surface-security · fpintoppb · Oct 31, 2025 · Oct 20, 2025 · Oct 20, 2025 · Oct 20, 2025
@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: '3.9' 
+          python-version: '3.11' 
 
       - name: Set-up environment
         run: pip install -r surface/requirements_test.txt

@@ -17,10 +17,10 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - name: Set up Python 3.9
+    - name: Set up Python 3.11
       uses: actions/setup-python@v5
       with:
-        python-version: 3.9
+        python-version: 3.11
 
     - name: Install black
       run: pip install black==22.8.0
@@ -56,7 +56,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.9, 3.11]
+        python-version: [3.11]
         database:
         - db: mysql
           url: mysql://root:root@127.0.0.1:8877/surface

@@ -7,11 +7,11 @@ RUN --mount=type=bind,target=/tmpapp \
     python /run.py /tmpapp/surface/requirements_prod.txt \
                    /tmpapp/surface/requirements_psql.txt > /requirements_full.txt
 
-FROM python:3.9-slim-buster as builder
+FROM python:3.11-slim-trixie as builder
 
 RUN apt-get update \
  && apt-get install --no-install-recommends -y \
-        libmariadbclient-dev \
+        libmariadb-dev \
         libpq-dev \
         build-essential \
         libldap2-dev \
@@ -27,7 +27,7 @@ RUN pip wheel -w /wheels -r requirements_full.txt
 
 ############################################################################
 
-FROM python:3.9-slim-buster as main
+FROM python:3.11-slim-trixie as main
 
 RUN apt-get update \
  && apt-get install --no-install-recommends -y \

@@ -13,40 +13,28 @@
 @pytest.mark.webtest
 def test_dkron_admin_views(prep_dkron, test_cfg, live_server):
     test_cfg.driver.get(f"{live_server.url}/login/")
-    assert "Login" in test_cfg.driver.title
+    assert "Log in" in test_cfg.driver.title
 
-    test_cfg.driver.find_element(by=By.ID, value="id_username").send_keys(
-        test_cfg.username
-    )
-    test_cfg.driver.find_element(by=By.ID, value="id_password").send_keys(
-        f"{test_cfg.password}"
-    )
-    test_cfg.driver.find_element(
-        by=By.XPATH, value='//button[text()="Submit"]'
-    ).send_keys(Keys.ENTER)
+    test_cfg.driver.find_element(by=By.ID, value="id_username").send_keys(test_cfg.username)
+    test_cfg.driver.find_element(by=By.ID, value="id_password").send_keys(f"{test_cfg.password}")
+    test_cfg.driver.find_element(by=By.ID, value="login-form").submit()
 
-    assert "Home | Surface" == test_cfg.driver.title
+    assert "Dashboard | Surface Security" == test_cfg.driver.title
 
     test_cfg.driver.get(f"{live_server.url}/dkron/job/add/")
-    assert "Add job | Surface" == test_cfg.driver.title
+    assert "Add job | Surface Security" == test_cfg.driver.title
 
     test_cfg.driver.find_element(by=By.ID, value="id_name").send_keys(TEST_IO["name"])
-    test_cfg.driver.find_element(by=By.ID, value="id_schedule").send_keys(
-        TEST_IO["schedule"]
-    )
-    test_cfg.driver.find_element(by=By.ID, value="id_command").send_keys(
-        TEST_IO["command"]
-    )
-    test_cfg.driver.find_element(by=By.ID, value="id_description").send_keys(
-        TEST_IO["description"]
-    )
+    test_cfg.driver.find_element(by=By.ID, value="id_schedule").send_keys(TEST_IO["schedule"])
+    test_cfg.driver.find_element(by=By.ID, value="id_command").send_keys(TEST_IO["command"])
+    test_cfg.driver.find_element(by=By.ID, value="id_description").send_keys(TEST_IO["description"])
     test_cfg.driver.find_element(by=By.ID, value="id_use_shell").click()
     test_cfg.driver.find_element(by=By.ID, value="id_notify_on_error").click()
 
     test_cfg.driver.find_element(by=By.NAME, value="_save").send_keys(Keys.ENTER)
 
     test_cfg.driver.get(f"{live_server.url}/dkron/job")
-    assert "Select job to change | Surface" == test_cfg.driver.title
+    assert "Select job to change | Surface Security" == test_cfg.driver.title
 
     for k, v in TEST_IO.items():
-        assert v == test_cfg.driver.find_element(by=By.CLASS_NAME, value=f"field-{k}").text
+        assert v == test_cfg.driver.find_element(by=By.CLASS_NAME, value=f"field-{k}").text
@@ -1,21 +1,13 @@
 import pytest
 from selenium.webdriver.common.by import By
-from selenium.webdriver.common.keys import Keys
 
 
 @pytest.mark.webtest
 def test_login(live_server, test_cfg):
     test_cfg.driver.get(f"{live_server.url}/login/")
-    assert "Login" in test_cfg.driver.title
+    assert "Log in" in test_cfg.driver.title
 
-    test_cfg.driver.find_element(by=By.ID, value="id_username").send_keys(
-        test_cfg.username
-    )
-    test_cfg.driver.find_element(by=By.ID, value="id_password").send_keys(
-        f"{test_cfg.password}"
-    )
-    test_cfg.driver.find_element(
-        by=By.XPATH, value='//button[text()="Submit"]'
-    ).send_keys(Keys.ENTER)
-
-    assert "Home | Surface" == test_cfg.driver.title
+    test_cfg.driver.find_element(by=By.ID, value="id_username").send_keys(test_cfg.username)
+    test_cfg.driver.find_element(by=By.ID, value="id_password").send_keys(test_cfg.password)
+    test_cfg.driver.find_element(by=By.ID, value="login-form").submit()
+    assert "Dashboard | Surface Security" == test_cfg.driver.title
@@ -38,4 +38,4 @@ select = [
 src = ['surface', 'e2e']
 
 [tool.ruff.isort]
-known-first-party = ["theme", "dkron", "django_restful_admin", "slackbot", "dbcleanup", "olympus", "notifications", "ppbenviron", "logbasecommand", "impersonate", "apitokens", "sbomrepo"]
+known-first-party = ["dkron", "django_restful_admin", "slackbot", "dbcleanup", "olympus", "notifications", "ppbenviron", "logbasecommand", "impersonate", "apitokens", "sbomrepo"]
@@ -1,9 +1,189 @@
-from django_restful_admin import site as rest
+import logging
+from urllib.parse import quote
+
 from django.apps import apps
+from django.db import models
+from django.urls import reverse
+from django.utils.html import format_html
+from django.utils.safestring import mark_safe
+from jsoneditor.forms import JSONEditor
+from unfold.admin import ModelAdmin
+
+logger = logging.getLogger(__name__)
 
+from django_restful_admin import site as rest
 
 # Register all models for REST API except the registered ones
 for model in apps.get_models():
     if model in rest._registry:
         continue
     rest.register(model)
+
+
+class DefaultModelAdmin(ModelAdmin):
+    list_filter_submit = True
+    list_filter_sheet = False
+    list_fullwidth = True
+    add_fieldsets = ()
+    formfield_overrides = {
+        models.JSONField: {"widget": JSONEditor(attrs={"style": "background-color: white !important;"})}
+    }
+
+    def get_list_display(self, request):
+        """
+        make sure model primary key is always present as first column for standard UX
+        """
+        default_list_display = list(super(DefaultModelAdmin, self).get_list_display(request))
+
+        pk = self.model._meta.pk.name
+        if pk in default_list_display:
+            default_list_display.remove(pk)
+        default_list_display.insert(0, self.model._meta.pk.name)
+
+        return default_list_display
+
+    def get_list_display_links(self, request, list_display):
+        default_list_display_links = super(DefaultModelAdmin, self).get_list_display_links(request, list_display)
+
+        if not default_list_display_links:
+            default_list_display_links = ("pk",)
+
+        return default_list_display_links
+
+
+class ReverseReadonlyMixin:
+    """
+    Mixin to add a readonly 'reverse' field showing related objects in Django admin.
+    Should be used with ModelAdmin or a compatible base class.
+    """
+
+    def get_readonly_fields(self, request, obj=None):
+        parent_method = getattr(super(), "get_readonly_fields", None)
+        fields = list(parent_method(request, obj)) if parent_method else []
+        if obj and "reverse" not in fields:
+            fields.append("reverse")
+        return fields
+
+    def get_fieldsets(self, request, obj=None):
+        parent_method = getattr(super(), "get_fieldsets", None)
+        fieldsets = list(parent_method(request, obj)) if parent_method else []
+        if not fieldsets:
+            return fieldsets
+        label, opts = fieldsets[0]
+        opts = dict(opts)
+        opts.setdefault("classes", []).append("tab")
+        if "fields" in opts:
+            opts["fields"] = tuple(f for f in opts["fields"] if f != "reverse")
+        fieldsets[0] = ("General", opts)
+        if obj:
+            fieldsets.append(("Relationships", {"classes": ["tab"], "fields": ("reverse",)}))
+        return tuple(fieldsets)
+
+    def reverse(self, obj):
+        """Render all relationships for the current object."""
+        if not obj or not obj.pk:
+            return format_html("<div>No relationships available for new objects.</div>")
+        try:
+            html = self._render_relationships(obj)
+            return format_html("<div class='relationships-container'>{}</div>", html)
+        except Exception as e:
+            return format_html("<div class='text-red-500'>Error loading relationships: {}</div>", str(e))
+
+    def _render_relationships(self, obj):
+        html = []
+        forward_html = self._get_forward_relationships(obj)
+        if forward_html:
+            html.append("<strong>Forward Relationships</strong>")
+            html.append(forward_html)
+        reverse_html = self._get_reverse_relationships(obj)
+        if reverse_html:
+            html.append("<br><strong>Reverse Relationships</strong>")
+            html.append(reverse_html)
+        if not html:
+            html.append("<div>No relationships found.</div>")
+        return mark_safe("\n".join(html))
+
+    def _get_forward_relationships(self, obj):
+        html = []
+        opts = obj._meta
+        for field in opts.get_fields():
+            if field.is_relation:
+                try:
+                    if not field.many_to_many and hasattr(field, "related_model"):
+                        rel_obj = getattr(obj, field.name, None)
+                        if rel_obj:
+                            html.append(
+                                self._format_relation(field, rel_obj, single_obj=True, relation_type="ForeignKey")
+                            )
+                    elif field.many_to_many and not field.auto_created:
+                        manager = getattr(obj, field.name)
+                        rel_objs = manager.all()[:10]
+                        total_count = manager.count()
+                        if rel_objs:
+                            html.append(self._format_relation(field, rel_objs, total_count, "ManyToMany"))
+                except AttributeError:
+                    continue
+        return mark_safe("\n".join(html))
+
+    def _get_reverse_relationships(self, obj):
+        html = []
+        opts = obj._meta
+        for field in opts.get_fields():
+            if field.auto_created and field.is_relation:
+                try:
+                    manager = getattr(obj, field.get_accessor_name())
+                    if field.one_to_many:
+                        rel_objs = manager.all()[:10]
+                        total_count = manager.count()
+                        if rel_objs:
+                            html.append(self._format_relation(field, rel_objs, total_count, "ForeignKey"))
+                    elif field.one_to_one:
+                        rel_obj = getattr(manager, getattr(field.related_model._meta, "model_name", ""), None)
+                        if rel_obj:
+                            html.append(
+                                self._format_relation(field, rel_obj, single_obj=True, relation_type="OneToOne")
+                            )
+                    elif field.many_to_many:
+                        rel_objs = manager.all()[:10]
+                        total_count = manager.count()
+                        if rel_objs:
+                            html.append(self._format_relation(field, rel_objs, total_count, "ManyToMany"))
+                except AttributeError:
+                    continue
+        return mark_safe("\n".join(html))
+
+    def _format_relation(self, field, related_objs, total_count=None, relation_type=None, single_obj=False):
+        label = getattr(field, "verbose_name", None)
+        if not label and hasattr(field, "related_model") and field.related_model:
+            label = getattr(field.related_model._meta, "verbose_name_plural", str(field.related_model))
+        label = label.title() if isinstance(label, str) else str(field)
+        rel_type = relation_type or "Relation"
+        header = f'<div class="py-1">{label}: <b>{rel_type}</b>'
+        if total_count is not None:
+            header += f" ({total_count} total)"
+        header += "</div>"
+
+        def obj_link(obj):
+            url = self._get_admin_url(obj)
+            return f'<a href="{url}" style="color: rgb(59, 130, 246);">{obj}</a>' if url else str(obj)
+
+        if single_obj:
+            body = f'<div class="pl-4" style="padding-left:2em">• {obj_link(related_objs)}</div>'
+        else:
+            body = "\n".join(
+                f'<div class="pl-4" style="padding-left:2em">• {obj_link(obj)}</div>' for obj in related_objs
+            )
+            if total_count and total_count > 10:
+                body += (
+                    f'\n<div class="pl-4 text-gray-500" style="padding-left:2em">... and {total_count - 10} more</div>'
+                )
+        return mark_safe(header + "\n" + body)
+
+    def _get_admin_url(self, obj):
+        if not obj or not obj.pk:
+            return None
+        try:
+            opts = obj._meta
+            return reverse(f"admin:{opts.app_label}_{opts.model_name}_change", args=[quote(str(obj.pk))])
+        except Exception:
+            return None