Django Admin: fix creating new notifications

[tomaszn]

This is a fix for #9340. It enables User and Product fields in Add notifications editor in Django Admin interface, so new notifications can be set up for any Product and User combination.

Test results

Tested manually. Screenshot:

[dryrunsecurity]

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status	DryRun Security Check
✅	AI-powered Sensitive Function Check
❌	Configured Sensitive Files Check
✅	AI-powered Sensitive Files Check

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

[devGregA]

Hi @tomaszn, is it possible to incorporate these changes into notfications rather than admin? We're trying to keep people away from django admin for data integrity purposes.

[tomaszn]

@devGregA, I fully understand your concern about data integrity. On the other hand, the alternative for now is editing the database records.

I can imagine such a rework of the View User page. Maybe two new sections, one for user's general notification settings, and another for per-product notifications. Plus a nice wizard that sets up notifications for all products that match some criteria like tags or Product Type. This could be also accessible for regular users to set up and review their notifications.

But that would be a bigger feature. As the code freeze is in progress, what do you think about tackling it after DefectDojo 3.0 is released, and proceeding with this for now?

(Dropping per #9300 (comment). Django Admin features will be published in my fork.)