of mental computation to determine its result instead of just reading it off of the screen. It doesn't take much logic to make a test more difficult to reason about.

Software Engineering at Google / Don't Put Logic in Tests

[sourcery-ai]

issue (code-quality): We've found these issues:

• Use named expression to simplify assignment and conditional (use-named-expression)
• Replace if statement with if expression (assign-if-exp)
• Extract code out into method (extract-method)

[sourcery-ai]

issue (code-quality): Low code quality found in index - 18% (low-code-quality)

Explanation

The quality score for this function is below the quality threshold of 25%.
This score is a combination of the method length, cognitive complexity and working memory.

How can you solve this?

It might be worth refactoring this function to make it shorter and more readable.

• Reduce the function length by extracting pieces of functionality out into
  their own functions. This is the most important thing you can do - ideally a
  function should be less than 10 lines.
• Reduce nesting, perhaps by introducing guard clauses to return early.
• Ensure that variables are tightly scoped, so that code using related concepts
  sits together within the function rather than being scattered.

[sourcery-ai]

issue (code-quality): We've found these issues:

• Move assignment closer to its usage within a block (move-assign-in-block)
• Swap positions of nested conditionals (swap-nested-ifs)
• Merge dictionary assignment with declaration (merge-dict-assign)

[psyray]

You could test and merge
CodeQL send false positive.
I will resolve this when I will do refactoring

[AnonymousWP]

Does it need to be re-tested? Considering @0b3ud already tested it.

[0b3ud]

Does it need to be re-tested? Considering @0b3ud already tested it.

I will retest it to be sure and then re review the code :)

Update :

• I retested the feature everything works perfectly

[AnonymousWP]

Then you can approve. @psyray needs to fix merge conflicts, then it can be squashed and merged due to many commits (keeps history clean).

[psyray]

Then you can approve. @psyray needs to fix merge conflicts, then it can be squashed and merged due to many commits (keeps history clean).

Fixed

[0b3ud]

While reviewing the code found a new bug : (
It on admin interface page

When you try to disable a user you get redirected to this page instead of being redirected back to admin interface page

The feature still works fine, the users are disable and enabled but u need to manually go back to admin interface

[psyray]

When you try to disable a user you get redirected to this page instead of being redirected back to admin interface page

The feature still works fine, the users are disable and enabled but u need to manually go back to admin interface

Fixed

[0b3ud]

Hello :)
Found another bug on this PR

When you select a projet (landing on the projects dashboard), and u go on another page the project automatically changes to the first project that the user is assigned to.

Example :
-Choose any project in your list except for the first one
-Click on targets per example
-Look at the difference in URLS

Let me know if you need any further details
Thanks in advance

[psyray]

Hello :) Found another bug on this PR

When you select a projet (landing on the projects dashboard), and u go on another page the project automatically changes to the first project that the user is assigned to.

Example : -Choose any project in your list except for the first one -Click on targets per example -Look at the difference in URLS

Let me know if you need any further details Thanks in advance

Fixed, you can test

[0b3ud]

The feature works as expected
I am approving the pr

[AnonymousWP]

Next time, please squash and merge if it has so many commits.

[psyray]

Next time, please squash and merge if it has so many commits.

Could you explain how to do this, or a link to a doc

[AnonymousWP]

Next time, please squash and merge if it has so many commits.

Could you explain how to do this, or a link to a doc

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges#squash-and-merge-your-commits