Relate dependencies to packages #447

    * Show and link relations in the views

Signed-off-by: Jono Yang <[email protected]>

Author: JonoYang

scanpipe/migrations/0019_remove_discoveredpackage_dependencies_and_more.py renamed to scanpipe/migrations/0019_codebaseresource_package_data_and_more.py

@@ -1,4 +1,4 @@
-# Generated by Django 4.0.6 on 2022-07-30 00:41
+# Generated by Django 4.0.6 on 2022-08-03 18:36
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -12,10 +12,6 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
-        migrations.RemoveField(
-            model_name='discoveredpackage',
-            name='dependencies',
-        ),
         migrations.AddField(
             model_name='codebaseresource',
             name='package_data',
@@ -26,6 +22,10 @@ class Migration(migrations.Migration):
             name='name',
             field=models.CharField(blank=True, help_text='File or directory name of this resource with its extension.', max_length=255),
         ),
+        migrations.RemoveField(
+            model_name='discoveredpackage',
+            name='dependencies',
+        ),
         migrations.CreateModel(
             name='DiscoveredDependency',
             fields=[
@@ -47,4 +47,9 @@ class Migration(migrations.Migration):
             },
             bases=(models.Model, scanpipe.models.SaveProjectErrorMixin),
         ),
+        migrations.AddField(
+            model_name='discoveredpackage',
+            name='dependencies',
+            field=models.ManyToManyField(related_name='discovered_packages', to='scanpipe.discovereddependency'),
+        ),
     ]

scanpipe/models.py

@@ -1799,6 +1799,9 @@ class DiscoveredPackage(
     codebase_resources = models.ManyToManyField(
         "CodebaseResource", related_name="discovered_packages"
     )
+    dependencies = models.ManyToManyField(
+        "DiscoveredDependency", related_name="discovered_packages"
+    )
     missing_resources = models.JSONField(default=list, blank=True)
     modified_resources = models.JSONField(default=list, blank=True)
     package_uid = models.CharField(
@@ -1928,6 +1931,10 @@ def update_from_data(self, package_data, override=False):
         return updated_fields
 
 
+class DiscoveredDependencyQuerySet(ProjectRelatedQuerySet):
+    pass
+
+
 class DiscoveredDependency(
     ProjectRelatedModel,
     SaveProjectErrorMixin,
@@ -1980,12 +1987,21 @@ class DiscoveredDependency(
         ),
     )
 
+    objects = DiscoveredDependencyQuerySet.as_manager()
+
     def __str__(self):
         return self.purl or str(self.uuid)
 
     def get_absolute_url(self):
         return reverse("dependency_detail", args=[self.project_id, self.pk])
 
+    @cached_property
+    def packages(self):
+        """
+        Returns the associated discovered_packages QuerySet as a list.
+        """
+        return list(self.discovered_packages.all())
+
     @classmethod
     def create_from_data(cls, project, dependency_data):
         """

scanpipe/pipes/__init__.py

@@ -111,11 +111,12 @@ def update_or_create_dependencies(project, dependency_data):
     Uses the `project` and `dependency_data` mapping to lookup and creates the
     DiscoveredDependency using its dependency_uid and for_package_uid as a unique key.
     """
+    for_package_uid = dependency_data.get("for_package_uid")
     try:
         dependency = DiscoveredDependency.objects.get(
             project=project,
             dependency_uid=dependency_data.get("dependency_uid"),
-            for_package_uid=dependency_data.get("for_package_uid"),
+            for_package_uid=for_package_uid,
         )
     except DiscoveredDependency.DoesNotExist:
         dependency = None
@@ -125,6 +126,14 @@ def update_or_create_dependencies(project, dependency_data):
     else:
         dependency = DiscoveredDependency.create_from_data(project, dependency_data)
 
+    if for_package_uid:
+        package_exists_in_project = project.discoveredpackages.filter(
+            package_uid=for_package_uid
+        ).exists()
+        if package_exists_in_project:
+            package = project.discoveredpackages.get(package_uid=for_package_uid)
+            dependency.discovered_packages.add(package)
+
     return dependency
 
 

scanpipe/templates/scanpipe/dependency_list.html

@@ -28,6 +28,7 @@
             <th>For package UID</th>
             <th>Datafile path</th>
             <th>Datasource ID</th>
+            <th>From Packages</th>
           </tr>
         </thead>
         <tbody>
@@ -63,6 +64,18 @@
               <td>
                 {{ dependency.datasource_id }}
               </td>
+              <td class="is-clipped-list">
+                <ul>
+                  {% for package in dependency.packages %}
+                    <li>
+                      <a href="{{ package.get_absolute_url }}" title="{{ package.purl }}">{{ package.purl }}</a>
+                    </li>
+                  {% endfor %}
+                </ul>
+                {% if dependency.packages|length > 5 %}
+                  <button class="button is-small is-fullwidth show-clipped">Show {{ dependency.packages|length }} packages</button>
+                {% endif %}
+              </td>
             </tr>
           {% endfor %}
         </tbody>

scanpipe/views.py

@@ -620,6 +620,7 @@ class DiscoveredDependencyListView(
     filterset_class = DependencyFilterSet
     template_name = "scanpipe/dependency_list.html"
     paginate_by = 100
+    prefetch_related = ["discovered_packages"]
 
 
 class ProjectErrorListView(