Add endpoints for ValidAttributes, Todos, Nuggets.
Improve filtering capabilities for each endpoint, using django-filters.
Create dedicated classes for filtering objects: this allows more flexibility and customization.
Add missing fields (numchild, depth, path) to the /business_lines endpoint
Add missing field (date) to the /files endpoint.
Better check user permissions when serving or writing data
Rework pagination (use page= and page_size= in the query string, instead of offset=)
Make the fir_api plugin compliant with python black
This PR introduce breaking changes to some API endpoints:
Endpoints
Changes
/incidents
- Fields detection, actor, plan, confidentiality, severity, category, opened_by and concerned_business_lines are now strings instead of IDs. - Field status is now a full name instead of a short code (“Open” instead of “O”) - It is not possible to delete an incident via API anymore - Some fields are now optional when creating an incident. The only required fields are : subject, detection, severity, category and confidentiality - New fields are now available in the API response when getting details of a specific incident (/incident/\<id>): artifacts, attributes, files_set as well as todoitem_set and nugget_set (if modules are enabled)
/artifacts
When listing all artifacts, an incident count is now provided for each artifact (instead of each incident ID). This change was done for performance purpose. IDs of each incident having an artifact can still be retrieved by querying /artifacts/\<id>
/files
Fields files and descriptions are renamed to file and description.
/comments
Fields opened_by and action now take strings instead of ID
/labels
Field groups is now represented as a string instead of an ID
/attributes
When creating an attribute to an incident, the attribute's name must now match a previously declared valid attribute
/businesslines
The field name now returns the full business line path, separated by > if needed (eg, Demo BL 1 > Sub BL 2).
This PR:
django-filters
.numchild
,depth
,path
) to the/business_lines
endpointdate
) to the/files
endpoint.page=
andpage_size=
in the query string, instead ofoffset=
)This PR introduce breaking changes to some API endpoints:
detection
,actor
,plan
,confidentiality
,severity
,category
,opened_by
andconcerned_business_lines
are now strings instead of IDs.- Field
status
is now a full name instead of a short code (“Open” instead of “O”)- It is not possible to delete an incident via API anymore
- Some fields are now optional when creating an incident. The only required fields are :
subject
,detection
,severity
,category
andconfidentiality
- New fields are now available in the API response when getting details of a specific incident (/incident/\<id>):
artifacts
,attributes
,files_set
as well astodoitem_set
andnugget_set
(if modules are enabled)files
anddescriptions
are renamed tofile
anddescription
.opened_by
andaction
now take strings instead of IDgroups
is now represented as a string instead of an IDname
now returns the full business line path, separated by>
if needed (eg,Demo BL 1 > Sub BL 2
).