feature: quick verify finding

Author: fopina

dojo/finding/urls.py

@@ -142,6 +142,8 @@
         name="choose_finding_template_options"),
     re_path(r"^finding/(?P<fid>\d+)/(?P<tid>\d+)/apply_template_to_finding$",
         views.apply_template_to_finding, name="apply_template_to_finding"),
+    re_path(r"^finding/(?P<fid>\d+)/verify$", views.verify_finding,
+        name="verify_finding"),
     re_path(r"^finding/(?P<fid>\d+)/close$", views.close_finding,
         name="close_finding"),
     re_path(r"^finding/(?P<fid>\d+)/defect_review$",

dojo/finding/views.py

@@ -1223,6 +1223,72 @@ def close_finding(request, fid):
     )
 
 
+@user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
+def verify_finding(request, fid):
+    finding = get_object_or_404(Finding, id=fid)
+
+    if finding.verified:
+        messages.add_message(
+            request,
+            messages.INFO,
+            "Finding already verified.",
+            extra_tags="alert-info",
+        )
+        return redirect_to_return_url_or_else(
+            request,
+            reverse("view_finding", args=(finding.id,)),
+        )
+
+    form = NoteForm(data=request.POST or None)
+    form.fields["entry"].required = False
+    form.fields["entry"].label = _("Comment (optional)")
+
+    if request.method == "POST" and form.is_valid():
+        entry = form.cleaned_data.get("entry", "").strip()
+        if entry:
+            note = form.save(commit=False)
+            note.author = request.user
+            note.save()
+            finding.notes.add(note)
+
+        now_time = timezone.now()
+        finding.verified = True
+        finding.last_reviewed = now_time
+        finding.last_reviewed_by = request.user
+        finding.last_status_update = now_time
+        finding.save(push_to_jira=False)
+
+        messages.add_message(
+            request,
+            messages.SUCCESS,
+            "Finding verified.",
+            extra_tags="alert-success",
+        )
+
+        return redirect_to_return_url_or_else(
+            request,
+            reverse("view_finding", args=(finding.id,)),
+        )
+
+    product_tab = Product_Tab(
+        finding.test.engagement.product,
+        title="Verify Finding",
+        tab="findings",
+    )
+
+    return render(
+        request,
+        "dojo/verify_finding.html",
+        {
+            "finding": finding,
+            "product_tab": product_tab,
+            "user": request.user,
+            "form": form,
+            "active_tab": "findings",
+        },
+    )
+
+
 @user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
 def defect_finding_review(request, fid):
     finding = get_object_or_404(Finding, id=fid)

dojo/templates/dojo/verify_finding.html

@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+{% load i18n %}
+
+{% block content %}
+    {{ block.super }}
+    <h3>{% trans "Verify Finding" %}</h3>
+    <h4>{{ finding.title }}</h4>
+    <p>{% trans "Use this form to mark the finding as verified. Adding a comment is optional." %}</p>
+    <form class="form-horizontal" action="{% url 'verify_finding' finding.id %}" method="post">
+        {% csrf_token %}
+        {% include "dojo/form_fields.html" with form=form %}
+        <div class="form-group">
+            <div class="col-sm-offset-2 col-sm-10">
+                <input class="btn btn-primary" type="submit" value="{% trans "Verify Finding" %}" aria-label="{% trans "Verify Finding" %}"/>
+            </div>
+        </div>
+    </form>
+{% endblock %}

dojo/templates/dojo/view_finding.html

@@ -126,6 +126,13 @@ <h3 class="pull-left finding-title">
                                         </a>
                                     </li>
                                 {% else %}
+                                {% if not finding.verified %}
+                                    <li role="presentation">
+                                        <a href="{% url 'verify_finding' finding.id %}">
+                                            <i class="fa-solid fa-circle-check"></i> Verify Finding
+                                        </a>
+                                    </li>
+                                {% endif %}
                                 <li role="presentation">
                                     <a href="{% url 'close_finding' finding.id %}">
                                         <i class="fa-solid fa-fire-extinguisher"></i> Close Finding