├── grcbit_iso27001
    ├── wizards
    │   ├── __init__.py
    │   └── theme.py
    ├── __init__.py
    ├── models
    │   ├── __init__.py
    │   └── grcbit_base_inh.py
    ├── static
    │   ├── description
    │   │   └── icon.png
    │   └── src
    │   │   ├── img
    │   │       └── email-marketing.png
    │   │   └── css
    │   │       └── iso_style.css
    ├── data
    │   ├── control_type_data.xml
    │   ├── control_category_data.xml
    │   ├── security_property_data.xml
    │   ├── cybersecurity_concept_data.xml
    │   └── security_domain_data.xml
    ├── __manifest__.py
    ├── reports
    │   ├── summary_report_statement_applicability.xml
    │   └── report_statement_applicability.xml
    └── views
    │   └── grcbit_base_views.xml
├── grcbit_risk_management
    ├── wizards
    │   ├── __init__.py
    │   ├── set_groups_views.xml
    │   └── set_groups.py
    ├── __init__.py
    ├── static
    │   ├── description
    │   │   └── icon.png
    │   └── src
    │   │   └── css
    │   │       └── control_style.css
    ├── models
    │   ├── __init__.py
    │   └── company_product_service.py
    ├── data
    │   ├── control_evaluation_criteria_data.xml
    │   ├── probability_level_data.xml
    │   ├── risk_level_data.xml
    │   ├── impact_level_data.xml
    │   ├── risk_classification_data.xml
    │   ├── inherent_risk_level_data.xml
    │   └── residual_risk_level_data.xml
    ├── views
    │   ├── ir_sequence.xml
    │   ├── menuitems.xml
    │   └── company_product_service_views.xml
    ├── __manifest__.py
    ├── security
    │   └── res_groups.xml
    └── reports
    │   └── report_risk_factor.xml
├── grcbit_pci4
    ├── __init__.py
    ├── models
    │   ├── __init__.py
    │   └── models.py
    ├── static
    │   └── description
    │   │   └── icon.png
    ├── __manifest__.py
    └── security
    │   └── ir.model.access.csv
├── grcbit_compliance
    ├── __init__.py
    ├── static
    │   ├── src
    │   │   └── css
    │   │   │   └── compliance_style.css
    │   └── description
    │   │   └── icon.png
    ├── models
    │   ├── __init__.py
    │   ├── data_inventory_compliance.py
    │   └── compliance_models.py
    ├── data
    │   ├── compliance.version.csv
    │   ├── compliance.control.objective.csv
    │   └── compliance.control.csv
    ├── __manifest__.py
    ├── views
    │   └── data_inventory_views.xml
    ├── reports
    │   └── report_compliance.xml
    └── security
    │   └── ir.model.access.csv
├── grcbit_cvss
    ├── models
    │   ├── __init__.py
    │   └── risk_factor.py
    ├── wizard
    │   ├── __init__.py
    │   ├── cvss_calculator_view.xml
    │   └── cvss_calculator.py
    ├── __init__.py
    ├── static
    │   └── description
    │   │   └── icon.png
    ├── security
    │   └── ir.model.access.csv
    ├── __manifest__.py
    ├── reports
    │   └── report_risk_factor_inherit.xml
    ├── views
    │   └── risk_factor_views.xml
    └── i18n
    │   └── en_US.po
├── grcbit_threat_scenario
    ├── __init__.py
    ├── models
    │   ├── __init__.py
    │   ├── risk_management.py
    │   └── models.py
    ├── static
    │   └── description
    │   │   └── icon.png
    ├── __manifest__.py
    └── views
    │   ├── risk_management_views.xml
    │   └── menuitems.xml
├── grcbit_setgroups
    ├── models
    │   ├── __init__.py
    │   └── res_users.py
    ├── __init__.py
    ├── wizard
    │   ├── __init__.py
    │   ├── set_groups.py
    │   ├── set_groups_views.xml
    │   └── res_users.py
    ├── static
    │   └── description
    │   │   └── icon.png
    ├── security
    │   └── ir.model.access.csv
    ├── __manifest__.py
    ├── views
    │   └── res_users_views.xml
    └── i18n
    │   ├── en_US.po
    │   └── es_MX.po
├── grcbit_base
    ├── __init__.py
    ├── wizards
    │   ├── __init__.py
    │   ├── set_groups_views.xml
    │   └── set_groups.py
    ├── static
    │   ├── description
    │   │   └── icon.png
    │   └── src
    │   │   ├── img
    │   │       └── dashicon.png
    │   │   ├── js
    │   │       ├── user_menu_items.js
    │   │       ├── many2many_tags.js
    │   │       ├── many2many.js
    │   │       ├── many2many_open.js
    │   │       ├── many2one.js
    │   │       └── dashboard.js
    │   │   └── xml
    │   │       └── dashboard.xml
    ├── models
    │   ├── __init__.py
    │   ├── res_partner.py
    │   └── settings.py
    ├── views
    │   ├── dashboard_view.xml
    │   ├── menuitems.xml
    │   └── settings_views.xml
    ├── __manifest__.py
    ├── security
    │   └── res_groups.xml
    └── reports
    │   └── report_it_inventory.xml
├── grcbit_vulnerability_management
    ├── controllers
    │   ├── __init__.py
    │   └── controllers.py
    ├── __init__.py
    ├── models
    │   ├── __init__.py
    │   ├── risk_management.py
    │   └── models.py
    ├── static
    │   └── description
    │   │   └── icon.png
    ├── views
    │   ├── templates.xml
    │   ├── risk_management_views.xml
    │   └── views.xml
    ├── __manifest__.py
    ├── demo
    │   └── demo.xml
    └── security
    │   └── ir.model.access.csv
└── .gitignore


/grcbit_iso27001/wizards/__init__.py:
--------------------------------------------------------------------------------
1 | #from . import theme
2 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/wizards/__init__.py:
--------------------------------------------------------------------------------
1 | from . import set_groups


--------------------------------------------------------------------------------
/grcbit_pci4/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models


--------------------------------------------------------------------------------
/grcbit_compliance/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models


--------------------------------------------------------------------------------
/grcbit_compliance/static/src/css/compliance_style.css:
--------------------------------------------------------------------------------
1 | .my_class{width: 95%;}


--------------------------------------------------------------------------------
/grcbit_pci4/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models


--------------------------------------------------------------------------------
/grcbit_cvss/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import risk_factor


--------------------------------------------------------------------------------
/grcbit_threat_scenario/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models


--------------------------------------------------------------------------------
/grcbit_cvss/wizard/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import cvss_calculator


--------------------------------------------------------------------------------
/grcbit_setgroups/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import res_users


--------------------------------------------------------------------------------
/grcbit_cvss/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models
3 | from . import wizard


--------------------------------------------------------------------------------
/grcbit_base/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models
3 | from . import wizards
4 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models
3 | from . import wizards


--------------------------------------------------------------------------------
/grcbit_setgroups/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models
3 | from . import wizard


--------------------------------------------------------------------------------
/grcbit_risk_management/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models
3 | from . import wizards


--------------------------------------------------------------------------------
/grcbit_base/wizards/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | #from . import theme
3 | from . import set_groups
4 | 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/controllers/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | 
3 | from . import controllers


--------------------------------------------------------------------------------
/grcbit_setgroups/wizard/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import res_users
3 | from . import set_groups


--------------------------------------------------------------------------------
/grcbit_iso27001/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import iso_models
3 | from . import grcbit_base_inh


--------------------------------------------------------------------------------
/grcbit_threat_scenario/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import models
3 | from . import risk_management


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | 
3 | from . import controllers
4 | from . import models


--------------------------------------------------------------------------------
/grcbit_base/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_base/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_base/static/src/img/dashicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_base/static/src/img/dashicon.png


--------------------------------------------------------------------------------
/grcbit_cvss/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_cvss/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_pci4/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_pci4/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_compliance/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import compliance_models
3 | from . import data_inventory_compliance


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | 
3 | from . import models
4 | from . import risk_management
5 | 


--------------------------------------------------------------------------------
/grcbit_base/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import asset_management
3 | from . import settings
4 | from . import res_partner


--------------------------------------------------------------------------------
/grcbit_iso27001/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_iso27001/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_setgroups/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_setgroups/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_compliance/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_compliance/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_iso27001/static/src/img/email-marketing.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_iso27001/static/src/img/email-marketing.png


--------------------------------------------------------------------------------
/grcbit_risk_management/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_risk_management/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_threat_scenario/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_threat_scenario/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_risk_management/models/__init__.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | from . import risk_management
3 | from . import controls
4 | from . import company_product_service


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/static/description/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-it-grc/HEAD/grcbit_vulnerability_management/static/description/icon.png


--------------------------------------------------------------------------------
/grcbit_cvss/security/ir.model.access.csv:
--------------------------------------------------------------------------------
1 | id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
2 | access_cvss_calculator_user,access.cvss.calculator.user,model_cvss_calculator,base.group_user,1,1,1,1


--------------------------------------------------------------------------------
/grcbit_setgroups/security/ir.model.access.csv:
--------------------------------------------------------------------------------
1 | id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
2 | access_set_groups_user_general,access_set_groups_user_general,model_set_groups_user,base.group_user,1,1,1,1


--------------------------------------------------------------------------------
/grcbit_risk_management/static/src/css/control_style.css:
--------------------------------------------------------------------------------
 1 | .o_tag_badge_text {
 2 |     display: inline-block;
 3 |     max-width: 100%;
 4 |     white-space: nowrap;
 5 |     overflow: hidden;
 6 |     text-overflow: ellipsis;
 7 |     vertical-align: top;
 8 |     max-width: 200px;
 9 |     color: inherit;
10 |     line-height: 1.1;
11 | }


--------------------------------------------------------------------------------
/grcbit_cvss/models/risk_factor.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | import logging
 3 | from odoo import api, fields, models, _
 4 | 
 5 | _logger = logging.getLogger(__name__)
 6 | 
 7 | class RiskFactorInh(models.Model):
 8 |     _inherit = 'risk.factor'
 9 | 
10 |     score = fields.Float(string="Score", digits=(1,1))
11 |     vector = fields.Char(string="Vector")


--------------------------------------------------------------------------------
/grcbit_setgroups/wizard/set_groups.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | import logging
 3 | from odoo import api, fields, models, _
 4 | _logger = logging.getLogger(__name__)
 5 | class SetGroupsUser(models.TransientModel):
 6 |     _name = 'set.groups.user'
 7 | 
 8 |     user_id = fields.Many2one('res.users', string="User")
 9 |     
10 |     def assign_groups(self):
11 |         data = {}


--------------------------------------------------------------------------------
/grcbit_compliance/data/compliance.version.csv:
--------------------------------------------------------------------------------
1 | id,name,description
2 | NIST800-53-V1,NIST 800-53-V1,"The NIST Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations is a set of recommended security and privacy controls for federal information systems and organizations to help meet the Federal Information Security Management Act (FISMA) requirements."
3 | 


--------------------------------------------------------------------------------
/grcbit_compliance/data/compliance.control.objective.csv:
--------------------------------------------------------------------------------
1 | name,compliance_version_id
2 | AC-1 POLICY AND PROCEDURES,NIST 800-53-V1
3 | AC-2 ACCOUNT MANAGEMENT,NIST 800-53-V1
4 | AC-3 ACCESS ENFORCEMENT,NIST 800-53-V1
5 | AC-4 INFORMATION FLOW ENFORCEMENT,NIST 800-53-V1
6 | AC-5 SEPARATION OF DUTIES,NIST 800-53-V1
7 | AC-6 LEAST PRIVILEGE,NIST 800-53-V1
8 | AC-7 UNSUCCESSFUL LOGON ATTEMPTS,NIST 800-53-V1
9 | 


--------------------------------------------------------------------------------
/grcbit_base/models/res_partner.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | from odoo import models, fields, api, _
 4 | import logging
 5 | 
 6 | _logger = logging.getLogger(__name__)
 7 | 
 8 | class ResPartnerInh(models.Model):
 9 |     _inherit = 'res.partner'
10 | 
11 |     signup_expiration = fields.Datetime(groups="base.group_erp_manager,grcbit_base.group_grc_admin")
12 |     signup_token = fields.Char(groups="base.group_erp_manager,grcbit_base.group_grc_admin")
13 |     signup_type = fields.Char(groups="base.group_erp_manager,grcbit_base.group_grc_admin")


--------------------------------------------------------------------------------
/grcbit_risk_management/models/company_product_service.py:
--------------------------------------------------------------------------------
 1 | from odoo import models, fields, api
 2 | 
 3 | class CompanyProductService(models.Model):
 4 |     _name = 'company.product.service'
 5 |     _description = 'Company Product Service'
 6 |     _inherit = ["mail.thread", "mail.activity.mixin"]
 7 |     _rec_name = 'name'
 8 | 
 9 |     name = fields.Char(string="Name", required=True, tracking=True)
10 |     description = fields.Text(string="Description", tracking=True)
11 |     type_product_service = fields.Selection([
12 |         ('product', 'Product'),
13 |         ('service', 'Service')
14 |     ], string="Type", required=True, tracking=True)
15 |     active = fields.Boolean(default=True) 


--------------------------------------------------------------------------------
/grcbit_iso27001/models/grcbit_base_inh.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | from odoo import models, fields, api, _
 4 | import logging
 5 | from datetime import date
 6 | from statistics import mode
 7 | 
 8 | _logger = logging.getLogger(__name__)
 9 | 
10 | class ResPartnerIsoInh(models.Model):
11 |     _inherit = 'hr.employee'
12 | 
13 |     isms_roles_ids = fields.Many2many('isms.role', string=_("ISMS Role"))
14 | 
15 | class ItInventoryInh(models.Model):
16 |     _inherit = 'it.inventory'
17 | 
18 |     responsible = fields.Many2one('hr.employee', string="IT Admin")
19 | 
20 | class DataInventoryInh(models.Model):
21 |     _inherit = 'data.inventory'
22 | 
23 |     owner = fields.Many2one('hr.employee', string="Asset Owner")
24 | 


--------------------------------------------------------------------------------
/grcbit_pci4/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT PCI4",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 | 
11 |     'depends': [
12 |         'base',
13 |         'grcbit_base',
14 |         'grcbit_risk_management',
15 |         'grcbit_compliance',
16 |     ],
17 | 
18 |     # always loaded
19 |     'data': [
20 |         'security/ir.model.access.csv',
21 |         'views/views.xml',
22 |     ],
23 |     
24 |     'installable': True,
25 | }
26 | 


--------------------------------------------------------------------------------
/grcbit_compliance/models/data_inventory_compliance.py:
--------------------------------------------------------------------------------
 1 | from odoo import models, fields, api
 2 | 
 3 | class DataInventoryComplianceVersion(models.Model):
 4 |     _name = 'data.inventory.compliance.version'
 5 |     _rec_name = 'compliance_version_id'
 6 |     
 7 |     data_inventory_id = fields.Many2one('data.inventory', string='Data Inventory')
 8 |     compliance_version_id = fields.Many2one('compliance.version', string='Compliance Version')
 9 |     description = fields.Text(string='Description')
10 | 
11 | class DataInventory(models.Model):
12 |     _inherit = 'data.inventory'
13 |     
14 |     data_inventory_compliance_version_ids = fields.One2many('data.inventory.compliance.version', 'data_inventory_id', string='Compliance Version', auto_join=True, track_visibility='onchange') 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/views/templates.xml:
--------------------------------------------------------------------------------
 1 | <odoo>
 2 |     <data>
 3 | <!--
 4 |         <template id="listing">
 5 |           <ul>
 6 |             <li t-foreach="objects" t-as="object">
 7 |               <a t-attf-href="#{ root }/objects/#{ object.id }">
 8 |                 <t t-esc="object.display_name"/>
 9 |               </a>
10 |             </li>
11 |           </ul>
12 |         </template>
13 |         <template id="object">
14 |           <h1><t t-esc="object.display_name"/></h1>
15 |           <dl>
16 |             <t t-foreach="object._fields" t-as="field">
17 |               <dt><t t-esc="field"/></dt>
18 |               <dd><t t-esc="object[field]"/></dd>
19 |             </t>
20 |           </dl>
21 |         </template>
22 | -->
23 |     </data>
24 | </odoo>


--------------------------------------------------------------------------------
/grcbit_setgroups/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': 'GRCBIT SET GROUPS',
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 | 
11 |     'depends': [
12 |         'base',
13 |     ],
14 |     'data': [
15 |         'security/ir.model.access.csv',
16 |         #'security/res_groups.xml',
17 |         'views/res_users_views.xml',
18 |         'wizard/set_groups_views.xml',
19 |     ],
20 | 
21 |     'auto_install': False,
22 |     'application': False,
23 | 
24 | }
25 | 


--------------------------------------------------------------------------------
/grcbit_cvss/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT CVSS",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 |     'depends': [
11 |         'grcbit_risk_management',
12 |         #'grcbit_vulnerability_management',
13 |     ],
14 | 
15 |     # always loaded
16 |     'data': [
17 |         'security/ir.model.access.csv',
18 |         'wizard/cvss_calculator_view.xml',
19 |         'views/risk_factor_views.xml',
20 |         'reports/report_risk_factor_inherit.xml',
21 |     ],
22 | }
23 | 


--------------------------------------------------------------------------------
/grcbit_cvss/reports/report_risk_factor_inherit.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <template id="cvss_report_risk_factor_custom" inherit_id="grcbit_risk_management.risk_factor_print_template">
 5 |       <xpath expr="//div[@name='main_table']" position="inside">
 6 |         <div class="row">
 7 |           <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>CVSS Score:</strong></div>
 8 |           <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.score"/></div>
 9 |           <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>CVSS Vector:</strong></div>
10 |           <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.vector"/></div>
11 |         </div>
12 |       </xpath>
13 |     </template>
14 |   </data>
15 | </odoo>


--------------------------------------------------------------------------------
/grcbit_iso27001/wizards/theme.py:
--------------------------------------------------------------------------------
 1 | import base64
 2 | 
 3 | from odoo import models, fields, api
 4 | from odoo.modules import get_module_resource
 5 | 
 6 | 
 7 | class ThemeInh(models.TransientModel):
 8 |     _inherit = 'theme.data'
 9 | 
10 |     def icon_change_theme_default(self):
11 |         res = super(ThemeInh,self).icon_change_theme_default()
12 |         menu_item = self.env['ir.ui.menu'].sudo().search([('parent_id', '=', False)])
13 |         for menu in menu_item:
14 |             temp = menu.name
15 |             if menu.name == 'Awareness Campaign':
16 |                 img_path = get_module_resource(
17 |                     'grcbit_iso27001', 'static', 'src', 'img'
18 |                     'email-marketing.png')
19 |                 menu.write({'web_icon_data': base64.b64encode(
20 |                     open(img_path, "rb").read())})
21 |         return res


--------------------------------------------------------------------------------
/grcbit_setgroups/wizard/set_groups_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.ui.view" id="set_groups_formview">
 5 |       <field name="name">Set Groups</field>
 6 |       <field name="model">set.groups.user</field>
 7 |       <field name="arch" type="xml">
 8 |         <form>
 9 |           <sheet>
10 |             <group>
11 |               <field name="user_id" readonly="1" force_save="1"/>
12 |             </group>
13 |             <notebook name="container_access">
14 |             </notebook>
15 |           </sheet>
16 |           <footer>
17 |             <button type="object" string="SAVE" class="btn btn-primary" name="assign_groups"/>
18 |             <button special="cancel" string="CANCEL"/>
19 |           </footer>
20 |         </form>
21 |       </field>
22 |     </record>
23 |   </data>
24 | </odoo>


--------------------------------------------------------------------------------
/grcbit_iso27001/data/control_type_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="control.type" id="preventive_control">
 5 |       <field name="name">#Preventive</field>
 6 |       <field name="description">The control that is intended to prevent the occurrence of an information security incident.</field>
 7 |     </record>
 8 |     <record model="control.type" id="detective_control">
 9 |       <field name="name">Detective controls</field>
10 |       <field name="description">The control acts when an information security incident occurs.</field>
11 |     </record>
12 |     <record model="control.type" id="corrective_control">
13 |       <field name="name">Corrective controls</field>
14 |       <field name="description">The control acts after an information security incident occurs.</field>
15 |     </record>
16 |   </data>
17 | </odoo>


--------------------------------------------------------------------------------
/grcbit_base/static/src/js/user_menu_items.js:
--------------------------------------------------------------------------------
 1 | /** @odoo-module **/
 2 | 
 3 | import { registry } from "@web/core/registry";
 4 | import { preferencesItem } from "@web/webclient/user_menu/user_menu_items";
 5 | import { documentationItem } from "@web/webclient/user_menu/user_menu_items";
 6 | 
 7 | export function hidePreferencesItem(env)  {
 8 |     return Object.assign(
 9 |         {},
10 |         preferencesItem(env),
11 |         {
12 |             type: "",
13 |             id: "",
14 |             description: env._t(""),
15 |             callback: async function () {},
16 |             sequence: 0,
17 |         }
18 |     );
19 | }
20 | 
21 | registry.category("user_menuitems").add('support', hidePreferencesItem, { force: true }).add("documentation", hidePreferencesItem, { force: true }).add("odoo_account", hidePreferencesItem, { force: true }).add("shortcuts", hidePreferencesItem, { force: true })


--------------------------------------------------------------------------------
/grcbit_base/static/src/xml/dashboard.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <templates id="template" xml:space="preserve">
 3 |   <t t-name="CustomDashBoard">
 4 |     <div class="oh_dashboards">
 5 |       <div class="container-fluid my-5 o_hr_dashboard"/>
 6 |     </div>
 7 |   </t>
 8 | 
 9 |   <t t-name="DashboardProject">
10 |     <div style="padding-bottom:30px" t-att-class="widget.cols +' col-4 block'" t-att-data-id="widget.id">
11 |       <div class="card">
12 |         <div class="card-body mt-3" id="in_ex_body_hide">
13 |           <div class="row">
14 |             <div class="col-md-12 chart_canvas">
15 |               <div id="chart_canvas">
16 |                 <canvas class="new_custom_chart" width="300" height="200"> </canvas>
17 |               </div>
18 |             </div>
19 |           </div>
20 |         </div>
21 |       </div>
22 |     </div>
23 |   </t>
24 | </templates>
25 | 


--------------------------------------------------------------------------------
/grcbit_threat_scenario/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT THREAT SCENARIO",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 |     'depends': [
11 |         'base',
12 |         'grcbit_base',
13 |         'grcbit_risk_management',
14 |     ],
15 | 
16 |     # always loaded
17 |     'data': [
18 |         #security
19 |         'security/ir.model.access.csv',
20 | 
21 |         #views
22 |         'views/views.xml',
23 |         'views/risk_management_views.xml',
24 |         'views/menuitems.xml',
25 |     ],
26 |     'installable': True,
27 |     'application': True,
28 | }
29 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/data/control_evaluation_criteria_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="control.evaluation.criteria" id="effective_evaluation_criteria">
 5 |       <field name="name">Effective</field>
 6 |       <field name="description">Effective</field>
 7 |       <field name="active">1</field>
 8 |     </record>
 9 |     <record model="control.evaluation.criteria" id="less_effective_evaluation_criteria">
10 |       <field name="name">Less effective</field>
11 |       <field name="description">Less effective</field>
12 |       <field name="active">1</field>
13 |     </record>
14 |     <record model="control.evaluation.criteria" id="ineffective_evaluation_criteria">
15 |       <field name="name">Ineffective</field>
16 |       <field name="description">Ineffective</field>
17 |       <field name="active">1</field>
18 |     </record>
19 |   </data>
20 | </odoo>


--------------------------------------------------------------------------------
/grcbit_cvss/views/risk_factor_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record id="cvss_calculator_risk_factor_inherit_form" model="ir.ui.view">
 5 |       <field name="name">cvss_calculator.risk_factor.inherit.form</field>
 6 |       <field name="model">risk.factor</field>
 7 |       <field name="inherit_id" ref="grcbit_risk_management.risk_factor_form" />
 8 |       <field name="arch" type="xml">
 9 |         <xpath expr="//header[@name='risk_factor_header']" position="inside">
10 | 		<button type="action" name="%(grcbit_cvss.cvss_calculator_action)d" class="btn btn-primary" string="CVSS Calculator" />
11 |         </xpath>
12 |         <xpath expr="//field[@name='residual_risk']" position="after">
13 |           <field name="score" readonly="1"/>
14 |           <field name="vector" readonly="1"/>
15 |         </xpath>
16 |       </field>
17 |     </record>
18 |   </data>
19 | </odoo>
20 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # grc4ciso enterprise
 2 | ./README.md
 3 | 
 4 | # Byte-compiled / optimized / DLL files
 5 | __pycache__/
 6 | *.py[cod]
 7 | 
 8 | # C extensions
 9 | *.so
10 | 
11 | # Distribution / packaging
12 | .Python
13 | env/
14 | bin/
15 | build/
16 | develop-eggs/
17 | dist/
18 | eggs/
19 | lib64/
20 | parts/
21 | sdist/
22 | var/
23 | *.egg-info/
24 | .installed.cfg
25 | *.egg
26 | 
27 | # Installer logs
28 | pip-log.txt
29 | pip-delete-this-directory.txt
30 | 
31 | # Unit test / coverage reports
32 | htmlcov/
33 | .tox/
34 | .coverage
35 | .cache
36 | nosetests.xml
37 | coverage.xml
38 | 
39 | # Translations
40 | *.mo
41 | 
42 | # Pycharm
43 | .idea
44 | *.pyc
45 | *.iml
46 | *orig
47 | *.py~
48 | 
49 | # Mr Developer
50 | .mr.developer.cfg
51 | .project
52 | .pydevproject
53 | 
54 | # Rope
55 | .ropeproject
56 | 
57 | # Sphinx documentation
58 | docs/_build/
59 | 
60 | # Backup files
61 | *~
62 | *.swp
63 | 
64 | # Mac files
65 | .DS_Store
66 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/static/src/css/iso_style.css:
--------------------------------------------------------------------------------
 1 | th.o_column_sortable[data-name="name"]{ 
 2 |     width:20% !important; 
 3 |     /* max-width:150px !important; */
 4 | } 
 5 | th.o_column_sortable[data-name="is_applicable"]{ 
 6 |     width:10% !important; 
 7 |     /* max-width:150px !important; */
 8 | } 
 9 | th.o_column_sortable[data-name="reason_selection"]{ 
10 |     width:30% !important; 
11 |     /* max-width:150px !important; */
12 | } 
13 | th.o_column_sortable[data-name="document_page_id"]{ 
14 |     width:15% !important; 
15 |     /* max-width:150px !important; */
16 | } 
17 | th.o_column_sortable[data-name="control_design_id"]{ 
18 |     width:15% !important; 
19 |     /* max-width:150px !important; */
20 | } 
21 | th.o_column_sortable[data-name="control_status"]{ 
22 |     width:10% !important; 
23 |     /* max-width:150px !important; */
24 | } 
25 | th.o_column_sortable[data-name="id_control_category"]{ 
26 |     width:50% !important; 
27 | } 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT VULNERABILITY MANAGEMENT",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 | 
11 |     # any module necessary for this one to work correctly
12 |     'depends': [
13 |         'base', 
14 |         'grcbit_base', 
15 |         #'grcbit_cvss'
16 |         ],
17 | 
18 |     # always loaded
19 |     'data': [
20 |         'security/ir.model.access.csv',
21 |         'views/views.xml',
22 |         'views/risk_management_views.xml',
23 |         'views/templates.xml',
24 |     ],
25 |     # only loaded in demonstration mode
26 |     'demo': [
27 |         'demo/demo.xml',
28 |     ],
29 | }
30 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/views/ir_sequence.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data noupdate="1">
 4 |     <record id="risk_id_sequence" model="ir.sequence">
 5 |       <field name="name">Risk ID sequence</field>
 6 |       <field name="code">risk.id.sequence</field>
 7 |       <field name="active">TRUE</field>
 8 |       <field name="prefix">RI-SGSI-</field>
 9 |       <field name="number_increment">1</field>
10 |       <field name="padding">3</field>
11 |       <field name="implementation">standard</field>
12 |     </record>
13 |     <record id="control_id_sequence" model="ir.sequence">
14 |       <field name="name">Control ID sequence</field>
15 |       <field name="code">control.id.sequence</field>
16 |       <field name="active">TRUE</field>
17 |       <field name="prefix">CO-SGSI-</field>
18 |       <field name="number_increment">1</field>
19 |       <field name="padding">3</field>
20 |       <field name="implementation">standard</field>
21 |     </record>
22 |   </data>
23 | </odoo>
24 | 


--------------------------------------------------------------------------------
/grcbit_setgroups/wizard/res_users.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | from odoo import api, fields, models, _
 3 | from odoo.exceptions import ValidationError
 4 | 
 5 | class ResUsersInh(models.Model):
 6 |     _inherit = 'res.users'
 7 | 
 8 |     def open_set_groups(self):
 9 |         user = self.env.user
10 |         admin_user = self.env.ref('base.user_admin')
11 | 
12 |         if self.id == admin_user.id and user.id != admin_user.id:
13 |             raise ValidationError(_("You cannot modify the administrator user."))
14 | 
15 |         if not user.has_group('grcbit_base.group_grc_admin'):
16 |             raise ValidationError(_("You do not have permission to update this user."))
17 | 
18 |         return {
19 |             'name': _('Set Groups'),
20 |             'view_type': 'form',
21 |             'view_mode': 'form',
22 |             'type': 'ir.actions.act_window',
23 |             'res_model' : 'set.groups.user',
24 |             'target': 'new',
25 |             'context': {'default_user_id': self.id},
26 |         }
27 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/data/probability_level_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="probability.level" id="low_probability_level">
 5 |       <field name="name">Low</field>
 6 |       <field name="description">The probability of occurrence is 1 or several times a year.</field>
 7 |       <field name="active">1</field>
 8 |       <field name="value">1</field>
 9 |     </record>
10 |     <record model="probability.level" id="medium_probability_level">
11 |       <field name="name">Medium</field>
12 |       <field name="description">The probability of occurrence is 1 or several times every 6 months.</field>
13 |       <field name="active">1</field>
14 |       <field name="value">2</field>
15 |     </record>
16 |     <record model="probability.level" id="high_probability_level">
17 |       <field name="name">High</field>
18 |       <field name="description">The probability of occurrence is once or several times a month.</field>
19 |       <field name="active">1</field>
20 |       <field name="value">3</field>
21 |     </record>
22 |   </data>
23 | </odoo>


--------------------------------------------------------------------------------
/grcbit_risk_management/data/risk_level_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="risk.level" id="low_risk_level">
 5 |       <field name="name">Low</field>
 6 |       <field name="description">The impact on the confidentiality, integrity and availability of information is low.</field>
 7 |       <field name="active">1</field>
 8 |       <field name="value">1</field>
 9 |     </record>
10 |     <record model="risk.level" id="medium_risk_level">
11 |       <field name="name">Medium</field>
12 |       <field name="description">The impact on the confidentiality, integrity and availability of information is medium.</field>
13 |       <field name="active">1</field>
14 |       <field name="value">2</field>
15 |     </record>
16 |     <record model="risk.level" id="high_risk_level">
17 |       <field name="name">High</field>
18 |       <field name="description">The impact on the confidentiality, integrity and availability of information is high.</field>
19 |       <field name="active">1</field>
20 |       <field name="value">3</field>
21 |     </record>
22 |   </data>
23 | </odoo>


--------------------------------------------------------------------------------
/grcbit_base/static/src/js/many2many_tags.js:
--------------------------------------------------------------------------------
 1 | /** @odoo-module **/
 2 | // author: Candidroot Solutions Pvt Ltd
 3 | import { registry } from "@web/core/registry";
 4 | import { Many2ManyTagsField } from "@web/views/fields/many2many_tags/many2many_tags_field";
 5 | const { onWillUpdateProps } = owl;
 6 |     export class TagsOpenMany2ManyTagsField extends Many2ManyTagsField {
 7 |         getTagProps(record) {
 8 |             const props = super.getTagProps(record);
 9 |             props.onClick = (ev) => this.onOpenClick(ev, record);
10 |             return props;
11 |         }
12 |         onOpenClick(ev, record) {
13 |             if(record.resModel && record.data.id){
14 |                 this.env.model.actionService.doAction({
15 |                     type: "ir.actions.act_window",
16 |                     res_model: record.resModel,
17 |                     res_id: record.data.id,
18 |                     views: [[false, "form"]],
19 |                     view_mode: "form",
20 |                 });
21 |             }
22 |         }
23 |     }
24 | registry.category("fields").add("many2many_tags_open", TagsOpenMany2ManyTagsField);
25 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/data/impact_level_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="impact.level" id="low_impact_level">
 5 |       <field name="name">Low</field>
 6 |       <field name="description">The impact on the confidentiality, availability and integrity of the information is low.</field>
 7 |       <field name="value">1</field>
 8 |       <field name="active">1</field>
 9 |     </record>
10 |     <record model="impact.level" id="medium_impact_level">
11 |       <field name="name">Medium</field>
12 |       <field name="description">The impact on the confidentiality, availability and integrity of the information is medium.</field>
13 |       <field name="value">2</field>
14 |       <field name="active">1</field>
15 |     </record>
16 |     <record model="impact.level" id="high_impact_level">
17 |       <field name="name">High</field>
18 |       <field name="description">The impact on the confidentiality, availability and integrity of the information is high.</field>
19 |       <field name="value">3</field>
20 |       <field name="active">1</field>
21 |     </record>
22 |   </data>
23 | </odoo>


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/controllers/controllers.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | # from odoo import http
 3 | 
 4 | 
 5 | # class GrcbitVulnerabilityManagement(http.Controller):
 6 | #     @http.route('/grcbit_vulnerability_management/grcbit_vulnerability_management', auth='public')
 7 | #     def index(self, **kw):
 8 | #         return "Hello, world"
 9 | 
10 | #     @http.route('/grcbit_vulnerability_management/grcbit_vulnerability_management/objects', auth='public')
11 | #     def list(self, **kw):
12 | #         return http.request.render('grcbit_vulnerability_management.listing', {
13 | #             'root': '/grcbit_vulnerability_management/grcbit_vulnerability_management',
14 | #             'objects': http.request.env['grcbit_vulnerability_management.grcbit_vulnerability_management'].search([]),
15 | #         })
16 | 
17 | #     @http.route('/grcbit_vulnerability_management/grcbit_vulnerability_management/objects/<model("grcbit_vulnerability_management.grcbit_vulnerability_management"):obj>', auth='public')
18 | #     def object(self, obj, **kw):
19 | #         return http.request.render('grcbit_vulnerability_management.object', {
20 | #             'object': obj
21 | #         })
22 | 


--------------------------------------------------------------------------------
/grcbit_compliance/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT COMPLIANCE",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 |     'depends': [
11 |         'grcbit_base',
12 |         'grcbit_iso27001',
13 |     ],
14 | 
15 |     # always loaded
16 |     'data': [
17 |         #security
18 |         'security/ir.model.access.csv',
19 | 
20 |         #data
21 |         # 'data/compliance.version.csv',
22 |         # 'data/compliance.control.objective.csv',
23 |         # 'data/compliance.control.csv',
24 | 
25 |         #reports
26 |         'reports/report_compliance.xml',
27 | 
28 |         #views
29 |         'views/compliance_views.xml',
30 |         'views/data_inventory_views.xml',
31 |     ],
32 |     'assets': {
33 |         'web.assets_common': [
34 |             'grcbit_compliance/static/src/css/compliance_style.css',
35 |             
36 |         ],
37 |     }
38 |     
39 | }
40 | 


--------------------------------------------------------------------------------
/grcbit_base/views/dashboard_view.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.ui.view" id="main_dashboard">
 5 |       <field name="name">Information Security Management System</field>
 6 |       <field name="model">board.board</field>
 7 |       <field name="type">form</field>
 8 |       <field name="arch" type="xml">
 9 |         <form string="Information Security Management System">
10 |           <board style="1-1-1">
11 |             <column><action string="Data Classification" name="%(data_classification_dash)d"/></column>
12 |             <column><action string="IT System" name="%(it_inventory_dash)d"/></column>
13 |             <column><action string="Third-Party" name="%(third_party_dash)d"/></column>
14 |       	  </board>
15 |         </form>
16 |       </field>
17 |     </record>
18 | 
19 |     <record id="grcbit_dashboard_action" model="ir.actions.act_window">
20 |       <field name="name">GRC Dashboard</field>
21 |       <field name="res_model">board.board</field>
22 |       <field name="view_mode">form</field>
23 |       <field name="usage">menu</field>
24 |       <field name="view_id" ref="main_dashboard" />
25 |     </record>
26 | 
27 |   </data>
28 | </odoo>


--------------------------------------------------------------------------------
/grcbit_iso27001/data/control_category_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="control.category" id="organizational_control">
 5 |       <field name="name">Organizational controls</field>
 6 |       <field name="description">Otherwise they are categorized as organizational.</field>
 7 |       <field name="id_control_category">5</field>
 8 |       
 9 |     </record>
10 |     <record model="control.category" id="personal_control">
11 |       <field name="name">Personal controls</field>
12 |       <field name="description">Personal knowledge.</field>
13 |       <field name="id_control_category">6</field>
14 |     </record>
15 |     <record model="control.category" id="physical_control">
16 |       <field name="name">Physical controls</field>
17 |       <field name="description">They refer to physical objects.</field>
18 |       <field name="id_control_category">7</field>
19 |     </record>
20 |     <record model="control.category" id="technological_control">
21 |       <field name="name">Technological controls</field>
22 |       <field name="description">Concern about technology.</field>
23 |       <field name="id_control_category">8</field>
24 |     </record>
25 |   </data>
26 | </odoo>


--------------------------------------------------------------------------------
/grcbit_base/wizards/set_groups_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.ui.view" id="grcbit_base_set_groups_formview_inh">
 5 |       <field name="name">Set Groups</field>
 6 |       <field name="model">set.groups.user</field>
 7 |       <field name="inherit_id" ref="grcbit_setgroups.set_groups_formview"/>
 8 |       <field name="arch" type="xml">
 9 |         <xpath expr="//notebook[@name='container_access']" position="inside">
10 |           <page name="grc_groups" string="GRC" groups="grcbit_base.group_grc_admin">
11 |             <group>
12 |               <group>
13 |                 <field name="grc_admin_check"/>
14 |                 <field name="grc_consultant_check"/>
15 |                 <field name="asset_management_check"/>
16 |                 <field name="risk_management_check"/>
17 |               </group>
18 |               <group>
19 |                 <field name="control_check"/>
20 |                 <field name="isms_check"/>
21 |                 <field name="compliance_check"/>
22 |                 <field name="guest_check"/>
23 |               </group>
24 |             </group>
25 |           </page>
26 |         </xpath>
27 |       </field>
28 |     </record>
29 |   </data>
30 | </odoo>
31 | 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/demo/demo.xml:
--------------------------------------------------------------------------------
 1 | <odoo>
 2 |     <data>
 3 | <!--
 4 |           <record id="object0" model="grcbit_vulnerability_management.grcbit_vulnerability_management">
 5 |             <field name="name">Object 0</field>
 6 |             <field name="value">0</field>
 7 |           </record>
 8 | 
 9 |           <record id="object1" model="grcbit_vulnerability_management.grcbit_vulnerability_management">
10 |             <field name="name">Object 1</field>
11 |             <field name="value">10</field>
12 |           </record>
13 | 
14 |           <record id="object2" model="grcbit_vulnerability_management.grcbit_vulnerability_management">
15 |             <field name="name">Object 2</field>
16 |             <field name="value">20</field>
17 |           </record>
18 | 
19 |           <record id="object3" model="grcbit_vulnerability_management.grcbit_vulnerability_management">
20 |             <field name="name">Object 3</field>
21 |             <field name="value">30</field>
22 |           </record>
23 | 
24 |           <record id="object4" model="grcbit_vulnerability_management.grcbit_vulnerability_management">
25 |             <field name="name">Object 4</field>
26 |             <field name="value">40</field>
27 |           </record>
28 | -->
29 |     </data>
30 | </odoo>


--------------------------------------------------------------------------------
/grcbit_risk_management/wizards/set_groups_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.ui.view" id="control_set_groups_formview_inh">
 5 |       <field name="name">Set Groups</field>
 6 |       <field name="model">set.groups.user</field>
 7 |       <field name="inherit_id" ref="grcbit_setgroups.set_groups_formview"/>
 8 |       <field name="arch" type="xml">
 9 |         <xpath expr="//notebook[@name='container_access']" position="inside">
10 |           <page name="control_groups" string="Control" groups="grcbit_base.group_grc_admin">
11 |             <group>
12 |               <group>
13 |                 <field name="control_draft"/>
14 |                 <field name="control_design"/>
15 |                 <field name="control_implementation"/>
16 |               </group>
17 |               <group>
18 |                 <field name="control_approval"/>
19 |                 <field name="control_reject"/>
20 |                 <field name="control_setdraft"/>
21 |                 <!-- <field name="control_design_evaluation"/>
22 |                 <field name="control_effectiveness_evaluation"/> -->
23 |               </group>
24 |             </group>
25 |           </page>
26 |         </xpath>
27 |       </field>
28 |     </record>
29 |   </data>
30 | </odoo>
31 | 


--------------------------------------------------------------------------------
/grcbit_base/static/src/js/many2many.js:
--------------------------------------------------------------------------------
 1 | odoo.define('grcbit.many2many', function (require) {
 2 | "use strict";
 3 | 
 4 | var core = require('web.core');
 5 | var dialogs = require('web.view_dialogs');
 6 | var registry = require('web.field_registry');
 7 | var rel_fields = require('web.relational_fields');
 8 | var _t = core._t;
 9 | 
10 | var FieldMany2ManyTagLinks = rel_fields.FieldMany2ManyTags.extend({
11 | get_badge_id: function (el) {
12 | if ($(el).hasClass('badge')) return $(el).data('id');
13 | return $(el).closest('.badge').data('id');
14 | },
15 | events: _.extend({}, rel_fields.FieldMany2ManyTags.prototype.events, {
16 | 'click .badge': function (e) {
17 | e.stopPropagation();
18 | var self = this;
19 | var record_id = this.get_badge_id(e.target);
20 | new dialogs.FormViewDialog(self, {
21 | res_model: self.field.relation,
22 | res_id: record_id,
23 | context: self.record.getContext(),
24 | title: _t('Open: ') + self.field.string,
25 | readonly: !self.attrs.can_write,
26 | }).on('write_completed', self, function () {
27 | self.dataset.cache[record_id].from_read = {};
28 | self.dataset.evict_record(record_id);
29 | self.render_value();
30 | }).open();
31 | }
32 | })
33 | });
34 | registry.add('many2many_taglinks', FieldMany2ManyTagLinks);
35 | 
36 | return {
37 | FieldMany2ManyTagLinks: FieldMany2ManyTagLinks
38 | };
39 | 
40 | });
41 | 


--------------------------------------------------------------------------------
/grcbit_threat_scenario/models/risk_management.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | from odoo import fields, models
 4 | 
 5 | class RiskFactorThreats(models.Model):
 6 |     _inherit = 'risk.factor'
 7 | 
 8 |     taxonomy_threat_ids = fields.Many2one('taxonomy.threat.resource', string="Taxonomy Threat Sources", help="Threat sources that can be considered by organizations in identifying assumptions for risk assessments")
 9 |     adversary_cap_ids = fields.Many2one('characteristics.adversary.capability', string="Characteristics Adversary Capability")
10 |     adversary_intent_ids = fields.Many2one('characteristics.adversary.intent', string="Characteristics Adversary Intent")
11 |     adversary_target_ids = fields.Many2one('characteristics.adversary.targeting', string="Characteristics Adversary Targeting")
12 |     range_effect_ids = fields.Many2one('range.effect.non.adversarial', string="Range Effect non Adversarial")
13 |     adversial_theat_ids = fields.Many2one('adversarial.threat.events', string="Adversarial Threat Events")
14 |     non_adversarial_ids = fields.Many2one('non.adversarial.threat.events', string="Non Adversarial Threat Events")
15 |     relevenace_event_ids = fields.Many2one('relevance.threat.events', string="Relevance Threat Events")
16 |     threat_source_type = fields.Selection([('adversarial','Adversarial'),('non_adversarial','Non-Adversarial')])
17 | 


--------------------------------------------------------------------------------
/grcbit_setgroups/views/res_users_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record id="manage_users_action" model="ir.actions.act_window">
 5 |       <field name="name">Manage Users</field>
 6 |       <field name="res_model">res.users</field>
 7 |       <field name="view_mode">tree,form</field>
 8 |       <field name="view_ids"
 9 |         eval="[(5, 0, 0),
10 |               (0, 0, {'view_mode': 'tree', 'view_id': ref('base.view_users_tree')}),
11 |               (0, 0, {'view_mode': 'form', 'view_id': ref('base.view_users_form')})]"/>
12 |     </record>
13 |     
14 |     <record id="res_users_set_groups_formview_inh" model="ir.ui.view">
15 |       <field name="name">res.users.set.groups.formview.inherit</field>
16 |       <field name="model">res.users</field>
17 |       <field name="inherit_id" ref="base.view_users_form"/>
18 |       <field name="arch" type="xml">
19 |         <xpath expr="//header" position="inside">
20 |           <button name="open_set_groups" string="Set Groups" class="btn btn-primary" type="object" groups="base.group_system, grcbit_base.group_grc_admin" />
21 |         </xpath>
22 |         <xpath expr="//page[@name='access_rights']" position="attributes">
23 |           <attribute name="groups">base.group_system</attribute>
24 |         </xpath>
25 |       </field>
26 |     </record>
27 |   </data>
28 | </odoo>
29 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/data/risk_classification_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="risk.classification" id="operational_risk_classification">
 5 |       <field name="name">Operational</field>
 6 |       <field name="description">Operational risk is the risk of loss as a result of ineffective or failed internal processes, people, systems, or external events which can disrupt the flow of business operations.</field>
 7 |       <field name="active">1</field>
 8 |     </record>
 9 |     <record model="risk.classification" id="technology_risk_classification">
10 |       <field name="name">Technology</field>
11 |       <field name="description">Technology risk is any potential for technology failures to disrupt your business such as information security incidents or service outages.</field>
12 |       <field name="active">1</field>
13 |     </record>
14 |     <record model="risk.classification" id="financial_risk_classification">
15 |       <field name="name">Financial</field>
16 |       <field name="description">Financial risk refers to the likelihood of losing money on a business or investment decision. Risks associated with finances can result in capital losses for individuals and businesses. There are several financial risks, such as credit, liquidity, and operational risks.</field>
17 |       <field name="active">1</field>
18 |     </record>
19 |   </data>
20 | </odoo>


--------------------------------------------------------------------------------
/grcbit_base/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT BASE",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 |     'depends': [
11 |         'base',
12 |         'board',
13 |         'mail',
14 |         'grcbit_setgroups',
15 |         #'grcbit_compliance',
16 |     ],
17 | 
18 |     # always loaded
19 |     'data': [
20 |         'security/res_groups.xml',
21 |         'security/ir.model.access.csv',
22 |         'views/asset_management_views.xml',
23 |         'views/dashboard_view.xml',
24 |         'views/menuitems.xml',
25 |         'views/settings_views.xml',
26 |         #'reports/report_data_asset.xml',
27 |         #'reports/report_it_inventory.xml',
28 |         'wizards/set_groups_views.xml',
29 |     ],
30 |     'assets':{
31 |         'web.assets_backend':[
32 |             'grcbit_base/static/src/js/user_menu_items.js',
33 |             #'grcbit_base/static/src/js/dashboard.js',
34 |             'grcbit_base/static/src/js/many2many_tags.js',
35 |             #'grcbit_base/static/src/xml/dashboard.xml',
36 |         ]
37 |     },
38 |     'installable': True,
39 |     'application': True,
40 | }
41 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/data/security_property_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="security.domain" id="confidentiality_property">
 5 |       <field name="name">#Confidentiality</field>
 6 |       <field name="description">
 7 |         Information security properties are an attribute for viewing controls from the perspective of what information characteristic will help preserve the control.
 8 |         Confidentiality ensures that data is only accessed by authorized users.
 9 |       </field>
10 |     </record>
11 |     <record model="security.domain" id="integrity_property">
12 |       <field name="name">#Integrity</field>
13 |       <field name="description">
14 |         Information security properties are an attribute for viewing controls from the perspective of what information characteristic will help preserve the control.
15 |         Confidentiality ensures that data is only accessed by authorized users.
16 |       </field>
17 |     </record>
18 |     <record model="security.domain" id="availability_property">
19 |       <field name="name">#Availability</field>
20 |       <field name="description">
21 |         Information security properties are an attribute for viewing controls from the perspective of what information characteristic will help preserve the control.
22 |         Confidentiality ensures that data is only accessed by authorized users.
23 |       </field>
24 |     </record>
25 |   </data>
26 | </odoo>
27 | 
28 | 


--------------------------------------------------------------------------------
/grcbit_compliance/views/data_inventory_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |     <data>
 4 |         <record model="ir.ui.view" id="grcbit_compliance_data_inventory_form_inherit">
 5 |             <field name="name">Data Inventory Form Inherit</field>
 6 |             <field name="model">data.inventory</field>
 7 |             <field name="inherit_id" ref="grcbit_base.data_inventory_form"/>
 8 |             <field name="arch" type="xml">
 9 |                 <xpath expr="//notebook" position="inside">
10 |                     <page name="compliance_version" string="Compliance">
11 |                         <field name="data_inventory_compliance_version_ids" string="Compliance">
12 |                             <tree editable="bottom">
13 |                                 <field name="compliance_version_id" options="{'no_quick_create': True, 'no_create_edit' : True, 'no_create':True}"/>
14 |                                 <field name="description" />
15 |                             </tree>
16 |                             <form>
17 |                                 <field name="compliance_version_id" options="{'no_quick_create': True, 'no_create_edit' : True, 'no_create':True}"/>
18 |                                 <field name="description" string="Description" />
19 |                             </form>
20 |                         </field>
21 |                     </page>
22 |                 </xpath>
23 |             </field>
24 |         </record>
25 |     </data>
26 | </odoo> 


--------------------------------------------------------------------------------
/grcbit_iso27001/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT ISO27001",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 |     'depends': [
11 |         #'web',
12 |         #'project',
13 |         #'mass_mailing',
14 |         'grcbit_base',
15 |         'grcbit_risk_management',
16 |     ],
17 | 
18 |     # always loaded
19 |     'data': [
20 |         #security
21 |         #'security/res_groups.xml',
22 |         'security/ir.model.access.csv',
23 | 
24 |         #data
25 |         # 'data/control_type_data.xml',
26 |         # 'data/control_category_data.xml',
27 |         # 'data/cybersecurity_concept_data.xml',
28 |         # 'data/operational_capability_data.xml',
29 |         # 'data/security_domain_data.xml',
30 |         # 'data/security_property_data.xml',
31 |         # 'data/iso.control.csv',
32 |         
33 |         #views
34 |         'views/iso_views.xml',
35 |         'views/grcbit_base_views.xml',
36 | 
37 |         #reports
38 |         'reports/report_statement_applicability.xml',
39 |         'reports/summary_report_statement_applicability.xml',
40 |     ],
41 |     'assets': {
42 |         'web.assets_common': [
43 |             'grcbit_iso27001/static/src/css/iso_style.css',
44 |             
45 |         ],
46 |     }
47 |  
48 | }
49 | 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/models/risk_management.py:
--------------------------------------------------------------------------------
 1 | from odoo import models, fields
 2 | 
 3 | class RiskFactorVulnerability(models.Model):
 4 |     _inherit = 'risk.factor'
 5 |     common_vulnerability_exposure_ids = fields.One2many('risk.factor.vulnerability.management', 'risk_factor_id', string='Risk Factor', auto_join=True)
 6 | 
 7 | class RiskFactorVulnerabilityManagement(models.Model):
 8 |     _name = 'risk.factor.vulnerability.management'
 9 |     _description = 'Risk Factor Vulnerability Management'
10 |     _rec_name = 'risk_factor_id'
11 | 
12 |     risk_factor_id = fields.Many2one('risk.factor', string='Risk Factor')
13 |     cve_id = fields.Many2one('common.vulnerability.exposure', string='CVE')
14 |     #vulnerability_id = fields.Char(string='Vulnerability ID')
15 |     vulnerability_name = fields.Char(string='Vulnerability Name')
16 |     detection_date = fields.Date(string='Detection Date', default=fields.Date.today)
17 |     detection_source = fields.Selection([('pentest','Pentest'),('scanning','Scanning'),('internal_audit','Internal Audit'),('user_report','User Report')])
18 |     description  = fields.Html(string='Description')
19 |     cvss_score_3 = fields.Float(string="CVSS-3 Score", digits=(1,1))
20 |     cvss_string_3 = fields.Char(string="CVSS-3 Vector")
21 |     vulnerability_status = fields.Selection([('new','New/Identified'),('under_review','Under Review'),('confirmed','Confirmed'),('risk_assessed','Risk Assessed'), ('in_progress','Mitigation in Progress'), ('patch_available','Patch Available'), ('remediated','Remediated'), ('closed','Closed'), ('reopened','Reopened')])
22 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/__manifest__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | {
 3 |     'name': "GRCBIT RISK MANAGEMENT",
 4 |     'summary': "grc4ciso: GRC + XDR + ZT + GPT",
 5 |     'description': "grc4ciso integrates GRC, XDR, Zero Trust and GPT cybersecurity capabilities into a unified Software-as-a-Service (SaaS) platform",
 6 |     'author':"grc4ciso",
 7 |     'website': "https://grc4ciso.com/",
 8 |     'category': 'grc4ciso',
 9 |     'version': '16.0',
10 |     'depends': [
11 |         'base',
12 |         'hr',
13 |         'grcbit_base',
14 |     ],
15 | 
16 |     # always loaded
17 |     'data': [
18 |         #security
19 |         'security/res_groups.xml',
20 |         'security/ir.model.access.csv',
21 | 
22 |         #data
23 |         # 'data/impact_level_data.xml',
24 |         # 'data/probability_level_data.xml',
25 |         # 'data/risk_classification_data.xml',
26 |         # 'data/risk_level_data.xml',
27 |         # 'data/inherent_risk_level_data.xml',
28 |         # 'data/control_evaluation_criteria_data.xml',
29 |         # 'data/residual_risk_level_data.xml',
30 | 
31 |         #views
32 |         'views/risk_management_views.xml',
33 |         'views/controls_views.xml',
34 |         'views/company_product_service_views.xml',
35 |         'views/menuitems.xml',
36 |         'views/ir_sequence.xml',
37 | 
38 |         #wizards
39 |         'wizards/set_groups_views.xml',
40 | 
41 |         #reports
42 |         'reports/report_risk_factor.xml',
43 |     ],
44 |     'assets': {
45 |         'web.assets_common': [
46 |             'grcbit_risk_management/static/src/css/control_style.css',            
47 |         ],
48 |     }
49 |     
50 | }
51 | 


--------------------------------------------------------------------------------
/grcbit_base/static/src/js/many2many_open.js:
--------------------------------------------------------------------------------
 1 | odoo.define('grcbit.many2many_widget', function (require) {
 2 |   "use strict";
 3 | 
 4 |   var core = require('web.core');
 5 |   var dialogs = require('web.view_dialogs');
 6 |   var registry = require('web.field_registry');
 7 |   var rel_fields = require('web.relational_fields');
 8 |   var _t = core._t;
 9 | 
10 |   var FieldMany2ManyTagLinks = rel_fields.FieldMany2ManyTags.extend({
11 |       get_badge_id: function (el) {
12 |           if ($(el).hasClass('badge')) return $(el).data('id');
13 |           return $(el).closest('.badge').data('id');
14 |       },
15 |       events: _.extend({}, rel_fields.FieldMany2ManyTags.prototype.events, {
16 |           'click .badge': function (e) {
17 |               e.stopPropagation();
18 |               var self = this;
19 |               var record_id = this.get_badge_id(e.target);
20 |               new dialogs.FormViewDialog(self, {
21 |                   res_model: self.field.relation,
22 |                   res_id: record_id,
23 |                   context: self.record.getContext(),
24 |                   title: _t('Open: ') + self.field.string,
25 |                   readonly: !self.attrs.can_write,
26 |               }).on('write_completed', self, function () {
27 |                   self.dataset.cache[record_id].from_read = {};
28 |                   self.dataset.evict_record(record_id);
29 |                   self.render_value();
30 |               }).open();
31 |           }
32 |       })
33 |   });
34 |   registry.add('many2many_tags_links', FieldMany2ManyTagLinks);
35 | 
36 |   return {
37 |       FieldMany2ManyTagLinks: FieldMany2ManyTagLinks
38 |   };
39 | 
40 | });
41 | 


--------------------------------------------------------------------------------
/grcbit_base/views/menuitems.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <menuitem name="GRC" id="menu_root" sequence="1" />
 5 |     <!-- ASSET MANAGEMET MENU -->
 6 |     <menuitem name="Asset Management" id="menu_asset_management" parent="menu_root"  sequence="2" />
 7 |     <menuitem name="Data Classification" id="menu_data_classification" parent="menu_asset_management" action="data_classification_action" sequence="3"/>
 8 |     <menuitem name="IT System" id="menu_it_inventory" parent="menu_asset_management" action="it_inventory_action" sequence="2" />
 9 |     <menuitem name="Data Asset" id="menu_data_inventory" parent="menu_asset_management" action="data_inventory_action" sequence="1" />
10 |     <menuitem name="Supplier" id="menu_third_party" parent="menu_asset_management" action="third_party_action" sequence="4"/>
11 | 
12 |     <!-- RES USERS -->
13 |     <menuitem name="Settings" id="menu_settings" parent="menu_root"  sequence="99" groups="grcbit_base.group_grc_admin"/>
14 |     <menuitem name="Users" id="menu_users" parent="menu_settings" action="grcbit_setgroups.manage_users_action" groups="grcbit_base.group_grc_admin"/>
15 | 
16 |     <!--MENUITEMS HIDDEN-->
17 | 
18 |     <record model="ir.ui.menu" id="base.menu_board_root">
19 |       <field name="groups_id" eval="[(6,0,[ref('base.group_system'), ref('base.group_erp_manager')])]"/>
20 |     </record>	
21 | 
22 |     <record model="ir.ui.menu" id="spreadsheet_dashboard.spreadsheet_dashboard_menu_root">
23 |       <field name="groups_id" eval="[(6,0,[ref('base.group_system'), ref('base.group_erp_manager')])]"/>
24 |     </record>
25 | 
26 |     <record model="ir.ui.menu" id="base.menu_management">
27 |       <field name="groups_id" eval="[(6,0,[ref('base.group_system'), ref('base.group_erp_manager')])]"/>
28 |     </record>	
29 |   </data>
30 | </odoo>


--------------------------------------------------------------------------------
/grcbit_cvss/wizard/cvss_calculator_view.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.ui.view" id="cvss_calculator_form">
 5 |       <field name="name">CVSS Calculator</field>
 6 |       <field name="model">cvss.calculator</field>
 7 |       <field name="arch" type="xml">
 8 |         <form>
 9 |           <group>
10 |             <group>
11 |               <field name="attack_vector" widget="radio"/>
12 |               <field name="attack_complexity" widget="radio"/>
13 |               <field name="privileges_required" widget="radio"/>
14 |               <field name="user_interaction" widget="radio"/>
15 |             </group>
16 |             <group>
17 |               <field name="scope" widget="radio"/>
18 |               <field name="confidentiality" widget="radio"/>
19 |               <field name="integrity" widget="radio"/>
20 |               <field name="availability" widget="radio"/>
21 |             </group>
22 |           </group>
23 |           <group>
24 |             <field name="risk_factor_id" invisible="1"/>
25 |             <field name="score" readonly="1"/>
26 |             <field name="vector" readonly="1"/>
27 |           </group>
28 |           <footer>
29 |             <button name="accept_done" type="object" string="SAVE" class="btn btn-primary"/>
30 |             <button special="cancel" type="object" string="DISCARD"/>
31 |           </footer>
32 |         </form>
33 |       </field>
34 |     </record>
35 | 
36 |     <record id="cvss_calculator_action" model="ir.actions.act_window">
37 | 	    <field name="name">CVSS Calculator</field>
38 | 	    <field name="res_model">cvss.calculator</field>
39 | 	    <field name="view_mode">form</field>
40 |       <!-- <field name="context">{default_risk_factor: id}</field> -->
41 |       <field name="target">new</field>
42 |     </record>
43 | 
44 |   </data>
45 | </odoo>
46 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/security/res_groups.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.module.category" id="module_grcbit_risk_control">
 5 |       <field name="name">Control</field>
 6 |       <field name="sequence">20</field>
 7 |       <field name="visible" eval="1"/>
 8 |     </record>
 9 |     
10 |     <record id="group_control_draft" model="res.groups">
11 | 	<field name="name">Draft</field>
12 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
13 |     </record>
14 | 
15 |     <record id="group_control_design" model="res.groups">
16 | 	<field name="name">Design</field>
17 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
18 |     </record>
19 | 
20 |     <record id="group_control_implementation" model="res.groups">
21 | 	<field name="name">Assess</field>
22 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
23 |     </record>
24 | 
25 |     <record id="group_control_approval" model="res.groups">
26 | 	<field name="name">Implement</field>
27 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
28 |     </record>
29 | 
30 |     <record id="group_control_reject" model="res.groups">
31 |  	<field name="name">Reject</field>
32 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
33 |     </record>
34 | 
35 |     <record id="group_control_setdraft" model="res.groups">
36 | 	<field name="name">Set to draft</field>
37 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
38 |     </record>
39 | 
40 |     <record id="group_control_design_evaluation" model="res.groups">
41 | 	<field name="name">Design Evaluation</field>
42 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
43 |     </record>
44 | 
45 |     <record id="group_control_effectiveness_evaluation" model="res.groups">
46 | 	<field name="name">Effectiveness Evaluation</field>
47 | 	<field name="category_id" ref="module_grcbit_risk_control"/>
48 |     </record>
49 | 
50 |   </data>
51 | </odoo>
52 | 


--------------------------------------------------------------------------------
/grcbit_base/static/src/js/many2one.js:
--------------------------------------------------------------------------------
 1 | odoo.define('grcbit.many2one', function (require) {
 2 | "use strict";
 3 | 
 4 |     var relational_fields = require('web.relational_fields');
 5 |     var core = require('web.core');
 6 | 
 7 |     var _t = core._t;
 8 |     var _lt = core._lt;
 9 |     var qweb = core.qweb;
10 | 
11 | 
12 |     relational_fields.FieldMany2One.include({
13 |         _renderReadonly: function () {
14 |             var escapedValue = _.escape((this.m2o_value || "").trim());
15 |             var value = escapedValue.split('\n').map(function (line) {
16 |                 return '<span>' + line + '</span>';
17 |             }).join('<br/>');
18 |             this.$el.html(value);
19 |             if (!this.noOpen && this.value) {
20 |                 var queryString = window.location.hash.substring(1);
21 |                 var urlParams = new URLSearchParams(queryString);
22 |                 var menuId = urlParams.get('menu_id') || '';
23 | 
24 |                 this.$el.attr('href', _.str.sprintf('#id=%s&model=%s&menu_id=%s', this.value.res_id, this.field.relation, menuId));
25 |                 this.$el.addClass('o_form_uri');
26 |             }
27 |         },
28 | 
29 |         _renderEdit: function () {
30 |             this._super.apply(this, arguments);
31 | 
32 |             if (!this.noOpen && this.value) {
33 |                 var queryString = window.location.hash.substring(1);
34 |                 var urlParams = new URLSearchParams(queryString);
35 |                 var menuId = urlParams.get('menu_id') || '';
36 | 
37 |                 this.$el.find('.o_external_button').attr('href', _.str.sprintf('#id=%s&model=%s&menu_id=%s', this.value.res_id, this.field.relation, menuId));
38 |                 
39 |             }
40 |         },
41 | 
42 |         _onExternalButtonClick: function (ev) {
43 |             ev.preventDefault();
44 |             ev.stopPropagation();
45 | 
46 |             this._super.apply(this, arguments);
47 |         }
48 |     });
49 | 
50 | });
51 | 
52 | 
53 | 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/views/risk_management_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.ui.view" id="cve_formview_inh">
 5 |       <field name="name">cve.formview.inh</field>
 6 |       <field name="model">risk.factor</field>
 7 |       <field name="inherit_id" ref="grcbit_risk_management.risk_factor_form"/>
 8 |       <field name="arch" type="xml">
 9 | 	      <xpath expr="//sheet/notebook" position="inside">
10 |           <separator/>
11 |             <page name="cve" string="CVE">  
12 | 	      <field name='common_vulnerability_exposure_ids'>
13 | 	      <tree >
14 |                 <button type="action" name="%(grcbit_cvss.cvss_calculator_action)d" class="btn-primary" string="CVSS Calculator"/>
15 | 	        <field name="cve_id" options="{'no_quick_create': True, 'no_create_edit' : True, 'no_create':True}"/> 
16 | 	        <field name="vulnerability_name" /> 
17 | 	        <field name="detection_date" /> 
18 | 	        <field name="detection_source" /> 
19 | 	        <field name="cvss_score_3" /> 
20 | 	        <field name="cvss_string_3" /> 
21 |               </tree>
22 | 	      <form >
23 | 		      <!--
24 |                 <button type="action" name="%(grcbit_cvss.cvss_calculator_action)d" class="btn-primary" string="CVSS Calculator"/>
25 | 		      -->
26 | 		      <group>
27 | 	        <field name="cve_id" options="{'no_quick_create': True, 'no_create_edit' : True, 'no_create':True}"/> 
28 | 		<field name="vulnerability_status" />
29 | 	</group>
30 | 		      <group>
31 | 	        <field name="vulnerability_name" /> 
32 | 	        <field name="detection_date" /> 
33 | 	        <field name="detection_source" /> 
34 | 	</group>
35 | 		      <group>
36 | 	        <field name="description" /> 
37 | 	        <field name="cvss_score_3" /> 
38 | 	        <field name="cvss_string_3" /> 
39 | 	</group>
40 |               </form>
41 | 	    </field>
42 |           </page>
43 |         </xpath>
44 |       </field>
45 |     </record>
46 |   </data>
47 | </odoo>
48 | 


--------------------------------------------------------------------------------
/grcbit_base/security/res_groups.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |   <record model="ir.module.category" id="module_grcbit_base">
 5 |       <field name="name">GRC</field>
 6 |       <field name="description">GRC Module Base</field>
 7 |       <field name="sequence">30</field>
 8 |       <field name="visible" eval="1"/>
 9 |     </record>
10 |     
11 | 		<record id="group_grc_consultant" model="res.groups">
12 | 			<field name="name">GRC Consultant</field>
13 | 			<field name="category_id" ref="module_grcbit_base"/>
14 | 		</record>
15 | 		<record id="group_asset_management" model="res.groups">
16 | 			<field name="name">Asset Management</field>
17 | 			<field name="category_id" ref="module_grcbit_base"/>
18 | 		</record>
19 |                 <record id="group_risk_management" model="res.groups">
20 | 			<field name="name">Risk Management</field>
21 | 			<field name="category_id" ref="module_grcbit_base"/>
22 | 		</record>
23 | 		<record id="group_isms" model="res.groups">
24 | 			<field name="name">ISMS</field>
25 | 			<field name="category_id" ref="module_grcbit_base"/>
26 | 		</record>
27 | 		<record id="group_control" model="res.groups">
28 | 			<field name="name">Control</field>
29 | 			<field name="category_id" ref="module_grcbit_base"/>
30 | 		</record>
31 | 		<record id="group_compliance" model="res.groups">
32 | 			<field name="name">Compliance</field>
33 | 			<field name="category_id" ref="module_grcbit_base"/>
34 | 		</record>
35 | 		<record id="group_guest" model="res.groups">
36 | 			<field name="name">Guest</field>
37 | 			<field name="category_id" ref="module_grcbit_base"/>
38 | 		</record>
39 |                 <record id="group_grc_admin" model="res.groups">
40 |                         <field name="name">GRC Admin</field>
41 | 			<field name="category_id" ref="module_grcbit_base"/>
42 | 		</record>
43 |                 <record id="base.user_admin" model="res.users">
44 |                         <field name="groups_id" eval="[(4,ref('grcbit_base.group_grc_admin'))]"/>
45 |                 </record>
46 |   </data>
47 | </odoo>
48 | 


--------------------------------------------------------------------------------
/grcbit_setgroups/models/res_users.py:
--------------------------------------------------------------------------------
 1 | from odoo import models
 2 | from odoo.exceptions import ValidationError
 3 | 
 4 | class ResUsersInh(models.Model):
 5 |     _inherit = 'res.users'
 6 | 
 7 |     def write(self, vals):
 8 |         for rec in self:
 9 |             current_user = rec.env['res.users'].sudo().browse(
10 |                 rec._context.get('uid', rec.env.user.id)
11 |             )
12 | 
13 |             try:
14 |                 admin_user = rec.env.ref('base.user_admin', raise_if_not_found=False)
15 |             except Exception:
16 |                 admin_user = None
17 | 
18 |             if not admin_user or self.env.context.get('install_mode'):
19 |                 return super().write(vals)
20 | 
21 |             if rec.id == admin_user.id and current_user.id != admin_user.id:
22 |                 raise ValidationError("You cannot modify the administrator user (base.user_admin).")
23 | 
24 |             if current_user.id == rec.id:
25 |                 continue
26 | 
27 |             has_grc_group = False
28 |             try:
29 |                 has_grc_group = current_user.has_group('grcbit_base.group_grc_admin')
30 |             except Exception:
31 |                 pass
32 | 
33 |             if not has_grc_group:
34 |                 raise ValidationError("You do not have permission to modify this user.")
35 | 
36 |         return super().write(vals)
37 | 
38 |     def unlink(self):
39 |         admin_user = self.env.ref('base.user_admin', raise_if_not_found=False)
40 |         if admin_user and admin_user in self and not self.env.context.get('install_mode'):
41 |             raise ValidationError("You cannot delete the administrator user (base.user_admin).")
42 |         return super().unlink()
43 | 
44 |     def copy(self, default=None):
45 |         admin_user = self.env.ref('base.user_admin', raise_if_not_found=False)
46 |         if admin_user and self.id == admin_user.id and not self.env.context.get('install_mode'):
47 |             raise ValidationError("You cannot duplicate the administrator user (base.user_admin).")
48 |         return super().copy(default)
49 | 
50 | 


--------------------------------------------------------------------------------
/grcbit_threat_scenario/views/risk_management_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="ir.ui.view" id="threas_risk_factor_formview_inh">
 5 |       <field name="name">threats.risk.factor.formview.inh</field>
 6 |       <field name="model">risk.factor</field>
 7 |       <field name="inherit_id" ref="grcbit_risk_management.risk_factor_form"/>
 8 |       <field name="arch" type="xml">
 9 | 	      <xpath expr="//sheet/notebook" position="inside">
10 |           <separator/>
11 |             <page name="threat_scenarios" string="NIST Threat Scenario">
12 |               <group>
13 |                 <group>
14 |                   <field name="taxonomy_threat_ids" options="{'no_create': True, 'no_create_edit':True}"/>
15 |                   <field name="threat_source_type" />
16 |                 </group>
17 |                 <group>
18 | 		  <field name="adversary_cap_ids" attrs="{'invisible': [('threat_source_type','=','non_adversarial')]}" options="{'no_create': True, 'no_create_edit':True}"/>
19 | 		  <field name="adversary_intent_ids" attrs="{'invisible':[('threat_source_type','=','non_adversarial')]}" options="{'no_create': True, 'no_create_edit':True}"/>
20 | 		  <field name="adversary_target_ids" attrs="{'invisible':[('threat_source_type','=','non_adversarial')]}" options="{'no_create': True, 'no_create_edit':True}"/>
21 | 		  <field name="adversial_theat_ids" attrs="{'invisible':[('threat_source_type','=','non_adversarial')]}" options="{'no_create': True, 'no_create_edit':True}"/>
22 | 		  <field name="range_effect_ids" attrs="{'invisible':[('threat_source_type','=','adversarial')]}" options="{'no_create': True, 'no_create_edit':True}"/>
23 | 		  <field name="non_adversarial_ids" attrs="{'invisible':[('threat_source_type','=','adversarial')]}" options="{'no_create': True, 'no_create_edit':True}"/>
24 |                 </group>
25 |                 <group>
26 |                   <field name="relevenace_event_ids" options="{'no_create': True, 'no_create_edit':True}"/>
27 |                 </group>
28 |               </group>
29 |             </page>
30 |         </xpath>
31 |       </field>
32 |     </record>
33 |   </data>
34 | </odoo>
35 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/data/cybersecurity_concept_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="cybersecurity.concept" id="identify_concept">
 5 |       <field name="name">#Identify</field>
 6 |       <field name="description">Cybersecurity concepts are an attribute for viewing controls from the perspective of associating controls to cybersecurity concepts defined in the cybersecurity framework described in ISO/IEC TS 27110. The attribute values ​consist of Identify, Protect, Detect, Reply and Recover.</field>
 7 |     </record>
 8 |     <record model="cybersecurity.concept" id="protect_concept">
 9 |       <field name="name">#Protect</field>
10 |       <field name="description">Cybersecurity concepts are an attribute for viewing controls from the perspective of associating controls to cybersecurity concepts defined in the cybersecurity framework described in ISO/IEC TS 27110. The attribute values ​consist of Identify, Protect, Detect, Reply and Recover.</field>
11 |     </record>
12 |     <record model="cybersecurity.concept" id="detect_concept">
13 |       <field name="name">#Detect</field>
14 |       <field name="description">Cybersecurity concepts are an attribute for viewing controls from the perspective of associating controls to cybersecurity concepts defined in the cybersecurity framework described in ISO/IEC TS 27110. The attribute values ​consist of Identify, Protect, Detect, Reply and Recover.</field>
15 |     </record>
16 |     <record model="cybersecurity.concept" id="reply_concept">
17 |       <field name="name">#Reply</field>
18 |       <field name="description">Cybersecurity concepts are an attribute for viewing controls from the perspective of associating controls to cybersecurity concepts defined in the cybersecurity framework described in ISO/IEC TS 27110. The attribute values ​consist of Identify, Protect, Detect, Reply and Recover.</field>
19 |     </record>
20 |     <record model="cybersecurity.concept" id="recover_concept">
21 |       <field name="name">#Recover</field>
22 |       <field name="description">Cybersecurity concepts are an attribute for viewing controls from the perspective of associating controls to cybersecurity concepts defined in the cybersecurity framework described in ISO/IEC TS 27110. The attribute values ​consist of Identify, Protect, Detect, Reply and Recover.</field>
23 |     </record>
24 |   </data>
25 | </odoo>


--------------------------------------------------------------------------------
/grcbit_base/static/src/js/dashboard.js:
--------------------------------------------------------------------------------
 1 | odoo.define('custom_dashboard.dashboard_action', function (require){
 2 |    "use strict";
 3 |    var AbstractAction = require('web.AbstractAction');
 4 |    var core = require('web.core');
 5 |    var QWeb = core.qweb;
 6 |    var rpc = require('web.rpc');
 7 |    var ajax = require('web.ajax');
 8 |    var CustomDashBoard = AbstractAction.extend({
 9 |       template: 'CustomDashBoard',
10 |       init: function(parent, context) {
11 |          this._super(parent, context);
12 |          this.dashboard_templates = ['DashboardProject'];
13 |       },
14 |       
15 |       start: function() {
16 |          var self = this;
17 |          this.set("title", 'Dashboard');
18 |          return this._super().then(function() {
19 |              self.render_dashboards();
20 |          });
21 |          
22 |      },
23 |      willStart: function(){
24 |          var self = this;
25 |          return this._super()
26 |      },
27 |       render_dashboards: function() {
28 |          var self = this;
29 |          var chart = new Chart('new_custom_chart', {
30 |             type: 'pie',
31 |             data: {
32 |                datasets: [{
33 |                    backgroundColor: "purple",
34 |                    data: [0, 10, 20, 30, 40]
35 |                }]
36 |            },
37 |             options: {}
38 |          });
39 |          // this.fetch_data()
40 |          var templates = []
41 |          var templates = ['DashboardProject'];
42 |          _.each(templates, function(template) {
43 |             self.$('.o_hr_dashboard').append(QWeb.render(template, {widget: self}))
44 |          });
45 |          
46 |       },
47 |       // fetch_data: function() {
48 |       //    var self = this
49 |       //    var def1 = this._rpc({
50 |       //        model: 'data.inventory',
51 |       //        method: "get_data",
52 |       //    })
53 |       //    .then(function (result) {
54 |       //        $('#it_system').append('<span>' + result.it_system + '</span>');
55 |       //        $('#third_party').append('<span>' + result.third_party + '</span>');
56 |       //       //  $('#products_storable').append('<span>' + result.storable + '</span>');
57 |       //       //  $('#product_consumable').append('<span>' + result.consumable + '</span>');
58 |       //    });
59 |       // },
60 |    });
61 |    core.action_registry.add('custom_dashboard_tags', CustomDashBoard);
62 |    return CustomDashBoard;
63 | 
64 | })


--------------------------------------------------------------------------------
/grcbit_pci4/security/ir.model.access.csv:
--------------------------------------------------------------------------------
 1 | id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 2 | access_pci_approach_requirement_group_grc_admin,access.pci.approach.requirement.group.grc.admin,model_pci_approach_requirement,grcbit_base.group_grc_admin,1,1,1,1
 3 | access_pci_approach_requirement_group_grc_consultant,access.pci.approach.requirement.group.grc.consultant,model_pci_approach_requirement,grcbit_base.group_grc_consultant,1,1,1,1
 4 | access_pci_approach_requirement_group_asset_management,access.pci.approach.requirement.group.asset.management,model_pci_approach_requirement,grcbit_base.group_asset_management,1,0,0,0
 5 | access_pci_approach_requirement_group_risk_management,access.pci.approach.requirement.group.risk.management,model_pci_approach_requirement,grcbit_base.group_risk_management,1,0,0,0
 6 | access_pci_approach_requirement_group_isms,access.pci.approach.requirement.group.isms,model_pci_approach_requirement,grcbit_base.group_isms,1,0,0,0
 7 | access_pci_approach_requirement_group_control,access.pci.approach.requirement.group.control,model_pci_approach_requirement,grcbit_base.group_control,1,0,0,0
 8 | access_pci_approach_requirement_group_compliance,access.pci.approach.requirement.group.compliance,model_pci_approach_requirement,grcbit_base.group_compliance,1,1,1,1
 9 | access_pci_approach_requirement_group_guest,access.pci.approach.requirement.group.guest,model_pci_approach_requirement,grcbit_base.group_guest,1,0,0,0
10 | 
11 | access_pci_requirement_group_grc_admin,access.pci.requirement.group.grc.admin,model_pci_requirement,grcbit_base.group_grc_admin,1,1,1,1
12 | access_pci_requirement_group_grc_consultant,access.pci.requirement.group.grc.consultant,model_pci_requirement,grcbit_base.group_grc_consultant,1,1,1,1
13 | access_pci_requirement_group_asset_management,access.pci.requirement.group.asset.management,model_pci_requirement,grcbit_base.group_asset_management,1,0,0,0
14 | access_pci_requirement_group_risk_management,access.pci.requirement.group.risk.management,model_pci_requirement,grcbit_base.group_risk_management,1,0,0,0
15 | access_pci_requirement_group_isms,access.pci.requirement.group.isms,model_pci_requirement,grcbit_base.group_isms,1,0,0,0
16 | access_pci_requirement_group_control,access.pci.requirement.group.control,model_pci_requirement,grcbit_base.group_control,1,0,0,0
17 | access_pci_requirement_group_compliance,access.pci.requirement.group.compliance,model_pci_requirement,grcbit_base.group_compliance,1,1,1,1
18 | access_pci_requirement_group_guest,access.pci.requirement.group.guest,model_pci_requirement,grcbit_base.group_guest,1,0,0,0
19 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/views/menuitems.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <!-- RISK METRICS -->
 5 |     <menuitem name="Risk Management" id="menu_risk_metric" parent="grcbit_base.menu_root" sequence="3"/>
 6 | 
 7 |     <menuitem name="Context" id="menu_risk_context" parent="menu_risk_metric"  sequence="1" />
 8 |     <menuitem name="Organizational profile" id="menu_organizational_profile" parent="menu_risk_context" action="organizational_profile_action" sequence="2"/>
 9 |     <menuitem name="Company Objective" id="menu_company_objective" parent="menu_risk_context" action="company_objective_action" sequence="3"/>
10 |     <menuitem name="Strategic Risk" id="menu_company_risk" parent="menu_risk_context" action="company_risk_action" sequence="4"/>
11 |     <menuitem name="Product/Service" id="menu_company_product_service" parent="menu_risk_context" action="action_company_product_service" sequence="5"/>
12 | 
13 |     <menuitem name="Metric" id="menu_metric" parent="menu_risk_metric"  sequence="7" />
14 |     <menuitem name="Impact Level" id="menu_impact_level" parent="menu_metric" action="impact_level_action" sequence="8"/>
15 |     <menuitem name="Probability Level" id="menu_probability_level" parent="menu_metric" action="probability_level_action" sequence="9"/>
16 |     <menuitem name="Risk Level" id="menu_risk_level" parent="menu_metric" action="risk_level_action" sequence="10"/>
17 |     <menuitem name="Inherent Risk Level" id="menu_inherent_risk_level" parent="menu_metric" action="inherent_risk_level_action" sequence="11"/>
18 |     <menuitem name="Residual Risk Level" id="menu_residual_risk_level" parent="menu_metric" action="residual_risk_level_action" sequence="12"/>
19 |     <menuitem name="Risk Category" id="menu_risk_classification" parent="menu_metric" action="risk_classification_action" sequence="13"/>
20 | 
21 |     <menuitem name="Assessment" id="menu_risk_assessment" parent="menu_risk_metric"  sequence="17" />
22 |     <menuitem name="IT Risk Factor" id="menu_risk_factor" parent="menu_risk_assessment" action="risk_factor_action" sequence="18"/>
23 | 
24 |     <!-- CONTROL DESIGN -->
25 |     <menuitem name="Control" id="menu_control" parent="grcbit_base.menu_root" sequence="4"/>
26 |     <menuitem name="Control" id="menu_control_design" parent="menu_control" action="control_design_action" sequence="1" />
27 |     <menuitem name="Design Criteria" id="menu_control_design_criteria" parent="menu_control" action="control_design_criteria_action" sequence="2" />
28 |     <menuitem name="Implementation Criteria" id="menu_control_evaluation_criteria" parent="menu_control" action="control_evaluation_criteria_action" sequence="3" />
29 | 
30 |     
31 |     
32 |   </data>
33 | </odoo>
34 | 


--------------------------------------------------------------------------------
/grcbit_setgroups/i18n/en_US.po:
--------------------------------------------------------------------------------
 1 | # Translation of Odoo Server.
 2 | # This file contains the translation of the following modules:
 3 | # 	* grcbit_setgroups
 4 | #
 5 | msgid ""
 6 | msgstr ""
 7 | "Project-Id-Version: Odoo Server 16.0\n"
 8 | "Report-Msgid-Bugs-To: \n"
 9 | "POT-Creation-Date: 2023-12-15 18:34+0000\n"
10 | "PO-Revision-Date: 2023-12-15 18:34+0000\n"
11 | "Last-Translator: \n"
12 | "Language-Team: \n"
13 | "MIME-Version: 1.0\n"
14 | "Content-Type: text/plain; charset=UTF-8\n"
15 | "Content-Transfer-Encoding: \n"
16 | "Plural-Forms: \n"
17 | 
18 | #. module: grcbit_setgroups
19 | #: model_terms:ir.ui.view,arch_db:grcbit_setgroups.set_groups_formview
20 | msgid "CANCEL"
21 | msgstr ""
22 | 
23 | #. module: grcbit_setgroups
24 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__create_uid
25 | msgid "Created by"
26 | msgstr ""
27 | 
28 | #. module: grcbit_setgroups
29 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__create_date
30 | msgid "Created on"
31 | msgstr ""
32 | 
33 | #. module: grcbit_setgroups
34 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__display_name
35 | msgid "Display Name"
36 | msgstr ""
37 | 
38 | #. module: grcbit_setgroups
39 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__id
40 | msgid "ID"
41 | msgstr ""
42 | 
43 | #. module: grcbit_setgroups
44 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user____last_update
45 | msgid "Last Modified on"
46 | msgstr ""
47 | 
48 | #. module: grcbit_setgroups
49 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__write_uid
50 | msgid "Last Updated by"
51 | msgstr ""
52 | 
53 | #. module: grcbit_setgroups
54 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__write_date
55 | msgid "Last Updated on"
56 | msgstr ""
57 | 
58 | #. module: grcbit_setgroups
59 | #: model:ir.actions.act_window,name:grcbit_setgroups.manage_users_action
60 | msgid "Manage Users"
61 | msgstr ""
62 | 
63 | #. module: grcbit_setgroups
64 | #: model_terms:ir.ui.view,arch_db:grcbit_setgroups.set_groups_formview
65 | msgid "SAVE"
66 | msgstr ""
67 | 
68 | #. module: grcbit_setgroups
69 | #: model_terms:ir.ui.view,arch_db:grcbit_setgroups.res_users_set_groups_formview_inh
70 | msgid "Set Groups"
71 | msgstr ""
72 | 
73 | #. module: grcbit_setgroups
74 | #: model:ir.model,name:grcbit_setgroups.model_res_users
75 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__user_id
76 | msgid "User"
77 | msgstr ""
78 | 
79 | #. module: grcbit_setgroups
80 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_res_users__is_admin
81 | msgid "is admin"
82 | msgstr ""
83 | 
84 | #. module: grcbit_setgroups
85 | #: model:ir.model,name:grcbit_setgroups.model_set_groups_user
86 | msgid "set.groups.user"
87 | msgstr ""
88 | 


--------------------------------------------------------------------------------
/grcbit_pci4/models/models.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | from odoo import api, models, fields, _
 3 | 
 4 | class PCIPrincipalRequirement(models.Model):
 5 |     _name = 'pci.principal.requirement'
 6 | 
 7 |     name = fields.Char(string="Name")
 8 |     description = fields.Html(string="Description")
 9 |     pci_requirement_ids = fields.One2many('pci.requirement', 'pci_principal_requirement_id')
10 |     active = fields.Boolean(default=True)
11 | 
12 | class PCIRequirement(models.Model):
13 |     _name = 'pci.requirement'
14 |     name = fields.Char(string="Name")
15 |     description= fields.Html(string="Description")
16 |     pci_principal_requirement_id = fields.Many2one('pci.principal.requirement', string="PCI Principal Requirement")
17 |     pci_section_ids = fields.One2many('pci.section', 'pci_requirement_id', string="PCI Section")
18 |     active = fields.Boolean(default=True)
19 | 
20 | class PCISection(models.Model):
21 |     _name = 'pci.section'
22 | 
23 |     name = fields.Char(string="Name")
24 |     description= fields.Html(string="Description")
25 |     pci_requirement_id = fields.Many2one('pci.requirement', string="PCI Requirement")
26 |     pci_approach_req_ids = fields.One2many('pci.approach.requirement', 'pci_section_id', string="PCI DSS Requirement")
27 |     active = fields.Boolean(default=True)
28 | 
29 | class PCIApproachRequirement(models.Model):
30 |     _name = 'pci.approach.requirement'
31 | 
32 |     name = fields.Text(string="PCI DSS Requirement")
33 |     description= fields.Html(string="Description")
34 |     pci_section_id = fields.Many2one('pci.section', string="Requirement Description")
35 |     assessment_finding = fields.Selection([
36 |         ('in_place','In Place'),
37 |         ('not_applicable','Not Applicable'),
38 |         ('not_tested','Not Tested'),
39 |         ('not_in_place','Not in Place'),
40 |     ], string="Assessment Finding")
41 |     below_method = fields.Selection([
42 |         ('compensating_control','Compensating Control'),
43 |         ('customized_approach','Customized Approach'),
44 |     ], string="Method")
45 |     testing_procedure_ids = fields.One2many('testing.procedure', 'pci_approach_req_id', string="Testing Procedure")
46 |     pci_principal_req_id = fields.Many2one('pci.principal.requirement', related="pci_section_id.pci_requirement_id.pci_principal_requirement_id", store=True)
47 |     pci_requirement_id = fields.Many2one('pci.requirement', related="pci_section_id.pci_requirement_id", store=True)
48 |     pci_approach = fields.Many2one('pci.approach.requirement')
49 |     active = fields.Boolean(default=True)
50 | 
51 | class  TestingProcedure(models.Model):
52 |     _name = 'testing.procedure'
53 | 
54 |     testing_procedure = fields.Html(string="Testing Procedure")
55 |     assessor_response = fields.Html(string="Assessor Response")
56 |     pci_approach_req_id = fields.Many2one('pci.approach.requirement', string="PCI DSS Requirement")
57 |     control_design_ids = fields.Many2many('control.design', string="Control Design")
58 |     active = fields.Boolean(default=True)
59 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/views/company_product_service_views.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |     <data>
 4 |         <!-- Tree View -->
 5 |         <record id="company_product_service_tree_view" model="ir.ui.view">
 6 |             <field name="name">company.product.service.tree</field>
 7 |             <field name="model">company.product.service</field>
 8 |             <field name="arch" type="xml">
 9 |                 <tree>
10 |                     <field name="name"/>
11 |                     <field name="type_product_service"/>
12 |                     <field name="description"/>
13 |                 </tree>
14 |             </field>
15 |         </record>
16 | 
17 |         <!-- Form View -->
18 |         <record id="company_product_service_form_view" model="ir.ui.view">
19 |             <field name="name">company.product.service.form</field>
20 |             <field name="model">company.product.service</field>
21 |             <field name="arch" type="xml">
22 |                 <form>
23 |                     <sheet>
24 |                         <group>
25 |                             <field name="name"/>
26 |                             <field name="type_product_service"/>
27 |                             <field name="description"/>
28 |                         </group>
29 |                     </sheet>
30 |                     <div class="oe_chatter">
31 |                         <field name="activity_ids" widget="mail_activity"/>
32 |                         <field name="message_ids" widget="mail_thread"/>
33 |                     </div>
34 |                 </form>
35 |             </field>
36 |         </record>
37 | 
38 |         <!-- Search View -->
39 |         <record id="company_product_service_search_view" model="ir.ui.view">
40 |             <field name="name">company.product.service.search</field>
41 |             <field name="model">company.product.service</field>
42 |             <field name="arch" type="xml">
43 |                 <search>
44 |                     <field name="name"/>
45 |                     <field name="type_product_service"/>
46 |                     <field name="description"/>
47 |                     <filter string="Products" name="products" domain="[('type_product_service','=','product')]"/>
48 |                     <filter string="Services" name="services" domain="[('type_product_service','=','service')]"/>
49 |                 </search>
50 |             </field>
51 |         </record>
52 | 
53 |         <!-- Action -->
54 |         <record id="action_company_product_service" model="ir.actions.act_window">
55 |             <field name="name">Company Product Service</field>
56 |             <field name="res_model">company.product.service</field>
57 |             <field name="view_mode">tree,form</field>
58 |             <field name="help" type="html">
59 |                 <p class="o_view_nocontent_smiling_face">
60 |                     Create your first company product service
61 |                 </p>
62 |             </field>
63 |         </record>
64 | 
65 |         <!-- Menu Item -->
66 |         <!-- This menuitem is already defined in menuitems.xml, so it should be removed here -->
67 |     </data>
68 | </odoo> 


--------------------------------------------------------------------------------
/grcbit_setgroups/i18n/es_MX.po:
--------------------------------------------------------------------------------
 1 | # Translation of Odoo Server.
 2 | # This file contains the translation of the following modules:
 3 | # 	* grcbit_setgroups
 4 | #
 5 | msgid ""
 6 | msgstr ""
 7 | "Project-Id-Version: Odoo Server 16.0\n"
 8 | "Report-Msgid-Bugs-To: \n"
 9 | "POT-Creation-Date: 2024-06-12 22:32+0000\n"
10 | "PO-Revision-Date: 2024-06-12 22:32+0000\n"
11 | "Last-Translator: \n"
12 | "Language-Team: \n"
13 | "MIME-Version: 1.0\n"
14 | "Content-Type: text/plain; charset=UTF-8\n"
15 | "Content-Transfer-Encoding: \n"
16 | "Plural-Forms: \n"
17 | 
18 | #. module: grcbit_setgroups
19 | #: model_terms:ir.ui.view,arch_db:grcbit_setgroups.set_groups_formview
20 | msgid "CANCEL"
21 | msgstr "CANCELAR"
22 | 
23 | #. module: grcbit_setgroups
24 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__create_uid
25 | msgid "Created by"
26 | msgstr "Creado por"
27 | 
28 | #. module: grcbit_setgroups
29 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__create_date
30 | msgid "Created on"
31 | msgstr "Creado el"
32 | 
33 | #. module: grcbit_setgroups
34 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__display_name
35 | msgid "Display Name"
36 | msgstr "Nombre a mostrar"
37 | 
38 | #. module: grcbit_setgroups
39 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__id
40 | msgid "ID"
41 | msgstr ""
42 | 
43 | #. module: grcbit_setgroups
44 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_res_users__is_support
45 | msgid "Is Support"
46 | msgstr ""
47 | 
48 | #. module: grcbit_setgroups
49 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user____last_update
50 | msgid "Last Modified on"
51 | msgstr "Última modiicación el"
52 | 
53 | #. module: grcbit_setgroups
54 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__write_uid
55 | msgid "Last Updated by"
56 | msgstr "Última actualización por"
57 | 
58 | #. module: grcbit_setgroups
59 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__write_date
60 | msgid "Last Updated on"
61 | msgstr "Última actualización el"
62 | 
63 | #. module: grcbit_setgroups
64 | #: model:ir.actions.act_window,name:grcbit_setgroups.manage_users_action
65 | msgid "Manage Users"
66 | msgstr "Administrar usuarios"
67 | 
68 | #. module: grcbit_setgroups
69 | #: model_terms:ir.ui.view,arch_db:grcbit_setgroups.set_groups_formview
70 | msgid "SAVE"
71 | msgstr "GUARDAR"
72 | 
73 | #. module: grcbit_setgroups
74 | #: model_terms:ir.ui.view,arch_db:grcbit_setgroups.res_users_set_groups_formview_inh
75 | msgid "Set Groups"
76 | msgstr "Asignar grupos"
77 | 
78 | #. module: grcbit_setgroups
79 | #: model:ir.model,name:grcbit_setgroups.model_res_users
80 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_set_groups_user__user_id
81 | msgid "User"
82 | msgstr "Usuario"
83 | 
84 | #. module: grcbit_setgroups
85 | #: model:ir.model.fields,field_description:grcbit_setgroups.field_res_users__is_admin
86 | msgid "is admin"
87 | msgstr "Es administrador"
88 | 
89 | #. module: grcbit_setgroups
90 | #: model:ir.model,name:grcbit_setgroups.model_set_groups_user
91 | msgid "set.groups.user"
92 | msgstr ""
93 | 


--------------------------------------------------------------------------------
/grcbit_compliance/reports/report_compliance.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <template id="compliance_print_template">
 5 |       <t t-call="web.basic_layout">
 6 |         <t t-foreach="docs" t-as="o" >
 7 |           <t t-call="web.report_layout">
 8 |             <div class="page">
 9 |               <div class="row">
10 |                 <div class="col-4">
11 |                   <span>
12 |                     <img t-att-src="image_data_uri(o.env.user.company_id.logo)" style="text-align:left; width:100px;" alt="Logo"/>
13 |                   </span>
14 |                 </div>
15 |                 <div class="col-8" style="text-align:left;">
16 |                   <h6>
17 |                     <strong>Compliance Report: <span><t t-esc="o.name"/></span></strong>
18 |                     <br/>
19 |                     <t t-esc="o.description"/>
20 |                   </h6>
21 |                 </div>
22 |               </div>
23 |               <br />
24 |               <table  class="table table-bordered" style="font-size:12px;">
25 |                 <thead>
26 |                   <tr>
27 |                     <th>Requirement</th>
28 |                     <th>Compliance</th>
29 |                     <th>Control Design</th>
30 |                   </tr>
31 |                 </thead>
32 |                 <tbody>
33 |                   <t t-foreach="o.get_data_records()" t-as="r"> 
34 |                     <tr>
35 |                       <t t-if="r[0]">
36 |                         <td width="25%"><span t-esc="r[0]"/></td>
37 |                       </t>
38 |                       <t t-if="r[1]">
39 |                         <td width="25%"><span t-esc="r[1]"/></td>
40 |                       </t>
41 |                       <t t-if="r[2]">
42 |                         <td width="25%"><span t-esc="r[2]"/></td>
43 |                       </t>
44 |                     </tr>
45 |                   </t>
46 |                 </tbody>
47 |               </table>
48 |             </div>
49 |             </t>
50 |           </t>
51 |         </t>
52 |     </template>
53 | 
54 |     <record id="paperformat_grcbit" model="report.paperformat">
55 |       <field name="name">Custom Paper</field>
56 |       <field name="default" eval="True" />
57 |       <field name="format">A4</field>
58 |       <field name="page_height">0</field>
59 |       <field name="page_width">0</field>
60 |       <field name="orientation">Portrait</field>
61 |       <field name="margin_top">20</field>
62 |       <field name="margin_bottom">5</field>
63 |       <field name="margin_left">7</field>
64 |       <field name="margin_right">7</field>
65 |       <field name="header_line" eval="False" />
66 |       <field name="header_spacing">10</field>
67 |       <field name="dpi">90</field>
68 |     </record>
69 | 
70 |     <record id="print_compliance" model="ir.actions.report">
71 |       <field name="name">Compliance Report</field>
72 |       <field name="model">compliance.version</field>
73 |       <field name="report_type">qweb-html</field>
74 |       <field name="report_name">grcbit_compliance.compliance_print_template</field>
75 |       <field name="report_file">grcbit_compliance.compliance_print_template</field>
76 |       <field name="binding_type">report</field>
77 |       <field name="binding_model_id" ref="model_compliance_version" />
78 |       <field name="paperformat_id" ref="grcbit_compliance.paperformat_grcbit" />
79 |     </record>
80 | 
81 |   </data>
82 | </odoo>
83 | 


--------------------------------------------------------------------------------
/grcbit_threat_scenario/models/models.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | from odoo import fields, models
 4 | 
 5 | class TaxonomyThreatResource(models.Model):
 6 |     _name = 'taxonomy.threat.resource'
 7 |     _description = 'NIST Taxonomy Threat Source'
 8 |     _inherit = ["mail.thread", "mail.activity.mixin"]
 9 |     _rec_name = 'type_threat_source'
10 | 
11 |     type_threat_source = fields.Char(string="Type")
12 |     description = fields.Html(string="Description")
13 |     characteristics = fields.Char(string="Characteristics")
14 |     active = fields.Boolean(default=True)
15 | 
16 | class CharacteristicsAdversaryCapability(models.Model):
17 |     _name = 'characteristics.adversary.capability'
18 |     _inherit = ["mail.thread", "mail.activity.mixin"]
19 |     _rec_name = 'qualitative_value'
20 | 
21 |     qualitative_value = fields.Char(string="Qualitative Value")
22 |     semiquantitative_values = fields.Float(string="Semi-Quantitative Values")    
23 |     description = fields.Text(string="Description")
24 |     active = fields.Boolean(default=True)
25 | 
26 | class CharacteristicsAdversaryIntent(models.Model):
27 |     _name = 'characteristics.adversary.intent'
28 |     _inherit = ["mail.thread", "mail.activity.mixin"]
29 |     _rec_name = 'qualitative_value'
30 | 
31 |     qualitative_value = fields.Char(string="Qualitative Value")
32 |     semiquantitative_values = fields.Float(string="Semi-Quantitative Values")
33 |     description = fields.Text(string="Description")
34 |     active = fields.Boolean(default=True)
35 | 
36 | class CharacteristicsAdversaryTargeting(models.Model):
37 |     _name = 'characteristics.adversary.targeting'
38 |     _inherit = ["mail.thread", "mail.activity.mixin"]
39 |     _rec_name = 'qualitative_value'
40 | 
41 |     qualitative_value = fields.Char(string="Qualitative Value")
42 |     semiquantitative_values = fields.Float(string="Semi-Quantitative Values")
43 |     description = fields.Text(string="Description")
44 |     active = fields.Boolean(default=True)
45 | 
46 | class RangeEffectsNonAdversarial(models.Model):
47 |     _name = 'range.effect.non.adversarial'
48 |     _inherit = ["mail.thread", "mail.activity.mixin"]
49 |     _rec_name = 'qualitative_value'
50 | 
51 |     qualitative_value = fields.Char(string="Qualitative Value")
52 |     semiquantitative_values = fields.Float(string="Semi-Quantitative Values")
53 |     description = fields.Text(string="Description")
54 |     active = fields.Boolean(default=True)
55 | 
56 | class AdversarialThreatEvents(models.Model):
57 |     _name = 'adversarial.threat.events'
58 |     _inherit = ["mail.thread", "mail.activity.mixin"]
59 |     _rec_name = 'threat_event'
60 | 
61 |     threat_event = fields.Char(string="Thread Event")
62 |     description = fields.Text(string="Description")
63 |     active = fields.Boolean(default=True)
64 | 
65 | class NonAdversarialThreatEvents(models.Model):
66 |     _name = 'non.adversarial.threat.events'
67 |     _inherit = ["mail.thread", "mail.activity.mixin"]
68 |     _rec_name = 'threat_event'
69 | 
70 |     threat_event = fields.Char(string="Thread Event")
71 |     description = fields.Text(string="Description")
72 |     #threat_source = fields.Text(string="Threat Source")
73 |     active = fields.Boolean(default=True)
74 | 
75 | class RelevanceThreatEvents(models.Model):
76 |     _name = 'relevance.threat.events'
77 |     _inherit = ["mail.thread", "mail.activity.mixin"]
78 |     _rec_name = 'value'
79 | 
80 |     value = fields.Text(string="Value")
81 |     description = fields.Text(string="Description")
82 |     active = fields.Boolean(default=True)
83 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/data/security_domain_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="security.domain" id="government_ecosystem_domain">
 5 |       <field name="name">#Government and ecosystem</field>
 6 |       <field name="description">Security Domains are an attribute to view controls from the perspective of four information security domains: "Governance and Ecosystem" includes "Information System Security Governance and Risk Management" and "Ecosystem Cybersecurity Management" (including internal and external stakeholders); “Protection” includes “IT Security Architecture,” “IT Security Management,” “Identity and Access Management,” “IT Security Maintenance,” and “Physical and Environmental Security”; “Defense” includes “Detection” and “Computer Security Incident Management”; “Resilience” includes “Continuity of operations” and “Crisis management”. The attribute values ​​consist of Governance_and_Ecosystem, Protection, Defense, and Resilience.</field>
 7 |     </record>
 8 |     <record model="security.domain" id="protection_domain">
 9 |       <field name="name">#Protection</field>
10 |       <field name="description">Security Domains are an attribute to view controls from the perspective of four information security domains: "Governance and Ecosystem" includes "Information System Security Governance and Risk Management" and "Ecosystem Cybersecurity Management" (including internal and external stakeholders); “Protection” includes “IT Security Architecture,” “IT Security Management,” “Identity and Access Management,” “IT Security Maintenance,” and “Physical and Environmental Security”; “Defense” includes “Detection” and “Computer Security Incident Management”; “Resilience” includes “Continuity of operations” and “Crisis management”. The attribute values ​​consist of Governance_and_Ecosystem, Protection, Defense, and Resilience.</field>
11 |     </record>
12 |     <record model="security.domain" id="defense_domain">
13 |       <field name="name">#Defense</field>
14 |       <field name="description">Security Domains are an attribute to view controls from the perspective of four information security domains: "Governance and Ecosystem" includes "Information System Security Governance and Risk Management" and "Ecosystem Cybersecurity Management" (including internal and external stakeholders); “Protection” includes “IT Security Architecture,” “IT Security Management,” “Identity and Access Management,” “IT Security Maintenance,” and “Physical and Environmental Security”; “Defense” includes “Detection” and “Computer Security Incident Management”; “Resilience” includes “Continuity of operations” and “Crisis management”. The attribute values ​​consist of Governance_and_Ecosystem, Protection, Defense, and Resilience.</field>
15 |     </record>
16 |     <record model="security.domain" id="resilience_domain">
17 |       <field name="name">#Resilience</field>
18 |       <field name="description">Security Domains are an attribute to view controls from the perspective of four information security domains: "Governance and Ecosystem" includes "Information System Security Governance and Risk Management" and "Ecosystem Cybersecurity Management" (including internal and external stakeholders); “Protection” includes “IT Security Architecture,” “IT Security Management,” “Identity and Access Management,” “IT Security Maintenance,” and “Physical and Environmental Security”; “Defense” includes “Detection” and “Computer Security Incident Management”; “Resilience” includes “Continuity of operations” and “Crisis management”. The attribute values ​​consist of Governance_and_Ecosystem, Protection, Defense, and Resilience.</field>
19 |     </record>
20 |   </data>
21 | </odoo>


--------------------------------------------------------------------------------
/grcbit_threat_scenario/views/menuitems.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <odoo>
 3 |   <data>
 4 |     <record id="taxonomy_threat_resource_action" model="ir.actions.act_window">
 5 | 	    <field name="name">NIST Taxonomy Threat Source</field>
 6 | 	    <field name="res_model">taxonomy.threat.resource</field>
 7 | 	    <field name="view_mode">tree,form</field>
 8 |     </record>
 9 |     <record id="characteristics_adversary_capability_action" model="ir.actions.act_window">
10 | 	    <field name="name">NIST Characteristic Adversary Capability</field>
11 | 	    <field name="res_model">characteristics.adversary.capability</field>
12 | 	    <field name="view_mode">tree,form</field>
13 |     </record>
14 |     <record id="characteristics_adversary_intent_action" model="ir.actions.act_window">
15 | 	    <field name="name">NIST Characteristic Adversary Intent</field>
16 | 	    <field name="res_model">characteristics.adversary.intent</field>
17 | 	    <field name="view_mode">tree,form</field>
18 |     </record>
19 |     <record id="characteristics_adversary_targeting_action" model="ir.actions.act_window">
20 | 	    <field name="name">NIST Characteristic Adversary Targeting</field>
21 | 	    <field name="res_model">characteristics.adversary.targeting</field>
22 | 	    <field name="view_mode">tree,form</field>
23 |     </record>
24 |     <record id="range_effect_non_adversarial_action" model="ir.actions.act_window">
25 | 	    <field name="name">NIST Range Effect Non-Adversarial</field>
26 | 	    <field name="res_model">range.effect.non.adversarial</field>
27 | 	    <field name="view_mode">tree,form</field>
28 |     </record>
29 |     <record id="adversarial_threat_events_action" model="ir.actions.act_window">
30 | 	    <field name="name">NIST Adversarial Threat Event</field>
31 | 	    <field name="res_model">adversarial.threat.events</field>
32 | 	    <field name="view_mode">tree,form</field>
33 |     </record>
34 |     <record id="non_adversarial_threat_events_action" model="ir.actions.act_window">
35 | 	    <field name="name">NIST Non-Adversarial Threat Event</field>
36 | 	    <field name="res_model">non.adversarial.threat.events</field>
37 | 	    <field name="view_mode">tree,form</field>
38 |     </record>
39 |     <record id="relevance_threat_events_action" model="ir.actions.act_window">
40 | 	    <field name="name">NIST Relevance Threat Event</field>
41 | 	    <field name="res_model">relevance.threat.events</field>
42 | 	    <field name="view_mode">tree,form</field>
43 |     </record>
44 | 
45 |     <menuitem name="Threats" id="menu_threat" parent="grcbit_risk_management.menu_risk_metric"  sequence="21" />
46 |     <menuitem name="NIST Taxonomy Threat Source" id="menu_taxonomy_threat_resource" parent="menu_threat" action="taxonomy_threat_resource_action" sequence="22"/>
47 |     <menuitem name="NIST Characteristic Adversary Capability" id="menu_characteristics_adversary_capability" parent="menu_threat" action="characteristics_adversary_capability_action" sequence="23"/>
48 |     <menuitem name="NIST Characteristic Adversary Intent" id="menu_characteristics_adversary_intent" parent="menu_threat" action="characteristics_adversary_intent_action" sequence="24"/>
49 |     <menuitem name="NIST Characteristic Adversary Targeting" id="menu_characteristics_adversary_targeting" parent="menu_threat" action="characteristics_adversary_targeting_action" sequence="25"/>
50 |     <menuitem name="NIST Range Effect Non-Adversarial" id="menu_range_effect_non_adversarial" parent="menu_threat" action="range_effect_non_adversarial_action" sequence="26"/>
51 |     <menuitem name="NIST Adversarial Threat Event" id="menu_adversarial_threat_events" parent="menu_threat" action="adversarial_threat_events_action" sequence="27"/>
52 |     <menuitem name="NIST Non-Adversarial Threat Event" id="menu_non_adversarial_threat_events" parent="menu_threat" action="non_adversarial_threat_events_action" sequence="28"/>
53 |     <menuitem name="NIST Relevance Threat Event" id="menu_relevance_threat_events" parent="menu_threat" action="relevance_threat_events_action" sequence="19"/>
54 |   </data>
55 | </odoo>
56 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/data/inherent_risk_level_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="inherent.risk.level" id="high_high_inherent_risk_level">
 5 |       <field name="description">High Risk</field>
 6 |       <field name="active">1</field>
 7 |       <field name="color">1</field>
 8 |       <field name="impact_level_id" ref="high_impact_level"/>
 9 |       <field name="probability_level_id" ref="high_probability_level"/>
10 |       <field name="risk_level_id" ref="high_risk_level"/>
11 |     </record>
12 |     <record model="inherent.risk.level" id="high_medium_inherent_risk_level">
13 |       <field name="description">High Risk</field>
14 |       <field name="active">1</field>
15 |       <field name="color">2</field>
16 |       <field name="impact_level_id" ref="high_impact_level"/>
17 |       <field name="probability_level_id" ref="medium_probability_level"/>
18 |       <field name="risk_level_id" ref="high_risk_level"/>
19 |     </record>
20 |     <record model="inherent.risk.level" id="high_low_inherent_risk_level">
21 |       <field name="description">High Risk</field>
22 |       <field name="active">1</field>
23 |       <field name="color">3</field>
24 |       <field name="impact_level_id" ref="high_impact_level"/>
25 |       <field name="probability_level_id" ref="low_probability_level"/>
26 |       <field name="risk_level_id" ref="high_risk_level"/>
27 |     </record>
28 | 
29 |     <record model="inherent.risk.level" id="medium_high_inherent_risk_level">
30 |       <field name="description">Medium Risk</field>
31 |       <field name="active">1</field>
32 |       <field name="color">3</field>
33 |       <field name="impact_level_id" ref="medium_impact_level"/>
34 |       <field name="probability_level_id" ref="high_probability_level"/>
35 |       <field name="risk_level_id" ref="medium_risk_level"/>
36 |     </record>
37 |     <record model="inherent.risk.level" id="medium_medium_inherent_risk_level">
38 |       <field name="description">Medium Risk</field>
39 |       <field name="active">1</field>
40 |       <field name="color">3</field>
41 |       <field name="impact_level_id" ref="medium_impact_level"/>
42 |       <field name="probability_level_id" ref="medium_probability_level"/>
43 |       <field name="risk_level_id" ref="medium_risk_level"/>
44 |     </record>
45 |     <record model="inherent.risk.level" id="medium_low_inherent_risk_level">
46 |       <field name="description">Medium Risk</field>
47 |       <field name="active">1</field>
48 |       <field name="color">3</field>
49 |       <field name="impact_level_id" ref="medium_impact_level"/>
50 |       <field name="probability_level_id" ref="low_probability_level"/>
51 |       <field name="risk_level_id" ref="medium_risk_level"/>
52 |     </record>
53 | 
54 |     <record model="inherent.risk.level" id="low_high_inherent_risk_level">
55 |       <field name="description">Low Risk</field>
56 |       <field name="active">1</field>
57 |       <field name="color">3</field>
58 |       <field name="impact_level_id" ref="low_impact_level"/>
59 |       <field name="probability_level_id" ref="high_probability_level"/>
60 |       <field name="risk_level_id" ref="low_risk_level"/>
61 |     </record>
62 |     <record model="inherent.risk.level" id="low_medium_inherent_risk_level">
63 |       <field name="description">Low Risk</field>
64 |       <field name="active">1</field>
65 |       <field name="color">3</field>
66 |       <field name="impact_level_id" ref="low_impact_level"/>
67 |       <field name="probability_level_id" ref="medium_probability_level"/>
68 |       <field name="risk_level_id" ref="low_risk_level"/>
69 |     </record>
70 |     <record model="inherent.risk.level" id="low_low_inherent_risk_level">
71 |       <field name="description">Low Risk</field>
72 |       <field name="active">1</field>
73 |       <field name="color">3</field>
74 |       <field name="impact_level_id" ref="low_impact_level"/>
75 |       <field name="probability_level_id" ref="low_probability_level"/>
76 |       <field name="risk_level_id" ref="low_risk_level"/>
77 |     </record>
78 |   </data>
79 | </odoo>


--------------------------------------------------------------------------------
/grcbit_risk_management/data/residual_risk_level_data.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <record model="residual.risk.level" id="effective_high_residual_risk_level">
 5 |       <field name="active">1</field>
 6 |       <field name="control_evaluation_criteria_id" ref="effective_evaluation_criteria"/>
 7 |       <field name="inherent_risk_level_id" ref="high_risk_level"/>
 8 |       <field name="residual_risk_level_id" ref="high_risk_level"/>
 9 |       <field name="residual_risk_level_name">High</field>
10 |     </record>
11 |     <record model="residual.risk.level" id="less_effective_high_residual_risk_level">
12 |       <field name="active">1</field>
13 |       <field name="control_evaluation_criteria_id" ref="less_effective_evaluation_criteria"/>
14 |       <field name="inherent_risk_level_id" ref="high_risk_level"/>
15 |       <field name="residual_risk_level_id" ref="medium_risk_level"/>
16 |       <field name="residual_risk_level_name">Medium</field>
17 |     </record>
18 |     <record model="residual.risk.level" id="ineffective_high_residual_risk_level">
19 |       <field name="active">1</field>
20 |       <field name="control_evaluation_criteria_id" ref="ineffective_evaluation_criteria"/>
21 |       <field name="inherent_risk_level_id" ref="high_risk_level"/>
22 |       <field name="residual_risk_level_id" ref="low_risk_level"/>
23 |       <field name="residual_risk_level_name">Low</field>
24 |     </record>
25 |     <!---->
26 |     <record model="residual.risk.level" id="effective_medium_residual_risk_level">
27 |       <field name="active">1</field>
28 |       <field name="control_evaluation_criteria_id" ref="effective_evaluation_criteria"/>
29 |       <field name="inherent_risk_level_id" ref="medium_risk_level"/>
30 |       <field name="residual_risk_level_id" ref="high_risk_level"/>
31 |       <field name="residual_risk_level_name">High</field>
32 |     </record>
33 |     <record model="residual.risk.level" id="less_effective_medium_residual_risk_level">
34 |       <field name="active">1</field>
35 |       <field name="control_evaluation_criteria_id" ref="less_effective_evaluation_criteria"/>
36 |       <field name="inherent_risk_level_id" ref="medium_risk_level"/>
37 |       <field name="residual_risk_level_id" ref="medium_risk_level"/>
38 |       <field name="residual_risk_level_name">Medium</field>
39 |     </record>
40 |     <record model="residual.risk.level" id="ineffective_medium_residual_risk_level">
41 |       <field name="active">1</field>
42 |       <field name="control_evaluation_criteria_id" ref="ineffective_evaluation_criteria"/>
43 |       <field name="inherent_risk_level_id" ref="medium_risk_level"/>
44 |       <field name="residual_risk_level_id" ref="low_risk_level"/>
45 |       <field name="residual_risk_level_name">Low</field>
46 |     </record>
47 |     <!---->
48 |     <record model="residual.risk.level" id="effective_low_residual_risk_level">
49 |       <field name="active">1</field>
50 |       <field name="control_evaluation_criteria_id" ref="effective_evaluation_criteria"/>
51 |       <field name="inherent_risk_level_id" ref="low_risk_level"/>
52 |       <field name="residual_risk_level_id" ref="high_risk_level"/>
53 |       <field name="residual_risk_level_name">High</field>
54 |     </record>
55 |     <record model="residual.risk.level" id="less_effective_low_residual_risk_level">
56 |       <field name="active">1</field>
57 |       <field name="control_evaluation_criteria_id" ref="less_effective_evaluation_criteria"/>
58 |       <field name="inherent_risk_level_id" ref="low_risk_level"/>
59 |       <field name="residual_risk_level_id" ref="medium_risk_level"/>
60 |       <field name="residual_risk_level_name">Medium</field>
61 |     </record>
62 |     <record model="residual.risk.level" id="ineffective_low_residual_risk_level">
63 |       <field name="active">1</field>
64 |       <field name="control_evaluation_criteria_id" ref="ineffective_evaluation_criteria"/>
65 |       <field name="inherent_risk_level_id" ref="low_risk_level"/>
66 |       <field name="residual_risk_level_id" ref="low_risk_level"/>
67 |       <field name="residual_risk_level_name">Low</field>
68 |     </record>
69 |   </data>
70 | </odoo>


--------------------------------------------------------------------------------
/grcbit_compliance/data/compliance.control.csv:
--------------------------------------------------------------------------------
 1 | name,compliance_control_objective_id
 2 | "a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]:
 3 | 1. [Selection (one or more): Organization-level; Mission/business process-level; Systemlevel] access control policy that:
 4 | (a) Addresses purpose, scope, roles, responsibilities, management commitment, 
 5 | coordination among organizational entities, and compliance; and
 6 | (b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and
 7 | 2. Procedures to facilitate the implementation of the access control policy and the 
 8 | associated access controls;",1
 9 | "b. Designate an [Assignment: organization-defined official] to manage the development, documentation, and dissemination of the access control policy and procedures; and",1
10 | "c. Review and update the current access control:
11 | 1. Policy [Assignment: organization-defined frequency] and following [Assignment: 
12 | organization-defined events]; and
13 | 2. Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events].",1
14 | a. Define and document the types of accounts allowed and specifically prohibited for use within the system;,2
15 | b. Assign account managers;,2
16 | c. Require [Assignment: organization-defined prerequisites and criteria] for group and role membership;,2
17 | "d. Specify:
18 | 1. Authorized users of the system;
19 | 2. Group and role membership; and
20 | 3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account;",2
21 | e. Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts;,2
22 | "f. Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria];",2
23 | g. Monitor the use of accounts;,2
24 | "h. Notify account managers and [Assignment: organization-defined personnel or roles] within: 1. [Assignment: organization-defined time period] when accounts are no longer required;
25 | 2. [Assignment: organization-defined time period] when users are terminated or 
26 | transferred; and
27 | 3. [Assignment: organization-defined time period] when system usage or need-to-know changes for an individual;",2
28 | "i. Authorize access to the system based on:
29 | 1. A valid access authorization;
30 | 2. Intended system usage; and
31 | 3. [Assignment: organization-defined attributes (as required)];",2
32 | j. Review accounts for compliance with account management requirements [Assignment: organization-defined frequency];,2
33 | k. Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and,2
34 | l. Align account management processes with personnel termination and transfer processes.,2
35 | Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.,3
36 | "Enforce approved authorizations for controlling the flow of information within the 
37 | system and between connected systems based on [Assignment: organization-defined information flow control policies].",4
38 | a. Identify and document [Assignment: organization-defined duties of individuals requiring separation]; and,5
39 | " Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.",6
40 | a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and,7
41 | b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.,7
42 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/reports/summary_report_statement_applicability.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data>
 4 |     <template id="summary_statement_applicability_print_template">
 5 |       <t t-call="web.basic_layout">
 6 |           <t t-call="web.report_layout">
 7 |             <div class="page">
 8 |               <div class="row">
 9 |                 <div class="col-4">
10 |                   <span>
11 |                     <img t-att-src="image_data_uri(docs.env.user.company_id.logo)" style="text-align:left; width:100px;" alt="Logo"/>
12 |                   </span>
13 |                 </div>
14 |                 <div class="col-8" style="text-align:left;">
15 |                   <h6>
16 |                     <strong>Statement Applicability Report</strong>
17 |                   </h6>
18 |                 </div>
19 |               </div>
20 |               <separator/>
21 |               <br />
22 |               <div class="row">
23 |                 <div class="col-3" style="border: 1px solid;font-weight:bold;"><span>CONTROL CATEGORY</span></div>
24 |                 <div class="col-3" style="border: 1px solid;font-weight:bold;"><span>ISO CONTROLS 27001:2022 COUNT</span></div>
25 |                 <div class="col-3" style="border: 1px solid;font-weight:bold;"><span>NUMBER OF APPLICABLE CONTROLS</span></div>
26 |                 <div class="col-3" style="border: 1px solid;font-weight:bold;"><span>% IMPLEMENTATION OF CONTROLS</span></div>
27 |               </div>
28 |               <div class="row">
29 |                 <div class="col-3" style="border: 1px solid"><span>5. Organizacionales</span></div>
30 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_iso_contol(5)"/></span></div>
31 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_applicable(5)"/></span></div>
32 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_status_avg(5)"/></span></div>
33 |               </div>
34 |               <div class="row">
35 |                 <div class="col-3" style="border: 1px solid"><span>6. Personas</span></div>
36 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_iso_contol(6)"/></span></div>
37 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_applicable(6)"/></span></div>
38 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_status_avg(6)"/></span></div>
39 |               </div>
40 |               <div class="row">
41 |                 <div class="col-3" style="border: 1px solid"><span>7. Fisicos</span></div>
42 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_iso_contol(7)"/></span></div>
43 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_applicable(7)"/></span></div>
44 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_status_avg(7)"/></span></div>
45 |               </div>
46 |               <div class="row">
47 |                 <div class="col-3" style="border: 1px solid"><span>8. Tecnológicos</span></div>
48 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_iso_contol(8)"/></span></div>
49 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_applicable(8)"/></span></div>
50 |                 <div class="col-3" style="border: 1px solid"><span><t t-esc="docs.get_is_status_avg(8)"/></span></div>
51 |               </div>
52 |             </div>
53 |             </t>
54 |         </t>
55 |     </template>
56 | 
57 |     <record id="summary_print_statement_report" model="ir.actions.report">
58 |       <field name="name">Statement Applicability Report (summary)</field>
59 |       <field name="model">statement.applicability</field>
60 |       <field name="report_type">qweb-html</field>
61 |       <field name="report_name">grcbit_iso27001.summary_statement_applicability_print_template</field>
62 |       <field name="report_file">grcbit_iso27001.summary_statement_applicability_print_template</field>
63 |       <field name="binding_type">report</field>
64 |       <field name="binding_model_id" ref="model_statement_applicability" />
65 |       <field name="paperformat_id" ref="grcbit_iso27001.paperformat_grcbit_iso" />
66 |     </record>
67 | 
68 |   </data>
69 | </odoo>
70 | 


--------------------------------------------------------------------------------
/grcbit_base/models/settings.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | from odoo import models, fields, api, _
 4 | import logging
 5 | import random as r
 6 | from datetime import date
 7 | from statistics import mode
 8 | from odoo.exceptions import ValidationError
 9 | 
10 | _logger = logging.getLogger(__name__)
11 | 
12 | class ItComponents(models.Model):
13 |     _name ='it.components'
14 |     _inherit = ["mail.thread", "mail.activity.mixin"]
15 | 
16 |     name = fields.Char(string="Name", track_visibility='onchange')
17 |     description = fields.Text(string="Description", track_visibility='onchange')
18 |     it_inventory_count = fields.Integer(string="IT Inventory Count")
19 |     active = fields.Boolean(default=True)
20 | 
21 |     _sql_constraints = [
22 |         ('unique_name','unique(name)','IT Component name already exist.!')]
23 | 
24 |     #@api.model
25 |     #def create(self, vals):
26 |     #    res = super(ItComponents, self).create(vals)
27 |     #    components = self.env['it.components'].search([('id','!=', res.id)])
28 |     #    if components:
29 |     #        if vals['name'] in [x.name for x in components]:
30 |     #            raise ValidationError("IT Component name already exist.!")
31 |     #    return res
32 |     
33 |     @api.model
34 |     def web_read_group(self, domain, fields, groupby, limit=None, offset=0, orderby=False,lazy=True, expand=False, expand_limit=None, expand_orderby=False):
35 |         res = super().web_read_group(domain, fields, groupby, limit, offset, orderby, lazy, expand, expand_limit, expand_orderby)
36 |         for i in self.env['it.components'].search([]):
37 |             data_assets = self.env['it.inventory.it.component'].search([('it_component_id', 'in', [i.id] )])
38 |             self.env['it.components'].sudo().search([('id','=',i.id)]).sudo().write({'it_inventory_count':len(data_assets)})
39 |         return res
40 | 
41 | class TCPPorts(models.Model):
42 |     _name = 'tcp.ports'
43 |     _inherit = ["mail.thread", "mail.activity.mixin"]
44 | 
45 |     name = fields.Char(string="Name", track_visibility='onchange')
46 |     #it_inventory_ids = fields.Many2many('it.inventory', 'it_inventory_tcp_ports_rel', 'tcp_ports_id', 'it_inventory_id', string="It system")
47 |     description = fields.Text(string="Description", track_visibility='onchange')
48 |     it_inventory_count = fields.Integer(string="IT Inventory Count")
49 |     active = fields.Boolean(default=True)
50 | 
51 |     _sql_constraints = [
52 |         ('unique_name','unique(name)','TCP Port name already exist.!')]
53 | 
54 |     #@api.model
55 |     #def create(self, vals):
56 |     #    res = super(TCPPorts, self).create(vals)
57 |     #    tcp_port = self.env['tcp.ports'].search([('id','!=', res.id)])
58 |     #    if tcp_port:
59 |     #        if vals['name'] in [x.name for x in tcp_port]:
60 |     #            raise ValidationError("TCP Port name already exist.!")
61 |     #    return res
62 |     
63 |     @api.model
64 |     def web_read_group(self, domain, fields, groupby, limit=None, offset=0, orderby=False,lazy=True, expand=False, expand_limit=None, expand_orderby=False):
65 |         res = super().web_read_group(domain, fields, groupby, limit, offset, orderby, lazy, expand, expand_limit, expand_orderby)
66 |         for i in self.env['tcp.ports'].search([]):
67 |             data_assets = self.env['it_inventory.tcp_ports.grc'].search([('tcp_ports_id', 'in', [i.id] )])
68 |             self.env['tcp.ports'].sudo().search([('id','=',i.id)]).sudo().write({'it_inventory_count':len(data_assets)})
69 |         return res
70 | '''
71 | # Pending
72 | class NmapSystem(models.Model):
73 |     _name = 'nmap.system'
74 |     nmap_file = fields.Binary(string="nmap File")
75 |     nmap_name = fields.Char(string="nmap name")
76 |     nmap_output = fields.Html(string="nmap output")
77 | '''
78 | 
79 | class TCPJustification(models.Model):
80 |     _name = 'it_inventory.tcp_ports.grc'
81 |     _rec_name = 'tcp_ports_id'
82 |     tcp_ports_id = fields.Many2one('tcp.ports', string="TCP Port")
83 |     it_inventory_id = fields.Many2one('it.inventory', string="IT System")
84 |     business_justification = fields.Text(string="Bussiness justification")
85 |     is_open = fields.Boolean(string="Is open", default=True)
86 |     color = fields.Integer(string="Color", default=lambda x: x.default_color())
87 | 
88 |     def default_color(self):
89 |         x = r.randrange(11)
90 |         if x <= 11 or x > 0:
91 |             return x
92 | 


--------------------------------------------------------------------------------
/grcbit_base/reports/report_it_inventory.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <odoo>
 3 |   <data
 4 |     <template id="it_inventory_print_template_1">
 5 |       <t t-call="web.html_container">
 6 |         <t t-foreach="docs" t-as="o" >
 7 | 	 <div class="header">
 8 |            <div class="row">
 9 |              <div class="col-4">
10 |                <span>
11 |                   <img t-att-src="image_data_uri(o.env.user.company_id.logo)" style="text-align:left; width:100px;" alt="Logo"/>
12 |                </span>
13 |              </div>
14 |            </div>
15 |          </div>
16 |           <t t-call="web.report_layout">
17 |             <div class="page">
18 |               <div class="row" style="font-size:12px;">
19 |                 <div class="col-3" style="color:black; background-color:grey;"><strong>IT System Name:</strong></div>
20 |                 <div class="col-3" style="border: 1px solid;text-align:center;"><t t-esc="o.name"/></div>
21 |                 <div class="col-3" style="color:black; background-color:grey;"><strong>Description:</strong></div>
22 |                 <div class="col-3" style="border: 1px solid;text-align:center;"><t t-esc="o.description"/></div>
23 |               </div>
24 |               <div class="row" style="font-size:12px;">
25 |                 <div class="col-3" style="color:black; background-color:grey;"><strong>User Quantity:</strong></div>
26 |                 <div class="col-3" style="border: 1px solid;text-align:center;"><t t-esc="o.users_qty"/></div>
27 |                 <div class="col-3" style="color:black; background-color:grey;"><strong>Environment:</strong></div>
28 |                 <div class="col-3" style="border: 1px solid;text-align:center;">
29 |                   <t t-if="o.environment == 'dev'">
30 |                     <span width="12px">Develop</span>
31 |                   </t>
32 |                   <t t-if="o.environment == 'prod'">
33 |                     <span width="12px">Production</span>
34 |                   </t>
35 |                   <t t-if="o.environment == 'stg'">
36 |                     <span width="12px">Staging</span>
37 |                   </t>
38 |                 </div>
39 |               </div>
40 |               <div class="row" style="font-size:12px;">
41 |                 <div class="row" style="font-size:12px;">
42 |                   <div class="col-6" style="text-align:center;"><strong>IT Components:</strong></div>
43 |                   <div class="col-6" style="text-align:center;"><strong>TCP Ports:</strong></div>
44 | 	        </div>
45 |                 <div class="row" style="font-size:12px;">
46 |                   <div class="col-6" style="border: 1px solid;text-align:left">
47 |                     <t t-foreach="o.it_component_ids" t-as="it">		
48 | 		      <ul>
49 | 			  <li> IT Component: <t t-esc="it.it_component_id.name"/> </li>
50 | 			  <li> IP: <t t-esc="it.ip"/> </li>
51 | 			  <li> URL: <t t-esc="it.url"/> </li>
52 | 			  <li> Cloud Hosted: <t t-esc="it.is_cloud"/> </li>
53 | 			  <li> Description: <t t-esc="it.description"/> </li>
54 | 			  <li> Responsible: <t t-esc="it.responsible.name"/> </li>
55 | 		      </ul>
56 |                     </t>
57 |                   </div>
58 |                   <div class="col-6" style="border: 1px solid;text-align:left">
59 |                     <t t-foreach="o.tcp_inventory_ids" t-as="tcp">		
60 | 		      <ul>
61 | 		        <li> TCP Port: <t t-esc="tcp.tcp_ports_id.name"/> </li>
62 | 		        <li> Business Justification: <t t-esc="tcp.business_justification"/> </li>
63 | 		        <li> Port Open: <t t-esc="tcp.is_open"/> </li>
64 | 		      </ul>
65 |                     </t>
66 |                   </div>
67 | 	        </div>
68 | 	      </div>
69 |             </div>
70 | 		    </t>
71 |         </t>
72 |       </t>
73 |     </template>
74 | 
75 |     <record id="print_it_inventory" model="ir.actions.report">
76 |       <field name="name">IT System Report</field>
77 |       <field name="model">it.inventory</field>
78 |       <field name="report_type">qweb-html</field>
79 |       <field name="report_name">grcbit_base.it_inventory_print_template</field>
80 |       <field name="report_file">grcbit_base.it_inventory_print_template</field>
81 |       <field name="binding_type">report</field>
82 |       <field name="binding_model_id" ref="model_it_inventory" />
83 |       <field name="paperformat_id" ref="grcbit_base.paperformat_grcbit_data_asset" />
84 |     </record>
85 | 
86 |   </data>
87 | </odoo>
88 | 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/security/ir.model.access.csv:
--------------------------------------------------------------------------------
 1 | id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 2 | access_common_vulnerability_exposure_group_grc_admin,access.common.vulnerability.exposure.group.grc.admin,model_common_vulnerability_exposure,grcbit_base.group_grc_admin,1,1,1,1
 3 | access_common_vulnerability_exposure_group_grc_consultant,access.common.vulnerability.exposure.group.grc.consultant,model_common_vulnerability_exposure,grcbit_base.group_grc_consultant,1,1,1,1
 4 | access_common_vulnerability_exposure_group_asset_management,access.common.vulnerability.exposure.group.asset.management,model_common_vulnerability_exposure,grcbit_base.group_asset_management,1,0,0,0
 5 | access_common_vulnerability_exposure_group_risk_management,access.common.vulnerability.exposure.group.risk.management,model_common_vulnerability_exposure,grcbit_base.group_risk_management,1,1,1,1
 6 | access_common_vulnerability_exposure_group_isms,access.common.vulnerability.exposure.group.isms,model_common_vulnerability_exposure,grcbit_base.group_isms,1,0,0,0
 7 | access_common_vulnerability_exposure_group_control,access.common.vulnerability.exposure.group.control,model_common_vulnerability_exposure,grcbit_base.group_control,1,0,0,0
 8 | access_common_vulnerability_exposure_group_compliance,access.common.vulnerability.exposure.group.compliance,model_common_vulnerability_exposure,grcbit_base.group_compliance,1,0,0,0
 9 | access_common_vulnerability_exposure_group_guest,access.common.vulnerability.exposure.group.guest,model_common_vulnerability_exposure,grcbit_base.group_guest,1,0,0,0
10 | 
11 | access_risk_factor_vulnerability_management_group_grc_admin,access.risk.factor.vulnerability.management.group.grc.admin,model_risk_factor_vulnerability_management,grcbit_base.group_grc_admin,1,1,1,1
12 | access_risk_factor_vulnerability_management_group_grc_consultant,access.risk.factor.vulnerability.management.group.grc.consultant,model_risk_factor_vulnerability_management,grcbit_base.group_grc_consultant,1,1,1,1
13 | access_risk_factor_vulnerability_management_group_asset_management,access.risk.factor.vulnerability.management.group.asset.management,model_risk_factor_vulnerability_management,grcbit_base.group_asset_management,1,0,0,0
14 | access_risk_factor_vulnerability_management_group_risk_management,access.risk.factor.vulnerability.management.group.risk.management,model_risk_factor_vulnerability_management,grcbit_base.group_risk_management,1,1,1,1
15 | access_risk_factor_vulnerability_management_group_isms,access.risk.factor.vulnerability.management.group.isms,model_risk_factor_vulnerability_management,grcbit_base.group_isms,1,0,0,0
16 | access_risk_factor_vulnerability_management_group_control,access.risk.factor.vulnerability.management.group.control,model_risk_factor_vulnerability_management,grcbit_base.group_control,1,0,0,0
17 | access_risk_factor_vulnerability_management_group_compliance,access.risk.factor.vulnerability.management.group.compliance,model_risk_factor_vulnerability_management,grcbit_base.group_compliance,1,0,0,0
18 | access_risk_factor_vulnerability_management_group_guest,access.risk.factor.vulnerability.management.group.guest,model_risk_factor_vulnerability_management,grcbit_base.group_guest,1,0,0,0
19 | 
20 | 
21 | access_vulnerability_search_wizard_group_grc_admin,access.vulnerability.search.wizard.group.grc.admin,model_vulnerability_search_wizard,grcbit_base.group_grc_admin,1,1,1,1
22 | access_vulnerability_search_wizard_group_grc_consultant,access.vulnerability.search.wizard.group.grc.consultant,model_vulnerability_search_wizard,grcbit_base.group_grc_consultant,1,1,1,1
23 | access_vulnerability_search_wizard_group_asset_management,access.vulnerability.search.wizard.group.asset.management,model_vulnerability_search_wizard,grcbit_base.group_asset_management,1,0,0,0
24 | access_vulnerability_search_wizard_group_risk_management,vulnerability.search.wizard.group.risk.management,model_vulnerability_search_wizard,grcbit_base.group_risk_management,1,1,1,1
25 | access_vulnerability_search_wizard_group_isms,access.vulnerability.search.wizard.group.isms,model_vulnerability_search_wizard,grcbit_base.group_isms,1,0,0,0
26 | access_vulnerability_search_wizard_group_control,access.vulnerability.search.wizard.group.control,model_vulnerability_search_wizard,grcbit_base.group_control,1,0,0,0
27 | access_vulnerability_search_wizard_group_compliance,access.vulnerability.search.wizard.group.compliance,model_vulnerability_search_wizard,grcbit_base.group_compliance,1,0,0,0
28 | access_vulnerability_search_wizard_group_guest,access.vulnerability.search.wizard.group.guest,model_vulnerability_search_wizard,grcbit_base.group_guest,1,0,0,0
29 | 


--------------------------------------------------------------------------------
/grcbit_base/views/settings_views.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <odoo>
  3 |   <data>
  4 |     <!--          IT COMPONENTS      -->
  5 |     <record id="it_components_action" model="ir.actions.act_window">
  6 |       <field name="name">IT Components</field>
  7 |       <field name="res_model">it.components</field>
  8 |       <field name="limit" eval="10"/>
  9 |       <field name="view_mode">tree,form,graph</field>
 10 |     </record>
 11 |     <record model="ir.ui.view" id="it_components_treeview">
 12 |       <field name="name">IT Components</field>
 13 |       <field name="model">it.components</field>
 14 |       <field name="arch" type="xml">
 15 |         <tree>
 16 |           <field name="name" required="1"/>
 17 |           <field name="description" />
 18 |         </tree>
 19 |       </field>
 20 |     </record>
 21 |     <record model="ir.ui.view" id="it_components_formview">
 22 |       <field name="name">IT Components</field>
 23 |       <field name="model">it.components</field>
 24 |       <field name="arch" type="xml">
 25 |         <form>
 26 |           <group>
 27 |             <field name="name"/>
 28 |             <field name="description" />
 29 |           </group>
 30 |           <div class="oe_chatter">
 31 |             <field name="activity_ids" widget="mail_activity" />
 32 |             <field name="message_ids" widget="mail_thread" />
 33 |           </div>
 34 |         </form>
 35 |       </field>
 36 |     </record>
 37 |     <record model="ir.ui.view" id="it_components_graphview">
 38 |       <field name="name">IT Components</field>
 39 |       <field name="model">it.components</field>
 40 |       <field name="arch" type="xml">
 41 |         <graph type="pie">
 42 |           <field name="it_inventory_count" type="measure"/>
 43 |           <field name="name"/>
 44 |         </graph>
 45 |       </field>
 46 |     </record>
 47 | 
 48 |     <!--  TCP Ports  -->
 49 |     <record id="tcp_ports_action" model="ir.actions.act_window">
 50 | 	    <field name="name">TCP Ports</field>
 51 | 	    <field name="res_model">tcp.ports</field>
 52 |       <field name="limit" eval="10"/>
 53 | 	    <field name="view_mode">tree,form,graph</field>
 54 |     </record>
 55 |     <record model="ir.ui.view" id="tcp_ports_treeview">
 56 |       <field name="name">TCP Ports</field>
 57 |       <field name="model">tcp.ports</field>
 58 |       <field name="arch" type="xml">
 59 |         <tree>
 60 |           <field name="name" required="1"/>
 61 |           <field name="description" />
 62 |         </tree>
 63 |       </field>
 64 |     </record>
 65 |     <record model="ir.ui.view" id="tcp_ports_formview">
 66 |       <field name="name">TCP Ports</field>
 67 |       <field name="model">tcp.ports</field>
 68 |       <field name="arch" type="xml">
 69 |         <form>
 70 |           <group>
 71 |             <group>
 72 |               <field name="name"/>
 73 |               <field name="description"/>
 74 |             </group>
 75 |             <group>
 76 |             </group>
 77 |           </group>
 78 |           <div class="oe_chatter">
 79 |             <field name="activity_ids" widget="mail_activity" />
 80 |             <field name="message_ids" widget="mail_thread" />
 81 |           </div>
 82 |         </form>
 83 |       </field>
 84 |     </record>
 85 |     <record model="ir.ui.view" id="tcp_ports_graphview">
 86 |       <field name="name">TCP Ports</field>
 87 |       <field name="model">tcp.ports</field>
 88 |       <field name="arch" type="xml">
 89 |         <graph type="pie">
 90 |           <field name="it_inventory_count" type="measure"/>
 91 |           <field name="name"/>
 92 |         </graph>
 93 |       </field>
 94 |     </record>
 95 | 
 96 |     <!-- NMAP SYSTEM -->
 97 |     <!--
 98 |     <record model="ir.ui.view" id="nmap_system_treeview">
 99 |       <field name="name">nmap System</field>
100 |       <field name="model">nmap.system</field>
101 |       <field name="arch" type="xml">
102 |         <tree>
103 |           <field name="nmap_file" filename="nmap_name" widget="binary"/>
104 |           <field name="nmap_name" invisible="1"/>
105 |           <field name="nmap_output"/>
106 |         </tree>
107 |       </field>
108 |     </record>
109 |     -->
110 |     <menuitem name="Business Process" id="menu_business_process" parent="grcbit_base.menu_asset_management" groups="base.group_user" action="business_process_action" sequence="5"/>
111 |     <menuitem name="IT Components" id="menu_it_components" parent="grcbit_base.menu_asset_management" groups="base.group_user" action="it_components_action" sequence="6"/>
112 |     <menuitem name="TCP Ports" id="menu_tcp_ports" parent="grcbit_base.menu_asset_management" groups="base.group_user" action="tcp_ports_action" sequence="7"/>
113 |   </data>
114 | </odoo>
115 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/views/grcbit_base_views.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <odoo>
  3 |   <data>
  4 |   
  5 |     <!--          HR EMPLOYEE       -->
  6 |     <record model="ir.ui.view" id="grcbit_iso27001_hr_employee_inh_formhview">
  7 |       <field name="name">GRC ISO27001 HR Employee.forminherited</field>
  8 |       <field name="model">hr.employee</field>
  9 |       <field name="inherit_id" ref="hr.view_employee_form"/>
 10 |       <field name="arch" type="xml">
 11 |         <xpath expr="//field[@name='work_email']" position="after">
 12 |           <field name="isms_roles_ids" widget="many2many_tags_open"/>
 13 |         </xpath>
 14 |         <xpath expr="//page[@name='personal_information']" position="attributes">
 15 |           <attribute name="groups">base.group_system,base.group_erp_manager</attribute>
 16 |         </xpath>
 17 |         <xpath expr="//page[@name='hr_settings']" position="attributes">
 18 |           <attribute name="groups">base.group_system,base.group_erp_manager</attribute>
 19 |         </xpath>
 20 |       </field>
 21 |     </record>
 22 | 
 23 |     <!--          IT INVENTORY       -->
 24 |     <!--
 25 |     <record model="ir.ui.view" id="grcbit_iso27001_it_inventory_inh_treeview">
 26 |       <field name="name">GRC ISO27001 IT System.treeinherited</field>
 27 |       <field name="model">it.inventory</field>
 28 |       <field name="inherit_id" ref="grcbit_base.it_inventory_view"/>
 29 |       <field name="arch" type="xml">
 30 |         <xpath expr="//field[@name='url']" position="after">
 31 |           <field name="responsible"/>
 32 |         </xpath>
 33 |       </field>
 34 |     </record>
 35 |     <record model="ir.ui.view" id="grcbit_iso27001_it_inventory_inh_searchview">
 36 |       <field name="name">GRC ISO27001 IT System.searchinherited</field>
 37 |       <field name="model">it.inventory</field>
 38 |       <field name="inherit_id" ref="grcbit_base.it_inventory_search"/>
 39 |       <field name="arch" type="xml">
 40 |         <xpath expr="//field[@name='url']" position="after">
 41 |           <field name="responsible"/>
 42 |         </xpath>
 43 |       </field>
 44 |     </record>
 45 |     <record model="ir.ui.view" id="grcbit_iso27001_it_inventory_inh_formhview">
 46 |       <field name="name">GRC ISO27001 IT System.forminherited</field>
 47 |       <field name="model">it.inventory</field>
 48 |       <field name="inherit_id" ref="grcbit_base.it_inventory_form"/>
 49 |       <field name="arch" type="xml">
 50 |         <xpath expr="//field[@name='url']" position="after">
 51 |           <field name="responsible" options="{'no_quick_create': True, 'no_create_edit' : True, 'no_create':True}"/>
 52 |         </xpath>
 53 |       </field>
 54 |     </record>
 55 |     -->
 56 |     <!--        DATA INVENTORY      -->
 57 |     <!--
 58 |     <record model="ir.ui.view" id="grcbit_iso27001_data_inventory_inh_treehview">
 59 |       <field name="name">GRC ISO27001 Data Asset.treeinherited</field>
 60 |       <field name="model">data.inventory</field>
 61 |       <field name="inherit_id" ref="grcbit_base.data_inventory_view"/>
 62 |       <field name="arch" type="xml">
 63 |         <xpath expr="//field[@name='security_requirement']" position="after">
 64 |           <field name="owner" optional="hide"/>
 65 |         </xpath>
 66 |       </field>
 67 |     </record>
 68 |     <record model="ir.ui.view" id="grcbit_iso27001_data_inventory_inh_searchhview">
 69 |       <field name="name">GRC ISO27001 Data Inventory.searchinherited</field>
 70 |       <field name="model">data.inventory</field>
 71 |       <field name="inherit_id" ref="grcbit_base.data_inventory_search"/>
 72 |       <field name="arch" type="xml">
 73 |         <xpath expr="//field[@name='security_requirement']" position="after">
 74 |           <field name="owner" optional="hide"/>
 75 |         </xpath>
 76 |       </field>
 77 |     </record>
 78 |     <record model="ir.ui.view" id="grcbit_iso27001_data_inventory_inh_graphhview">
 79 |       <field name="name">GRC ISO27001 Data Inventory.graphinherited</field>
 80 |       <field name="model">data.inventory</field>
 81 |       <field name="inherit_id" ref="grcbit_base.data_inventory_graph"/>
 82 |       <field name="arch" type="xml">
 83 |         <xpath expr="//field[@name='security_requirement']" position="after">
 84 |           <field name="owner"/>
 85 |         </xpath>
 86 |       </field>
 87 |     </record>
 88 |     
 89 | 
 90 |     <record model="ir.ui.view" id="grcbit_iso27001_data_inventory_inh_formhview">
 91 |       <field name="name">GRC ISO27001 Data Inventory.forminherited</field>
 92 |       <field name="model">data.inventory</field>
 93 |       <field name="inherit_id" ref="grcbit_base.data_inventory_form"/>
 94 |       <field name="arch" type="xml">
 95 |         <xpath expr="//field[@name='data_classification_id']" position="after">
 96 |           <field name="owner" options="{'no_quick_create': True, 'no_create_edit' : True, 'no_create':True}"/>
 97 |         </xpath>
 98 |       </field>
 99 |     </record>
100 |     -->
101 |   </data>
102 | </odoo>
103 | 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/views/views.xml:
--------------------------------------------------------------------------------
  1 | <odoo>
  2 |   <data>
  3 | 	  <!--
  4 |   <record id="action_vulnerability_search_wizard" model="ir.actions.act_window">
  5 |     <field name="name">CVE Search</field>
  6 |     <field name="res_model">vulnerability.search.wizard</field>
  7 |     <field name="view_mode">form</field>
  8 |     <field name="target">new</field>
  9 |   </record>
 10 | 
 11 |   <record id="view_vulnerability_search_wizard_form" model="ir.ui.view">
 12 |     <field name="name">vulnerability.search.wizard.form</field>
 13 |     <field name="model">vulnerability.search.wizard</field>
 14 |     <field name="arch" type="xml">
 15 |         <form>
 16 |             <group>
 17 |                 <field name="search_type"/>
 18 |                 <field name="vendor" attrs="{'invisible': [('search_type', '!=', 'vendor_product')]}"/>
 19 |                 <field name="specific_product" attrs="{'invisible': [('search_type', '!=', 'vendor_product')]}"/>
 20 |                 <field name="cve_id" attrs="{'invisible': [('search_type', '!=', 'cve_id')]}"/>
 21 |                 <field name="it_inventory_it_component_id" attrs="{'invisible': [('search_type', '!=', 'it_inventory_it_components')]}"/>
 22 |             </group>
 23 |             <footer>
 24 |                 <button name="search_vulnerabilities" string="CVE Search" type="object" class="btn btn-primary"/>
 25 |                 <button string="Cancel" class="btn-secondary" special="cancel"/>
 26 |             </footer>
 27 |         </form>
 28 |     </field>
 29 |   </record>
 30 | 	  -->
 31 |     <record id="cve_action" model="ir.actions.act_window">
 32 |       <field name="name">CVE</field>
 33 |       <field name="res_model">common.vulnerability.exposure</field>
 34 |       <field name="view_mode">tree,form</field>
 35 |     </record>
 36 |     <record model="ir.ui.view" id="cve_view">
 37 |       <field name="name">CVE</field>
 38 |       <field name="model">common.vulnerability.exposure</field>
 39 |       <field name="arch" type="xml">
 40 |         <tree>
 41 | 		<!--
 42 | 	  <header>
 43 | 	    <button name="search_cve" string="Search CVE" type="object" class="btn-primary" />
 44 | 	  </header>
 45 | 		-->
 46 | 
 47 |           <field name="cveId" />
 48 |           <field name="name" />
 49 |           <field name="date_download" />
 50 | 	  <!--
 51 |           <field name="published" />
 52 |           <field name="cve_modified" optional="hide" />
 53 |           <field name="severity" />
 54 |           <field name="state" />
 55 | 	  -->
 56 |         </tree>
 57 |       </field>
 58 |     </record>
 59 |     <record model="ir.ui.view" id="cve_form">
 60 |       <field name="name">CVE</field>
 61 |       <field name="model">common.vulnerability.exposure</field>
 62 |       <field name="arch" type="xml">
 63 |         <form>
 64 |   	  <group>
 65 |             <field name="cveId" />
 66 |             <field name="name" />
 67 |             <field name="description" />
 68 |           </group>
 69 |         </form>
 70 |       </field>
 71 |     </record>
 72 |     <!--
 73 |     <record model="ir.ui.view" id="cve_kanban">
 74 |       <field name="name">CVE</field>
 75 |       <field name="model">common.vulnerability.exposure</field>
 76 |       <field name="arch" type="xml">
 77 | 	<kanban class="o_kanban_mobile">
 78 |           <field name="cveId"/>
 79 |           <field name="severity"/>
 80 |           <templates>
 81 |             <t t-name="kanban-box">
 82 |               <div t-attf-class="oe_kanban_global_click">
 83 |                 <div class="oe_kanban_details">
 84 |                   <div style="background-color:#5DADE2;">
 85 |                     <strong class="o_kanban_record_title">
 86 |                       <field name="cveId"/>
 87 |                     </strong>
 88 |                   </div>
 89 |                   <div>
 90 |                     <field name="severity"/>
 91 | 		  </div>
 92 |                 </div>
 93 |               </div>
 94 |             </t>
 95 |           </templates>
 96 |         </kanban>
 97 |       </field>
 98 |     </record>
 99 |     -->
100 |     <record model="ir.ui.view" id="cve_search">
101 |       <field name="name">CVE</field>
102 |       <field name="model">common.vulnerability.exposure</field>
103 |       <field name="arch" type="xml">
104 |         <search>
105 |           <field name="cveId" />
106 | 	</search>
107 |       </field>
108 |     </record>
109 |     <!--
110 |     <record id="cve_search_action" model="ir.actions.server">
111 |       <field name="name">CVE Search</field>
112 |       <field name="model_id" ref="model_common_vulnerability_exposure"/>  
113 |       <field name="state">code</field>
114 |       <field name="code">action = model.open_cve_wizard()</field>
115 |     </record>
116 |     <menuitem name="CVE Search" id="menu_cve_search" parent="grcbit_risk_management.menu_risk_assessment" action="cve_search_action" sequence="19"/>
117 |     -->
118 | 
119 |     <menuitem name="CVE" id="menu_cve" parent="grcbit_risk_management.menu_risk_assessment" action="cve_action" sequence="19"/>
120 | 
121 |   </data>
122 | </odoo>
123 | 


--------------------------------------------------------------------------------
/grcbit_iso27001/reports/report_statement_applicability.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8" ?>
  2 | <odoo>
  3 |   <data>
  4 |     <template id="statement_applicability_print_template">
  5 |       <t t-call="web.basic_layout">
  6 |         <t t-foreach="docs" t-as="o" >
  7 |           <t t-call="web.report_layout">
  8 |             <div class="page">
  9 |               <div class="row">
 10 |                 <div class="col-4">
 11 |                   <span>
 12 |                     <img t-att-src="image_data_uri(o.env.user.company_id.logo)" style="text-align:left; width:100px;" alt="Logo"/>
 13 |                   </span>
 14 |                 </div>
 15 |                 <div class="col-8" style="text-align:left;">
 16 |                   <h6>
 17 |                     <strong>Statement Applicability Report<span><br/> ISMS Control: <t t-esc="o.name.display_name"/> </span> </strong><br/>
 18 |                     <t t-if="o.is_applicable == True">
 19 |                       <span>Applicable</span>
 20 |                     </t>
 21 |                     <t t-if="o.is_applicable == False">
 22 |                       <span>Not Applicable</span>
 23 |                     </t>
 24 |                     <br/>
 25 |                     <span>Reason for Selection: </span>
 26 |                     <t t-esc="o.reason_selection"/><br/>
 27 |                     Status: 
 28 |                     <t t-esc="o.control_status" t-option="{'widget': 'percentpie'}"/> %
 29 |                   </h6>
 30 |                 </div>
 31 |               </div>
 32 |               <br />
 33 |               <t i-if="len(o.control_design_id) &#62; 0">
 34 |                 <table  class="table table-bordered" style="font-size:12px;">
 35 |                   <thead>
 36 |                     <tr><th colspan="5">Control</th></tr>
 37 |                     <tr>
 38 |                       <th>Control ID</th>
 39 |                       <th>Name</th>
 40 |                       <th>Description</th>
 41 |                       <th>Risk</th>
 42 |                       <th>Status Implementation Control</th>
 43 |                     </tr>
 44 |                   </thead>
 45 |                   <tbody>
 46 |                     <t t-foreach="o.control_design_id" t-as="r"> 
 47 |                       <tr>
 48 |                         <td width="20%"><span t-esc="r.control_id"/></td>
 49 |                         <td width="20%"><span t-esc="r.name"/></td>
 50 |                         <td width="20%"><span t-esc="r.description"/></td>
 51 |                         <td width="20%">
 52 |                           <t t-foreach="r.risk_factor_id" t-as="risk">
 53 |                             | <span t-esc="risk.name"/>
 54 |                           </t>
 55 |                         </td>
 56 |                         <td width="20%">
 57 |                           <t t-if="r.state == 'draft'">
 58 |                             <span style="text-align:center;">25%</span>
 59 |                           </t>
 60 |                           <t t-if="r.state == 'designed'">
 61 |                             <span style="text-align:center;">50%</span>
 62 |                           </t>
 63 |                           <t t-if="r.state == 'implemented'">
 64 |                             <span style="text-align:center;">75%</span>
 65 |                           </t>
 66 |                           <t t-if="r.state == 'approved'">
 67 |                             <span style="text-align:center;">100%</span>
 68 |                           </t>
 69 |                         </td>
 70 |                       </tr>
 71 |                     </t>
 72 |                   </tbody>
 73 |                 </table>
 74 |               </t>
 75 |             </div>
 76 |             </t>
 77 |           </t>
 78 |         </t>
 79 |     </template>
 80 | 
 81 |     <record id="paperformat_grcbit_iso" model="report.paperformat">
 82 |       <field name="name">Custom Paper</field>
 83 |       <field name="default" eval="True" />
 84 |       <field name="format">A4</field>
 85 |       <field name="page_height">0</field>
 86 |       <field name="page_width">0</field>
 87 |       <field name="orientation">Landscape</field>
 88 |       <field name="margin_top">20</field>
 89 |       <field name="margin_bottom">5</field>
 90 |       <field name="margin_left">7</field>
 91 |       <field name="margin_right">7</field>
 92 |       <field name="header_line" eval="False" />
 93 |       <field name="header_spacing">10</field>
 94 |       <field name="dpi">90</field>
 95 |     </record>
 96 | 
 97 |     <record id="print_compliance" model="ir.actions.report">
 98 |       <field name="name">Statement Applicability Report (details)</field>
 99 |       <field name="model">statement.applicability</field>
100 |       <field name="report_type">qweb-html</field>
101 |       <field name="report_name">grcbit_iso27001.statement_applicability_print_template</field>
102 |       <field name="report_file">grcbit_iso27001.statement_applicability_print_template</field>
103 |       <field name="binding_type">report</field>
104 |       <field name="binding_model_id" ref="model_statement_applicability" />
105 |       <field name="paperformat_id" ref="grcbit_iso27001.paperformat_grcbit_iso" />
106 |     </record>
107 | 
108 |   </data>
109 | </odoo>
110 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/reports/report_risk_factor.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8" ?>
  2 | <odoo>
  3 |   <data>
  4 |     <template id="risk_factor_print_template">
  5 |       <t t-call="web.basic_layout">
  6 |         <t t-foreach="docs" t-as="o" >
  7 |           <t t-call="web.report_layout">
  8 |             <div class="page">
  9 |               <div class="row">
 10 |                 <div class="col-4">
 11 |                   <span>
 12 |                     <img t-att-src="image_data_uri(o.env.user.company_id.logo)" style="text-align:left; width:100px;" alt="Logo"/>
 13 |                   </span>
 14 |                 </div>
 15 |                 <div class="col-8" style="text-align:left;">
 16 |                   <h6>
 17 |                     <strong>Risk Factor Report
 18 |                       <span>
 19 |                         <br/> Risk Factor: <t t-esc="o.display_name"/>
 20 |                       </span>
 21 |                       <br/>
 22 |                       <span>
 23 |                         IT System: <t t-esc="o.it_inventory_id.name"/>
 24 |                       </span>
 25 |                       <br/>
 26 |                       <span>
 27 |                         Risk: 
 28 |                         <t t-foreach="o.company_risk_ids" t-as="risk">
 29 |                           | <t t-esc="risk.risk_name"/>
 30 |                         </t>
 31 |                       </span>
 32 |                     </strong>
 33 |                   </h6>
 34 |                 </div>
 35 |               </div>
 36 |               <br />
 37 |               <div name="main_table" style="font-size:12px;">
 38 |                 <div class="row">
 39 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Data Asset:</strong></div>
 40 |                   <div class="col-4" style="border: 1px solid;text-align:center">
 41 |                     <t t-foreach="o.data_inventory_id" t-as="asset">
 42 |                       <span>| <t t-esc="asset.name"/> |</span>
 43 |                     </t>
 44 |                   </div>
 45 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Consequence:</strong></div>
 46 |                   <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.consequence"/></div>
 47 |                 </div>
 48 |                 <div class="row">
 49 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Risk Owner:</strong></div>
 50 |                   <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.responsible.display_name"/></div>
 51 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Impact Level:</strong></div>
 52 |                   <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.impact_level_id.display_name"/></div>
 53 |                 </div>
 54 |                 <div class="row">
 55 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Probability Level:</strong></div>
 56 |                   <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.probability_level_id.display_name"/></div>
 57 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Quantification:</strong></div>
 58 |                   <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.quantification"/></div>
 59 |                 </div>
 60 |                 <div class="row">
 61 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Inherent Risk:</strong></div>
 62 |                   <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.inherent_risk"/></div>
 63 |                   <div class="col-2" style="font-weight:bold;border: 1px solid;"><strong>Residual Risk:</strong></div>
 64 |                   <div class="col-4" style="border: 1px solid;text-align:center"><t t-esc="o.residual_risk"/></div>
 65 |                 </div>
 66 |               </div>        
 67 |             </div>
 68 |           </t>
 69 |         </t>
 70 |       </t>
 71 |     </template>
 72 | 
 73 |     <record id="paperformat_grcbit_risk_factor" model="report.paperformat">
 74 |       <field name="name">Custom Paper</field>
 75 |       <field name="default" eval="True" />
 76 |       <field name="format">A4</field>
 77 |       <field name="page_height">0</field>
 78 |       <field name="page_width">0</field>
 79 |       <field name="orientation">Landscape</field>
 80 |       <field name="margin_top">20</field>
 81 |       <field name="margin_bottom">5</field>
 82 |       <field name="margin_left">7</field>
 83 |       <field name="margin_right">7</field>
 84 |       <field name="header_line" eval="False" />
 85 |       <field name="header_spacing">10</field>
 86 |       <field name="dpi">90</field>
 87 |     </record>
 88 | 
 89 |     <record id="print_compliance" model="ir.actions.report">
 90 |       <field name="name">Risk Factor Report</field>
 91 |       <field name="model">risk.factor</field>
 92 |       <field name="report_type">qweb-html</field>
 93 |       <field name="report_name">grcbit_risk_management.risk_factor_print_template</field>
 94 |       <field name="report_file">grcbit_risk_management.risk_factor_print_template</field>
 95 |       <field name="binding_type">report</field>
 96 |       <field name="binding_model_id" ref="model_risk_factor" />
 97 |       <field name="paperformat_id" ref="grcbit_risk_management.paperformat_grcbit_risk_factor" />
 98 |     </record>
 99 | 
100 |   </data>
101 | </odoo>
102 | 


--------------------------------------------------------------------------------
/grcbit_vulnerability_management/models/models.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | from odoo import models, fields, api
  3 | import requests
  4 | import json
  5 | from odoo.exceptions import UserError
  6 | import logging
  7 | import dateutil.parser
  8 | from json2table import convert
  9 | 
 10 | _logger = logging.getLogger(__name__)
 11 | 
 12 | class CommonVulnerabityExposure(models.Model):
 13 |     _name = 'common.vulnerability.exposure'
 14 |     _description = 'Common Vulnerability Exposure'
 15 |     _rec_name = 'cveId'
 16 | 
 17 |     cveId = fields.Char(string='CVE')
 18 |     name = fields.Char(string='Name')
 19 |     description = fields.Html(string='Description')
 20 |     date_download = fields.Datetime(string='Download Date', default=fields.Datetime.now) #lambda self: datetime.now(), readonly=True)
 21 |     active = fields.Boolean(default=True)
 22 |     #published = fields.Char(string='Published')
 23 |     #cve_modified = fields.Char(string='Modified')
 24 |     #severity = fields.Char(string='Severity')
 25 |     #state = fields.Char(string='State')
 26 |     #affected = fields.Html(string='Affected')
 27 |     #reference = fields.Html(string='Reference')
 28 |     #problemType = fields.Html(string='Problem Type')
 29 |     #active = fields.Boolean(default=True)
 30 |     _sql_constraints = [('unique_cveId', 'unique(cveId)', 'The CVE already exists.')]
 31 | 
 32 |     # Wizard will be used in following version
 33 |     '''
 34 |     def open_cve_wizard(self):
 35 |         return {
 36 |             'name': 'CVE Search',
 37 |             'type': 'ir.actions.act_window',
 38 |             'res_model': 'vulnerability.search.wizard',
 39 |             'view_mode': 'form',
 40 |             'target': 'new',
 41 |             'context': {'default_cve_id': self.id},  # Pass inventory ID to wizard
 42 |         }
 43 |     '''
 44 | 
 45 |     @api.model
 46 |     def create(self, vals):
 47 |         record = super(CommonVulnerabityExposure, self).create(vals)
 48 |         record.search_cve()
 49 |         return record
 50 | 
 51 |     def search_cve(self):
 52 |         for i in self:
 53 |             url = f"https://cve.circl.lu/api/cve/{i.cveId}"
 54 |             response = requests.get(url)
 55 |             response.raise_for_status() # Raise error for bad HTTP status
 56 |             data = response.json()
 57 | 
 58 |             if isinstance(data, dict):
 59 |               data = [data] # Ensure data is a list
 60 | 
 61 |             for item in data:
 62 |                 html_table_description = '' #pd.DataFrame(item).to_html()
 63 |                 build_direction = "LEFT_TO_RIGHT"
 64 |                 table_attributes = {'style':'width:100%'}
 65 |                 html_table_description = convert(item, build_direction=build_direction, table_attributes=table_attributes)
 66 |                 i.description = html_table_description
 67 |         return True
 68 | 
 69 | class VulnerabilitySearchWizard(models.TransientModel):
 70 |     _name = 'vulnerability.search.wizard'
 71 |     _description = 'CVE Search Wizard'
 72 | 
 73 |     search_type = fields.Selection([
 74 |         ('vendor_product', 'Get CVE per vendor and a specific product'),
 75 |         ('cve_id', 'Get CVE ID'),
 76 |         ('it_inventory_it_component', 'Get CVE by IT Component')
 77 |     ], string='CVE Search', required=True)
 78 |     vendor = fields.Char('Vendor')
 79 |     specific_product = fields.Char('Product')
 80 |     cve_id = fields.Char('CVE ID')
 81 |     it_inventory_it_component_id = fields.Many2one('it.inventory.it.component', string="IT Component")
 82 | 
 83 |     def search_vulnerabilities(self):
 84 |         if self.search_type == 'vendor_product':
 85 |             if not self.vendor or not self.specific_product:
 86 |                 raise UserError("Debes especificar Vendor y Producto Específico.")
 87 |             url = f"https://cve.circl.lu/api/search/{self.vendor}/{self.specific_product}"
 88 |         elif self.search_type == 'cve_id':
 89 |             if not self.cve_id:
 90 |                 raise UserError("Debes especificar CVE ID Específico.")
 91 |             url = f"https://cve.circl.lu/api/cve/{self.cve_id}"
 92 |         elif self.search_type == 'it_inventory_it_component':
 93 |             if not self.it_inventory_it_component_id: # or not self.inventory_id.it_component_ids:
 94 |                 raise UserError('Debes seleccionar un inventario con componentes.')
 95 |             component_ids = it_inventory_it_component_id #','.join([component.name for component in self.inventory_id.it_component_ids])
 96 |             url = f"https://cve.circl.lu/api/browse/{component_ids}"
 97 |         else:
 98 |           raise UserError("Debes elegir un tipo de busqueda.")
 99 |         try:
100 |             response = requests.get(url)
101 |             response.raise_for_status() # Raise error for bad HTTP status
102 |             data = response.json()
103 |     
104 |             if isinstance(data, dict):
105 |               data = [data] # Ensure data is a list
106 | 
107 |             for item in data:
108 | 
109 |                 html_table_description = '' #pd.DataFrame(item).to_html()
110 |                 build_direction = "LEFT_TO_RIGHT"
111 |                 table_attributes = {'style':'width:100%'}
112 |                 html_table_description = convert(item, build_direction=build_direction, table_attributes=table_attributes)
113 | 
114 |                 self.env['common.vulnerability.exposure'].create({ 'cveId':self.cve_id, 'description':html_table_description  })
115 | 
116 |             return {'type': 'ir.actions.act_window_close'} # Close Wizard.
117 | 
118 |         except requests.exceptions.RequestException as e:
119 |             raise UserError(f"API conection error: {e}")
120 | 
121 |         except json.JSONDecodeError:
122 |             raise UserError("Error: API invalid JSON.")
123 | 
124 |         except Exception as e:
125 |             raise UserError(f"Error: {e}")
126 | 


--------------------------------------------------------------------------------
/grcbit_cvss/wizard/cvss_calculator.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | import logging
  3 | from odoo import api, fields, models, _
  4 | from cvss import CVSS2, CVSS3
  5 | 
  6 | _logger = logging.getLogger(__name__)
  7 | 
  8 | class CVSSCalculator(models.TransientModel):
  9 |     _name = 'cvss.calculator'
 10 | 
 11 |     attack_vector = fields.Selection([
 12 |         ('network','Network (N)'),
 13 |         ('adjacent','Adjacent (A)'),
 14 |         ('local','Local (L)'),
 15 |         ('physical','Physical (P)'),
 16 |     ], string="Attack Vector (AV)", default="network")
 17 |     attack_complexity = fields.Selection([
 18 |         ('low','Low (L)'),
 19 |         ('high','High (H)'),
 20 |     ], string="Attack Complexity (AC)", default="low")
 21 |     privileges_required = fields.Selection([
 22 |         ('none','None (N)'),
 23 |         ('low','Low (L)'),
 24 |         ('high','High (H)'),
 25 |     ], string="Privileges Required (PR)", default="none")
 26 |     user_interaction = fields.Selection([
 27 |         ('none','None (N)'),
 28 |         ('required','Required (R)'),
 29 |     ], string="User Interaction (UI)", default="none")
 30 |     scope = fields.Selection([
 31 |         ('unchanged','Unchanged (U)'),
 32 |         ('changed','Changed (C)'),
 33 |     ], string="Scope (S)", default="unchanged")
 34 |     confidentiality = fields.Selection([
 35 |         ('none','None (N)'),
 36 |         ('low','Low (L)'),
 37 |         ('high','High (H)'),
 38 |     ], string="Confidentiality (C)", default="none")
 39 |     integrity = fields.Selection([
 40 |         ('none','None (N)'),
 41 |         ('low','Low (L)'),
 42 |         ('high','High (H)'),
 43 |     ], string="Integrity (I)", default="none")
 44 |     availability = fields.Selection([
 45 |         ('none','None (N)'),
 46 |         ('low','Low (L)'),
 47 |         ('high','High (H)'),
 48 |     ], string="Availability (A)", default="none")
 49 | 
 50 |     score = fields.Float(string="Score", digits=(1,1), compute="get_vector", store=True)
 51 |     vector = fields.Char(string="Vector", compute="get_vector", store=True)
 52 | 
 53 |     risk_factor_id = fields.Many2one('risk.factor', string="Risk Factor", default=lambda x: x.env.context.get('active_id'))
 54 |     #cve_id = fields.Many2one('risk.factor.vulnerability.management', string="Vulnerability", default=lambda x: x.env.context.get('active_id'))
 55 |     cve_id = fields.Many2one(
 56 |         'risk.factor.vulnerability.management',
 57 |         string="Vulnerability",
 58 |         default=lambda self: self.env.context.get('active_id')
 59 |         if self.env.context.get('active_model') == 'risk.factor.vulnerability.management'
 60 |         else False
 61 |     )
 62 | 
 63 |     @api.depends('attack_vector','attack_complexity','privileges_required','user_interaction','scope','confidentiality','integrity','availability')
 64 |     def get_vector(self):
 65 |         for rec in self:
 66 |             base = 'CVSS:3.1'
 67 |             av = ''
 68 |             ac = ''
 69 |             pr = ''
 70 |             ui = ''
 71 |             s = ''
 72 |             c = ''
 73 |             i = ''
 74 |             a = ''
 75 |             if rec.attack_vector:
 76 |                 if rec.attack_vector == 'network':
 77 |                     av = '/AV:N'
 78 |                 elif rec.attack_vector == 'adjacent':
 79 |                     av = '/AV:A'
 80 |                 elif rec.attack_vector == 'local':
 81 |                     av = '/AV:L'
 82 |                 elif rec.attack_vector == 'physical':
 83 |                     av = '/AV:P'
 84 |             if rec.attack_complexity:
 85 |                 if rec.attack_complexity == 'low':
 86 |                     ac = '/AC:L'
 87 |                 elif rec.attack_complexity == 'high':
 88 |                     ac = '/AC:H'
 89 |             if rec.privileges_required:
 90 |                 if rec.privileges_required == 'none':
 91 |                     pr = '/PR:N'
 92 |                 elif rec.privileges_required == 'low':
 93 |                     pr = '/PR:L'
 94 |                 elif rec.privileges_required == 'high':
 95 |                     pr = '/PR:H'
 96 |             if rec.user_interaction:
 97 |                 if rec.user_interaction == 'none':
 98 |                     ui = '/UI:N'
 99 |                 elif rec.user_interaction == 'required':
100 |                     ui = '/UI:R'
101 |             if rec.scope:
102 |                 if rec.scope == 'unchanged':
103 |                     s = '/S:U'
104 |                 elif rec.scope == 'changed':
105 |                     s = '/S:C'
106 |             if rec.confidentiality:
107 |                 if rec.confidentiality == 'none':
108 |                     c = '/C:N'
109 |                 elif rec.confidentiality == 'low':
110 |                     c = '/C:L'
111 |                 elif rec.confidentiality == 'high':
112 |                     c = '/C:H'
113 |             if rec.integrity:
114 |                 if rec.integrity == 'none':
115 |                     i = '/I:N'
116 |                 elif rec.integrity == 'low':
117 |                     i = '/I:L'
118 |                 elif rec.integrity == 'high':
119 |                     i = '/I:H'
120 |             if rec.availability:
121 |                 if rec.availability == 'none':
122 |                     a = '/A:N'
123 |                 elif rec.availability == 'low':
124 |                     a = '/A:L'
125 |                 elif rec.availability == 'high':
126 |                     a = '/A:H'
127 |             final = '/MAV:A'
128 |             rec.vector = base + av + ac + pr + ui + s + c + i + a + final
129 |             vector = rec.vector
130 |             val = CVSS3(vector)
131 |             rec.score = float(val.scores()[0])
132 | 
133 |     def accept_done(self):
134 |         for rec in self:
135 |             is_risk_factor = rec.env.context.get('active_model')
136 |             _logger.info('is_risk_factor: '+ str(is_risk_factor))
137 |             if is_risk_factor == 'risk.factor':
138 |                 rec.risk_factor_id.vector = rec.vector
139 |                 rec.risk_factor_id.score = rec.score
140 |             else:
141 |                 rec.cve_id.cvss_score_3 = rec.score
142 |                 rec.cve_id.cvss_string_3 = rec.vector
143 | 


--------------------------------------------------------------------------------
/grcbit_compliance/models/compliance_models.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | import logging
  3 | from datetime import date
  4 | from statistics import mode
  5 | from odoo import models, fields, api, _
  6 | from odoo.osv import expression
  7 | from odoo import SUPERUSER_ID
  8 | 
  9 | _logger = logging.getLogger(__name__)
 10 | 
 11 | class ComplianceVersion(models.Model):
 12 |     _name = 'compliance.version'
 13 |     _inherit = ["mail.thread", "mail.activity.mixin"]
 14 |     _description = 'Compliance Version'
 15 | 
 16 |     name = fields.Char(string='Compliance Version', required=True)
 17 |     active = fields.Boolean(default=True)
 18 |     description  = fields.Text(string='Description')
 19 |     compliance_control_objective_ids = fields.One2many('compliance.control.objective', 'compliance_version_id', string=' ', required=True  )
 20 |     attachment_file = fields.Binary(string="Attachment")
 21 |     _sql_constraints = [('name_uniq', 'unique(name)', "The compliance version name already exists.")]
 22 | 
 23 | 
 24 |     def get_data_records(self):
 25 |         data = {}
 26 |         record = []
 27 |         c_records = []
 28 |         for i in self:
 29 |             r = []
 30 |             r.append(i.display_name)
 31 |             r.append(i.description)
 32 |             for ii in i.compliance_control_objective_ids:
 33 |                 rr=[]
 34 |                 rr.append(ii.display_name)
 35 |                 rr.append(ii.description) 
 36 |                 for iii in ii.compliance_control_ids:
 37 |                     d = []
 38 |                     compliance_detail = self.env['compliance.iso.control'].search([('compliance_control_id','=',iii.id)])
 39 |                     for iiii in compliance_detail:
 40 |                         rrr=[]
 41 |                         
 42 |                         rrr.append(iiii.compliance_control_id.display_name)
 43 |                         rrr.append(iiii.description)
 44 |                         rrr.append([x.display_name for x in iiii.control_id])
 45 | 
 46 |                         c_records.append(rrr)
 47 |                         d.append(rrr)
 48 |                     rr.append(d)
 49 |                 r.append(rr)
 50 |             record.append(r)
 51 |         data['compliance'] = record
 52 |         data['c_records'] = c_records
 53 |         return data['c_records']
 54 |     
 55 | class ComplianceControlObjective(models.Model):
 56 |     _name = 'compliance.control.objective'
 57 |     _inherit = ["mail.thread", "mail.activity.mixin"]
 58 |     _description = 'Compliance Objective'
 59 | 
 60 |     name = fields.Char(string='Compliance Objective', required=True)
 61 |     active = fields.Boolean(default=True)
 62 |     compliance_version_id = fields.Many2one('compliance.version', string='Compliance Version')
 63 |     description  = fields.Html(string='Description')
 64 |     compliance_control_ids = fields.One2many('compliance.control','compliance_control_objective_id', string=' ')
 65 |     _sql_constraints = [('name_uniq', 'unique(name)', "The compliance objective name already exists.")]
 66 | 
 67 |     def name_get(self):
 68 |         result = []
 69 |         for rec in self:
 70 |             result.append((rec.id, '%s - %s' % (rec.compliance_version_id.name, rec.name)))
 71 |         return result
 72 | 
 73 | class ComplianceControl(models.Model):
 74 |     _name = 'compliance.control'
 75 |     _inherit = ["mail.thread", "mail.activity.mixin"]
 76 |     _description = 'Compliance Requirement'
 77 | 
 78 |     name = fields.Char(string='Compliance Requirement', required=True)
 79 |     active = fields.Boolean(default=True)
 80 |     compliance_control_objective_id = fields.Many2one('compliance.control.objective', string='Compliance Objective', required=True)
 81 |     description  = fields.Html(string='Description')
 82 |     _sql_constraints = [('name_uniq', 'unique(name)', "The compliance requirement name already exists.")]
 83 | 
 84 |     def name_get(self):
 85 |         result = []
 86 |         for rec in self:
 87 |             result.append((rec.id, '%s - %s - %s' % (rec.compliance_control_objective_id.compliance_version_id.name, rec.compliance_control_objective_id.name, rec.name)))
 88 |         return result
 89 | 
 90 | class ComplianceIsoControl(models.Model):
 91 |     _name = 'compliance.iso.control'
 92 |     _inherit = ["mail.thread", "mail.activity.mixin"]
 93 |     _description = 'Compliance - ISMS'
 94 | 
 95 |     compliance_control_id = fields.Many2one('compliance.control', string='Compliance Requirement', required=True) #requerimiento NIST - AC-1 POLICY AND PROCEDURES
 96 |     iso_control_id     = fields.Many2many('iso.control', string='ISMS Control', required=True) #ISO
 97 |     active = fields.Boolean(default=True)
 98 |     compliance_version = fields.Many2one(
 99 |         'compliance.version', 
100 |         string="Compliance Version", 
101 |         compute="get_version",
102 |         store=True)
103 |     control_id = fields.Many2many('control.design', string="Control", required=True)
104 |     description  = fields.Html(string='Compliance Description', required=True) #Cumplimiento
105 |     control_status = fields.Integer(string="Status")
106 |     is_applicable = fields.Boolean(string="Is Applicable")
107 |     is_implemented = fields.Boolean(string="Is Implemented")
108 |     is_compensatory_control = fields.Boolean(string="Is Compensatory Control")
109 | 
110 |     _sql_constraints = [('compliance_control_id_uniq', 'unique(compliance_control_id)', "The Compliance Control it is already being used.")]
111 | 
112 |     @api.depends('compliance_control_id')
113 |     def get_version(self):
114 |         for rec in self:
115 |             if rec.compliance_control_id:
116 |                 rec.compliance_version = rec.compliance_control_id.compliance_control_objective_id.compliance_version_id.id
117 | 
118 |     @api.onchange('control_id','control_id.state')
119 |     def _status_control(self):
120 |         status = 0
121 |         for i in self.control_id:
122 |             if i.state == 'draft':
123 |                 status += 25
124 |             if i.state == 'designed':
125 |                 status += 50
126 |             if i.state == 'implemented':
127 |                 status += 75
128 |             if i.state == 'approved':
129 |                 status += 100
130 |         if len(self.control_id) > 0:
131 |             self.sudo().control_status = status / len(self.control_id)
132 |         else:
133 |             self.sudo().control_status = 0


--------------------------------------------------------------------------------
/grcbit_compliance/security/ir.model.access.csv:
--------------------------------------------------------------------------------
 1 | id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 2 | access_compliance_version_group_grc_admin,access.compliance.version.group.grc.admin,model_compliance_version,grcbit_base.group_grc_admin,1,1,1,1
 3 | access_compliance_version_group_grc_consultant,access.compliance.version.group.grc.consultant,model_compliance_version,grcbit_base.group_grc_consultant,1,1,1,1
 4 | access_compliance_version_group_asset_management,access.compliance.version.group.asset.management,model_compliance_version,grcbit_base.group_asset_management,1,0,0,0
 5 | access_compliance_version_group_risk_management,access.compliance.version.group.risk.management,model_compliance_version,grcbit_base.group_risk_management,1,0,0,0
 6 | access_compliance_version_group_isms,access.compliance.version.group.isms,model_compliance_version,grcbit_base.group_isms,1,0,0,0
 7 | access_compliance_version_group_control,access.compliance.version.group.control,model_compliance_version,grcbit_base.group_control,1,0,0,0
 8 | access_compliance_version_group_compliance,access.compliance.version.group.compliance,model_compliance_version,grcbit_base.group_compliance,1,1,1,1
 9 | access_compliance_version_group_guest,access.compliance.version.group.guest,model_compliance_version,grcbit_base.group_guest,1,0,0,0
10 | 
11 | access_compliance_control_objective_group_grc_admin,access.compliance.control.objective.group.grc.admin,model_compliance_control_objective,grcbit_base.group_grc_admin,1,1,1,1
12 | access_compliance_control_objective_group_grc_consultant,access.compliance.control.objective.group.grc.consultant,model_compliance_control_objective,grcbit_base.group_grc_consultant,1,1,1,1
13 | access_compliance_control_objective_group_asset_management,access.compliance.control.objective.group.asset.management,model_compliance_control_objective,grcbit_base.group_asset_management,1,0,0,0
14 | access_compliance_control_objective_group_risk_management,access.compliance.control.objective.group.risk.management,model_compliance_control_objective,grcbit_base.group_risk_management,1,0,0,0
15 | access_compliance_control_objective_group_isms,access.compliance.control.objective.group.isms,model_compliance_control_objective,grcbit_base.group_isms,1,0,0,0
16 | access_compliance_control_objective_group_control,access.compliance.control.objective.group.control,model_compliance_control_objective,grcbit_base.group_control,1,0,0,0
17 | access_compliance_control_objective_group_compliance,access.compliance.control.objective.group.compliance,model_compliance_control_objective,grcbit_base.group_compliance,1,1,1,1
18 | access_compliance_control_objective_group_guest,access.compliance.control.objective.group.guest,model_compliance_control_objective,grcbit_base.group_guest,1,0,0,0
19 | 
20 | access_compliance_control_group_grc_admin,access.compliance.control.group.grc.admin,model_compliance_control,grcbit_base.group_grc_admin,1,1,1,1
21 | access_compliance_control_group_grc_consultant,access.compliance.control.group.grc.consultant,model_compliance_control,grcbit_base.group_grc_consultant,1,1,1,1
22 | access_compliance_control_group_asset_management,access.compliance.control.group.asset.management,model_compliance_control,grcbit_base.group_asset_management,1,0,0,0
23 | access_compliance_control_group_risk_management,access.compliance.control.group.risk.management,model_compliance_control,grcbit_base.group_risk_management,1,0,0,0
24 | access_compliance_control_group_isms,access.compliance.control.group.isms,model_compliance_control,grcbit_base.group_isms,1,0,0,0
25 | access_compliance_control_group_control,access.compliance.control.group.control,model_compliance_control,grcbit_base.group_control,1,0,0,0
26 | access_compliance_control_group_compliance,access.compliance.control.group.compliance,model_compliance_control,grcbit_base.group_compliance,1,1,1,1
27 | access_compliance_control_group_guest,access.compliance.control.group.guest,model_compliance_control,grcbit_base.group_guest,1,0,0,0
28 | 
29 | access_compliance_iso_control_group_grc_admin,access.compliance.iso.control.group.grc.admin,model_compliance_iso_control,grcbit_base.group_grc_admin,1,1,1,1
30 | access_compliance_iso_control_group_grc_consultant,access.compliance.iso.control.group.grc.consultant,model_compliance_iso_control,grcbit_base.group_grc_consultant,1,1,1,1
31 | access_compliance_iso_control_group_asset_management,access.compliance.iso.control.group.asset.management,model_compliance_iso_control,grcbit_base.group_asset_management,1,0,0,0
32 | access_compliance_iso_control_group_risk_management,access.compliance.iso.control.group.risk.management,model_compliance_iso_control,grcbit_base.group_risk_management,1,0,0,0
33 | access_compliance_iso_control_group_isms,access.compliance.iso.control.group.isms,model_compliance_iso_control,grcbit_base.group_isms,1,0,0,0
34 | access_compliance_iso_control_group_control,access.compliance.iso.control.group.control,model_compliance_iso_control,grcbit_base.group_control,1,0,0,0
35 | access_compliance_iso_control_group_compliance,access.compliance.iso.control.group.compliance,model_compliance_iso_control,grcbit_base.group_compliance,1,1,1,1
36 | access_compliance_iso_control_group_guest,access.compliance.iso.control.group.guest,model_compliance_iso_control,grcbit_base.group_guest,1,0,0,0
37 | 
38 | access_data_inventory_compliance_version_group_grc_admin,access.data.inventory.compliance.version.group.grc.admin,model_data_inventory_compliance_version,grcbit_base.group_grc_admin,1,1,1,1
39 | access_data_inventory_compliance_version_group_grc_consultant,access.data.inventory.compliance.version.group.grc.consultant,model_data_inventory_compliance_version,grcbit_base.group_grc_consultant,1,1,1,1
40 | access_data_inventory_compliance_version_group_asset_management,access.data.inventory.compliance.version.group.asset.management,model_data_inventory_compliance_version,grcbit_base.group_asset_management,1,1,1,1
41 | access_data_inventory_compliance_version_group_risk_management,access.data.inventory.compliance.version.group.risk.management,model_data_inventory_compliance_version,grcbit_base.group_risk_management,1,0,0,0
42 | access_data_inventory_compliance_version_group_isms,access.data.inventory.compliance.version.group.isms,model_data_inventory_compliance_version,grcbit_base.group_isms,1,0,0,0
43 | access_data_inventory_compliance_version_group_control,access.data.inventory.compliance.version.group.control,model_data_inventory_compliance_version,grcbit_base.group_control,1,0,0,0
44 | access_data_inventory_compliance_version_group_compliance,access.data.inventory.compliance.version.group.compliance,model_data_inventory_compliance_version,grcbit_base.group_compliance,1,1,1,1
45 | access_data_inventory_compliance_version_group_guest,access.data.inventory.compliance.version.group.guest,model_data_inventory_compliance_version,grcbit_base.group_guest,1,0,0,0


--------------------------------------------------------------------------------
/grcbit_cvss/i18n/en_US.po:
--------------------------------------------------------------------------------
  1 | # Translation of Odoo Server.
  2 | # This file contains the translation of the following modules:
  3 | # 	* grcbit_cvss
  4 | #
  5 | msgid ""
  6 | msgstr ""
  7 | "Project-Id-Version: Odoo Server 16.0\n"
  8 | "Report-Msgid-Bugs-To: \n"
  9 | "POT-Creation-Date: 2023-12-15 18:43+0000\n"
 10 | "PO-Revision-Date: 2023-12-15 18:43+0000\n"
 11 | "Last-Translator: \n"
 12 | "Language-Team: \n"
 13 | "MIME-Version: 1.0\n"
 14 | "Content-Type: text/plain; charset=UTF-8\n"
 15 | "Content-Transfer-Encoding: \n"
 16 | "Plural-Forms: \n"
 17 | 
 18 | #. module: grcbit_cvss
 19 | #: model_terms:ir.ui.view,arch_db:grcbit_cvss.cvss_report_risk_factor_custom
 20 | msgid "<strong>CVSS Score:</strong>"
 21 | msgstr ""
 22 | 
 23 | #. module: grcbit_cvss
 24 | #: model_terms:ir.ui.view,arch_db:grcbit_cvss.cvss_report_risk_factor_custom
 25 | msgid "<strong>CVSS Vector:</strong>"
 26 | msgstr ""
 27 | 
 28 | #. module: grcbit_cvss
 29 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__attack_vector__adjacent
 30 | msgid "Adjacent (A)"
 31 | msgstr ""
 32 | 
 33 | #. module: grcbit_cvss
 34 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__attack_complexity
 35 | msgid "Attack Complexity (AC)"
 36 | msgstr ""
 37 | 
 38 | #. module: grcbit_cvss
 39 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__attack_vector
 40 | msgid "Attack Vector (AV)"
 41 | msgstr ""
 42 | 
 43 | #. module: grcbit_cvss
 44 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__availability
 45 | msgid "Availability (A)"
 46 | msgstr ""
 47 | 
 48 | #. module: grcbit_cvss
 49 | #: model:ir.actions.act_window,name:grcbit_cvss.cvss_calculator_action
 50 | #: model_terms:ir.ui.view,arch_db:grcbit_cvss.cvss_calculator_risk_factor_inherit_form
 51 | msgid "CVSS Calculator"
 52 | msgstr ""
 53 | 
 54 | #. module: grcbit_cvss
 55 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__scope__changed
 56 | msgid "Changed (C)"
 57 | msgstr ""
 58 | 
 59 | #. module: grcbit_cvss
 60 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__confidentiality
 61 | msgid "Confidentiality (C)"
 62 | msgstr ""
 63 | 
 64 | #. module: grcbit_cvss
 65 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__create_uid
 66 | msgid "Created by"
 67 | msgstr ""
 68 | 
 69 | #. module: grcbit_cvss
 70 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__create_date
 71 | msgid "Created on"
 72 | msgstr ""
 73 | 
 74 | #. module: grcbit_cvss
 75 | #: model_terms:ir.ui.view,arch_db:grcbit_cvss.cvss_calculator_form
 76 | msgid "DISCARD"
 77 | msgstr ""
 78 | 
 79 | #. module: grcbit_cvss
 80 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__display_name
 81 | msgid "Display Name"
 82 | msgstr ""
 83 | 
 84 | #. module: grcbit_cvss
 85 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__attack_complexity__high
 86 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__availability__high
 87 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__confidentiality__high
 88 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__integrity__high
 89 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__privileges_required__high
 90 | msgid "High (H)"
 91 | msgstr ""
 92 | 
 93 | #. module: grcbit_cvss
 94 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__id
 95 | msgid "ID"
 96 | msgstr ""
 97 | 
 98 | #. module: grcbit_cvss
 99 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__integrity
100 | msgid "Integrity (I)"
101 | msgstr ""
102 | 
103 | #. module: grcbit_cvss
104 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator____last_update
105 | msgid "Last Modified on"
106 | msgstr ""
107 | 
108 | #. module: grcbit_cvss
109 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__write_uid
110 | msgid "Last Updated by"
111 | msgstr ""
112 | 
113 | #. module: grcbit_cvss
114 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__write_date
115 | msgid "Last Updated on"
116 | msgstr ""
117 | 
118 | #. module: grcbit_cvss
119 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__attack_vector__local
120 | msgid "Local (L)"
121 | msgstr ""
122 | 
123 | #. module: grcbit_cvss
124 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__attack_complexity__low
125 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__availability__low
126 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__confidentiality__low
127 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__integrity__low
128 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__privileges_required__low
129 | msgid "Low (L)"
130 | msgstr ""
131 | 
132 | #. module: grcbit_cvss
133 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__attack_vector__network
134 | msgid "Network (N)"
135 | msgstr ""
136 | 
137 | #. module: grcbit_cvss
138 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__availability__none
139 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__confidentiality__none
140 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__integrity__none
141 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__privileges_required__none
142 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__user_interaction__none
143 | msgid "None (N)"
144 | msgstr ""
145 | 
146 | #. module: grcbit_cvss
147 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__attack_vector__physical
148 | msgid "Physical (P)"
149 | msgstr ""
150 | 
151 | #. module: grcbit_cvss
152 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__privileges_required
153 | msgid "Privileges Required (PR)"
154 | msgstr ""
155 | 
156 | #. module: grcbit_cvss
157 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__user_interaction__required
158 | msgid "Required (R)"
159 | msgstr ""
160 | 
161 | #. module: grcbit_cvss
162 | #: model:ir.model,name:grcbit_cvss.model_risk_factor
163 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__risk_factor_id
164 | msgid "Risk Factor"
165 | msgstr ""
166 | 
167 | #. module: grcbit_cvss
168 | #: model_terms:ir.ui.view,arch_db:grcbit_cvss.cvss_calculator_form
169 | msgid "SAVE"
170 | msgstr ""
171 | 
172 | #. module: grcbit_cvss
173 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__scope
174 | msgid "Scope (S)"
175 | msgstr ""
176 | 
177 | #. module: grcbit_cvss
178 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__score
179 | #: model:ir.model.fields,field_description:grcbit_cvss.field_risk_factor__score
180 | msgid "Score"
181 | msgstr ""
182 | 
183 | #. module: grcbit_cvss
184 | #: model:ir.model.fields.selection,name:grcbit_cvss.selection__cvss_calculator__scope__unchanged
185 | msgid "Unchanged (U)"
186 | msgstr ""
187 | 
188 | #. module: grcbit_cvss
189 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__user_interaction
190 | msgid "User Interaction (UI)"
191 | msgstr ""
192 | 
193 | #. module: grcbit_cvss
194 | #: model:ir.model.fields,field_description:grcbit_cvss.field_cvss_calculator__vector
195 | #: model:ir.model.fields,field_description:grcbit_cvss.field_risk_factor__vector
196 | msgid "Vector"
197 | msgstr ""
198 | 
199 | #. module: grcbit_cvss
200 | #: model:ir.model,name:grcbit_cvss.model_cvss_calculator
201 | msgid "cvss.calculator"
202 | msgstr ""
203 | 


--------------------------------------------------------------------------------
/grcbit_base/wizards/set_groups.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | import logging
  3 | from odoo import api, fields, models, _
  4 | _logger = logging.getLogger(__name__)
  5 | class SetGroupsUserGrcbit(models.TransientModel):
  6 |     _inherit = 'set.groups.user'
  7 | 
  8 |     grc_admin_check = fields.Boolean(string="GRC Admin", default= lambda x: x.get_current_groups('grcbit_base.group_grc_admin'))
  9 |     grc_consultant_check = fields.Boolean(string="GRC Consultant", default= lambda x: x.get_current_groups('grcbit_base.group_grc_consultant'))
 10 |     asset_management_check = fields.Boolean(string="Asset Management", default= lambda x: x.get_current_groups('grcbit_base.group_asset_management'))
 11 |     risk_management_check = fields.Boolean(string="Risk Management", default= lambda x: x.get_current_groups('grcbit_base.group_risk_management'))
 12 |     control_check = fields.Boolean(string="Control", default= lambda x: x.get_current_groups('grcbit_base.group_control'))
 13 |     isms_check = fields.Boolean(string="ISMS", default= lambda x: x.get_current_groups('grcbit_base.group_isms'))
 14 |     compliance_check = fields.Boolean(string="Compliance", default= lambda x: x.get_current_groups('grcbit_base.group_compliance'))
 15 |     guest_check = fields.Boolean(string="Guest", default= lambda x: x.get_current_groups('grcbit_base.group_guest'))
 16 | 
 17 |     def get_current_groups(self, xml_id):
 18 |         user = self.env.context.get('active_id')
 19 |         user_id = self.sudo().env['res.users'].search([('id','=', user)])
 20 |         #category_id = self.sudo().env['ir.module.category'].search([('name','=','GRC')])
 21 |         #groups = self.sudo().env['res.groups'].search([('name','=', name),('category_id','=',category_id.id)])
 22 |         groups = self.env.ref(xml_id).sudo()
 23 |         if user_id.id in [n.id for n in groups.users]:
 24 |             return True
 25 |         else:
 26 |             return False
 27 | 
 28 |     def base_values(self,xml_id):
 29 |         user = self.env.context.get('active_id')
 30 |         user_id = self.sudo().env['res.users'].search([('id','=', user)])
 31 |         #category_id = self.sudo().env['ir.module.category'].search([('name','=','GRC')])
 32 |         #groups = self.sudo().env['res.groups'].search([('name','=', name),('category_id','=',category_id.id)])
 33 |         groups = self.env.ref(xml_id).sudo()
 34 |         return groups
 35 | 
 36 |     def assign_groups(self):
 37 |         res = super(SetGroupsUserGrcbit, self).assign_groups()
 38 |         data={
 39 |             'grc_admin_check':None,
 40 |             'grc_consultant_check':None,
 41 |             'asset_management_check':None,
 42 |             'risk_management_check':None,
 43 |             'control_check':None,
 44 |             'isms_check':None,
 45 |             'compliance_check':None,
 46 |             'guest_check':None,
 47 |         }
 48 |         for rec in self:
 49 |             data.update({
 50 |                 'grc_admin_check'        : rec.grc_admin_check,
 51 |                 'grc_consultant_check'   : rec.grc_consultant_check,
 52 |                 'asset_management_check' : rec.asset_management_check,
 53 |                 'risk_management_check'  : rec.risk_management_check,
 54 |                 'control_check'          : rec.control_check,
 55 |                 'isms_check'             : rec.isms_check,
 56 |                 'compliance_check'       : rec.compliance_check,
 57 |                 'guest_check'            : rec.guest_check,
 58 |             })
 59 |             if data['grc_admin_check'] == True:
 60 |                 group_custom = self.base_values('grcbit_base.group_grc_admin')
 61 |                 user = self.env.context.get('active_id')
 62 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 63 |                 group_custom.sudo().users = [(4, user)]
 64 |             else:
 65 |                 group_custom = self.base_values('grcbit_base.group_grc_admin')
 66 |                 user = self.env.context.get('active_id')
 67 |                 group_custom.sudo().users = [(3, user)]
 68 |             
 69 |             if data['grc_consultant_check'] == True:
 70 |                 group_custom = self.base_values('grcbit_base.group_grc_consultant')
 71 |                 user = self.env.context.get('active_id')
 72 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 73 |                 group_custom.sudo().users = [(4, user)]
 74 |             else:
 75 |                 group_custom = self.base_values('grcbit_base.group_grc_consultant')
 76 |                 user = self.env.context.get('active_id')
 77 |                 group_custom.sudo().users = [(3, user)]
 78 | 
 79 |             if data['asset_management_check'] == True:
 80 |                 group_custom = self.base_values('grcbit_base.group_asset_management')
 81 |                 user = self.env.context.get('active_id')
 82 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 83 |                 group_custom.sudo().users = [(4, user)]
 84 |             else:
 85 |                 group_custom = self.base_values('grcbit_base.group_asset_management')
 86 |                 user = self.env.context.get('active_id')
 87 |                 group_custom.sudo().users = [(3, user)]
 88 | 
 89 |             if data['risk_management_check'] == True:
 90 |                 group_custom = self.base_values('grcbit_base.group_risk_management')
 91 |                 user = self.env.context.get('active_id')
 92 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 93 |                 group_custom.sudo().users = [(4, user)]
 94 |             else:
 95 |                 group_custom = self.base_values('grcbit_base.group_risk_management')
 96 |                 user = self.env.context.get('active_id')
 97 |                 group_custom.sudo().users = [(3, user)]
 98 | 
 99 |             if data['control_check'] == True:
100 |                 group_custom = self.base_values('grcbit_base.group_control')
101 |                 user = self.env.context.get('active_id')
102 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
103 |                 group_custom.sudo().users = [(4, user)]
104 |             else:
105 |                 group_custom = self.base_values('grcbit_base.group_control')
106 |                 user = self.env.context.get('active_id')
107 |                 group_custom.sudo().users = [(3, user)]
108 | 
109 |             if data['isms_check'] == True:
110 |                 group_custom = self.base_values('grcbit_base.group_isms')
111 |                 user = self.env.context.get('active_id')
112 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
113 |                 group_custom.sudo().users = [(4, user)]
114 |             else:
115 |                 group_custom = self.base_values('grcbit_base.group_isms')
116 |                 user = self.env.context.get('active_id')
117 |                 group_custom.sudo().users = [(3, user)]
118 | 
119 |             if data['compliance_check'] == True:
120 |                 group_custom = self.base_values('grcbit_base.group_compliance')
121 |                 user = self.env.context.get('active_id')
122 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
123 |                 group_custom.sudo().users = [(4, user)]
124 |             else:
125 |                 group_custom = self.base_values('grcbit_base.group_compliance')
126 |                 user = self.env.context.get('active_id')
127 |                 group_custom.sudo().users = [(3, user)]
128 | 
129 |             if data['guest_check'] == True:
130 |                 group_custom = self.base_values('grcbit_base.group_guest')
131 |                 user = self.env.context.get('active_id')
132 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
133 |                 group_custom.sudo().users = [(4, user)]
134 |             else:
135 |                 group_custom = self.base_values('grcbit_base.group_guest')
136 |                 user = self.env.context.get('active_id')
137 |                 group_custom.sudo().users = [(3, user)]
138 |         return res
139 | 


--------------------------------------------------------------------------------
/grcbit_risk_management/wizards/set_groups.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | 
  3 | from odoo import api, fields, models
  4 | 
  5 | class SetGroupsZt(models.TransientModel):
  6 |     _inherit = 'set.groups.user'
  7 | 
  8 |     control_draft  = fields.Boolean(string="Draft", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_draft'))
  9 |     control_design  = fields.Boolean(string="Design", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_design'))
 10 |     control_implementation  = fields.Boolean(string="Assess", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_implementation'))
 11 |     control_approval   = fields.Boolean(string="Implement", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_approval'))
 12 |     control_reject   = fields.Boolean(string="Reject", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_reject'))
 13 |     control_design_evaluation = fields.Boolean(string="Design Assessment", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_design_evaluation') )
 14 |     control_effectiveness_evaluation = fields.Boolean(string="Effectiveness Assessment", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_effectiveness_evaluation') )
 15 |     control_setdraft = fields.Boolean(string="Set to draft", default=lambda x:x.get_current_groups_control('grcbit_risk_management.group_control_setdraft') )
 16 |    
 17 |     def get_current_groups_control(self, xml_id):
 18 |         user = self.env.context.get('active_id')
 19 |         user_id = self.sudo().env['res.users'].search([('id','=', user)])
 20 |         groups = self.env.ref(xml_id).sudo()
 21 |         if user_id.id in [n.id for n in groups.users]:
 22 |             return True
 23 |         else:
 24 |             return False
 25 | 
 26 |     def base_values_control(self,xml_id):
 27 |         user = self.env.context.get('active_id')
 28 |         user_id = self.sudo().env['res.users'].search([('id','=', user)])
 29 |         groups = self.env.ref(xml_id).sudo()
 30 |         return groups
 31 | 
 32 |     def assign_groups(self):
 33 |         res = super(SetGroupsZt, self).assign_groups()
 34 | 
 35 |         for rec in self:
 36 |             data = {
 37 |                 'control_draft' : None,
 38 |                 'control_design' : None,
 39 |                 'control_implementation' : None,
 40 |                 'control_approval' : None,
 41 |                 'control_reject' : None,
 42 |                 'control_design_evaluation': None,
 43 |                 'control_effectiveness_evaluation': None,
 44 |                 'control_setdraft': None,
 45 |             }
 46 |             data.update({
 47 |                 'control_draft' : rec.control_draft,
 48 |                 'control_design' : rec.control_design,
 49 |                 'control_implementation' : rec.control_implementation,
 50 |                 'control_approval' : rec.control_approval,
 51 |                 'control_reject' : rec.control_reject,
 52 |                 'control_design_evaluation' : rec.control_design_evaluation,
 53 |                 'control_effectiveness_evaluation' : rec.control_effectiveness_evaluation,
 54 |                 'control_setdraft': rec.control_setdraft,
 55 |             })
 56 |             if data['control_draft'] == True:
 57 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_draft')
 58 |                 user = self.env.context.get('active_id')
 59 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 60 |                 group_custom.users = [(4, user)]
 61 |             else:
 62 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_draft')
 63 |                 user = self.env.context.get('active_id')
 64 |                 group_custom.users = [(3, user)]
 65 | 
 66 |             if data['control_design'] == True:
 67 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_design')
 68 |                 user = self.env.context.get('active_id')
 69 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 70 |                 group_custom.users = [(4, user)]
 71 |             else:
 72 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_design')
 73 |                 user = self.env.context.get('active_id')
 74 |                 group_custom.users = [(3, user)]
 75 | 
 76 |             if data['control_implementation'] == True:
 77 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_implementation')
 78 |                 user = self.env.context.get('active_id')
 79 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 80 |                 group_custom.users = [(4, user)]
 81 |             else:
 82 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_implementation')
 83 |                 user = self.env.context.get('active_id')
 84 |                 group_custom.users = [(3, user)]
 85 | 
 86 |             if data['control_approval'] == True:
 87 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_approval')
 88 |                 user = self.env.context.get('active_id')
 89 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
 90 |                 group_custom.users = [(4, user)]
 91 |             else:
 92 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_approval')
 93 |                 user = self.env.context.get('active_id')
 94 |                 group_custom.users = [(3, user)]
 95 | 
 96 |             if data['control_reject'] == True:
 97 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_reject')
 98 |                 user = self.env.context.get('active_id')
 99 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
100 |                 group_custom.users = [(4, user)]
101 |             else:
102 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_reject')
103 |                 user = self.env.context.get('active_id')
104 |                 group_custom.users = [(3, user)]
105 | 
106 |             if data['control_design_evaluation'] == True:
107 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_design_evaluation')
108 |                 user = self.env.context.get('active_id')
109 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
110 |                 group_custom.users = [(4, user)]
111 |             else:
112 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_design_evaluation')
113 |                 user = self.env.context.get('active_id')
114 |                 group_custom.users = [(3, user)]
115 | 
116 |             if data['control_effectiveness_evaluation'] == True:
117 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_effectiveness_evaluation')
118 |                 user = self.env.context.get('active_id')
119 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
120 |                 group_custom.users = [(4, user)]
121 |             else:
122 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_effectiveness_evaluation')
123 |                 user = self.env.context.get('active_id')
124 |                 group_custom.users = [(3, user)]
125 | 
126 |             if data['control_setdraft'] == True:
127 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_setdraft')
128 |                 user = self.env.context.get('active_id')
129 |                 user_id = self.sudo().env['res.users'].search([('id','=', user)])
130 |                 group_custom.users = [(4, user)]
131 |             else:
132 |                 group_custom = self.base_values_control('grcbit_risk_management.group_control_setdraft')
133 |                 user = self.env.context.get('active_id')
134 |                 group_custom.users = [(3, user)]
135 | 
136 |         return res
137 | 


--------------------------------------------------------------------------------