feat: add UI to expose curation curation

keshav-space · keshav-space · commit 3531154c6c8c · 2026-05-26T23:59:57.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/vulnerabilities/forms.py b/vulnerabilities/forms.py
@@ -12,6 +12,7 @@
 from django.core.validators import validate_email
 from django_altcha import AltchaField
 
+from vulnerabilities.models import ISSUE_TYPE_CHOICES
 from vulnerabilities.models import ApiUser
 
 
@@ -103,3 +104,32 @@ class PipelineSchedulePackageForm(forms.Form):
 
 class AdminLoginForm(AdminAuthenticationForm):
     captcha = AltchaField(floating=True, hidefooter=True)
+
+
+class AdvisoryToDoForm(forms.Form):
+    search = forms.CharField(
+        required=False,
+        label=False,
+        widget=forms.TextInput(
+            attrs={
+                "placeholder": "Search ToDos...",
+                "class": "input",
+            },
+        ),
+    )
+
+    resolved = forms.ChoiceField(
+        required=False,
+        choices=[
+            ("", "All"),
+            ("True", "Yes"),
+            ("False", "No"),
+        ],
+        widget=forms.Select(attrs={"class": "select"}),
+    )
+
+    issue_type = forms.ChoiceField(
+        required=False,
+        choices=[("", "All")] + ISSUE_TYPE_CHOICES,
+        widget=forms.Select(attrs={"class": "select"}),
+    )
diff --git a/vulnerabilities/templates/advisory_todos.html b/vulnerabilities/templates/advisory_todos.html
@@ -61,23 +61,17 @@ <h1>Advisory To-Dos</h1>
             </form>
 
         <div class="box">
-            <!-- <div class="column has-text-right">
-                <p class="has-text-weight-semibold">
-                    {{ active_pipeline_count|default:0 }} active pipeline{{ active_pipeline_count|default:0|pluralize }},
-                    {{ disabled_pipeline_count|default:0 }} disabled pipeline{{ disabled_pipeline_count|default:0|pluralize }}
-                </p>
-            </div> -->
     <table class="table is-striped is-hoverable is-fullwidth">
         <thead>
             <tr>
                 <th colspan="4">
                     <div class="box is-small">
                         <div class="columns is-vcentered">
-                            <div class="column has-text-centered" style="flex: 0 0 15%; font-weight: bold;">CVE</div>
-                            <div class="column has-text-centered" style="flex: 0 0 20%; font-weight: bold;">Aliases</div>
-                            <div class="column has-text-centered" style="flex: 0 0 15%; font-weight: bold;">Resolved</div>
-                            <div class="column has-text-centered" style="flex: 0 0 10%; font-weight: bold;"># Advisories</div>
-                            <div class="column has-text-centered" style="flex: 0 0 40%; font-weight: bold;">Issue</div>
+                            <div class="column has-text-left" style="flex: 0 0 20%; font-weight: bold;">Aliases</div>
+                            <div class="column has-text-left" style="flex: 0 0 20%; font-weight: bold;">Date</div>
+                            <div class="column has-text-left" style="flex: 0 0 10%; font-weight: bold;">Resolved</div>
+                            <div class="column has-text-left" style="flex: 0 0 10%; font-weight: bold;"># Advisories</div>
+                            <div class="column has-text-left" style="flex: 0 0 40%; font-weight: bold;">Issue Type</div>
                         </div>
                     </div>
                 </th>
@@ -88,11 +82,11 @@ <h1>Advisory To-Dos</h1>
                         <input type="hidden" name="search" value="{{ form.search.value|default:'' }}">
 
                         <div class="columns is-vcentered px-1">
-                            <div class="column has-text-centered" style="flex: 0 0 15%;"></div>
-                            <div class="column has-text-centered" style="flex: 0 0 20%;"></div>
+                            <div class="column has-text-left" style="flex: 0 0 20%;"></div>
+                            <div class="column has-text-left" style="flex: 0 0 20%;"></div>
 
-                            <div class="column has-text-centered" style="flex: 0 0 15%;">
-                                <div class="select is-fullwidth">
+                            <div class="column " style="flex: 0 0 10%;">
+                                <div class="select is-half">
                                     <select name="resolved" onchange="this.form.submit()">
                                         {% for val, label in form.fields.resolved.choices %}
                                             <option value="{{ val }}"
@@ -104,10 +98,10 @@ <h1>Advisory To-Dos</h1>
                                 </div>
                             </div>
 
-                            <div class="column has-text-centered" style="flex: 0 0 10%;"></div>
+                            <div class="column has-text-left" style="flex: 0 0 10%;"></div>
 
-                            <div class="column has-text-centered" style="flex: 0 0 40%;">
-                                <div class="select is-fullwidth">
+                            <div class="column" style="flex: 0 0 40%;">
+                                <div class="select is-half">
                                     <select name="issue_type" onchange="this.form.submit()">
                                         {% for val, label in form.fields.issue_type.choices %}
                                             <option value="{{ val }}"
@@ -128,25 +122,31 @@ <h1>Advisory To-Dos</h1>
             {% for todo in todo_list %}
             <tr>
                 <td colspan="4">
-                    <a href="{% url 'todo-detail' todo_id=todo.todo_id %}" class="has-text-info">
-                        <div class="columns px-1 is-vcentered">
-                            <div class="column has-text-centered" style="flex: 0 0 15%;">
-                                {{ todo.alias }}
-                            </div>
-                            <div class="column has-text-centered" style="flex: 0 0 20%;">
-                                {{ todo.oldest_advisory_date|default:"NA" }}
-                            </div>
-                            <div class="column has-text-centered has-text-grey" style="flex: 0 0 15%;">
-                                {{ todo.is_resolved|yesno:"Yes,No" }}
-                            </div>
-                            <div class="column has-text-centered has-text-grey" style="flex: 0 0 10%;">
-                                {{ todo.advisories.all|length }}
-                            </div>
-                            <div class="column has-text-centered has-text-grey" style="flex: 0 0 40%;">
-                                {{ todo.get_issue_type_display }}
+                    {% with supported_curation="CONFLICTING_FIXED_BY_PACKAGES CONFLICTING_AFFECTED_PACKAGES CONFLICTING_AFFECTED_AND_FIXED_BY_PACKAGES" %}
+                    {% if todo.issue_type in supported_curation.split %}
+                        <a href="{% url 'todo-detail' todo_id=todo.todo_id %}" class="has-text-info">
+                    {% endif %}
+                            <div class="columns px-1 is-vcentered">
+                                <div class="column has-text-left" style="flex: 0 0 20%;">
+                                    {{ todo.alias }}
+                                </div>
+                                <div class="column has-text-left" style="flex: 0 0 20%;">
+                                    {{ todo.oldest_advisory_date|default:"NA" }}
+                                </div>
+                                <div class="column has-text-centered has-text-grey" style="flex: 0 0 10%;">
+                                    {{ todo.is_resolved|yesno:"Yes,No" }}
+                                </div>
+                                <div class="column has-text-centered has-text-grey" style="flex: 0 0 10%;">
+                                    {{ todo.advisories_count }}
+                                </div>
+                                <div class="column has-text-left has-text-grey" style="flex: 0 0 40%;">
+                                    {{ todo.get_issue_type_display }}
+                                </div>
                             </div>
-                        </div>
-                    </a>
+                    {% if todo.issue_type in supported_curation.split %}
+                        </a>
+                    {% endif %}
+                    {% endwith %}
                 </td>
             </tr>
             {% empty %}
diff --git a/vulnerabilities/templates/navbar.html b/vulnerabilities/templates/navbar.html
@@ -35,6 +35,9 @@
         </div>
     </div>
     <div class="navbar-end mr-3">
+        <a class="navbar-item  {% active_item 'todo-list' %}" href="{% url 'todo-list' %}">
+            Advisory To-Dos
+        </a>
         <a class="navbar-item  {% active_item 'dashboard' %}" href="{% url 'dashboard' %}">
             Pipeline Dashboard
         </a>
diff --git a/vulnerabilities/templatetags/utils.py b/vulnerabilities/templatetags/utils.py
@@ -39,3 +39,16 @@ def active_item(context, url_name):
 @register.filter
 def get_item(dictionary, key):
     return dictionary.get(key)
+
+
+@register.simple_tag
+def querystring(request, **kwargs):
+    query = request.GET.copy()
+
+    for key, value in kwargs.items():
+        if value in [None, ""]:
+            query.pop(key, None)
+            continue
+        query[key] = value
+
+    return query.urlencode()
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
@@ -6,6 +6,7 @@
 # See https://github.com/aboutcode-org/vulnerablecode for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
+
 import logging
 from collections import defaultdict
 from typing import List
@@ -36,11 +37,14 @@
 from vulnerabilities import models
 from vulnerabilities.forms import AdminLoginForm
 from vulnerabilities.forms import AdvisorySearchForm
+from vulnerabilities.forms import AdvisoryToDoForm
 from vulnerabilities.forms import ApiUserCreationForm
 from vulnerabilities.forms import PackageSearchForm
 from vulnerabilities.forms import PipelineSchedulePackageForm
 from vulnerabilities.forms import VulnerabilitySearchForm
+from vulnerabilities.models import ISSUE_TYPE_CHOICES
 from vulnerabilities.models import AdvisorySetMember
+from vulnerabilities.models import AdvisoryToDoV2
 from vulnerabilities.models import AdvisoryV2
 from vulnerabilities.models import Group
 from vulnerabilities.models import GroupedAdvisory
@@ -1040,3 +1044,45 @@ def get_context_data(self, **kwargs):
         context["site_title"] = "VulnerableCode site admin"
         context["site_header"] = "VulnerableCode Administration"
         return context
+
+
+class AdvisoryToDoListView(ListView, FormMixin):
+    model = AdvisoryToDoV2
+    context_object_name = "todo_list"
+    template_name = "advisory_todos.html"
+    paginate_by = 20
+    form_class = AdvisoryToDoForm
+
+    def get_form_kwargs(self):
+        kwargs = super().get_form_kwargs()
+        kwargs["data"] = self.request.GET
+        return kwargs
+
+    def get_queryset(self):
+        form = self.form_class(self.request.GET)
+        resolved = self.request.GET.get("resolved")
+        issue_type = self.request.GET.get("issue_type")
+
+        qs = (
+            super()
+            .get_queryset()
+            .filter(is_todo_stale=False)
+            .order_by("-advisories_count", "-oldest_advisory_date")
+        )
+        if resolved in ["True", "False"]:
+            qs = qs.filter(is_resolved=(resolved == "True"))
+
+        if issue_type:
+            qs = qs.filter(issue_type=issue_type)
+
+        qs.prefetch_related("advisories__aliases")
+        if form.is_valid() and (search := form.cleaned_data.get("search")):
+            return qs.filter(advisories__aliases__alias__icontains=search)
+
+        return qs
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["issue_choices"] = ISSUE_TYPE_CHOICES
+
+        return context
diff --git a/vulnerablecode/urls.py b/vulnerablecode/urls.py
@@ -32,6 +32,7 @@
 from vulnerabilities.views import AdminLoginView
 from vulnerabilities.views import AdvisoryDetails
 from vulnerabilities.views import AdvisoryPackagesDetails
+from vulnerabilities.views import AdvisoryToDoListView
 from vulnerabilities.views import AffectedByAdvisoriesListView
 from vulnerabilities.views import ApiUserCreateView
 from vulnerabilities.views import FixingAdvisoriesListView
@@ -99,6 +100,11 @@ def __init__(self, *args, **kwargs):
         PipelineScheduleListView.as_view(),
         name="dashboard",
     ),
+    path(
+        "advisories/todos/",
+        AdvisoryToDoListView.as_view(),
+        name="todo-list",
+    ),
     path(
         "pipelines/<str:pipeline_id>/runs/",
         PipelineRunListView.as_view(),
