@@ -178,6 +178,19 @@ def setUp(self):
178178 self .client .credentials (HTTP_AUTHORIZATION = "Token " + self .token .key )
179179 self .url = reverse ("risk_acceptance-list" )
180180
181+ # Helper method to create a risk acceptance for testing filters
182+ def create_risk_acceptance (self ):
183+ risk_acceptance = Risk_Acceptance .objects .create (
184+ name = "Filter Test RA" ,
185+ recommendation = "A" ,
186+ decision = "A" ,
187+ accepted_by = "Test User" ,
188+ owner = self .user ,
189+ )
190+ risk_acceptance .accepted_findings .add (self .finding_a1 )
191+ self .engagement_a .risk_acceptance .add (risk_acceptance )
192+ return risk_acceptance
193+
181194 def test_create_risk_acceptance_links_to_engagement (self ):
182195 """Test that risk acceptance created via API appears in engagement.risk_acceptance"""
183196 payload = {
@@ -360,3 +373,49 @@ def test_update_risk_acceptance_add_cross_engagement_fails(self):
360373 response = self .client .put (f"{ self .url } { ra .id } , payload , format = "json" )
361374 self .assertEqual (403 , response .status_code , response .content )
362375 self .assertIn ("multiple engagements" , str (response .data ))
376+
377+ def test_risk_acceptance_created_filter (self ):
378+ # 1. Create a baseline Risk Acceptance using the existing test setup
379+ risk_acceptance = self .create_risk_acceptance ()
380+
381+ # 2. Manually backdate the created date to test ranges
382+ past_date = datetime .datetime .now (datetime .UTC ) - datetime .timedelta (days = 10 )
383+ risk_acceptance .created = past_date
384+ risk_acceptance .save ()
385+
386+ # 3. Test `created__lt` (Less than / Before)
387+ # Should return the risk acceptance because it was created 10 days ago
388+ future_date = datetime .datetime .now (datetime .UTC ).strftime ("%Y-%m-%dT%H:%M:%S.%fZ" )
389+ response = self .client .get (reverse ("risk_acceptance-list" ) + f"?created__lt={ future_date } )
390+ self .assertEqual (response .status_code , 200 )
391+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
392+ self .assertIn (risk_acceptance .id , result_ids )
393+
394+ # 4. Test `created__gt` (Greater than / After)
395+ # Should NOT return the risk acceptance because it is not newer than today
396+ response = self .client .get (reverse ("risk_acceptance-list" ) + f"?created__gt={ future_date } )
397+ self .assertEqual (response .status_code , 200 )
398+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
399+ self .assertNotIn (risk_acceptance .id , result_ids )
400+
401+ def test_risk_acceptance_updated_filter (self ):
402+ risk_acceptance = self .create_risk_acceptance ()
403+
404+ # Manually backdate the updated date
405+ past_date = datetime .datetime .now (datetime .UTC ) - datetime .timedelta (days = 10 )
406+ # We use .update() to bypass the auto_now=True behavior on the updated field
407+ type (risk_acceptance ).objects .filter (pk = risk_acceptance .id ).update (updated = past_date )
408+
409+ future_date = datetime .datetime .now (datetime .UTC ).strftime ("%Y-%m-%dT%H:%M:%S.%fZ" )
410+
411+ # Test updated__lt
412+ response = self .client .get (reverse ("risk_acceptance-list" ) + f"?updated__lt={ future_date } )
413+ self .assertEqual (response .status_code , 200 )
414+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
415+ self .assertIn (risk_acceptance .id , result_ids )
416+
417+ # Test updated__gt
418+ response = self .client .get (reverse ("risk_acceptance-list" ) + f"?updated__gt={ future_date } )
419+ self .assertEqual (response .status_code , 200 )
420+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
421+ self .assertNotIn (risk_acceptance .id , result_ids )
0 commit comments