Merge pull request #4734 from GSA-TTS/main

backend/audit/fixtures/single_audit_checklist.py

@@ -126,28 +126,38 @@ def _create_sac(user, auditee_name, submission_status="in_progress"):
         general_information=_fake_general_information(auditee_name),
         submission_status=submission_status,
     )
+    Audit = apps.get_model("audit.Audit")
+    audit = Audit.objects.create(
+        audit={"general_information": _fake_general_information(auditee_name)},
+        submission_status=submission_status,
+        event_user=user,
+        event_type="created",
+    )
 
     Access = apps.get_model("audit.Access")
     Access.objects.create(
         sac=sac,
+        audit=audit,
         user=user,
         email=user.email,
         role="editor",
     )
     Access.objects.create(
         sac=sac,
+        audit=audit,
         user=user,
         email=user.email,
         role="certifying_auditor_contact",
     )
     Access.objects.create(
         sac=sac,
+        audit=audit,
         user=user,
         email=user.email,
         role="certifying_auditee_contact",
     )
-    logger.info("Created single audit checklist %s", sac)
-    return sac
+    logger.info("Created audit %s", audit)
+    return audit
 
 
 def _post_create_federal_awards(this_sac, this_user):

backend/audit/migrations/0017_access_audit_deletedaccess_audit_and_more.py

@@ -0,0 +1,53 @@
+# Generated by Django 5.1.2 on 2025-02-26 23:30
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("audit", "0016_audit_history"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="access",
+            name="audit",
+            field=models.ForeignKey(
+                null=True, on_delete=django.db.models.deletion.CASCADE, to="audit.audit"
+            ),
+        ),
+        migrations.AddField(
+            model_name="deletedaccess",
+            name="audit",
+            field=models.ForeignKey(
+                null=True, on_delete=django.db.models.deletion.CASCADE, to="audit.audit"
+            ),
+        ),
+        migrations.AddField(
+            model_name="submissionevent",
+            name="audit",
+            field=models.ForeignKey(
+                null=True, on_delete=django.db.models.deletion.CASCADE, to="audit.audit"
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="access",
+            constraint=models.UniqueConstraint(
+                condition=models.Q(("role", "certifying_auditee_contact")),
+                fields=("audit",),
+                name="audit_access_audit_single_certifying_auditee",
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="access",
+            constraint=models.UniqueConstraint(
+                condition=models.Q(("role", "certifying_auditor_contact")),
+                fields=("audit",),
+                name="audit_access_audit_single_certifying_auditor",
+            ),
+        ),
+    ]

backend/audit/models/access.py

@@ -51,6 +51,7 @@ def create(self, **obj_data):
         if event_user and event_type:
             SubmissionEvent.objects.create(
                 sac=result.sac,
+                audit=result.audit,
                 user=event_user,
                 event=event_type,
             )
@@ -68,6 +69,10 @@ class Access(models.Model):
 
     ROLES = ACCESS_ROLES
     sac = models.ForeignKey(SingleAuditChecklist, on_delete=models.CASCADE)
+    # TODO: Update Post SOC Launch
+    # setting this temporarily to allow "null" to handle existing rows without audit fields.
+    # We will want to copy "Accesses" from SACs to their correlating Audit models.
+    audit = models.ForeignKey("audit.Audit", on_delete=models.CASCADE, null=True)
     role = models.CharField(
         choices=ROLES,
         help_text="Access type granted to this user",
@@ -90,7 +95,7 @@ def delete(self, *args, **kwds):
         Override method to create DeletedAccess entries upon deletion.
 
         Returns only the result of the Access deletion to maintain compatibility with
-        what all other delete methods return.
+        what all the other delete methods return.
         """
         removing_user = kwds.get("removing_user")
         removal_event = kwds.get("removal_event", "access-change")
@@ -109,6 +114,7 @@ class Meta:
         verbose_name_plural = "accesses"
 
         constraints = [
+            # TODO: Update Post SOC Launch
             # a SAC cannot have multiple certifying auditees
             models.UniqueConstraint(
                 fields=["sac"],
@@ -121,6 +127,18 @@ class Meta:
                 condition=Q(role="certifying_auditor_contact"),
                 name="%(app_label)s_%(class)s_single_certifying_auditor",
             ),
+            # a audit cannot have multiple certifying auditees
+            models.UniqueConstraint(
+                fields=["audit"],
+                condition=Q(role="certifying_auditee_contact"),
+                name="%(app_label)s_%(class)s_audit_single_certifying_auditee",
+            ),
+            # a audit cannot have multiple certifying auditors
+            models.UniqueConstraint(
+                fields=["audit"],
+                condition=Q(role="certifying_auditor_contact"),
+                name="%(app_label)s_%(class)s_audit_single_certifying_auditor",
+            ),
         ]
 
 
@@ -158,6 +176,7 @@ def delete_access_and_create_record(
     removed_by_email = removing_user.email if removing_user else None
     deletion_record = DeletedAccess(
         sac=access.sac,
+        audit=access.audit,
         role=access.role,
         fullname=access.fullname,
         email=access.email,
@@ -168,4 +187,4 @@ def delete_access_and_create_record(
     )
     deletion_record.save()
     access_deletion_return = super(Access, access).delete()
-    return (access_deletion_return, deletion_record)
+    return access_deletion_return, deletion_record

backend/audit/models/audit.py

@@ -24,7 +24,7 @@ def create(self, **obj_data):
         end_date = obj_data["audit"]["general_information"]["auditee_fiscal_period_end"]
         report_id = (
             obj_data.pop("report_id")
-            if obj_data["report_id"]
+            if obj_data.get("report_id", None)
             else generate_sac_report_id(
                 count=self.model.objects.count(), end_date=end_date
             )

backend/audit/models/deleted_access.py

@@ -30,6 +30,9 @@ class RemovalEventType:
 
     # The first five fields are identical to Access:
     sac = models.ForeignKey(SingleAuditChecklist, on_delete=models.CASCADE)
+    # TODO: Update Post SOC Launch
+    # setting this temporarily to allow "null" to handle existing rows without audit fields.
+    audit = models.ForeignKey("audit.Audit", on_delete=models.CASCADE, null=True)
     role = models.CharField(
         choices=ACCESS_ROLES,
         help_text="Access type granted to this user",

backend/audit/models/submission_event.py

@@ -106,6 +106,9 @@ class EventType:
     )
 
     sac = models.ForeignKey("audit.SingleAuditChecklist", on_delete=models.CASCADE)
+    # TODO: Update Post SOC Launch
+    # setting this temporarily to allow "null" to handle existing rows without audit fields.
+    audit = models.ForeignKey("audit.Audit", on_delete=models.CASCADE, null=True)
     user = models.ForeignKey(User, on_delete=models.PROTECT)
     timestamp = models.DateTimeField(auto_now_add=True)
     event = models.CharField(choices=EVENT_TYPES)

backend/cypress/support/login-gov.js

@@ -9,6 +9,7 @@ export function testLoginGovLogin(
   cy.get('button.usa-button.sign-in-button')
     .should('contain.text', 'Authenticate with Login.gov')
     .click();
+
   cy.origin(
     'https://idp.int.identitysandbox.gov/',
     {
@@ -26,16 +27,23 @@ export function testLoginGovLogin(
         cy.get('input.one-time-code-input__input').type(token);
       });
       cy.get('lg-submit-button > .usa-button').click();
-      cy.url().then((url) => {
-        if (url.match(/\/login\/piv_cac_recommended$/)) {
-          // Handle the case where the page redirects to piv_cac_recommended
-          cy.get('button.usa-button.usa-button--unstyled[type="submit"]:contains("Skip")').click();
-        } else if (url.match(/\/sign_up\/completed$/)) {
-          // Login's additional data sharing consent
-          cy.get('button:contains("Agree and continue")').click();
-        }
+    });
+
+  // We can't wrap all of this in a cy.origin because it will error if it made
+  // it back to localhost already, which is the typical case
+  cy.url().then((url) => {
+    if (url.match(/\/login\/piv_cac_recommended$/)) {
+      // Handle the case where the page redirects to piv_cac_recommended
+      cy.origin('https://idp.int.identitysandbox.gov/', () => {
+        cy.get('button.usa-button.usa-button--unstyled[type="submit"]:contains("Skip")').click();
+      });
+    } else if (url.match(/\/sign_up\/completed$/)) {
+      // Login's additional data sharing consent
+      cy.origin('https://idp.int.identitysandbox.gov/', () => {
+        cy.get('button:contains("Agree and continue")').click();
       });
     }
-  );
+  });
+
   cy.url().should('match', /\/audit\/$/);
 };