fix(edit-prod): Add assigned PT to queryset

[kiblik]

Until now, when a user has no permission to add Prod or edit ProdType (a.k.a get_authorized_product_types(Permissions.Product_Type_Add_Product) is empty) but the same user still has permission to edit product (Maintainer for that specific product), generated edit form for Product contained empty list for Product Types. So user wasn't able to edit this product.

From now on, it does not matter which other permissions a user has, the list of product types contains at least ProdType which is already assigned - so it is possible to submit the form.

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the functionality and security of the ProductForm class in the dojo application, including updating the prod_type field's queryset and disabling the sla_configuration field when findings are being asynchronously updated.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the functionality and security of the ProductForm class in the dojo application. The key changes include:

1. Updating the prod_type field's queryset in the __init__ method of the ProductForm class to include the current product type, even if the user does not have permission to view other product types. This ensures that the form can be submitted successfully, as the current product type needs to be selected.

2. Disabling the sla_configuration field if the product has findings being asynchronously updated. This prevents users from modifying the SLA configuration while the findings are being recalculated, which could lead to inconsistencies or errors.

These changes help to improve the overall stability and reliability of the application by addressing potential issues that could arise due to user permissions or asynchronous data updates. By ensuring that the form can be submitted correctly and that users cannot modify certain fields during critical processes, the changes help to maintain the integrity of the application's data and functionality.

Files Changed:

• dojo/forms.py: This file contains the ProductForm class, which is responsible for handling the creation and modification of product-related data. The changes in this pull request focus on improving the functionality and security of this form, as described in the summary above.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved