@@ -176,6 +176,19 @@ def setUp(self):
176176 self .client .credentials (HTTP_AUTHORIZATION = "Token " + self .token .key )
177177 self .url = reverse ("risk_acceptance-list" )
178178
179+ # Helper method to create a risk acceptance for testing filters
180+ def create_risk_acceptance (self ):
181+ risk_acceptance = Risk_Acceptance .objects .create (
182+ name = "Filter Test RA" ,
183+ recommendation = "A" ,
184+ decision = "A" ,
185+ accepted_by = "Test User" ,
186+ owner = self .user ,
187+ )
188+ risk_acceptance .accepted_findings .add (self .finding_a1 )
189+ self .engagement_a .risk_acceptance .add (risk_acceptance )
190+ return risk_acceptance
191+
179192 def test_create_risk_acceptance_links_to_engagement (self ):
180193 """Test that risk acceptance created via API appears in engagement.risk_acceptance"""
181194 payload = {
@@ -358,3 +371,50 @@ def test_update_risk_acceptance_add_cross_engagement_fails(self):
358371 response = self .client .put (f"{ self .url } { ra .id } , payload , format = "json" )
359372 self .assertEqual (403 , response .status_code , response .content )
360373 self .assertIn ("multiple engagements" , str (response .data ))
374+
375+ def test_risk_acceptance_created_filter (self ):
376+ # 1. Create a baseline Risk Acceptance using the existing test setup
377+ risk_acceptance = self .create_risk_acceptance ()
378+
379+ # 2. Manually backdate the created date to test ranges
380+ past_date = datetime .datetime .now (datetime .timezone .utc ) - datetime .timedelta (days = 10 )
381+ risk_acceptance .created = past_date
382+ risk_acceptance .save ()
383+
384+ # 3. Test `created_before` (Less than / Before)
385+ # Should return the risk acceptance because it was created 10 days ago
386+ future_date = datetime .datetime .now (datetime .timezone .utc ).strftime ('%Y-%m-%dT%H:%M:%S.%fZ' )
387+ response = self .client .get (reverse ('risk_acceptance-list' ) + f'?created_before={ future_date } )
388+ self .assertEqual (response .status_code , 200 )
389+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
390+ self .assertIn (risk_acceptance .id , result_ids )
391+
392+ # 4. Test `created_after` (Greater than / After)
393+ # Should NOT return the risk acceptance because it is not newer than today
394+ response = self .client .get (reverse ('risk_acceptance-list' ) + f'?created_after={ future_date } )
395+ self .assertEqual (response .status_code , 200 )
396+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
397+ self .assertNotIn (risk_acceptance .id , result_ids )
398+
399+
400+ def test_risk_acceptance_updated_filter (self ):
401+ risk_acceptance = self .create_risk_acceptance ()
402+
403+ # Manually backdate the updated date
404+ past_date = datetime .datetime .now (datetime .timezone .utc ) - datetime .timedelta (days = 10 )
405+ # We use .update() to bypass the auto_now=True behavior on the updated field
406+ type (risk_acceptance ).objects .filter (pk = risk_acceptance .id ).update (updated = past_date )
407+
408+ future_date = datetime .datetime .now (datetime .timezone .utc ).strftime ('%Y-%m-%dT%H:%M:%S.%fZ' )
409+
410+ # Test updated_before
411+ response = self .client .get (reverse ('risk_acceptance-list' ) + f'?updated_before={ future_date } )
412+ self .assertEqual (response .status_code , 200 )
413+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
414+ self .assertIn (risk_acceptance .id , result_ids )
415+
416+ # Test updated_after
417+ response = self .client .get (reverse ('risk_acceptance-list' ) + f'?updated_after={ future_date } )
418+ self .assertEqual (response .status_code , 200 )
419+ result_ids = {item ["id" ] for item in response .json ()["results" ]}
420+ self .assertNotIn (risk_acceptance .id , result_ids )
0 commit comments