From 9bfcbb8b8ef0d4fffc5a2d046e68e36ef2ab1131 Mon Sep 17 00:00:00 2001
From: Raouf HADDADA <raouf.haddada@littlebigconnection.com>
Date: Tue, 4 Jun 2024 10:08:02 +0100
Subject: [PATCH] Finding Group Filter Fix

---
 dojo/filters.py               | 16 +++++-----
 dojo/finding_group/queries.py | 55 -----------------------------------
 2 files changed, 7 insertions(+), 64 deletions(-)
 delete mode 100644 dojo/finding_group/queries.py

diff --git a/dojo/filters.py b/dojo/filters.py
index d7ae4b6fef5..fa5cccf037a 100644
--- a/dojo/filters.py
+++ b/dojo/filters.py
@@ -53,7 +53,6 @@
     WAS_ACCEPTED_FINDINGS_QUERY,
 )
 from dojo.finding.queries import get_authorized_findings
-from dojo.finding_group.queries import get_authorized_finding_groups
 from dojo.models import (
     EFFORT_FOR_FIXING_CHOICES,
     ENGAGEMENT_STATUS_CHOICES,
@@ -70,7 +69,6 @@
     Engagement,
     Engagement_Survey,
     Finding,
-    Finding_Group,
     Finding_Template,
     Note_Type,
     Product,
@@ -1728,12 +1726,12 @@ class FindingFilterWithoutObjectLookups(FindingFilterHelper, FindingTagStringFil
         finding_group__name = CharFilter(
             field_name="finding_group__name",
             lookup_expr="iexact",
-            label="Finding Group Name",
+            label="Finding Group",
             help_text="Search for Finding Group names that are an exact match")
         finding_group__name_contains = CharFilter(
             field_name="finding_group__name",
             lookup_expr="icontains",
-            label="Finding Group Name Contains",
+            label="Finding Group Contains",
             help_text="Search for Finding Group names that contain a given pattern")
 
     class Meta:
@@ -1790,9 +1788,11 @@ class FindingFilter(FindingFilterHelper, FindingTagFilter):
         label="Test")
 
     if is_finding_groups_enabled():
-        finding_group = ModelMultipleChoiceFilter(
-            queryset=Finding_Group.objects.none(),
-            label="Finding Group")
+        finding_group = CharFilter(
+            field_name="finding_group__name",
+            lookup_expr="icontains",
+            label="Finding Group",
+            help_text="Search for Finding Group contain a given pattern")
 
     class Meta:
         model = Finding
@@ -1837,8 +1837,6 @@ def set_related_object_fields(self, *args: list, **kwargs: dict):
 
         if self.form.fields.get('test__engagement__product'):
             self.form.fields['test__engagement__product'].queryset = get_authorized_products(Permissions.Product_View)
-        if self.form.fields.get('finding_group', None):
-            self.form.fields['finding_group'].queryset = get_authorized_finding_groups(Permissions.Finding_Group_View)
         self.form.fields['reporter'].queryset = get_authorized_users(Permissions.Finding_View)
         self.form.fields['reviewers'].queryset = self.form.fields['reporter'].queryset
 
diff --git a/dojo/finding_group/queries.py b/dojo/finding_group/queries.py
deleted file mode 100644
index 9bc4b95ffac..00000000000
--- a/dojo/finding_group/queries.py
+++ /dev/null
@@ -1,55 +0,0 @@
-from crum import get_current_user
-from django.db.models import Exists, OuterRef, Q
-
-from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission
-from dojo.models import Finding_Group, Product_Group, Product_Member, Product_Type_Group, Product_Type_Member
-
-
-def get_authorized_finding_groups(permission, queryset=None, user=None):
-
-    if user is None:
-        user = get_current_user()
-
-    if user is None:
-        return Finding_Group.objects.none()
-
-    if queryset is None:
-        finding_groups = Finding_Group.objects.all()
-    else:
-        finding_groups = queryset
-
-    if user.is_superuser:
-        return finding_groups
-
-    if user_has_global_permission(user, permission):
-        return finding_groups
-
-    roles = get_roles_for_permission(permission)
-    authorized_product_type_roles = Product_Type_Member.objects.filter(
-        product_type=OuterRef('test__engagement__product__prod_type_id'),
-        user=user,
-        role__in=roles)
-    authorized_product_roles = Product_Member.objects.filter(
-        product=OuterRef('test__engagement__product_id'),
-        user=user,
-        role__in=roles)
-    authorized_product_type_groups = Product_Type_Group.objects.filter(
-        product_type=OuterRef('test__engagement__product__prod_type_id'),
-        group__users=user,
-        role__in=roles)
-    authorized_product_groups = Product_Group.objects.filter(
-        product=OuterRef('test__engagement__product_id'),
-        group__users=user,
-        role__in=roles)
-    finding_groups = finding_groups.annotate(
-        test__engagement__product__prod_type__member=Exists(authorized_product_type_roles),
-        test__engagement__product__member=Exists(authorized_product_roles),
-        test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups),
-        test__engagement__product__authorized_group=Exists(authorized_product_groups))
-    finding_groups = finding_groups.filter(
-        Q(test__engagement__product__prod_type__member=True)
-        | Q(test__engagement__product__member=True)
-        | Q(test__engagement__product__prod_type__authorized_group=True)
-        | Q(test__engagement__product__authorized_group=True))
-
-    return finding_groups