fix(actors): visibility rules (#3230)

nas-tabchiche · ab-smith · web-flow · commit 0f317aa8d640 · 2026-01-20T21:08:09.000+01:00
* fix(actors): visibility rules

* add exclude_third_parties filter

* update forms with actors

* fix exclude_third_parties filter

* revert core.models changes

* remove unused imports

* remove folder property

* remove actor.folder from serializer

* filter out third parties by default

---------

Co-authored-by: Abderrahmane Smimite &lt;smimite@gmail.com&gt;
diff --git a/backend/core/base_models.py b/backend/core/base_models.py
@@ -1,4 +1,4 @@
-from django.db import models
+from django.db import models, transaction
 from django.utils.translation import gettext_lazy as _
 from django.urls.base import reverse_lazy
 from django.core.exceptions import ValidationError
@@ -157,16 +157,17 @@ class Meta:
         abstract = True
 
     def save(self, *args, **kwargs):
-        is_new = self._state.adding
-        super().save(*args, **kwargs)
+        with transaction.atomic():
+            is_new = self._state.adding
+            super().save(*args, **kwargs)
 
-        # If this is a new record, create the actor.
-        # We use get_or_create to be safe against race conditions/re-saves.
-        if is_new:
-            from .models import Actor
+            # If this is a new record, create the actor.
+            # We use get_or_create to be safe against race conditions/re-saves.
+            if is_new:
+                from .models import Actor
 
-            field_name = self.__class__.__name__.lower()
-            Actor.objects.get_or_create(**{field_name: self})
+                field_name = self.__class__.__name__.lower()
+                Actor.objects.get_or_create(**{field_name: self})
 
 
 class ActorSyncManager(models.Manager):
diff --git a/backend/core/views.py b/backend/core/views.py
@@ -5662,7 +5662,6 @@ class ActorViewSet(BaseModelViewSet):
         "display_name",
         "id",
     ]
-    filterset_fields = ["user__is_third_party"]
 
     def get_queryset(self):
         queryset = super().get_queryset()
@@ -5691,6 +5690,9 @@ def get_queryset(self):
         if not allow_entities:
             queryset = queryset.filter(entity__isnull=True)
 
+        third_parties = Actor.objects.filter(user__is_third_party=True)
+        queryset = queryset.exclude(id__in=third_parties)
+
         return queryset.order_by("type_rank", "display_name")
 
 
diff --git a/frontend/src/lib/components/Forms/ModelForm/AppliedControlPolicyForm.svelte b/frontend/src/lib/components/Forms/ModelForm/AppliedControlPolicyForm.svelte
@@ -82,7 +82,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte b/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte
@@ -117,7 +117,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/BusinessImpactAnalysisForm.svelte b/frontend/src/lib/components/Forms/ModelForm/BusinessImpactAnalysisForm.svelte
@@ -75,7 +75,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
@@ -89,7 +89,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ComplianceAssessmentForm.svelte
@@ -159,7 +159,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
@@ -268,7 +268,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -129,7 +129,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/EbiosRmForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EbiosRmForm.svelte
@@ -149,7 +149,7 @@
 		<AutocompleteSelect
 			multiple
 			{form}
-			optionsEndpoint="actors?user__is_third_party=False"
+			optionsEndpoint="actors"
 			optionsLabelField="str"
 			optionsInfoFields={{
 				fields: [{ field: 'type', translate: true }],
@@ -163,7 +163,7 @@
 		<AutocompleteSelect
 			multiple
 			{form}
-			optionsEndpoint="actors?user__is_third_party=False"
+			optionsEndpoint="actors"
 			optionsLabelField="str"
 			optionsInfoFields={{
 				fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityAssessmentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityAssessmentForm.svelte
@@ -179,7 +179,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
@@ -193,7 +193,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/EvidenceForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EvidenceForm.svelte
@@ -106,7 +106,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/FindingForm.svelte b/frontend/src/lib/components/Forms/ModelForm/FindingForm.svelte
@@ -114,7 +114,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/FindingsAssessmentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/FindingsAssessmentForm.svelte
@@ -77,7 +77,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
@@ -103,7 +103,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/IncidentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/IncidentForm.svelte
@@ -136,7 +136,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/MetricInstanceForm.svelte b/frontend/src/lib/components/Forms/ModelForm/MetricInstanceForm.svelte
@@ -84,7 +84,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/QuantitativeRiskScenarioForm.svelte b/frontend/src/lib/components/Forms/ModelForm/QuantitativeRiskScenarioForm.svelte
@@ -125,7 +125,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/QuantitativeRiskStudyForm.svelte b/frontend/src/lib/components/Forms/ModelForm/QuantitativeRiskStudyForm.svelte
@@ -127,7 +127,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
@@ -251,7 +251,7 @@
 		<AutocompleteSelect
 			{form}
 			multiple
-			optionsEndpoint="actors?user__is_third_party=False"
+			optionsEndpoint="actors"
 			optionsLabelField="str"
 			optionsInfoFields={{
 				fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/RightRequestForm.svelte b/frontend/src/lib/components/Forms/ModelForm/RightRequestForm.svelte
@@ -38,7 +38,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/RiskAssessmentForm.svelte b/frontend/src/lib/components/Forms/ModelForm/RiskAssessmentForm.svelte
@@ -132,7 +132,7 @@
 	<AutocompleteSelect
 		{form}
 		multiple
-		optionsEndpoint="actors?user__is_third_party=False"
+		optionsEndpoint="actors"
 		optionsLabelField="str"
 		optionsInfoFields={{
 			fields: [{ field: 'type', translate: true }],
@@ -147,7 +147,7 @@
 		<AutocompleteSelect
 			{form}
 			multiple
-			optionsEndpoint="actors?user__is_third_party=False"
+			optionsEndpoint="actors"
 			optionsLabelField="str"
 			optionsInfoFields={{
 				fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/SecurityExceptionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SecurityExceptionForm.svelte
@@ -102,7 +102,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -51,7 +51,7 @@
 <AutocompleteSelect
 	{form}
 	multiple
-	optionsEndpoint="actors?user__is_third_party=False"
+	optionsEndpoint="actors"
 	optionsLabelField="str"
 	optionsInfoFields={{
 		fields: [{ field: 'type', translate: true }],
diff --git a/frontend/src/routes/(app)/(internal)/risk-scenarios/[id=uuid]/edit/+page.svelte b/frontend/src/routes/(app)/(internal)/risk-scenarios/[id=uuid]/edit/+page.svelte
@@ -160,7 +160,7 @@
 							form={_form}
 							baseClass="flex-1"
 							multiple
-							optionsEndpoint="actors?user__is_third_party=False"
+							optionsEndpoint="actors"
 							optionsLabelField="str"
 							optionsInfoFields={{
 								fields: [{ field: 'type', translate: true }],
