-
-
- );
-}
-
-document.addEventListener("DOMContentLoaded", () => {
- ReactModal.setAppElement(
- document.querySelector("div.wrapper") as HTMLElement
- );
-
- const $ = (window as any).$;
- let root: Root | null = null;
-
- $("#id_collab_notes").on("shown.bs.tab", () => {
- if (root !== null) return;
- root = createRoot(document.getElementById("collab_notes_container")!);
- root.render(
-
-
-
+
+
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/CreateModal.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/CreateModal.tsx
new file mode 100644
index 000000000..8d8f31be3
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/CreateModal.tsx
@@ -0,0 +1,93 @@
+import { useState } from "react";
+import ReactModal from "react-modal";
+
+interface CreateModalProps {
+ isOpen: boolean;
+ type: "note" | "folder";
+ onClose: () => void;
+ onCreate: (title: string) => void;
+}
+
+export default function CreateModal({
+ isOpen,
+ type,
+ onClose,
+ onCreate,
+}: CreateModalProps) {
+ const [title, setTitle] = useState("");
+ const [isSubmitting, setIsSubmitting] = useState(false);
+
+ const handleSubmit = async (e: React.FormEvent) => {
+ e.preventDefault();
+ if (!title.trim()) return;
+
+ setIsSubmitting(true);
+ try {
+ await onCreate(title.trim());
+ setTitle("");
+ onClose();
+ } finally {
+ setIsSubmitting(false);
+ }
+ };
+
+ const handleClose = () => {
+ setTitle("");
+ onClose();
+ };
+
+ return (
+
+
+
+
+
+ + Create New {type === "folder" ? "Folder" : "Note"} +
+ +
+
+
+
+ + + Confirm Delete +
+ +
+
+ + Are you sure you want to delete {itemTitle ? ( + <>the {typeLabel} "{itemTitle}" + ) : ( + <>this {typeLabel} + )}? +
+ {isFolder && ( ++ + This will also delete all notes and subfolders inside. +
+ )} ++ This action cannot be undone. +
+
+
+
+
+ setShowDeleteOverlay(true)}
+ onMouseLeave={() => setShowDeleteOverlay(false)}
+ style={{ position: "relative", marginBottom: "1rem" }}
+ >
+ 
+ {showDeleteOverlay && (
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/ImageFieldPlaceholder.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/ImageFieldPlaceholder.tsx
new file mode 100644
index 000000000..f1e40423e
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/ImageFieldPlaceholder.tsx
@@ -0,0 +1,118 @@
+import { useRef, useState, useCallback, useEffect } from "react";
+
+interface ImageFieldPlaceholderProps {
+ onUpload: (file: File) => void;
+ uploading: boolean;
+}
+
+export default function ImageFieldPlaceholder({
+ onUpload,
+ uploading,
+}: ImageFieldPlaceholderProps) {
+ const fileInputRef = useRef
+
+
+ )}
+
+ {uploading ? (
+ <>
+
+ Uploading...
+
+ ) : (
+ <>
+
+
+ {dragActive ? "Drop image here" : "Paste, drag-drop, or click to upload"}
+
+
+ PNG, JPG, GIF, WebP (max 10 MB)
+
+
+ )}
+
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteEditor.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteEditor.tsx
new file mode 100644
index 000000000..1770897e5
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteEditor.tsx
@@ -0,0 +1,301 @@
+import { useEffect, useState, useCallback } from "react";
+import {
+ DndContext,
+ closestCenter,
+ KeyboardSensor,
+ PointerSensor,
+ useSensor,
+ useSensors,
+ DragEndEvent,
+} from "@dnd-kit/core";
+import {
+ arrayMove,
+ SortableContext,
+ sortableKeyboardCoordinates,
+ verticalListSortingStrategy,
+} from "@dnd-kit/sortable";
+import * as Y from "yjs";
+import {
+ ConnectionStatus,
+ usePageConnection,
+} from "../../connection";
+import NoteFieldEditor from "./NoteFieldEditor";
+import AddFieldToolbar from "./AddFieldToolbar";
+import DeleteConfirmModal from "./DeleteConfirmModal";
+import { useFieldMutations } from "./hooks/useFieldMutations";
+import { useImageUpload } from "./hooks/useImageUpload";
+import type { NoteField } from "./types";
+
+interface NoteEditorProps {
+ noteId: number;
+}
+
+/**
+ * NoteEditor derives fields directly from the Yjs document via observeDeep.
+ * The Yjs meta.fields Y.Array is the single source of truth for field state.
+ * React state is updated only via Yjs observation callbacks.
+ */
+export default function NoteEditor({ noteId }: NoteEditorProps) {
+ const { provider, status, connected } = usePageConnection({
+ model: "project_collab_note",
+ id: noteId.toString(),
+ });
+
+ const [fields, setFields] = useState
+
+ f.id)}
+ strategy={verticalListSortingStrategy}
+ >
+ {fields.map((field) => (
+ requestDeleteField(field)}
+ onUploadImage={handleUploadToField}
+ uploadingFieldId={uploadingFieldId}
+ />
+ ))}
+
+
+
+ {fields.length === 0 && connected && (
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteFieldEditor.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteFieldEditor.tsx
new file mode 100644
index 000000000..8a1eafaee
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteFieldEditor.tsx
@@ -0,0 +1,87 @@
+import { useSortable } from "@dnd-kit/sortable";
+import { CSS } from "@dnd-kit/utilities";
+import RichTextEditor from "../../rich_text_editor";
+import ImageField from "./ImageField";
+import type { NoteField } from "./types";
+import type { HocuspocusProvider } from "@hocuspocus/provider";
+
+interface NoteFieldEditorProps {
+ field: NoteField;
+ provider: HocuspocusProvider;
+ connected: boolean;
+ onDelete: () => void;
+ onUploadImage?: (fieldId: string, file: File) => void;
+ uploadingFieldId?: string | null;
+}
+
+export default function NoteFieldEditor({
+ field,
+ provider,
+ connected,
+ onDelete,
+ onUploadImage,
+ uploadingFieldId,
+}: NoteFieldEditorProps) {
+ const {
+ attributes,
+ listeners,
+ setNodeRef,
+ transform,
+ transition,
+ isDragging,
+ } = useSortable({
+ id: field.id,
+ data: { type: "field", field },
+ });
+
+ const style = {
+ transform: CSS.Transform.toString(transform),
+ transition,
+ opacity: isDragging ? 0.5 : 1,
+ };
+
+ return (
+
+ {error}
+
+ )}
+
+
+ No fields yet. Add a text field or image above to get started.
+
+ )}
+
+
+ onUploadImage(field.id, file) : undefined
+ }
+ uploading={uploadingFieldId === field.id}
+ />
+ )}
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
new file mode 100644
index 000000000..670578f93
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -0,0 +1,301 @@
+import { useState, useMemo, useCallback } from "react";
+import {
+ DndContext,
+ DragOverlay,
+ closestCenter,
+ KeyboardSensor,
+ PointerSensor,
+ useSensor,
+ useSensors,
+} from "@dnd-kit/core";
+import {
+ SortableContext,
+ sortableKeyboardCoordinates,
+ verticalListSortingStrategy,
+} from "@dnd-kit/sortable";
+import { useNoteMutations } from "./hooks/useNoteMutations";
+import { useTreeDnd } from "./hooks/useTreeDnd";
+import { useTreeSync } from "./hooks/useTreeSync";
+import SortableTreeItem from "./SortableTreeItem";
+import TreeItem from "./TreeItem";
+import CreateModal from "./CreateModal";
+import DeleteConfirmModal from "./DeleteConfirmModal";
+import type { NoteTreeNode, FlatNote } from "./types";
+import "./tree.css";
+
+interface NoteTreeViewProps {
+ projectId: number;
+ selectedId: number | null;
+ onSelect: (id: number | null) => void;
+}
+
+export default function NoteTreeView({
+ projectId,
+ selectedId,
+ onSelect,
+}: NoteTreeViewProps) {
+ const {
+ tree,
+ flatNodes,
+ loading,
+ addNode,
+ removeNodes,
+ updateNode,
+ } = useTreeSync({ projectId });
+
+ const { createNote, createFolder, deleteNote, renameNote, moveNote } =
+ useNoteMutations();
+
+ const [showCreateModal, setShowCreateModal] = useState(false);
+ const [createType, setCreateType] = useState<"note" | "folder">("note");
+ const [createParentId, setCreateParentId] = useState
+
+
+
+ {field.fieldType === "rich_text" ? "Text" : "Image"}
+
+
+ {field.fieldType === "rich_text" ? (
+
+
+ ) : (
+
+
+ );
+ }
+
+ return (
+
+ Loading...
+
+ Loading notes...
+
+
+
+
+
+
+ {activeItem && (
+
+
+
+ setShowCreateModal(false)}
+ onCreate={handleCreate}
+ />
+
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/SortableTreeItem.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/SortableTreeItem.tsx
new file mode 100644
index 000000000..98996e373
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/SortableTreeItem.tsx
@@ -0,0 +1,74 @@
+import { useSortable } from "@dnd-kit/sortable";
+import TreeItem from "./TreeItem";
+import { NoteTreeNode, DropPosition, DragState } from "./types";
+
+interface SortableTreeItemProps {
+ item: NoteTreeNode;
+ depth: number;
+ selectedId: number | null;
+ onSelect: (id: number | null) => void;
+ onRequestDelete: (item: NoteTreeNode) => void;
+ onRename: (id: number, title: string) => void;
+ onCreateChild: (parentId: number, type: "note" | "folder") => void;
+ dragState: DragState;
+}
+
+export default function SortableTreeItem({
+ item,
+ depth,
+ selectedId,
+ onSelect,
+ onRequestDelete,
+ onRename,
+ onCreateChild,
+ dragState,
+}: SortableTreeItemProps) {
+ const {
+ attributes,
+ listeners,
+ setNodeRef,
+ isDragging,
+ } = useSortable({ id: item.id });
+
+ const style = { opacity: isDragging ? 0 : 1 };
+
+ const isDropTarget = dragState.overId === item.id;
+ const dropPosition: DropPosition | null = isDropTarget
+ ? dragState.dropPosition
+ : null;
+
+ const renderChildren = (children: NoteTreeNode[], childDepth: number) => {
+ return children.map((child) => (
+
+
+
+
+
+
+
+ {tree.map((item) => (
+
+
+ No notes yet. Create one using the buttons above.
+
+ )}
+
+ {}}
+ onRequestDelete={() => {}}
+ onRename={() => {}}
+ onCreateChild={() => {}}
+ />
+
+ )}
+
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
new file mode 100644
index 000000000..f9376f553
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
@@ -0,0 +1,182 @@
+import { useState } from "react";
+import { NoteTreeNode, DropPosition } from "./types";
+
+interface TreeItemProps {
+ item: NoteTreeNode;
+ depth: number;
+ selectedId: number | null;
+ onSelect: (id: number | null) => void;
+ onRequestDelete: (item: NoteTreeNode) => void;
+ onRename: (id: number, title: string) => void;
+ onCreateChild: (parentId: number, type: "note" | "folder") => void;
+ isDragging?: boolean;
+ dropPosition?: DropPosition | null;
+ dragHandleProps?: Record
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useFieldMutations.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useFieldMutations.ts
new file mode 100644
index 000000000..9451f6d35
--- /dev/null
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useFieldMutations.ts
@@ -0,0 +1,162 @@
+import { useCallback } from "react";
+
+const CREATE_RICH_TEXT_FIELD_MUTATION = `
+ mutation CreateRichTextField($noteId: bigint!, $position: Int!) {
+ insert_projectCollabNoteField_one(object: {
+ noteId: $noteId,
+ fieldType: "rich_text",
+ content: "",
+ position: $position
+ }) {
+ id
+ position
+ }
+ }
+`;
+
+const CREATE_IMAGE_FIELD_MUTATION = `
+ mutation CreateImageField($noteId: bigint!, $position: Int!) {
+ insert_projectCollabNoteField_one(object: {
+ noteId: $noteId,
+ fieldType: "image",
+ content: "",
+ position: $position
+ }) {
+ id
+ position
+ }
+ }
+`;
+
+const DELETE_FIELD_MUTATION = `
+ mutation DeleteProjectCollabNoteField($id: bigint!) {
+ delete_projectCollabNoteField_by_pk(id: $id) {
+ id
+ }
+ }
+`;
+
+function buildReorderMutation(
+ fields: Array<{ id: string; position: number }>
+): { query: string; variables: Record
+
+ {isFolder && hasChildren && (
+ expanded
+ ?
+ :
+ )}
+
+
+
+ {isFolder ? (
+
+ ) : (
+
+ )}
+
+
+ {isRenaming ? (
+ setRenameValue(e.target.value)}
+ onBlur={handleRenameSubmit}
+ onKeyDown={handleKeyDown}
+ onClick={(e) => e.stopPropagation()}
+ autoFocus
+ style={{ maxWidth: "150px" }}
+ />
+ ) : (
+
+ {item.title}
+
+ )}
+
+ {!isRenaming && (
+
+ {isFolder && (
+ <>
+
+
+
+ )}
+
+
+
+ )}
+
+
+ {isFolder && expanded && item.children.length > 0 && (
+
+ {renderChildren
+ ? renderChildren(item.children, depth + 1)
+ : item.children.map((child) => (
+
+ )}
+
+
+ );
+}
+
+document.addEventListener("DOMContentLoaded", () => {
+ ReactModal.setAppElement(
+ document.querySelector("div.wrapper") as HTMLElement
+ );
+
+ const $ = (window as any).$;
+ let root: Root | null = null;
+
+ $("#id_collab_notes").on("shown.bs.tab", () => {
+ if (root !== null) return;
+ root = createRoot(document.getElementById("collab_notes_container")!);
+ root.render(
+
+
+
+
+ {selectedNoteId ? (
+
+
+
+ ) : (
+
+
+ )}
+
+
+
+ Select a note to edit, or create a new one.
+
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/DeleteConfirmModal.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/DeleteConfirmModal.tsx
index 276848f13..edc180011 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/DeleteConfirmModal.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/DeleteConfirmModal.tsx
@@ -9,6 +9,30 @@ const TYPE_LABELS: Record = {
folder: "folder",
};
+const OVERLAY_STYLE: ReactModal.Styles = {
+ overlay: {
+ position: "fixed",
+ top: 0,
+ left: 0,
+ right: 0,
+ bottom: 0,
+ backgroundColor: "rgba(0, 0, 0, 0.5)",
+ display: "flex",
+ alignItems: "center",
+ justifyContent: "center",
+ zIndex: 1050,
+ },
+ content: {
+ position: "relative",
+ inset: "auto",
+ border: "none",
+ background: "none",
+ padding: 0,
+ maxWidth: "500px",
+ width: "100%",
+ },
+};
+
interface DeleteConfirmModalProps {
isOpen: boolean;
itemType: DeleteItemType;
@@ -31,9 +55,7 @@ export default function DeleteConfirmModal({
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index b68e73bb0..093e3c60c 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -98,10 +98,45 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
}
const overNode = flatNodes.find((n) => n.id === overId);
- let dropPosition: DropPosition =
- overNode?.nodeType === "folder" ? "inside" : "after";
+ if (!overNode) {
+ setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
+ return;
+ }
+
+ // Determine drop position based on cursor Y relative to the over item
+ let dropPosition: DropPosition;
+ const overRect = over.rect;
+ const pointerY = (event.activatorEvent as PointerEvent)?.clientY;
+ const delta = event.delta?.y ?? 0;
+ const cursorY = pointerY !== undefined ? pointerY + delta : undefined;
+
+ if (overNode.nodeType === "folder") {
+ // Folders have 3 zones: top 25% = before, middle 50% = inside, bottom 25% = after
+ if (cursorY !== undefined && overRect) {
+ const relY = cursorY - overRect.top;
+ const height = overRect.height;
+ if (relY < height * 0.25) {
+ dropPosition = "before";
+ } else if (relY > height * 0.75) {
+ dropPosition = "after";
+ } else {
+ dropPosition = "inside";
+ }
+ } else {
+ dropPosition = "inside";
+ }
+ } else {
+ // Notes have 2 zones: top 50% = before, bottom 50% = after
+ if (cursorY !== undefined && overRect) {
+ const relY = cursorY - overRect.top;
+ dropPosition = relY < overRect.height * 0.5 ? "before" : "after";
+ } else {
+ dropPosition = "after";
+ }
+ }
if (!isValidDrop(activeId, overId, dropPosition)) {
+ // Fallback: try "after" if "inside" was invalid
if (dropPosition === "inside") {
dropPosition = "after";
if (!isValidDrop(activeId, overId, dropPosition)) {
From 3c5caaabef28c760de5acf99a5dd18399a280d6b Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 10:23:03 -0500
Subject: [PATCH 05/18] Fix timestamp defaults and improve drag indicators
- Add RunSQL migration for DB-level NOW() defaults on timestamp
columns (Django 4.2 default= is ORM-only, Hasura bypasses it)
- Add Hasura column presets (created_at/updated_at = now()) for
insert permissions on both collab note tables
- Include auto-generated BigAutoField migration from Django
- Fix drag indicator position calculation to use active element's
translated rect center Y for accurate before/after/inside zones
---
...063_alter_projectcollabnote_id_and_more.py | 26 +++++++++++++++
.../0064_set_collabnote_timestamp_defaults.py | 33 +++++++++++++++++++
.../public_rolodex_projectcollabnote.yaml | 6 ++++
...public_rolodex_projectcollabnotefield.yaml | 6 ++++
.../project_collabnotes/hooks/useTreeDnd.ts | 18 +++++-----
5 files changed, 81 insertions(+), 8 deletions(-)
create mode 100644 ghostwriter/rolodex/migrations/0063_alter_projectcollabnote_id_and_more.py
create mode 100644 ghostwriter/rolodex/migrations/0064_set_collabnote_timestamp_defaults.py
diff --git a/ghostwriter/rolodex/migrations/0063_alter_projectcollabnote_id_and_more.py b/ghostwriter/rolodex/migrations/0063_alter_projectcollabnote_id_and_more.py
new file mode 100644
index 000000000..8d27ba10d
--- /dev/null
+++ b/ghostwriter/rolodex/migrations/0063_alter_projectcollabnote_id_and_more.py
@@ -0,0 +1,26 @@
+# Generated by Django 4.2.16 on 2026-03-31 21:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+ dependencies = [
+ ("rolodex", "0062_migrate_collab_notes"),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name="projectcollabnote",
+ name="id",
+ field=models.BigAutoField(
+ auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+ ),
+ ),
+ migrations.AlterField(
+ model_name="projectcollabnotefield",
+ name="id",
+ field=models.BigAutoField(
+ auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+ ),
+ ),
+ ]
diff --git a/ghostwriter/rolodex/migrations/0064_set_collabnote_timestamp_defaults.py b/ghostwriter/rolodex/migrations/0064_set_collabnote_timestamp_defaults.py
new file mode 100644
index 000000000..3bd3837b7
--- /dev/null
+++ b/ghostwriter/rolodex/migrations/0064_set_collabnote_timestamp_defaults.py
@@ -0,0 +1,33 @@
+"""Set database-level defaults for collab note timestamp columns.
+
+Django 4.2's ``default=timezone.now`` only applies at the ORM level.
+Hasura and the collab server insert rows directly, bypassing the ORM,
+so database-level defaults are required.
+"""
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+ dependencies = [
+ ("rolodex", "0063_alter_projectcollabnote_id_and_more"),
+ ]
+
+ operations = [
+ migrations.RunSQL(
+ sql="ALTER TABLE rolodex_projectcollabnote ALTER COLUMN created_at SET DEFAULT NOW();",
+ reverse_sql="ALTER TABLE rolodex_projectcollabnote ALTER COLUMN created_at DROP DEFAULT;",
+ ),
+ migrations.RunSQL(
+ sql="ALTER TABLE rolodex_projectcollabnote ALTER COLUMN updated_at SET DEFAULT NOW();",
+ reverse_sql="ALTER TABLE rolodex_projectcollabnote ALTER COLUMN updated_at DROP DEFAULT;",
+ ),
+ migrations.RunSQL(
+ sql="ALTER TABLE rolodex_projectcollabnotefield ALTER COLUMN created_at SET DEFAULT NOW();",
+ reverse_sql="ALTER TABLE rolodex_projectcollabnotefield ALTER COLUMN created_at DROP DEFAULT;",
+ ),
+ migrations.RunSQL(
+ sql="ALTER TABLE rolodex_projectcollabnotefield ALTER COLUMN updated_at SET DEFAULT NOW();",
+ reverse_sql="ALTER TABLE rolodex_projectcollabnotefield ALTER COLUMN updated_at DROP DEFAULT;",
+ ),
+ ]
diff --git a/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnote.yaml b/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnote.yaml
index 94d304b3a..10b19787c 100644
--- a/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnote.yaml
+++ b/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnote.yaml
@@ -47,6 +47,9 @@ insert_permissions:
- role: manager
permission:
check: {}
+ set:
+ created_at: now()
+ updated_at: now()
columns:
- title
- node_type
@@ -69,6 +72,9 @@ insert_permissions:
invites:
user_id:
_eq: X-Hasura-User-Id
+ set:
+ created_at: now()
+ updated_at: now()
columns:
- title
- node_type
diff --git a/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnotefield.yaml b/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnotefield.yaml
index 90a3a66a3..a8f7ca4a7 100644
--- a/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnotefield.yaml
+++ b/hasura-docker/metadata/databases/default/tables/public_rolodex_projectcollabnotefield.yaml
@@ -32,6 +32,9 @@ insert_permissions:
- role: manager
permission:
check: {}
+ set:
+ created_at: now()
+ updated_at: now()
columns:
- field_type
- content
@@ -53,6 +56,9 @@ insert_permissions:
invites:
user_id:
_eq: X-Hasura-User-Id
+ set:
+ created_at: now()
+ updated_at: now()
columns:
- field_type
- content
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index 093e3c60c..1aad971a3 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -103,17 +103,19 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
- // Determine drop position based on cursor Y relative to the over item
+ // Determine drop position based on dragged item's Y relative to the over item.
+ // Use the translated rect of the active (dragged) element to get current position.
let dropPosition: DropPosition;
const overRect = over.rect;
- const pointerY = (event.activatorEvent as PointerEvent)?.clientY;
- const delta = event.delta?.y ?? 0;
- const cursorY = pointerY !== undefined ? pointerY + delta : undefined;
+ const activeTranslated = active.rect.current.translated;
+ const activeCenterY = activeTranslated
+ ? activeTranslated.top + activeTranslated.height / 2
+ : null;
if (overNode.nodeType === "folder") {
// Folders have 3 zones: top 25% = before, middle 50% = inside, bottom 25% = after
- if (cursorY !== undefined && overRect) {
- const relY = cursorY - overRect.top;
+ if (activeCenterY !== null && overRect) {
+ const relY = activeCenterY - overRect.top;
const height = overRect.height;
if (relY < height * 0.25) {
dropPosition = "before";
@@ -127,8 +129,8 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
}
} else {
// Notes have 2 zones: top 50% = before, bottom 50% = after
- if (cursorY !== undefined && overRect) {
- const relY = cursorY - overRect.top;
+ if (activeCenterY !== null && overRect) {
+ const relY = activeCenterY - overRect.top;
dropPosition = relY < overRect.height * 0.5 ? "before" : "after";
} else {
dropPosition = "after";
From a06f2a1aa262fc0c05bf6f6bed861c0f13dd6985 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 10:33:20 -0500
Subject: [PATCH 06/18] Fix timestamp DB defaults, thicker drag indicators,
debug logging
- Add RunSQL migration for NOW() defaults on timestamp columns
(Django 4.2 default= is ORM-only; Hasura/collab server need DB defaults)
- Add Hasura column presets for created_at/updated_at on insert
- Include Django auto-generated BigAutoField migration
- Simplify DnD drop position to use delta.y direction
- Make drop indicator lines 3px with glow, folders get outline
- Add console.debug for drag-over to diagnose indicator visibility
---
.../project_collabnotes/hooks/useTreeDnd.ts | 49 +++++++------------
.../forms/project_collabnotes/tree.css | 14 ++++--
2 files changed, 28 insertions(+), 35 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index 1aad971a3..ecfadb716 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -1,4 +1,4 @@
-import { useState, useCallback } from "react";
+import { useState, useCallback, useRef } from "react";
import { DragEndEvent, DragOverEvent, DragStartEvent } from "@dnd-kit/core";
import { FlatNote, DropPosition, DragState } from "../types";
@@ -14,6 +14,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
overId: null,
dropPosition: null,
});
+ const lastOverId = useRef(null);
const isDescendant = useCallback(
(nodeId: number, ancestorId: number): boolean => {
@@ -78,6 +79,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
);
const handleDragStart = useCallback((event: DragStartEvent) => {
+ lastOverId.current = null;
setDragState({ activeId: event.active.id as number, overId: null, dropPosition: null });
}, []);
@@ -86,6 +88,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
const { active, over } = event;
if (!over) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
+ lastOverId.current = null;
return;
}
@@ -103,44 +106,24 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
- // Determine drop position based on dragged item's Y relative to the over item.
- // Use the translated rect of the active (dragged) element to get current position.
+ // Use the drag delta to determine direction of movement.
+ // Positive delta.y = moving down, negative = moving up.
+ // Combined with which item we're over, this determines before/after.
let dropPosition: DropPosition;
- const overRect = over.rect;
- const activeTranslated = active.rect.current.translated;
- const activeCenterY = activeTranslated
- ? activeTranslated.top + activeTranslated.height / 2
- : null;
+ const movingDown = event.delta.y > 0;
if (overNode.nodeType === "folder") {
- // Folders have 3 zones: top 25% = before, middle 50% = inside, bottom 25% = after
- if (activeCenterY !== null && overRect) {
- const relY = activeCenterY - overRect.top;
- const height = overRect.height;
- if (relY < height * 0.25) {
- dropPosition = "before";
- } else if (relY > height * 0.75) {
- dropPosition = "after";
- } else {
- dropPosition = "inside";
- }
- } else {
- dropPosition = "inside";
- }
+ // For folders: default to "inside", but if we just arrived
+ // from a different item use direction to pick before/after
+ dropPosition = "inside";
} else {
- // Notes have 2 zones: top 50% = before, bottom 50% = after
- if (activeCenterY !== null && overRect) {
- const relY = activeCenterY - overRect.top;
- dropPosition = relY < overRect.height * 0.5 ? "before" : "after";
- } else {
- dropPosition = "after";
- }
+ // For notes: top half = before, bottom half = after
+ dropPosition = movingDown ? "after" : "before";
}
if (!isValidDrop(activeId, overId, dropPosition)) {
- // Fallback: try "after" if "inside" was invalid
if (dropPosition === "inside") {
- dropPosition = "after";
+ dropPosition = movingDown ? "after" : "before";
if (!isValidDrop(activeId, overId, dropPosition)) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
return;
@@ -151,6 +134,8 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
}
}
+ lastOverId.current = overId;
+ console.debug("DnD dragOver:", { overId, dropPosition, deltaY: event.delta.y });
setDragState((prev) => ({ ...prev, overId, dropPosition }));
},
[flatNodes, isValidDrop]
@@ -162,6 +147,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
const { overId, dropPosition } = dragState;
setDragState({ activeId: null, overId: null, dropPosition: null });
+ lastOverId.current = null;
if (!over || overId === null || dropPosition === null) return;
@@ -184,6 +170,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
const handleDragCancel = useCallback(() => {
setDragState({ activeId: null, overId: null, dropPosition: null });
+ lastOverId.current = null;
}, []);
return { dragState, handleDragStart, handleDragOver, handleDragEnd, handleDragCancel };
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/tree.css b/javascript/src/frontend/collab_forms/forms/project_collabnotes/tree.css
index 55166faca..54e6e6416 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/tree.css
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/tree.css
@@ -9,28 +9,34 @@
.tree-item-drop-before::before {
content: "";
position: absolute;
- top: 0;
+ top: -1px;
left: 0;
right: 0;
- height: 2px;
+ height: 3px;
background-color: #0d6efd;
+ border-radius: 2px;
z-index: 10;
+ box-shadow: 0 0 0 1px rgba(13, 110, 253, 0.3);
}
.tree-item-drop-after::after {
content: "";
position: absolute;
- bottom: 0;
+ bottom: -1px;
left: 0;
right: 0;
- height: 2px;
+ height: 3px;
background-color: #0d6efd;
+ border-radius: 2px;
z-index: 10;
+ box-shadow: 0 0 0 1px rgba(13, 110, 253, 0.3);
}
.tree-item-drop-inside > .tree-item {
background-color: #cfe2ff;
border-radius: 4px;
+ outline: 2px solid #0d6efd;
+ outline-offset: -2px;
}
.tree-drag-overlay {
From 378a60920996b6a9393ee03a6e202b2eac95c581 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 11:07:02 -0500
Subject: [PATCH 07/18] Fix drag-over not firing in nested tree structure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Switch from closestCenter to pointerWithin collision detection —
closestCenter fails with nested DOM structures because sortable
items are inside each other. Also bind handleDragOver to onDragMove
which fires on every pointer movement, not just when the over
target changes.
---
.../collab_forms/forms/project_collabnotes/NoteTreeView.tsx | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index 670578f93..35b35e2a3 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -2,7 +2,7 @@ import { useState, useMemo, useCallback } from "react";
import {
DndContext,
DragOverlay,
- closestCenter,
+ pointerWithin,
KeyboardSensor,
PointerSensor,
useSensor,
@@ -233,8 +233,9 @@ export default function NoteTreeView({
Date: Wed, 1 Apr 2026 12:06:57 -0500
Subject: [PATCH 08/18] Load collab notes CSS in project detail template
The Vite build extracts CSS into separate files but the template
only loaded the JS bundle. Add stylesheet links for both the
component CSS and the shared collab CSS.
---
ghostwriter/rolodex/templates/rolodex/project_detail.html | 2 ++
.../collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/ghostwriter/rolodex/templates/rolodex/project_detail.html b/ghostwriter/rolodex/templates/rolodex/project_detail.html
index 91a3798cc..c3c5d8b9f 100644
--- a/ghostwriter/rolodex/templates/rolodex/project_detail.html
+++ b/ghostwriter/rolodex/templates/rolodex/project_detail.html
@@ -2152,5 +2152,7 @@ Related Log Entri
{% endfor %}
{% include "collab_editing/attrs_snippet.html" %}
+
+
{% endblock %}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index ecfadb716..2b24b71ea 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -86,6 +86,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
const handleDragOver = useCallback(
(event: DragOverEvent) => {
const { active, over } = event;
+ console.warn("DnD handler called, over:", over?.id ?? "null", "delta:", event.delta);
if (!over) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
lastOverId.current = null;
@@ -135,7 +136,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
}
lastOverId.current = overId;
- console.debug("DnD dragOver:", { overId, dropPosition, deltaY: event.delta.y });
+ console.warn("DnD dragOver:", { overId, dropPosition, deltaY: event.delta.y });
setDragState((prev) => ({ ...prev, overId, dropPosition }));
},
[flatNodes, isValidDrop]
From 103d8979417f2acfe0d0429a862ad85c40ead29b Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 12:14:32 -0500
Subject: [PATCH 09/18] Fix drag-drop positioning and add inline drop
indicators
- Update Yjs tree with both parentId AND position on drop
(was only updating parentId, causing items to land in the
right folder but at their old position)
- Add inline border styles for drop indicators as primary
approach (CSS pseudo-elements weren't visible)
---
.../forms/project_collabnotes/NoteTreeView.tsx | 10 +++++-----
.../forms/project_collabnotes/TreeItem.tsx | 15 ++++++++++++++-
.../forms/project_collabnotes/hooks/useTreeDnd.ts | 2 +-
3 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index 35b35e2a3..7a430d7a8 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -71,9 +71,10 @@ export default function NoteTreeView({
handleDragOver,
handleDragEnd: rawDragEnd,
handleDragCancel,
+ calculateNewPosition,
} = useTreeDnd({ flatNodes, moveNote, onTreeMutated });
- // Wrap handleDragEnd to also update Yjs tree
+ // Wrap handleDragEnd to also update Yjs tree with both parent and position
const handleDragEnd = useCallback(
async (event: any) => {
const { active, over } = event;
@@ -84,15 +85,14 @@ export default function NoteTreeView({
const overNode = flatNodes.find((n) => n.id === overId);
if (overNode) {
const newParentId = dropPosition === "inside" ? overId : overNode.parentId;
- // Update the Yjs node with new parent/position
- // (the actual DB mutation happens in rawDragEnd)
- updateNode(activeId, { parentId: newParentId });
+ const newPosition = calculateNewPosition(overId, dropPosition, newParentId);
+ updateNode(activeId, { parentId: newParentId, position: newPosition });
}
}
await rawDragEnd(event);
},
- [dragState, flatNodes, rawDragEnd, updateNode]
+ [dragState, flatNodes, rawDragEnd, updateNode, calculateNewPosition]
);
const allItemIds = useMemo(() => flatNodes.map((n) => n.id), [flatNodes]);
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
index f9376f553..6cb90c38e 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
@@ -63,6 +63,19 @@ export default function TreeItem({
const dropClass = dropPosition ? `tree-item-drop-${dropPosition}` : "";
+ // Inline drop indicator styles as fallback (works regardless of CSS loading)
+ const dropIndicatorStyle: React.CSSProperties = {};
+ if (dropPosition === "before") {
+ dropIndicatorStyle.borderTop = "3px solid #0d6efd";
+ } else if (dropPosition === "after") {
+ dropIndicatorStyle.borderBottom = "3px solid #0d6efd";
+ } else if (dropPosition === "inside") {
+ dropIndicatorStyle.outline = "2px solid #0d6efd";
+ dropIndicatorStyle.outlineOffset = "-2px";
+ dropIndicatorStyle.borderRadius = "4px";
+ dropIndicatorStyle.backgroundColor = "rgba(13, 110, 253, 0.1)";
+ }
+
const actionButtonClass = isSelected
? "btn btn-sm p-0 me-1 text-white"
: "btn btn-link btn-sm p-0 me-1";
@@ -72,7 +85,7 @@ export default function TreeItem({
: "btn btn-link btn-sm p-0 text-danger";
return (
-
Related Log Entri
{% endfor %}
{% include "collab_editing/attrs_snippet.html" %}
+
+
{% endblock %}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index ecfadb716..2b24b71ea 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -86,6 +86,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
const handleDragOver = useCallback(
(event: DragOverEvent) => {
const { active, over } = event;
+ console.warn("DnD handler called, over:", over?.id ?? "null", "delta:", event.delta);
if (!over) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
lastOverId.current = null;
@@ -135,7 +136,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
}
lastOverId.current = overId;
- console.debug("DnD dragOver:", { overId, dropPosition, deltaY: event.delta.y });
+ console.warn("DnD dragOver:", { overId, dropPosition, deltaY: event.delta.y });
setDragState((prev) => ({ ...prev, overId, dropPosition }));
},
[flatNodes, isValidDrop]
From 103d8979417f2acfe0d0429a862ad85c40ead29b Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 12:14:32 -0500
Subject: [PATCH 09/18] Fix drag-drop positioning and add inline drop
indicators
- Update Yjs tree with both parentId AND position on drop
(was only updating parentId, causing items to land in the
right folder but at their old position)
- Add inline border styles for drop indicators as primary
approach (CSS pseudo-elements weren't visible)
---
.../forms/project_collabnotes/NoteTreeView.tsx | 10 +++++-----
.../forms/project_collabnotes/TreeItem.tsx | 15 ++++++++++++++-
.../forms/project_collabnotes/hooks/useTreeDnd.ts | 2 +-
3 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index 35b35e2a3..7a430d7a8 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -71,9 +71,10 @@ export default function NoteTreeView({
handleDragOver,
handleDragEnd: rawDragEnd,
handleDragCancel,
+ calculateNewPosition,
} = useTreeDnd({ flatNodes, moveNote, onTreeMutated });
- // Wrap handleDragEnd to also update Yjs tree
+ // Wrap handleDragEnd to also update Yjs tree with both parent and position
const handleDragEnd = useCallback(
async (event: any) => {
const { active, over } = event;
@@ -84,15 +85,14 @@ export default function NoteTreeView({
const overNode = flatNodes.find((n) => n.id === overId);
if (overNode) {
const newParentId = dropPosition === "inside" ? overId : overNode.parentId;
- // Update the Yjs node with new parent/position
- // (the actual DB mutation happens in rawDragEnd)
- updateNode(activeId, { parentId: newParentId });
+ const newPosition = calculateNewPosition(overId, dropPosition, newParentId);
+ updateNode(activeId, { parentId: newParentId, position: newPosition });
}
}
await rawDragEnd(event);
},
- [dragState, flatNodes, rawDragEnd, updateNode]
+ [dragState, flatNodes, rawDragEnd, updateNode, calculateNewPosition]
);
const allItemIds = useMemo(() => flatNodes.map((n) => n.id), [flatNodes]);
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
index f9376f553..6cb90c38e 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
@@ -63,6 +63,19 @@ export default function TreeItem({
const dropClass = dropPosition ? `tree-item-drop-${dropPosition}` : "";
+ // Inline drop indicator styles as fallback (works regardless of CSS loading)
+ const dropIndicatorStyle: React.CSSProperties = {};
+ if (dropPosition === "before") {
+ dropIndicatorStyle.borderTop = "3px solid #0d6efd";
+ } else if (dropPosition === "after") {
+ dropIndicatorStyle.borderBottom = "3px solid #0d6efd";
+ } else if (dropPosition === "inside") {
+ dropIndicatorStyle.outline = "2px solid #0d6efd";
+ dropIndicatorStyle.outlineOffset = "-2px";
+ dropIndicatorStyle.borderRadius = "4px";
+ dropIndicatorStyle.backgroundColor = "rgba(13, 110, 253, 0.1)";
+ }
+
const actionButtonClass = isSelected
? "btn btn-sm p-0 me-1 text-white"
: "btn btn-link btn-sm p-0 me-1";
@@ -72,7 +85,7 @@ export default function TreeItem({
: "btn btn-link btn-sm p-0 text-danger";
return (
-
+
Date: Wed, 1 Apr 2026 12:59:56 -0500
Subject: [PATCH 10/18] Sort tree nodes by position in buildTree
buildTree was pushing children in Y.Array insertion order, ignoring
the position field. After updateNode changed a node's position value,
the array order didn't change so items appeared in the wrong place.
Now sorts roots and children by position then title at every level.
---
.../forms/project_collabnotes/hooks/useTreeSync.ts | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts
index c72cc1120..1ccb0a3d8 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts
@@ -182,5 +182,15 @@ function buildTree(flatNodes: FlatNote[]): NoteTreeNode[] {
}
}
+ // Sort by position then title at every level
+ const sortNodes = (a: NoteTreeNode, b: NoteTreeNode) =>
+ a.position !== b.position ? a.position - b.position : a.title.localeCompare(b.title);
+ roots.sort(sortNodes);
+ for (const node of nodeMap.values()) {
+ if (node.children.length > 1) {
+ node.children.sort(sortNodes);
+ }
+ }
+
return roots;
}
From 0e131250b3be243e3494f1b3bb22dcbaf66dae3e Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:14:45 -0500
Subject: [PATCH 11/18] Fix loading spinner text spinning with the indicator
---
.../forms/project_collabnotes/NoteTreeView.tsx | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index 7a430d7a8..7caecf6eb 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -194,11 +194,9 @@ export default function NoteTreeView({
if (loading) {
return (
-
-
- Loading...
-
- Loading notes...
+
+
+ Loading notes...
);
}
From 4cc3a86e502e4202b5d0328f1e911cf48265aaa8 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:34:54 -0500
Subject: [PATCH 12/18] Serve note images through authenticated Django view
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ghostwriter doesn't expose /media/ directly — all file serving goes
through Django views with permission checks. Add serve_note_field_image
view that checks user_can_view before returning the file. Update upload
responses and collab server handler to use the new URL pattern instead
of raw /media/ paths.
---
ghostwriter/rolodex/urls.py | 5 +++++
ghostwriter/rolodex/views.py | 20 +++++++++++++++++--
.../handlers/project_collab_note.ts | 2 +-
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/ghostwriter/rolodex/urls.py b/ghostwriter/rolodex/urls.py
index 648f6703e..e271cfc50 100644
--- a/ghostwriter/rolodex/urls.py
+++ b/ghostwriter/rolodex/urls.py
@@ -168,6 +168,11 @@
views.BloodhoundApiFetchView.as_view(),
name="ajax_bloodhound_fetch",
),
+ path(
+ "ajax/note/field//image/serve",
+ views.serve_note_field_image,
+ name="ajax_serve_note_image",
+ ),
path(
"ajax/note//field/image",
views.ajax_upload_note_field_image,
diff --git a/ghostwriter/rolodex/views.py b/ghostwriter/rolodex/views.py
index 5dbca182c..02d42a9e4 100644
--- a/ghostwriter/rolodex/views.py
+++ b/ghostwriter/rolodex/views.py
@@ -2296,6 +2296,20 @@ def get_context_data(self, **kwargs):
return ctx
+@login_required
+def serve_note_field_image(request, pk):
+ """Serve an image from a :model:`rolodex.ProjectCollabNoteField` with auth check."""
+ field = get_object_or_404(ProjectCollabNoteField, pk=pk)
+ if not field.note.user_can_view(request.user):
+ return ForbiddenJsonResponse()
+ if not field.image:
+ raise Http404
+ try:
+ return FileResponse(field.image.open("rb"), content_type="image/png")
+ except FileNotFoundError:
+ raise Http404
+
+
class NoteImageUploadForm(forms.Form):
"""Django form for validating image uploads to collab note fields."""
@@ -2365,13 +2379,14 @@ def _update_existing_image_field(request, note, field_pk, image_file):
)
field.image = image_file
field.save()
+ image_url = reverse("rolodex:ajax_serve_note_image", kwargs={"pk": field.pk})
logger.info(
"User %s uploaded image to existing field %s for note %s",
request.user, field.id, note.id,
)
return JsonResponse({
"result": "success",
- "imageUrl": request.build_absolute_uri(field.image.url),
+ "imageUrl": image_url,
})
@@ -2390,6 +2405,7 @@ def _create_new_image_field(request, note, image_file):
image=image_file,
position=max_position + 1,
)
+ image_url = reverse("rolodex:ajax_serve_note_image", kwargs={"pk": field.pk})
logger.info(
"User %s uploaded image field %s for note %s",
request.user, field.id, note.id,
@@ -2397,7 +2413,7 @@ def _create_new_image_field(request, note, image_file):
return JsonResponse({
"result": "success",
"id": field.id,
- "imageUrl": request.build_absolute_uri(field.image.url),
+ "imageUrl": image_url,
"position": field.position,
})
diff --git a/javascript/src/collab_server/handlers/project_collab_note.ts b/javascript/src/collab_server/handlers/project_collab_note.ts
index 9e2ccf199..2b2b7a486 100644
--- a/javascript/src/collab_server/handlers/project_collab_note.ts
+++ b/javascript/src/collab_server/handlers/project_collab_note.ts
@@ -68,7 +68,7 @@ const ProjectCollabNoteItemHandler: ModelHandler = {
fieldDataArr = [legacyField];
} else {
fieldDataArr = obj.fields.map((field: any) => {
- const imageUrl = field.image ? `/media/${field.image}` : null;
+ const imageUrl = field.image ? `/rolodex/ajax/note/field/${field.id}/image/serve` : null;
const fieldData: FieldData = {
id: field.id.toString(),
fieldType: field.fieldType,
From 2e678c31321a31b18ab086d1927d96b2bc3b5118 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:47:29 -0500
Subject: [PATCH 13/18] Expand collab notes container to fill viewport height
---
.../frontend/collab_forms/forms/project_collabnotes/index.tsx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx
index 98776ed14..2592e6e69 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx
@@ -15,7 +15,7 @@ function ProjectCollabNotesContainer() {
return (
Date: Wed, 1 Apr 2026 14:40:33 -0500
Subject: [PATCH 14/18] Add drop zones at top and bottom of note tree
Items couldn't be dragged to the very first or last position because
there was no sortable target above the first item or below the last.
Add sentinel droppable zones that highlight on hover and handle
placement at position -1000/+1000 relative to the first/last root
node.
---
.../project_collabnotes/NoteTreeView.tsx | 39 ++++++++++++++---
.../project_collabnotes/hooks/useTreeDnd.ts | 42 +++++++++++++------
2 files changed, 64 insertions(+), 17 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index 7caecf6eb..d02885ed4 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -7,6 +7,7 @@ import {
PointerSensor,
useSensor,
useSensors,
+ useDroppable,
} from "@dnd-kit/core";
import {
SortableContext,
@@ -82,11 +83,22 @@ export default function NoteTreeView({
if (over && overId !== null && dropPosition !== null) {
const activeId = active.id as number;
- const overNode = flatNodes.find((n) => n.id === overId);
- if (overNode) {
- const newParentId = dropPosition === "inside" ? overId : overNode.parentId;
- const newPosition = calculateNewPosition(overId, dropPosition, newParentId);
- updateNode(activeId, { parentId: newParentId, position: newPosition });
+
+ if (overId === "tree-top" || overId === "tree-bottom") {
+ const rootNodes = flatNodes
+ .filter((n) => n.parentId === null)
+ .sort((a, b) => a.position - b.position);
+ const newPosition = overId === "tree-top"
+ ? (rootNodes.length > 0 ? rootNodes[0].position - 1000 : 0)
+ : (rootNodes.length > 0 ? rootNodes[rootNodes.length - 1].position + 1000 : 0);
+ updateNode(activeId, { parentId: null, position: newPosition });
+ } else {
+ const overNode = flatNodes.find((n) => n.id === overId);
+ if (overNode) {
+ const newParentId = dropPosition === "inside" ? (overId as number) : overNode.parentId;
+ const newPosition = calculateNewPosition(overId as number, dropPosition, newParentId);
+ updateNode(activeId, { parentId: newParentId, position: newPosition });
+ }
}
}
@@ -243,6 +255,7 @@ export default function NoteTreeView({
strategy={verticalListSortingStrategy}
>
+
-
-
+
+
+
+ {tree.map((item) => (
+
+
{activeItem && (
@@ -319,9 +321,9 @@ function TreeDropSentinel({ id }: { id: string }) {
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index f49f625c2..47b4512eb 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -86,7 +86,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
const handleDragOver = useCallback(
(event: DragOverEvent) => {
const { active, over } = event;
- console.warn("DnD handler called, over:", over?.id ?? "null", "delta:", event.delta);
+
if (!over) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
lastOverId.current = null;
From 2ec095af32fbdb202af2c6d51afd2a17b29fbdf3 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 14:57:22 -0500
Subject: [PATCH 16/18] Use pointer position for folder before/inside/after
zones
Folders now split into three drop zones based on pointer Y relative
to the item rect: top 25% = before, middle 50% = inside, bottom
25% = after. Notes split at 50% for before/after. This allows
dragging items between adjacent folders instead of always dropping
inside.
---
.../project_collabnotes/hooks/useTreeDnd.ts | 28 +++++++++++++++++--
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index 47b4512eb..2c8f057d2 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -116,13 +116,35 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
+ // Compute pointer Y from initial activation point + drag delta
let dropPosition: DropPosition;
- const movingDown = event.delta.y > 0;
+ const activatorY = (event.activatorEvent as PointerEvent)?.clientY;
+ const pointerY = activatorY != null ? activatorY + event.delta.y : null;
+ const overRect = over.rect;
if (overNode.nodeType === "folder") {
- dropPosition = "inside";
+ // Folders: top 25% = before, middle 50% = inside, bottom 25% = after
+ if (pointerY != null && overRect && overRect.height > 0) {
+ const relY = pointerY - overRect.top;
+ const ratio = relY / overRect.height;
+ if (ratio < 0.25) {
+ dropPosition = "before";
+ } else if (ratio > 0.75) {
+ dropPosition = "after";
+ } else {
+ dropPosition = "inside";
+ }
+ } else {
+ dropPosition = "inside";
+ }
} else {
- dropPosition = movingDown ? "after" : "before";
+ // Notes: top half = before, bottom half = after
+ if (pointerY != null && overRect && overRect.height > 0) {
+ const relY = pointerY - overRect.top;
+ dropPosition = relY < overRect.height * 0.5 ? "before" : "after";
+ } else {
+ dropPosition = event.delta.y > 0 ? "after" : "before";
+ }
}
if (!isValidDrop(activeId, overId, dropPosition)) {
From bc1daa0aa5ad116026f0f8f65fed9c6b77fbf9a3 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 16:24:04 -0500
Subject: [PATCH 17/18] Add package-lock.json and test data seed script
- Lock @dnd-kit dependency versions from npm install
- Add scripts/seed_test_data.py for populating dev environment
with test users, clients, projects, and collab notes
---
javascript/package-lock.json | 56 ++++++++
scripts/seed_test_data.py | 260 +++++++++++++++++++++++++++++++++++
2 files changed, 316 insertions(+)
create mode 100644 scripts/seed_test_data.py
diff --git a/javascript/package-lock.json b/javascript/package-lock.json
index 95bbfa65b..a8ab7a786 100644
--- a/javascript/package-lock.json
+++ b/javascript/package-lock.json
@@ -6,6 +6,9 @@
"": {
"dependencies": {
"@apollo/client": "^3.13.1",
+ "@dnd-kit/core": "^6.3.1",
+ "@dnd-kit/sortable": "^10.0.0",
+ "@dnd-kit/utilities": "^3.2.2",
"@fortawesome/fontawesome-svg-core": "^6.7.2",
"@fortawesome/free-regular-svg-icons": "^6.7.2",
"@fortawesome/free-solid-svg-icons": "^6.7.2",
@@ -412,6 +415,59 @@
"node": ">=6.9.0"
}
},
+ "node_modules/@dnd-kit/accessibility": {
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/accessibility/-/accessibility-3.1.1.tgz",
+ "integrity": "sha512-2P+YgaXF+gRsIihwwY1gCsQSYnu9Zyj2py8kY5fFvUM1qm2WA2u639R6YNVfU4GWr+ZM5mqEsfHZZLoRONbemw==",
+ "license": "MIT",
+ "dependencies": {
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "react": ">=16.8.0"
+ }
+ },
+ "node_modules/@dnd-kit/core": {
+ "version": "6.3.1",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/core/-/core-6.3.1.tgz",
+ "integrity": "sha512-xkGBRQQab4RLwgXxoqETICr6S5JlogafbhNsidmrkVv2YRs5MLwpjoF2qpiGjQt8S9AoxtIV603s0GIUpY5eYQ==",
+ "license": "MIT",
+ "dependencies": {
+ "@dnd-kit/accessibility": "^3.1.1",
+ "@dnd-kit/utilities": "^3.2.2",
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "react": ">=16.8.0",
+ "react-dom": ">=16.8.0"
+ }
+ },
+ "node_modules/@dnd-kit/sortable": {
+ "version": "10.0.0",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/sortable/-/sortable-10.0.0.tgz",
+ "integrity": "sha512-+xqhmIIzvAYMGfBYYnbKuNicfSsk4RksY2XdmJhT+HAC01nix6fHCztU68jooFiMUB01Ky3F0FyOvhG/BZrWkg==",
+ "license": "MIT",
+ "dependencies": {
+ "@dnd-kit/utilities": "^3.2.2",
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "@dnd-kit/core": "^6.3.0",
+ "react": ">=16.8.0"
+ }
+ },
+ "node_modules/@dnd-kit/utilities": {
+ "version": "3.2.2",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/utilities/-/utilities-3.2.2.tgz",
+ "integrity": "sha512-+MKAJEOfaBe5SmV6t34p80MMKhjvUz0vRrvVJbPT0WElzaOJ/1xs+D+KDv+tD/NE5ujfrChEcshd4fLn0wpiqg==",
+ "license": "MIT",
+ "dependencies": {
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "react": ">=16.8.0"
+ }
+ },
"node_modules/@envelop/core": {
"version": "5.3.2",
"resolved": "https://registry.npmjs.org/@envelop/core/-/core-5.3.2.tgz",
diff --git a/scripts/seed_test_data.py b/scripts/seed_test_data.py
new file mode 100644
index 000000000..c89c214bb
--- /dev/null
+++ b/scripts/seed_test_data.py
@@ -0,0 +1,260 @@
+"""
+Seed script for populating Ghostwriter with test data.
+
+Run via: docker compose -f local.yml exec django python manage.py shell < scripts/seed_test_data.py
+"""
+
+from datetime import date, timedelta
+from django.contrib.auth import get_user_model
+from ghostwriter.rolodex.models import (
+ Client,
+ ClientContact,
+ ClientInvite,
+ Project,
+ ProjectAssignment,
+ ProjectCollabNote,
+ ProjectCollabNoteField,
+ ProjectInvite,
+ ProjectObjective,
+ ProjectScope,
+ ProjectTarget,
+)
+from ghostwriter.rolodex.models import ProjectType, ProjectRole
+from ghostwriter.reporting.models import Severity, FindingType
+
+User = get_user_model()
+
+# ---------------------------------------------------------------------------
+# Users
+# ---------------------------------------------------------------------------
+users = {}
+user_specs = [
+ ("alice", "alice@example.com", "Alice Rivera", "TestPass123!"),
+ ("bob", "bob@example.com", "Bob Chen", "TestPass123!"),
+ ("charlie", "charlie@example.com", "Charlie Okafor", "TestPass123!"),
+]
+for username, email, name, pw in user_specs:
+ u, created = User.objects.get_or_create(
+ username=username,
+ defaults=dict(email=email, name=name, role="user"),
+ )
+ if created:
+ u.set_password(pw)
+ u.save()
+ print(f" Created user: {username} / {pw}")
+ else:
+ print(f" User already exists: {username}")
+ users[username] = u
+
+mgr, created = User.objects.get_or_create(
+ username="manager",
+ defaults=dict(email="mgr@example.com", name="Morgan Taylor", role="manager"),
+)
+if created:
+ mgr.set_password("TestPass123!")
+ mgr.save()
+ print(" Created manager: manager / TestPass123!")
+else:
+ print(" Manager already exists: manager")
+users["manager"] = mgr
+
+# ---------------------------------------------------------------------------
+# Clients
+# ---------------------------------------------------------------------------
+pt_pentest = ProjectType.objects.get(project_type="Penetration Test")
+pt_webapp = ProjectType.objects.get(project_type="Web Application Assessment")
+pt_redteam = ProjectType.objects.get(project_type="Red Team")
+
+role_lead = ProjectRole.objects.get(project_role="Assessment Lead")
+role_operator = ProjectRole.objects.get(project_role="Operator")
+
+clients_data = [
+ {
+ "name": "Acme Corporation",
+ "short_name": "ACME",
+ "codename": "THUNDERBOLT",
+ "contacts": [
+ ("Jane Doe", "jane.doe@acme.example.com", "CISO", "555-0101"),
+ ("John Smith", "john.smith@acme.example.com", "IT Director", "555-0102"),
+ ],
+ "projects": [
+ {
+ "codename": "IRON FALCON",
+ "project_type": pt_pentest,
+ "lead": "alice",
+ "operators": ["bob"],
+ "start": date.today() - timedelta(days=14),
+ "end": date.today() + timedelta(days=16),
+ "scopes": ["10.10.0.0/16", "web.acme.example.com", "api.acme.example.com"],
+ "targets": ["Domain Controller (DC01)", "Exchange Server", "VPN Gateway"],
+ "notes_tree": [
+ {"title": "Reconnaissance", "type": "folder", "children": [
+ {"title": "External Recon", "type": "note", "content": "Ran subdomain enumeration against acme.example.com. Found 14 subdomains.
"},
+ {"title": "OSINT Findings", "type": "note", "content": "LinkedIn reveals 3 IT admins. Password policy doc leaked on Pastebin (expired).
"},
+ ]},
+ {"title": "Exploitation", "type": "folder", "children": [
+ {"title": "Initial Access", "type": "note", "content": "Phishing payload delivered via macro-enabled doc. User jane.doe clicked.
"},
+ {"title": "Lateral Movement", "type": "note", "content": "Used Pass-the-Hash from workstation WS-042 to reach DC01.
"},
+ ]},
+ {"title": "Meeting Notes", "type": "note", "content": "Kickoff call 2026-03-17. Client wants focus on AD attack paths.
"},
+ ],
+ },
+ ],
+ },
+ {
+ "name": "Globex Industries",
+ "short_name": "GLOBEX",
+ "codename": "NIGHTSHADE",
+ "contacts": [
+ ("Hank Scorpio", "hank@globex.example.com", "CEO", "555-0200"),
+ ],
+ "projects": [
+ {
+ "codename": "SHADOW NEXUS",
+ "project_type": pt_webapp,
+ "lead": "bob",
+ "operators": ["charlie"],
+ "start": date.today() - timedelta(days=7),
+ "end": date.today() + timedelta(days=23),
+ "scopes": ["https://portal.globex.example.com", "https://api.globex.example.com/v2"],
+ "targets": ["Customer Portal", "REST API v2", "Admin Panel"],
+ "notes_tree": [
+ {"title": "API Testing", "type": "folder", "children": [
+ {"title": "Authentication Bypass", "type": "note", "content": "JWT validation can be bypassed by setting alg=none. Critical finding.
"},
+ {"title": "IDOR on /users endpoint", "type": "note", "content": "Changing user_id in request allows access to other users' data.
"},
+ ]},
+ {"title": "Portal XSS", "type": "note", "content": "Stored XSS in profile bio field. Payload: <img src=x onerror=alert(1)>
"},
+ ],
+ },
+ ],
+ },
+ {
+ "name": "Initech",
+ "short_name": "INIT",
+ "codename": "REDSTAPLER",
+ "contacts": [
+ ("Bill Lumbergh", "bill@initech.example.com", "VP", "555-0300"),
+ ("Milton Waddams", "milton@initech.example.com", "Facilities", "555-0301"),
+ ],
+ "projects": [
+ {
+ "codename": "CRIMSON TIDE",
+ "project_type": pt_redteam,
+ "lead": "charlie",
+ "operators": ["alice", "bob"],
+ "start": date.today(),
+ "end": date.today() + timedelta(days=30),
+ "scopes": ["*.initech.example.com", "10.20.0.0/16", "Physical: HQ Building"],
+ "targets": ["CEO Laptop", "Financial Database", "Badge System"],
+ "notes_tree": [
+ {"title": "Planning", "type": "folder", "children": [
+ {"title": "Rules of Engagement", "type": "note", "content": "No DoS. No production DB modification. Physical access authorized M-F 8am-6pm only.
"},
+ {"title": "C2 Infrastructure", "type": "note", "content": "Cobalt Strike teamserver on AWS. Redirector chain: CloudFront → Nginx → TS.
"},
+ ]},
+ {"title": "Execution Log", "type": "folder", "children": []},
+ ],
+ },
+ ],
+ },
+]
+
+for cdata in clients_data:
+ client, created = Client.objects.get_or_create(
+ name=cdata["name"],
+ defaults=dict(short_name=cdata["short_name"], codename=cdata["codename"]),
+ )
+ action = "Created" if created else "Exists"
+ print(f"\n{action} client: {client.name}")
+
+ for cname, cemail, ctitle, cphone in cdata["contacts"]:
+ ClientContact.objects.get_or_create(
+ client=client,
+ email=cemail,
+ defaults=dict(name=cname, job_title=ctitle, phone=cphone),
+ )
+
+ # Invite all users to the client
+ for u in users.values():
+ ClientInvite.objects.get_or_create(client=client, user=u)
+
+ for pdata in cdata["projects"]:
+ project, created = Project.objects.get_or_create(
+ codename=pdata["codename"],
+ defaults=dict(
+ client=client,
+ project_type=pdata["project_type"],
+ start_date=pdata["start"],
+ end_date=pdata["end"],
+ complete=False,
+ ),
+ )
+ action = "Created" if created else "Exists"
+ print(f" {action} project: {project.codename}")
+
+ # Assignments
+ lead_user = users[pdata["lead"]]
+ ProjectAssignment.objects.get_or_create(
+ project=project, operator=lead_user,
+ defaults=dict(role=role_lead, start_date=pdata["start"], end_date=pdata["end"]),
+ )
+ for op_name in pdata["operators"]:
+ op_user = users[op_name]
+ ProjectAssignment.objects.get_or_create(
+ project=project, operator=op_user,
+ defaults=dict(role=role_operator, start_date=pdata["start"], end_date=pdata["end"]),
+ )
+
+ # Invite manager
+ ProjectInvite.objects.get_or_create(project=project, user=users["manager"])
+
+ # Scopes
+ for i, scope_name in enumerate(pdata["scopes"]):
+ ProjectScope.objects.get_or_create(
+ project=project, name=scope_name,
+ defaults=dict(scope=scope_name),
+ )
+
+ # Targets
+ for i, target_name in enumerate(pdata["targets"]):
+ ProjectTarget.objects.get_or_create(
+ project=project, hostname=target_name,
+ )
+
+ # Collab notes tree
+ def create_notes_tree(nodes, project, parent=None, pos_start=0):
+ for i, node in enumerate(nodes):
+ position = (pos_start + i) * 1000
+ note, _ = ProjectCollabNote.objects.get_or_create(
+ project=project,
+ title=node["title"],
+ parent=parent,
+ defaults=dict(
+ node_type=node["type"],
+ content=node.get("content", ""),
+ position=position,
+ ),
+ )
+ if node["type"] == "note" and node.get("content"):
+ ProjectCollabNoteField.objects.get_or_create(
+ note=note,
+ position=0,
+ defaults=dict(
+ field_type="rich_text",
+ content=node["content"],
+ ),
+ )
+ if "children" in node:
+ create_notes_tree(node["children"], project, parent=note)
+
+ if created:
+ create_notes_tree(pdata["notes_tree"], project)
+
+print("\n" + "=" * 60)
+print("SEED DATA COMPLETE")
+print("=" * 60)
+print(f"Users: {User.objects.count()} (login with TestPass123!)")
+print(f"Clients: {Client.objects.count()}")
+print(f"Projects: {Project.objects.count()}")
+print(f"Collab Notes: {ProjectCollabNote.objects.count()}")
+print(f"Collab Note Fields: {ProjectCollabNoteField.objects.count()}")
+print("=" * 60)
From 7c4d4c1333a4bfe270360bf460ded992f82a2e8b Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 16:36:36 -0500
Subject: [PATCH 18/18] Address CodeFactor issues from PR #855
Python:
- Use 'raise Http404 from exc' for explicit exception chaining
- Move markdownify import to module level
- Rewrite seed script: remove unused imports, use dict literals,
extract functions to fix scope and redefinition warnings
TypeScript:
- Extract computeDropPosition() and sentinelPosition() from
handleDragOver/handleDragEnd to reduce cyclomatic complexity
- Extract TreeItemIcon, TreeItemChevron, TreeItemActions from
TreeItem to reduce component complexity
---
ghostwriter/rolodex/views.py | 6 +-
.../forms/project_collabnotes/TreeItem.tsx | 112 ++---
.../project_collabnotes/hooks/useTreeDnd.ts | 79 ++--
scripts/seed_test_data.py | 421 +++++++++---------
4 files changed, 313 insertions(+), 305 deletions(-)
diff --git a/ghostwriter/rolodex/views.py b/ghostwriter/rolodex/views.py
index 02d42a9e4..0336e673a 100644
--- a/ghostwriter/rolodex/views.py
+++ b/ghostwriter/rolodex/views.py
@@ -39,6 +39,7 @@
from django.db.models import Exists, OuterRef
# 3rd Party Libraries
+from markdownify import markdownify as md
from taggit.models import Tag
# Ghostwriter Libraries
@@ -2306,8 +2307,8 @@ def serve_note_field_image(request, pk):
raise Http404
try:
return FileResponse(field.image.open("rb"), content_type="image/png")
- except FileNotFoundError:
- raise Http404
+ except FileNotFoundError as exc:
+ raise Http404 from exc
class NoteImageUploadForm(forms.Form):
@@ -2431,7 +2432,6 @@ def _sanitize_filename(name):
@login_required
def export_collab_notes_zip(request, pk):
"""Export all collab notes for a project as a streaming ZIP response."""
- from markdownify import markdownify as md
project = get_object_or_404(Project, pk=pk)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
index 6cb90c38e..6bf1aec25 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx
@@ -16,6 +16,53 @@ interface TreeItemProps {
renderChildren?: (children: NoteTreeNode[], depth: number) => React.ReactNode;
}
+function TreeItemIcon({ isFolder, expanded }: { isFolder: boolean; expanded: boolean }) {
+ if (isFolder) {
+ return ;
+ }
+ return ;
+}
+
+function TreeItemChevron({ isFolder, hasChildren, expanded }: { isFolder: boolean; hasChildren: boolean; expanded: boolean }) {
+ if (!isFolder || !hasChildren) return null;
+ return expanded
+ ?
+ : ;
+}
+
+interface ActionButtonsProps {
+ isFolder: boolean;
+ buttonClass: string;
+ deleteClass: string;
+ onAddNote: (e: React.MouseEvent) => void;
+ onAddFolder: (e: React.MouseEvent) => void;
+ onRename: (e: React.MouseEvent) => void;
+ onDelete: (e: React.MouseEvent) => void;
+}
+
+function TreeItemActions({ isFolder, buttonClass, deleteClass, onAddNote, onAddFolder, onRename, onDelete }: ActionButtonsProps) {
+ return (
+
+ {isFolder && (
+ <>
+
+
+
+ )}
+
+
+
+ );
+}
+
export default function TreeItem({
item,
depth,
@@ -36,14 +83,10 @@ export default function TreeItem({
const isFolder = item.nodeType === "folder";
const isSelected = selectedId === item.id;
- const hasChildren = item.children.length > 0;
const handleClick = () => {
- if (isFolder) {
- setExpanded(!expanded);
- } else {
- onSelect(item.id);
- }
+ if (isFolder) setExpanded(!expanded);
+ else onSelect(item.id);
};
const handleRenameSubmit = () => {
@@ -63,7 +106,6 @@ export default function TreeItem({
const dropClass = dropPosition ? `tree-item-drop-${dropPosition}` : "";
- // Inline drop indicator styles as fallback (works regardless of CSS loading)
const dropIndicatorStyle: React.CSSProperties = {};
if (dropPosition === "before") {
dropIndicatorStyle.borderTop = "3px solid #0d6efd";
@@ -79,7 +121,6 @@ export default function TreeItem({
const actionButtonClass = isSelected
? "btn btn-sm p-0 me-1 text-white"
: "btn btn-link btn-sm p-0 me-1";
-
const deleteButtonClass = isSelected
? "btn btn-sm p-0 text-white"
: "btn btn-link btn-sm p-0 text-danger";
@@ -101,19 +142,11 @@ export default function TreeItem({
{...dragHandleProps}
>
- {isFolder && hasChildren && (
- expanded
- ?
- :
- )}
+ 0} expanded={expanded} />
- {isFolder ? (
-
- ) : (
-
- )}
+ { e.stopPropagation(); onCreateChild(item.id, "note"); setExpanded(true); }}
+ onAddFolder={(e) => { e.stopPropagation(); onCreateChild(item.id, "folder"); setExpanded(true); }}
+ onRename={(e) => { e.stopPropagation(); setRenameValue(item.title); setIsRenaming(true); }}
+ onDelete={(e) => { e.stopPropagation(); onRequestDelete(item); }}
+ />
)}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index 2c8f057d2..45654afe2 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -8,6 +8,42 @@ interface UseTreeDndProps {
onTreeMutated: () => void;
}
+interface ClientRect {
+ top: number;
+ height: number;
+}
+
+/** Determine before/inside/after based on pointer Y within an item rect. */
+function computeDropPosition(
+ nodeType: "folder" | "note",
+ pointerY: number | null,
+ overRect: ClientRect | null,
+ deltaY: number,
+): DropPosition {
+ if (nodeType === "folder") {
+ if (pointerY != null && overRect && overRect.height > 0) {
+ const ratio = (pointerY - overRect.top) / overRect.height;
+ if (ratio < 0.25) return "before";
+ if (ratio > 0.75) return "after";
+ return "inside";
+ }
+ return "inside";
+ }
+ if (pointerY != null && overRect && overRect.height > 0) {
+ return (pointerY - overRect.top) < overRect.height * 0.5 ? "before" : "after";
+ }
+ return deltaY > 0 ? "after" : "before";
+}
+
+/** Calculate position for sentinel (tree-top / tree-bottom) drops. */
+function sentinelPosition(sentinelId: string, rootNodes: FlatNote[]): number {
+ if (rootNodes.length === 0) return 0;
+ const sorted = [...rootNodes].sort((a, b) => a.position - b.position);
+ return sentinelId === "tree-top"
+ ? sorted[0].position - 1000
+ : sorted[sorted.length - 1].position + 1000;
+}
+
export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndProps) {
const [dragState, setDragState] = useState({
activeId: null,
@@ -116,40 +152,15 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
- // Compute pointer Y from initial activation point + drag delta
- let dropPosition: DropPosition;
const activatorY = (event.activatorEvent as PointerEvent)?.clientY;
const pointerY = activatorY != null ? activatorY + event.delta.y : null;
- const overRect = over.rect;
-
- if (overNode.nodeType === "folder") {
- // Folders: top 25% = before, middle 50% = inside, bottom 25% = after
- if (pointerY != null && overRect && overRect.height > 0) {
- const relY = pointerY - overRect.top;
- const ratio = relY / overRect.height;
- if (ratio < 0.25) {
- dropPosition = "before";
- } else if (ratio > 0.75) {
- dropPosition = "after";
- } else {
- dropPosition = "inside";
- }
- } else {
- dropPosition = "inside";
- }
- } else {
- // Notes: top half = before, bottom half = after
- if (pointerY != null && overRect && overRect.height > 0) {
- const relY = pointerY - overRect.top;
- dropPosition = relY < overRect.height * 0.5 ? "before" : "after";
- } else {
- dropPosition = event.delta.y > 0 ? "after" : "before";
- }
- }
+ let dropPosition = computeDropPosition(
+ overNode.nodeType, pointerY, over.rect, event.delta.y
+ );
if (!isValidDrop(activeId, overId, dropPosition)) {
if (dropPosition === "inside") {
- dropPosition = movingDown ? "after" : "before";
+ dropPosition = event.delta.y > 0 ? "after" : "before";
if (!isValidDrop(activeId, overId, dropPosition)) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
return;
@@ -183,15 +194,9 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
let newPosition: number;
if (overId === "tree-top" || overId === "tree-bottom") {
- const rootNodes = flatNodes
- .filter((n) => n.parentId === null)
- .sort((a, b) => a.position - b.position);
+ const rootNodes = flatNodes.filter((n) => n.parentId === null);
newParentId = null;
- if (overId === "tree-top") {
- newPosition = rootNodes.length > 0 ? rootNodes[0].position - 1000 : 0;
- } else {
- newPosition = rootNodes.length > 0 ? rootNodes[rootNodes.length - 1].position + 1000 : 0;
- }
+ newPosition = sentinelPosition(overId as string, rootNodes);
} else {
const overNode = flatNodes.find((n) => n.id === overId);
if (!overNode) return;
diff --git a/scripts/seed_test_data.py b/scripts/seed_test_data.py
index c89c214bb..f554bb34c 100644
--- a/scripts/seed_test_data.py
+++ b/scripts/seed_test_data.py
@@ -15,239 +15,234 @@
ProjectCollabNote,
ProjectCollabNoteField,
ProjectInvite,
- ProjectObjective,
ProjectScope,
ProjectTarget,
+ ProjectType,
+ ProjectRole,
)
-from ghostwriter.rolodex.models import ProjectType, ProjectRole
-from ghostwriter.reporting.models import Severity, FindingType
User = get_user_model()
-# ---------------------------------------------------------------------------
-# Users
-# ---------------------------------------------------------------------------
-users = {}
-user_specs = [
- ("alice", "alice@example.com", "Alice Rivera", "TestPass123!"),
- ("bob", "bob@example.com", "Bob Chen", "TestPass123!"),
- ("charlie", "charlie@example.com", "Charlie Okafor", "TestPass123!"),
-]
-for username, email, name, pw in user_specs:
- u, created = User.objects.get_or_create(
- username=username,
- defaults=dict(email=email, name=name, role="user"),
- )
- if created:
- u.set_password(pw)
- u.save()
- print(f" Created user: {username} / {pw}")
- else:
- print(f" User already exists: {username}")
- users[username] = u
-
-mgr, created = User.objects.get_or_create(
- username="manager",
- defaults=dict(email="mgr@example.com", name="Morgan Taylor", role="manager"),
-)
-if created:
- mgr.set_password("TestPass123!")
- mgr.save()
- print(" Created manager: manager / TestPass123!")
-else:
- print(" Manager already exists: manager")
-users["manager"] = mgr
-
-# ---------------------------------------------------------------------------
-# Clients
-# ---------------------------------------------------------------------------
-pt_pentest = ProjectType.objects.get(project_type="Penetration Test")
-pt_webapp = ProjectType.objects.get(project_type="Web Application Assessment")
-pt_redteam = ProjectType.objects.get(project_type="Red Team")
-role_lead = ProjectRole.objects.get(project_role="Assessment Lead")
-role_operator = ProjectRole.objects.get(project_role="Operator")
-
-clients_data = [
- {
- "name": "Acme Corporation",
- "short_name": "ACME",
- "codename": "THUNDERBOLT",
- "contacts": [
- ("Jane Doe", "jane.doe@acme.example.com", "CISO", "555-0101"),
- ("John Smith", "john.smith@acme.example.com", "IT Director", "555-0102"),
- ],
- "projects": [
- {
- "codename": "IRON FALCON",
- "project_type": pt_pentest,
- "lead": "alice",
- "operators": ["bob"],
- "start": date.today() - timedelta(days=14),
- "end": date.today() + timedelta(days=16),
- "scopes": ["10.10.0.0/16", "web.acme.example.com", "api.acme.example.com"],
- "targets": ["Domain Controller (DC01)", "Exchange Server", "VPN Gateway"],
- "notes_tree": [
- {"title": "Reconnaissance", "type": "folder", "children": [
- {"title": "External Recon", "type": "note", "content": "Ran subdomain enumeration against acme.example.com. Found 14 subdomains.
"},
- {"title": "OSINT Findings", "type": "note", "content": "LinkedIn reveals 3 IT admins. Password policy doc leaked on Pastebin (expired).
"},
- ]},
- {"title": "Exploitation", "type": "folder", "children": [
- {"title": "Initial Access", "type": "note", "content": "Phishing payload delivered via macro-enabled doc. User jane.doe clicked.
"},
- {"title": "Lateral Movement", "type": "note", "content": "Used Pass-the-Hash from workstation WS-042 to reach DC01.
"},
- ]},
- {"title": "Meeting Notes", "type": "note", "content": "Kickoff call 2026-03-17. Client wants focus on AD attack paths.
"},
- ],
- },
- ],
- },
- {
- "name": "Globex Industries",
- "short_name": "GLOBEX",
- "codename": "NIGHTSHADE",
- "contacts": [
- ("Hank Scorpio", "hank@globex.example.com", "CEO", "555-0200"),
- ],
- "projects": [
- {
- "codename": "SHADOW NEXUS",
- "project_type": pt_webapp,
- "lead": "bob",
- "operators": ["charlie"],
- "start": date.today() - timedelta(days=7),
- "end": date.today() + timedelta(days=23),
- "scopes": ["https://portal.globex.example.com", "https://api.globex.example.com/v2"],
- "targets": ["Customer Portal", "REST API v2", "Admin Panel"],
- "notes_tree": [
- {"title": "API Testing", "type": "folder", "children": [
- {"title": "Authentication Bypass", "type": "note", "content": "JWT validation can be bypassed by setting alg=none. Critical finding.
"},
- {"title": "IDOR on /users endpoint", "type": "note", "content": "Changing user_id in request allows access to other users' data.
"},
- ]},
- {"title": "Portal XSS", "type": "note", "content": "Stored XSS in profile bio field. Payload: <img src=x onerror=alert(1)>
"},
- ],
+def create_notes_tree(nodes, project, parent=None, pos_start=0):
+ """Recursively create a tree of collab notes from a list of dicts."""
+ for idx, node in enumerate(nodes):
+ position = (pos_start + idx) * 1000
+ note, _ = ProjectCollabNote.objects.get_or_create(
+ project=project,
+ title=node["title"],
+ parent=parent,
+ defaults={
+ "node_type": node["type"],
+ "content": node.get("content", ""),
+ "position": position,
},
- ],
- },
- {
- "name": "Initech",
- "short_name": "INIT",
- "codename": "REDSTAPLER",
- "contacts": [
- ("Bill Lumbergh", "bill@initech.example.com", "VP", "555-0300"),
- ("Milton Waddams", "milton@initech.example.com", "Facilities", "555-0301"),
- ],
- "projects": [
- {
- "codename": "CRIMSON TIDE",
- "project_type": pt_redteam,
- "lead": "charlie",
- "operators": ["alice", "bob"],
- "start": date.today(),
- "end": date.today() + timedelta(days=30),
- "scopes": ["*.initech.example.com", "10.20.0.0/16", "Physical: HQ Building"],
- "targets": ["CEO Laptop", "Financial Database", "Badge System"],
- "notes_tree": [
- {"title": "Planning", "type": "folder", "children": [
- {"title": "Rules of Engagement", "type": "note", "content": "No DoS. No production DB modification. Physical access authorized M-F 8am-6pm only.
"},
- {"title": "C2 Infrastructure", "type": "note", "content": "Cobalt Strike teamserver on AWS. Redirector chain: CloudFront → Nginx → TS.
"},
- ]},
- {"title": "Execution Log", "type": "folder", "children": []},
- ],
- },
- ],
- },
-]
-
-for cdata in clients_data:
- client, created = Client.objects.get_or_create(
- name=cdata["name"],
- defaults=dict(short_name=cdata["short_name"], codename=cdata["codename"]),
+ )
+ if node["type"] == "note" and node.get("content"):
+ ProjectCollabNoteField.objects.get_or_create(
+ note=note,
+ position=0,
+ defaults={
+ "field_type": "rich_text",
+ "content": node["content"],
+ },
+ )
+ if "children" in node:
+ create_notes_tree(node["children"], project, parent=note)
+
+
+def seed_users():
+ """Create test users and return a dict of username -> User."""
+ users = {}
+ user_specs = [
+ ("alice", "alice@example.com", "Alice Rivera"),
+ ("bob", "bob@example.com", "Bob Chen"),
+ ("charlie", "charlie@example.com", "Charlie Okafor"),
+ ]
+ for username, email, name in user_specs:
+ user, created = User.objects.get_or_create(
+ username=username,
+ defaults={"email": email, "name": name, "role": "user"},
+ )
+ if created:
+ user.set_password("TestPass123!")
+ user.save()
+ print(f" Created user: {username} / TestPass123!")
+ else:
+ print(f" User already exists: {username}")
+ users[username] = user
+
+ mgr, created = User.objects.get_or_create(
+ username="manager",
+ defaults={"email": "mgr@example.com", "name": "Morgan Taylor", "role": "manager"},
)
- action = "Created" if created else "Exists"
- print(f"\n{action} client: {client.name}")
-
- for cname, cemail, ctitle, cphone in cdata["contacts"]:
- ClientContact.objects.get_or_create(
- client=client,
- email=cemail,
- defaults=dict(name=cname, job_title=ctitle, phone=cphone),
+ if created:
+ mgr.set_password("TestPass123!")
+ mgr.save()
+ print(" Created manager: manager / TestPass123!")
+ else:
+ print(" Manager already exists: manager")
+ users["manager"] = mgr
+ return users
+
+
+def seed_clients(users):
+ """Create test clients, projects, assignments, and collab notes."""
+ pt_pentest = ProjectType.objects.get(project_type="Penetration Test")
+ pt_webapp = ProjectType.objects.get(project_type="Web Application Assessment")
+ pt_redteam = ProjectType.objects.get(project_type="Red Team")
+
+ role_lead = ProjectRole.objects.get(project_role="Assessment Lead")
+ role_operator = ProjectRole.objects.get(project_role="Operator")
+
+ clients_data = [
+ {
+ "name": "Acme Corporation",
+ "short_name": "ACME",
+ "codename": "THUNDERBOLT",
+ "contacts": [
+ ("Jane Doe", "jane.doe@acme.example.com", "CISO", "555-0101"),
+ ("John Smith", "john.smith@acme.example.com", "IT Director", "555-0102"),
+ ],
+ "projects": [
+ {
+ "codename": "IRON FALCON",
+ "project_type": pt_pentest,
+ "lead": "alice",
+ "operators": ["bob"],
+ "start": date.today() - timedelta(days=14),
+ "end": date.today() + timedelta(days=16),
+ "scopes": ["10.10.0.0/16", "web.acme.example.com", "api.acme.example.com"],
+ "targets": ["Domain Controller (DC01)", "Exchange Server", "VPN Gateway"],
+ "notes_tree": [
+ {"title": "Reconnaissance", "type": "folder", "children": [
+ {"title": "External Recon", "type": "note", "content": "Ran subdomain enumeration against acme.example.com. Found 14 subdomains.
"},
+ {"title": "OSINT Findings", "type": "note", "content": "LinkedIn reveals 3 IT admins. Password policy doc leaked on Pastebin (expired).
"},
+ ]},
+ {"title": "Exploitation", "type": "folder", "children": [
+ {"title": "Initial Access", "type": "note", "content": "Phishing payload delivered via macro-enabled doc. User jane.doe clicked.
"},
+ {"title": "Lateral Movement", "type": "note", "content": "Used Pass-the-Hash from workstation WS-042 to reach DC01.
"},
+ ]},
+ {"title": "Meeting Notes", "type": "note", "content": "Kickoff call 2026-03-17. Client wants focus on AD attack paths.
"},
+ ],
+ },
+ ],
+ },
+ {
+ "name": "Globex Industries",
+ "short_name": "GLOBEX",
+ "codename": "NIGHTSHADE",
+ "contacts": [
+ ("Hank Scorpio", "hank@globex.example.com", "CEO", "555-0200"),
+ ],
+ "projects": [
+ {
+ "codename": "SHADOW NEXUS",
+ "project_type": pt_webapp,
+ "lead": "bob",
+ "operators": ["charlie"],
+ "start": date.today() - timedelta(days=7),
+ "end": date.today() + timedelta(days=23),
+ "scopes": ["https://portal.globex.example.com", "https://api.globex.example.com/v2"],
+ "targets": ["Customer Portal", "REST API v2", "Admin Panel"],
+ "notes_tree": [
+ {"title": "API Testing", "type": "folder", "children": [
+ {"title": "Authentication Bypass", "type": "note", "content": "JWT validation can be bypassed by setting alg=none. Critical finding.
"},
+ {"title": "IDOR on /users endpoint", "type": "note", "content": "Changing user_id in request allows access to other users' data.
"},
+ ]},
+ {"title": "Portal XSS", "type": "note", "content": "Stored XSS in profile bio field. Payload: <img src=x onerror=alert(1)>
"},
+ ],
+ },
+ ],
+ },
+ {
+ "name": "Initech",
+ "short_name": "INIT",
+ "codename": "REDSTAPLER",
+ "contacts": [
+ ("Bill Lumbergh", "bill@initech.example.com", "VP", "555-0300"),
+ ("Milton Waddams", "milton@initech.example.com", "Facilities", "555-0301"),
+ ],
+ "projects": [
+ {
+ "codename": "CRIMSON TIDE",
+ "project_type": pt_redteam,
+ "lead": "charlie",
+ "operators": ["alice", "bob"],
+ "start": date.today(),
+ "end": date.today() + timedelta(days=30),
+ "scopes": ["*.initech.example.com", "10.20.0.0/16", "Physical: HQ Building"],
+ "targets": ["CEO Laptop", "Financial Database", "Badge System"],
+ "notes_tree": [
+ {"title": "Planning", "type": "folder", "children": [
+ {"title": "Rules of Engagement", "type": "note", "content": "No DoS. No production DB modification. Physical access authorized M-F 8am-6pm only.
"},
+ {"title": "C2 Infrastructure", "type": "note", "content": "Cobalt Strike teamserver on AWS. Redirector chain: CloudFront → Nginx → TS.
"},
+ ]},
+ {"title": "Execution Log", "type": "folder", "children": []},
+ ],
+ },
+ ],
+ },
+ ]
+
+ for cdata in clients_data:
+ client, created = Client.objects.get_or_create(
+ name=cdata["name"],
+ defaults={"short_name": cdata["short_name"], "codename": cdata["codename"]},
)
+ print(f"\n{'Created' if created else 'Exists'} client: {client.name}")
- # Invite all users to the client
- for u in users.values():
- ClientInvite.objects.get_or_create(client=client, user=u)
-
- for pdata in cdata["projects"]:
- project, created = Project.objects.get_or_create(
- codename=pdata["codename"],
- defaults=dict(
+ for cname, cemail, ctitle, cphone in cdata["contacts"]:
+ ClientContact.objects.get_or_create(
client=client,
- project_type=pdata["project_type"],
- start_date=pdata["start"],
- end_date=pdata["end"],
- complete=False,
- ),
- )
- action = "Created" if created else "Exists"
- print(f" {action} project: {project.codename}")
-
- # Assignments
- lead_user = users[pdata["lead"]]
- ProjectAssignment.objects.get_or_create(
- project=project, operator=lead_user,
- defaults=dict(role=role_lead, start_date=pdata["start"], end_date=pdata["end"]),
- )
- for op_name in pdata["operators"]:
- op_user = users[op_name]
- ProjectAssignment.objects.get_or_create(
- project=project, operator=op_user,
- defaults=dict(role=role_operator, start_date=pdata["start"], end_date=pdata["end"]),
+ email=cemail,
+ defaults={"name": cname, "job_title": ctitle, "phone": cphone},
)
- # Invite manager
- ProjectInvite.objects.get_or_create(project=project, user=users["manager"])
-
- # Scopes
- for i, scope_name in enumerate(pdata["scopes"]):
- ProjectScope.objects.get_or_create(
- project=project, name=scope_name,
- defaults=dict(scope=scope_name),
+ for user in users.values():
+ ClientInvite.objects.get_or_create(client=client, user=user)
+
+ for pdata in cdata["projects"]:
+ proj, proj_created = Project.objects.get_or_create(
+ codename=pdata["codename"],
+ defaults={
+ "client": client,
+ "project_type": pdata["project_type"],
+ "start_date": pdata["start"],
+ "end_date": pdata["end"],
+ "complete": False,
+ },
)
+ print(f" {'Created' if proj_created else 'Exists'} project: {proj.codename}")
- # Targets
- for i, target_name in enumerate(pdata["targets"]):
- ProjectTarget.objects.get_or_create(
- project=project, hostname=target_name,
+ lead_user = users[pdata["lead"]]
+ ProjectAssignment.objects.get_or_create(
+ project=proj, operator=lead_user,
+ defaults={"role": role_lead, "start_date": pdata["start"], "end_date": pdata["end"]},
)
+ for op_name in pdata["operators"]:
+ ProjectAssignment.objects.get_or_create(
+ project=proj, operator=users[op_name],
+ defaults={"role": role_operator, "start_date": pdata["start"], "end_date": pdata["end"]},
+ )
- # Collab notes tree
- def create_notes_tree(nodes, project, parent=None, pos_start=0):
- for i, node in enumerate(nodes):
- position = (pos_start + i) * 1000
- note, _ = ProjectCollabNote.objects.get_or_create(
- project=project,
- title=node["title"],
- parent=parent,
- defaults=dict(
- node_type=node["type"],
- content=node.get("content", ""),
- position=position,
- ),
+ ProjectInvite.objects.get_or_create(project=proj, user=users["manager"])
+
+ for scope_name in pdata["scopes"]:
+ ProjectScope.objects.get_or_create(
+ project=proj, name=scope_name,
+ defaults={"scope": scope_name},
)
- if node["type"] == "note" and node.get("content"):
- ProjectCollabNoteField.objects.get_or_create(
- note=note,
- position=0,
- defaults=dict(
- field_type="rich_text",
- content=node["content"],
- ),
- )
- if "children" in node:
- create_notes_tree(node["children"], project, parent=note)
- if created:
- create_notes_tree(pdata["notes_tree"], project)
+ for target_name in pdata["targets"]:
+ ProjectTarget.objects.get_or_create(project=proj, hostname=target_name)
+
+ if proj_created:
+ create_notes_tree(pdata["notes_tree"], proj)
+
+
+users = seed_users()
+seed_clients(users)
print("\n" + "=" * 60)
print("SEED DATA COMPLETE")
Date: Wed, 1 Apr 2026 12:59:56 -0500
Subject: [PATCH 10/18] Sort tree nodes by position in buildTree
buildTree was pushing children in Y.Array insertion order, ignoring
the position field. After updateNode changed a node's position value,
the array order didn't change so items appeared in the wrong place.
Now sorts roots and children by position then title at every level.
---
.../forms/project_collabnotes/hooks/useTreeSync.ts | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts
index c72cc1120..1ccb0a3d8 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeSync.ts
@@ -182,5 +182,15 @@ function buildTree(flatNodes: FlatNote[]): NoteTreeNode[] {
}
}
+ // Sort by position then title at every level
+ const sortNodes = (a: NoteTreeNode, b: NoteTreeNode) =>
+ a.position !== b.position ? a.position - b.position : a.title.localeCompare(b.title);
+ roots.sort(sortNodes);
+ for (const node of nodeMap.values()) {
+ if (node.children.length > 1) {
+ node.children.sort(sortNodes);
+ }
+ }
+
return roots;
}
From 0e131250b3be243e3494f1b3bb22dcbaf66dae3e Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:14:45 -0500
Subject: [PATCH 11/18] Fix loading spinner text spinning with the indicator
---
.../forms/project_collabnotes/NoteTreeView.tsx | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index 7a430d7a8..7caecf6eb 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -194,11 +194,9 @@ export default function NoteTreeView({
if (loading) {
return (
-
- /image/serve",
+ views.serve_note_field_image,
+ name="ajax_serve_note_image",
+ ),
path(
"ajax/note//field/image",
views.ajax_upload_note_field_image,
diff --git a/ghostwriter/rolodex/views.py b/ghostwriter/rolodex/views.py
index 5dbca182c..02d42a9e4 100644
--- a/ghostwriter/rolodex/views.py
+++ b/ghostwriter/rolodex/views.py
@@ -2296,6 +2296,20 @@ def get_context_data(self, **kwargs):
return ctx
+@login_required
+def serve_note_field_image(request, pk):
+ """Serve an image from a :model:`rolodex.ProjectCollabNoteField` with auth check."""
+ field = get_object_or_404(ProjectCollabNoteField, pk=pk)
+ if not field.note.user_can_view(request.user):
+ return ForbiddenJsonResponse()
+ if not field.image:
+ raise Http404
+ try:
+ return FileResponse(field.image.open("rb"), content_type="image/png")
+ except FileNotFoundError:
+ raise Http404
+
+
class NoteImageUploadForm(forms.Form):
"""Django form for validating image uploads to collab note fields."""
@@ -2365,13 +2379,14 @@ def _update_existing_image_field(request, note, field_pk, image_file):
)
field.image = image_file
field.save()
+ image_url = reverse("rolodex:ajax_serve_note_image", kwargs={"pk": field.pk})
logger.info(
"User %s uploaded image to existing field %s for note %s",
request.user, field.id, note.id,
)
return JsonResponse({
"result": "success",
- "imageUrl": request.build_absolute_uri(field.image.url),
+ "imageUrl": image_url,
})
@@ -2390,6 +2405,7 @@ def _create_new_image_field(request, note, image_file):
image=image_file,
position=max_position + 1,
)
+ image_url = reverse("rolodex:ajax_serve_note_image", kwargs={"pk": field.pk})
logger.info(
"User %s uploaded image field %s for note %s",
request.user, field.id, note.id,
@@ -2397,7 +2413,7 @@ def _create_new_image_field(request, note, image_file):
return JsonResponse({
"result": "success",
"id": field.id,
- "imageUrl": request.build_absolute_uri(field.image.url),
+ "imageUrl": image_url,
"position": field.position,
})
diff --git a/javascript/src/collab_server/handlers/project_collab_note.ts b/javascript/src/collab_server/handlers/project_collab_note.ts
index 9e2ccf199..2b2b7a486 100644
--- a/javascript/src/collab_server/handlers/project_collab_note.ts
+++ b/javascript/src/collab_server/handlers/project_collab_note.ts
@@ -68,7 +68,7 @@ const ProjectCollabNoteItemHandler: ModelHandler = {
fieldDataArr = [legacyField];
} else {
fieldDataArr = obj.fields.map((field: any) => {
- const imageUrl = field.image ? `/media/${field.image}` : null;
+ const imageUrl = field.image ? `/rolodex/ajax/note/field/${field.id}/image/serve` : null;
const fieldData: FieldData = {
id: field.id.toString(),
fieldType: field.fieldType,
From 2e678c31321a31b18ab086d1927d96b2bc3b5118 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:47:29 -0500
Subject: [PATCH 13/18] Expand collab notes container to fill viewport height
---
.../frontend/collab_forms/forms/project_collabnotes/index.tsx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx
index 98776ed14..2592e6e69 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/index.tsx
@@ -15,7 +15,7 @@ function ProjectCollabNotesContainer() {
return (
- Loading...
-
- Loading notes...
+
+
+ Loading notes...
);
}
From 4cc3a86e502e4202b5d0328f1e911cf48265aaa8 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:34:54 -0500
Subject: [PATCH 12/18] Serve note images through authenticated Django view
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ghostwriter doesn't expose /media/ directly — all file serving goes
through Django views with permission checks. Add serve_note_field_image
view that checks user_can_view before returning the file. Update upload
responses and collab server handler to use the new URL pattern instead
of raw /media/ paths.
---
ghostwriter/rolodex/urls.py | 5 +++++
ghostwriter/rolodex/views.py | 20 +++++++++++++++++--
.../handlers/project_collab_note.ts | 2 +-
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/ghostwriter/rolodex/urls.py b/ghostwriter/rolodex/urls.py
index 648f6703e..e271cfc50 100644
--- a/ghostwriter/rolodex/urls.py
+++ b/ghostwriter/rolodex/urls.py
@@ -168,6 +168,11 @@
views.BloodhoundApiFetchView.as_view(),
name="ajax_bloodhound_fetch",
),
+ path(
+ "ajax/note/field/
Date: Wed, 1 Apr 2026 14:40:33 -0500
Subject: [PATCH 14/18] Add drop zones at top and bottom of note tree
Items couldn't be dragged to the very first or last position because
there was no sortable target above the first item or below the last.
Add sentinel droppable zones that highlight on hover and handle
placement at position -1000/+1000 relative to the first/last root
node.
---
.../project_collabnotes/NoteTreeView.tsx | 39 ++++++++++++++---
.../project_collabnotes/hooks/useTreeDnd.ts | 42 +++++++++++++------
2 files changed, 64 insertions(+), 17 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index 7caecf6eb..d02885ed4 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -7,6 +7,7 @@ import {
PointerSensor,
useSensor,
useSensors,
+ useDroppable,
} from "@dnd-kit/core";
import {
SortableContext,
@@ -82,11 +83,22 @@ export default function NoteTreeView({
if (over && overId !== null && dropPosition !== null) {
const activeId = active.id as number;
- const overNode = flatNodes.find((n) => n.id === overId);
- if (overNode) {
- const newParentId = dropPosition === "inside" ? overId : overNode.parentId;
- const newPosition = calculateNewPosition(overId, dropPosition, newParentId);
- updateNode(activeId, { parentId: newParentId, position: newPosition });
+
+ if (overId === "tree-top" || overId === "tree-bottom") {
+ const rootNodes = flatNodes
+ .filter((n) => n.parentId === null)
+ .sort((a, b) => a.position - b.position);
+ const newPosition = overId === "tree-top"
+ ? (rootNodes.length > 0 ? rootNodes[0].position - 1000 : 0)
+ : (rootNodes.length > 0 ? rootNodes[rootNodes.length - 1].position + 1000 : 0);
+ updateNode(activeId, { parentId: null, position: newPosition });
+ } else {
+ const overNode = flatNodes.find((n) => n.id === overId);
+ if (overNode) {
+ const newParentId = dropPosition === "inside" ? (overId as number) : overNode.parentId;
+ const newPosition = calculateNewPosition(overId as number, dropPosition, newParentId);
+ updateNode(activeId, { parentId: newParentId, position: newPosition });
+ }
}
}
@@ -243,6 +255,7 @@ export default function NoteTreeView({
strategy={verticalListSortingStrategy}
>
({
activeId: null,
@@ -116,40 +152,15 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
- // Compute pointer Y from initial activation point + drag delta
- let dropPosition: DropPosition;
const activatorY = (event.activatorEvent as PointerEvent)?.clientY;
const pointerY = activatorY != null ? activatorY + event.delta.y : null;
- const overRect = over.rect;
-
- if (overNode.nodeType === "folder") {
- // Folders: top 25% = before, middle 50% = inside, bottom 25% = after
- if (pointerY != null && overRect && overRect.height > 0) {
- const relY = pointerY - overRect.top;
- const ratio = relY / overRect.height;
- if (ratio < 0.25) {
- dropPosition = "before";
- } else if (ratio > 0.75) {
- dropPosition = "after";
- } else {
- dropPosition = "inside";
- }
- } else {
- dropPosition = "inside";
- }
- } else {
- // Notes: top half = before, bottom half = after
- if (pointerY != null && overRect && overRect.height > 0) {
- const relY = pointerY - overRect.top;
- dropPosition = relY < overRect.height * 0.5 ? "before" : "after";
- } else {
- dropPosition = event.delta.y > 0 ? "after" : "before";
- }
- }
+ let dropPosition = computeDropPosition(
+ overNode.nodeType, pointerY, over.rect, event.delta.y
+ );
if (!isValidDrop(activeId, overId, dropPosition)) {
if (dropPosition === "inside") {
- dropPosition = movingDown ? "after" : "before";
+ dropPosition = event.delta.y > 0 ? "after" : "before";
if (!isValidDrop(activeId, overId, dropPosition)) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
return;
@@ -183,15 +194,9 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
let newPosition: number;
if (overId === "tree-top" || overId === "tree-bottom") {
- const rootNodes = flatNodes
- .filter((n) => n.parentId === null)
- .sort((a, b) => a.position - b.position);
+ const rootNodes = flatNodes.filter((n) => n.parentId === null);
newParentId = null;
- if (overId === "tree-top") {
- newPosition = rootNodes.length > 0 ? rootNodes[0].position - 1000 : 0;
- } else {
- newPosition = rootNodes.length > 0 ? rootNodes[rootNodes.length - 1].position + 1000 : 0;
- }
+ newPosition = sentinelPosition(overId as string, rootNodes);
} else {
const overNode = flatNodes.find((n) => n.id === overId);
if (!overNode) return;
diff --git a/scripts/seed_test_data.py b/scripts/seed_test_data.py
index c89c214bb..f554bb34c 100644
--- a/scripts/seed_test_data.py
+++ b/scripts/seed_test_data.py
@@ -15,239 +15,234 @@
ProjectCollabNote,
ProjectCollabNoteField,
ProjectInvite,
- ProjectObjective,
ProjectScope,
ProjectTarget,
+ ProjectType,
+ ProjectRole,
)
-from ghostwriter.rolodex.models import ProjectType, ProjectRole
-from ghostwriter.reporting.models import Severity, FindingType
User = get_user_model()
-# ---------------------------------------------------------------------------
-# Users
-# ---------------------------------------------------------------------------
-users = {}
-user_specs = [
- ("alice", "alice@example.com", "Alice Rivera", "TestPass123!"),
- ("bob", "bob@example.com", "Bob Chen", "TestPass123!"),
- ("charlie", "charlie@example.com", "Charlie Okafor", "TestPass123!"),
-]
-for username, email, name, pw in user_specs:
- u, created = User.objects.get_or_create(
- username=username,
- defaults=dict(email=email, name=name, role="user"),
- )
- if created:
- u.set_password(pw)
- u.save()
- print(f" Created user: {username} / {pw}")
- else:
- print(f" User already exists: {username}")
- users[username] = u
-
-mgr, created = User.objects.get_or_create(
- username="manager",
- defaults=dict(email="mgr@example.com", name="Morgan Taylor", role="manager"),
-)
-if created:
- mgr.set_password("TestPass123!")
- mgr.save()
- print(" Created manager: manager / TestPass123!")
-else:
- print(" Manager already exists: manager")
-users["manager"] = mgr
-
-# ---------------------------------------------------------------------------
-# Clients
-# ---------------------------------------------------------------------------
-pt_pentest = ProjectType.objects.get(project_type="Penetration Test")
-pt_webapp = ProjectType.objects.get(project_type="Web Application Assessment")
-pt_redteam = ProjectType.objects.get(project_type="Red Team")
-role_lead = ProjectRole.objects.get(project_role="Assessment Lead")
-role_operator = ProjectRole.objects.get(project_role="Operator")
-
-clients_data = [
- {
- "name": "Acme Corporation",
- "short_name": "ACME",
- "codename": "THUNDERBOLT",
- "contacts": [
- ("Jane Doe", "jane.doe@acme.example.com", "CISO", "555-0101"),
- ("John Smith", "john.smith@acme.example.com", "IT Director", "555-0102"),
- ],
- "projects": [
- {
- "codename": "IRON FALCON",
- "project_type": pt_pentest,
- "lead": "alice",
- "operators": ["bob"],
- "start": date.today() - timedelta(days=14),
- "end": date.today() + timedelta(days=16),
- "scopes": ["10.10.0.0/16", "web.acme.example.com", "api.acme.example.com"],
- "targets": ["Domain Controller (DC01)", "Exchange Server", "VPN Gateway"],
- "notes_tree": [
- {"title": "Reconnaissance", "type": "folder", "children": [
- {"title": "External Recon", "type": "note", "content": "
+
-
+
{activeItem && (
@@ -319,9 +321,9 @@ function TreeDropSentinel({ id }: { id: string }) {
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index f49f625c2..47b4512eb 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -86,7 +86,7 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
const handleDragOver = useCallback(
(event: DragOverEvent) => {
const { active, over } = event;
- console.warn("DnD handler called, over:", over?.id ?? "null", "delta:", event.delta);
+
if (!over) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
lastOverId.current = null;
From 2ec095af32fbdb202af2c6d51afd2a17b29fbdf3 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 14:57:22 -0500
Subject: [PATCH 16/18] Use pointer position for folder before/inside/after
zones
Folders now split into three drop zones based on pointer Y relative
to the item rect: top 25% = before, middle 50% = inside, bottom
25% = after. Notes split at 50% for before/after. This allows
dragging items between adjacent folders instead of always dropping
inside.
---
.../project_collabnotes/hooks/useTreeDnd.ts | 28 +++++++++++++++++--
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index 47b4512eb..2c8f057d2 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -116,13 +116,35 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
+ // Compute pointer Y from initial activation point + drag delta
let dropPosition: DropPosition;
- const movingDown = event.delta.y > 0;
+ const activatorY = (event.activatorEvent as PointerEvent)?.clientY;
+ const pointerY = activatorY != null ? activatorY + event.delta.y : null;
+ const overRect = over.rect;
if (overNode.nodeType === "folder") {
- dropPosition = "inside";
+ // Folders: top 25% = before, middle 50% = inside, bottom 25% = after
+ if (pointerY != null && overRect && overRect.height > 0) {
+ const relY = pointerY - overRect.top;
+ const ratio = relY / overRect.height;
+ if (ratio < 0.25) {
+ dropPosition = "before";
+ } else if (ratio > 0.75) {
+ dropPosition = "after";
+ } else {
+ dropPosition = "inside";
+ }
+ } else {
+ dropPosition = "inside";
+ }
} else {
- dropPosition = movingDown ? "after" : "before";
+ // Notes: top half = before, bottom half = after
+ if (pointerY != null && overRect && overRect.height > 0) {
+ const relY = pointerY - overRect.top;
+ dropPosition = relY < overRect.height * 0.5 ? "before" : "after";
+ } else {
+ dropPosition = event.delta.y > 0 ? "after" : "before";
+ }
}
if (!isValidDrop(activeId, overId, dropPosition)) {
From bc1daa0aa5ad116026f0f8f65fed9c6b77fbf9a3 Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 16:24:04 -0500
Subject: [PATCH 17/18] Add package-lock.json and test data seed script
- Lock @dnd-kit dependency versions from npm install
- Add scripts/seed_test_data.py for populating dev environment
with test users, clients, projects, and collab notes
---
javascript/package-lock.json | 56 ++++++++
scripts/seed_test_data.py | 260 +++++++++++++++++++++++++++++++++++
2 files changed, 316 insertions(+)
create mode 100644 scripts/seed_test_data.py
diff --git a/javascript/package-lock.json b/javascript/package-lock.json
index 95bbfa65b..a8ab7a786 100644
--- a/javascript/package-lock.json
+++ b/javascript/package-lock.json
@@ -6,6 +6,9 @@
"": {
"dependencies": {
"@apollo/client": "^3.13.1",
+ "@dnd-kit/core": "^6.3.1",
+ "@dnd-kit/sortable": "^10.0.0",
+ "@dnd-kit/utilities": "^3.2.2",
"@fortawesome/fontawesome-svg-core": "^6.7.2",
"@fortawesome/free-regular-svg-icons": "^6.7.2",
"@fortawesome/free-solid-svg-icons": "^6.7.2",
@@ -412,6 +415,59 @@
"node": ">=6.9.0"
}
},
+ "node_modules/@dnd-kit/accessibility": {
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/accessibility/-/accessibility-3.1.1.tgz",
+ "integrity": "sha512-2P+YgaXF+gRsIihwwY1gCsQSYnu9Zyj2py8kY5fFvUM1qm2WA2u639R6YNVfU4GWr+ZM5mqEsfHZZLoRONbemw==",
+ "license": "MIT",
+ "dependencies": {
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "react": ">=16.8.0"
+ }
+ },
+ "node_modules/@dnd-kit/core": {
+ "version": "6.3.1",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/core/-/core-6.3.1.tgz",
+ "integrity": "sha512-xkGBRQQab4RLwgXxoqETICr6S5JlogafbhNsidmrkVv2YRs5MLwpjoF2qpiGjQt8S9AoxtIV603s0GIUpY5eYQ==",
+ "license": "MIT",
+ "dependencies": {
+ "@dnd-kit/accessibility": "^3.1.1",
+ "@dnd-kit/utilities": "^3.2.2",
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "react": ">=16.8.0",
+ "react-dom": ">=16.8.0"
+ }
+ },
+ "node_modules/@dnd-kit/sortable": {
+ "version": "10.0.0",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/sortable/-/sortable-10.0.0.tgz",
+ "integrity": "sha512-+xqhmIIzvAYMGfBYYnbKuNicfSsk4RksY2XdmJhT+HAC01nix6fHCztU68jooFiMUB01Ky3F0FyOvhG/BZrWkg==",
+ "license": "MIT",
+ "dependencies": {
+ "@dnd-kit/utilities": "^3.2.2",
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "@dnd-kit/core": "^6.3.0",
+ "react": ">=16.8.0"
+ }
+ },
+ "node_modules/@dnd-kit/utilities": {
+ "version": "3.2.2",
+ "resolved": "https://registry.npmjs.org/@dnd-kit/utilities/-/utilities-3.2.2.tgz",
+ "integrity": "sha512-+MKAJEOfaBe5SmV6t34p80MMKhjvUz0vRrvVJbPT0WElzaOJ/1xs+D+KDv+tD/NE5ujfrChEcshd4fLn0wpiqg==",
+ "license": "MIT",
+ "dependencies": {
+ "tslib": "^2.0.0"
+ },
+ "peerDependencies": {
+ "react": ">=16.8.0"
+ }
+ },
"node_modules/@envelop/core": {
"version": "5.3.2",
"resolved": "https://registry.npmjs.org/@envelop/core/-/core-5.3.2.tgz",
diff --git a/scripts/seed_test_data.py b/scripts/seed_test_data.py
new file mode 100644
index 000000000..c89c214bb
--- /dev/null
+++ b/scripts/seed_test_data.py
@@ -0,0 +1,260 @@
+"""
+Seed script for populating Ghostwriter with test data.
+
+Run via: docker compose -f local.yml exec django python manage.py shell < scripts/seed_test_data.py
+"""
+
+from datetime import date, timedelta
+from django.contrib.auth import get_user_model
+from ghostwriter.rolodex.models import (
+ Client,
+ ClientContact,
+ ClientInvite,
+ Project,
+ ProjectAssignment,
+ ProjectCollabNote,
+ ProjectCollabNoteField,
+ ProjectInvite,
+ ProjectObjective,
+ ProjectScope,
+ ProjectTarget,
+)
+from ghostwriter.rolodex.models import ProjectType, ProjectRole
+from ghostwriter.reporting.models import Severity, FindingType
+
+User = get_user_model()
+
+# ---------------------------------------------------------------------------
+# Users
+# ---------------------------------------------------------------------------
+users = {}
+user_specs = [
+ ("alice", "alice@example.com", "Alice Rivera", "TestPass123!"),
+ ("bob", "bob@example.com", "Bob Chen", "TestPass123!"),
+ ("charlie", "charlie@example.com", "Charlie Okafor", "TestPass123!"),
+]
+for username, email, name, pw in user_specs:
+ u, created = User.objects.get_or_create(
+ username=username,
+ defaults=dict(email=email, name=name, role="user"),
+ )
+ if created:
+ u.set_password(pw)
+ u.save()
+ print(f" Created user: {username} / {pw}")
+ else:
+ print(f" User already exists: {username}")
+ users[username] = u
+
+mgr, created = User.objects.get_or_create(
+ username="manager",
+ defaults=dict(email="mgr@example.com", name="Morgan Taylor", role="manager"),
+)
+if created:
+ mgr.set_password("TestPass123!")
+ mgr.save()
+ print(" Created manager: manager / TestPass123!")
+else:
+ print(" Manager already exists: manager")
+users["manager"] = mgr
+
+# ---------------------------------------------------------------------------
+# Clients
+# ---------------------------------------------------------------------------
+pt_pentest = ProjectType.objects.get(project_type="Penetration Test")
+pt_webapp = ProjectType.objects.get(project_type="Web Application Assessment")
+pt_redteam = ProjectType.objects.get(project_type="Red Team")
+
+role_lead = ProjectRole.objects.get(project_role="Assessment Lead")
+role_operator = ProjectRole.objects.get(project_role="Operator")
+
+clients_data = [
+ {
+ "name": "Acme Corporation",
+ "short_name": "ACME",
+ "codename": "THUNDERBOLT",
+ "contacts": [
+ ("Jane Doe", "jane.doe@acme.example.com", "CISO", "555-0101"),
+ ("John Smith", "john.smith@acme.example.com", "IT Director", "555-0102"),
+ ],
+ "projects": [
+ {
+ "codename": "IRON FALCON",
+ "project_type": pt_pentest,
+ "lead": "alice",
+ "operators": ["bob"],
+ "start": date.today() - timedelta(days=14),
+ "end": date.today() + timedelta(days=16),
+ "scopes": ["10.10.0.0/16", "web.acme.example.com", "api.acme.example.com"],
+ "targets": ["Domain Controller (DC01)", "Exchange Server", "VPN Gateway"],
+ "notes_tree": [
+ {"title": "Reconnaissance", "type": "folder", "children": [
+ {"title": "External Recon", "type": "note", "content": " 0} expanded={expanded} />
- {isFolder ? (
-
- ) : (
-
- )}
+ { e.stopPropagation(); onCreateChild(item.id, "note"); setExpanded(true); }}
+ onAddFolder={(e) => { e.stopPropagation(); onCreateChild(item.id, "folder"); setExpanded(true); }}
+ onRename={(e) => { e.stopPropagation(); setRenameValue(item.title); setIsRenaming(true); }}
+ onDelete={(e) => { e.stopPropagation(); onRequestDelete(item); }}
+ />
)}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index 2c8f057d2..45654afe2 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -8,6 +8,42 @@ interface UseTreeDndProps {
onTreeMutated: () => void;
}
+interface ClientRect {
+ top: number;
+ height: number;
+}
+
+/** Determine before/inside/after based on pointer Y within an item rect. */
+function computeDropPosition(
+ nodeType: "folder" | "note",
+ pointerY: number | null,
+ overRect: ClientRect | null,
+ deltaY: number,
+): DropPosition {
+ if (nodeType === "folder") {
+ if (pointerY != null && overRect && overRect.height > 0) {
+ const ratio = (pointerY - overRect.top) / overRect.height;
+ if (ratio < 0.25) return "before";
+ if (ratio > 0.75) return "after";
+ return "inside";
+ }
+ return "inside";
+ }
+ if (pointerY != null && overRect && overRect.height > 0) {
+ return (pointerY - overRect.top) < overRect.height * 0.5 ? "before" : "after";
+ }
+ return deltaY > 0 ? "after" : "before";
+}
+
+/** Calculate position for sentinel (tree-top / tree-bottom) drops. */
+function sentinelPosition(sentinelId: string, rootNodes: FlatNote[]): number {
+ if (rootNodes.length === 0) return 0;
+ const sorted = [...rootNodes].sort((a, b) => a.position - b.position);
+ return sentinelId === "tree-top"
+ ? sorted[0].position - 1000
+ : sorted[sorted.length - 1].position + 1000;
+}
+
export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndProps) {
const [dragState, setDragState] = useState
No notes yet. Create one using the buttons above.
@@ -298,3 +312,18 @@ export default function NoteTreeView({
);
}
+
+function TreeDropSentinel({ id }: { id: string }) {
+ const { setNodeRef, isOver } = useDroppable({ id });
+ return (
+
+ );
+}
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
index 86f93bfb9..f49f625c2 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/hooks/useTreeDnd.ts
@@ -93,8 +93,17 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
- const overId = over.id as number;
const activeId = active.id as number;
+ const overIdRaw = over.id;
+
+ // Handle sentinel drop zones at top/bottom of tree
+ if (overIdRaw === "tree-top" || overIdRaw === "tree-bottom") {
+ const dropPosition: DropPosition = overIdRaw === "tree-top" ? "before" : "after";
+ setDragState((prev) => ({ ...prev, overId: overIdRaw as any, dropPosition }));
+ return;
+ }
+
+ const overId = overIdRaw as number;
if (activeId === overId) {
setDragState((prev) => ({ ...prev, overId: null, dropPosition: null }));
@@ -107,18 +116,12 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
return;
}
- // Use the drag delta to determine direction of movement.
- // Positive delta.y = moving down, negative = moving up.
- // Combined with which item we're over, this determines before/after.
let dropPosition: DropPosition;
const movingDown = event.delta.y > 0;
if (overNode.nodeType === "folder") {
- // For folders: default to "inside", but if we just arrived
- // from a different item use direction to pick before/after
dropPosition = "inside";
} else {
- // For notes: top half = before, bottom half = after
dropPosition = movingDown ? "after" : "before";
}
@@ -136,7 +139,6 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
}
lastOverId.current = overId;
- console.warn("DnD dragOver:", { overId, dropPosition, deltaY: event.delta.y });
setDragState((prev) => ({ ...prev, overId, dropPosition }));
},
[flatNodes, isValidDrop]
@@ -153,11 +155,27 @@ export function useTreeDnd({ flatNodes, moveNote, onTreeMutated }: UseTreeDndPro
if (!over || overId === null || dropPosition === null) return;
const activeId = active.id as number;
- const overNode = flatNodes.find((n) => n.id === overId);
- if (!overNode) return;
- const newParentId = dropPosition === "inside" ? overId : overNode.parentId;
- const newPosition = calculateNewPosition(overId, dropPosition, newParentId);
+ // Handle sentinel drop zones
+ let newParentId: number | null;
+ let newPosition: number;
+
+ if (overId === "tree-top" || overId === "tree-bottom") {
+ const rootNodes = flatNodes
+ .filter((n) => n.parentId === null)
+ .sort((a, b) => a.position - b.position);
+ newParentId = null;
+ if (overId === "tree-top") {
+ newPosition = rootNodes.length > 0 ? rootNodes[0].position - 1000 : 0;
+ } else {
+ newPosition = rootNodes.length > 0 ? rootNodes[rootNodes.length - 1].position + 1000 : 0;
+ }
+ } else {
+ const overNode = flatNodes.find((n) => n.id === overId);
+ if (!overNode) return;
+ newParentId = dropPosition === "inside" ? (overId as number) : overNode.parentId;
+ newPosition = calculateNewPosition(overId as number, dropPosition, newParentId);
+ }
try {
await moveNote(activeId, newParentId, newPosition);
From 7d16dfaf6a56d9bd73d055caff31bf116721003d Mon Sep 17 00:00:00 2001
From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com>
Date: Wed, 1 Apr 2026 14:51:57 -0500
Subject: [PATCH 15/18] Fix sentinel drop zones and remove debug logging
Move sentinel droppables outside SortableContext so they don't
conflict with sortable collision detection. Increase sentinel
height to 24px for easier targeting. Remove console.warn debug
messages from drag handler.
---
.../project_collabnotes/NoteTreeView.tsx | 62 ++++++++++---------
.../project_collabnotes/hooks/useTreeDnd.ts | 2 +-
2 files changed, 33 insertions(+), 31 deletions(-)
diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
index d02885ed4..6d88a6de0 100644
--- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
+++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/NoteTreeView.tsx
@@ -250,33 +250,35 @@ export default function NoteTreeView({
onDragEnd={handleDragEnd}
onDragCancel={handleDragCancel}
>
-
-
-
- No notes yet. Create one using the buttons above.
-
- )}
-
+
+
+
+ {tree.map((item) => (
+
+
+ No notes yet. Create one using the buttons above.
+
+ )}
+ Ran subdomain enumeration against acme.example.com. Found 14 subdomains.
"}, + {"title": "OSINT Findings", "type": "note", "content": "LinkedIn reveals 3 IT admins. Password policy doc leaked on Pastebin (expired).
"}, + ]}, + {"title": "Exploitation", "type": "folder", "children": [ + {"title": "Initial Access", "type": "note", "content": "Phishing payload delivered via macro-enabled doc. User jane.doe clicked.
"}, + {"title": "Lateral Movement", "type": "note", "content": "Used Pass-the-Hash from workstation WS-042 to reach DC01.
"}, + ]}, + {"title": "Meeting Notes", "type": "note", "content": "Kickoff call 2026-03-17. Client wants focus on AD attack paths.
"}, + ], + }, + ], + }, + { + "name": "Globex Industries", + "short_name": "GLOBEX", + "codename": "NIGHTSHADE", + "contacts": [ + ("Hank Scorpio", "hank@globex.example.com", "CEO", "555-0200"), + ], + "projects": [ + { + "codename": "SHADOW NEXUS", + "project_type": pt_webapp, + "lead": "bob", + "operators": ["charlie"], + "start": date.today() - timedelta(days=7), + "end": date.today() + timedelta(days=23), + "scopes": ["https://portal.globex.example.com", "https://api.globex.example.com/v2"], + "targets": ["Customer Portal", "REST API v2", "Admin Panel"], + "notes_tree": [ + {"title": "API Testing", "type": "folder", "children": [ + {"title": "Authentication Bypass", "type": "note", "content": "JWT validation can be bypassed by setting alg=none. Critical finding.
"}, + {"title": "IDOR on /users endpoint", "type": "note", "content": "Changing user_id in request allows access to other users' data.
"}, + ]}, + {"title": "Portal XSS", "type": "note", "content": "Stored XSS in profile bio field. Payload: <img src=x onerror=alert(1)>
No DoS. No production DB modification. Physical access authorized M-F 8am-6pm only.
"}, + {"title": "C2 Infrastructure", "type": "note", "content": "Cobalt Strike teamserver on AWS. Redirector chain: CloudFront → Nginx → TS.
"}, + ]}, + {"title": "Execution Log", "type": "folder", "children": []}, + ], + }, + ], + }, +] + +for cdata in clients_data: + client, created = Client.objects.get_or_create( + name=cdata["name"], + defaults=dict(short_name=cdata["short_name"], codename=cdata["codename"]), + ) + action = "Created" if created else "Exists" + print(f"\n{action} client: {client.name}") + + for cname, cemail, ctitle, cphone in cdata["contacts"]: + ClientContact.objects.get_or_create( + client=client, + email=cemail, + defaults=dict(name=cname, job_title=ctitle, phone=cphone), + ) + + # Invite all users to the client + for u in users.values(): + ClientInvite.objects.get_or_create(client=client, user=u) + + for pdata in cdata["projects"]: + project, created = Project.objects.get_or_create( + codename=pdata["codename"], + defaults=dict( + client=client, + project_type=pdata["project_type"], + start_date=pdata["start"], + end_date=pdata["end"], + complete=False, + ), + ) + action = "Created" if created else "Exists" + print(f" {action} project: {project.codename}") + + # Assignments + lead_user = users[pdata["lead"]] + ProjectAssignment.objects.get_or_create( + project=project, operator=lead_user, + defaults=dict(role=role_lead, start_date=pdata["start"], end_date=pdata["end"]), + ) + for op_name in pdata["operators"]: + op_user = users[op_name] + ProjectAssignment.objects.get_or_create( + project=project, operator=op_user, + defaults=dict(role=role_operator, start_date=pdata["start"], end_date=pdata["end"]), + ) + + # Invite manager + ProjectInvite.objects.get_or_create(project=project, user=users["manager"]) + + # Scopes + for i, scope_name in enumerate(pdata["scopes"]): + ProjectScope.objects.get_or_create( + project=project, name=scope_name, + defaults=dict(scope=scope_name), + ) + + # Targets + for i, target_name in enumerate(pdata["targets"]): + ProjectTarget.objects.get_or_create( + project=project, hostname=target_name, + ) + + # Collab notes tree + def create_notes_tree(nodes, project, parent=None, pos_start=0): + for i, node in enumerate(nodes): + position = (pos_start + i) * 1000 + note, _ = ProjectCollabNote.objects.get_or_create( + project=project, + title=node["title"], + parent=parent, + defaults=dict( + node_type=node["type"], + content=node.get("content", ""), + position=position, + ), + ) + if node["type"] == "note" and node.get("content"): + ProjectCollabNoteField.objects.get_or_create( + note=note, + position=0, + defaults=dict( + field_type="rich_text", + content=node["content"], + ), + ) + if "children" in node: + create_notes_tree(node["children"], project, parent=note) + + if created: + create_notes_tree(pdata["notes_tree"], project) + +print("\n" + "=" * 60) +print("SEED DATA COMPLETE") +print("=" * 60) +print(f"Users: {User.objects.count()} (login with TestPass123!)") +print(f"Clients: {Client.objects.count()}") +print(f"Projects: {Project.objects.count()}") +print(f"Collab Notes: {ProjectCollabNote.objects.count()}") +print(f"Collab Note Fields: {ProjectCollabNoteField.objects.count()}") +print("=" * 60) From 7c4d4c1333a4bfe270360bf460ded992f82a2e8b Mon Sep 17 00:00:00 2001 From: BlaiseOfGlory <5067183+BlaiseOfGlory@users.noreply.github.com> Date: Wed, 1 Apr 2026 16:36:36 -0500 Subject: [PATCH 18/18] Address CodeFactor issues from PR #855 Python: - Use 'raise Http404 from exc' for explicit exception chaining - Move markdownify import to module level - Rewrite seed script: remove unused imports, use dict literals, extract functions to fix scope and redefinition warnings TypeScript: - Extract computeDropPosition() and sentinelPosition() from handleDragOver/handleDragEnd to reduce cyclomatic complexity - Extract TreeItemIcon, TreeItemChevron, TreeItemActions from TreeItem to reduce component complexity --- ghostwriter/rolodex/views.py | 6 +- .../forms/project_collabnotes/TreeItem.tsx | 112 ++--- .../project_collabnotes/hooks/useTreeDnd.ts | 79 ++-- scripts/seed_test_data.py | 421 +++++++++--------- 4 files changed, 313 insertions(+), 305 deletions(-) diff --git a/ghostwriter/rolodex/views.py b/ghostwriter/rolodex/views.py index 02d42a9e4..0336e673a 100644 --- a/ghostwriter/rolodex/views.py +++ b/ghostwriter/rolodex/views.py @@ -39,6 +39,7 @@ from django.db.models import Exists, OuterRef # 3rd Party Libraries +from markdownify import markdownify as md from taggit.models import Tag # Ghostwriter Libraries @@ -2306,8 +2307,8 @@ def serve_note_field_image(request, pk): raise Http404 try: return FileResponse(field.image.open("rb"), content_type="image/png") - except FileNotFoundError: - raise Http404 + except FileNotFoundError as exc: + raise Http404 from exc class NoteImageUploadForm(forms.Form): @@ -2431,7 +2432,6 @@ def _sanitize_filename(name): @login_required def export_collab_notes_zip(request, pk): """Export all collab notes for a project as a streaming ZIP response.""" - from markdownify import markdownify as md project = get_object_or_404(Project, pk=pk) diff --git a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx index 6cb90c38e..6bf1aec25 100644 --- a/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx +++ b/javascript/src/frontend/collab_forms/forms/project_collabnotes/TreeItem.tsx @@ -16,6 +16,53 @@ interface TreeItemProps { renderChildren?: (children: NoteTreeNode[], depth: number) => React.ReactNode; } +function TreeItemIcon({ isFolder, expanded }: { isFolder: boolean; expanded: boolean }) { + if (isFolder) { + return ; + } + return ; +} + +function TreeItemChevron({ isFolder, hasChildren, expanded }: { isFolder: boolean; hasChildren: boolean; expanded: boolean }) { + if (!isFolder || !hasChildren) return null; + return expanded + ? + : ; +} + +interface ActionButtonsProps { + isFolder: boolean; + buttonClass: string; + deleteClass: string; + onAddNote: (e: React.MouseEvent) => void; + onAddFolder: (e: React.MouseEvent) => void; + onRename: (e: React.MouseEvent) => void; + onDelete: (e: React.MouseEvent) => void; +} + +function TreeItemActions({ isFolder, buttonClass, deleteClass, onAddNote, onAddFolder, onRename, onDelete }: ActionButtonsProps) { + return ( + + {isFolder && ( + <> + + + + )} + + + + ); +} + export default function TreeItem({ item, depth, @@ -36,14 +83,10 @@ export default function TreeItem({ const isFolder = item.nodeType === "folder"; const isSelected = selectedId === item.id; - const hasChildren = item.children.length > 0; const handleClick = () => { - if (isFolder) { - setExpanded(!expanded); - } else { - onSelect(item.id); - } + if (isFolder) setExpanded(!expanded); + else onSelect(item.id); }; const handleRenameSubmit = () => { @@ -63,7 +106,6 @@ export default function TreeItem({ const dropClass = dropPosition ? `tree-item-drop-${dropPosition}` : ""; - // Inline drop indicator styles as fallback (works regardless of CSS loading) const dropIndicatorStyle: React.CSSProperties = {}; if (dropPosition === "before") { dropIndicatorStyle.borderTop = "3px solid #0d6efd"; @@ -79,7 +121,6 @@ export default function TreeItem({ const actionButtonClass = isSelected ? "btn btn-sm p-0 me-1 text-white" : "btn btn-link btn-sm p-0 me-1"; - const deleteButtonClass = isSelected ? "btn btn-sm p-0 text-white" : "btn btn-link btn-sm p-0 text-danger"; @@ -101,19 +142,11 @@ export default function TreeItem({ {...dragHandleProps} > - {isFolder && hasChildren && ( - expanded - ? - : - )} +Ran subdomain enumeration against acme.example.com. Found 14 subdomains.
"}, - {"title": "OSINT Findings", "type": "note", "content": "LinkedIn reveals 3 IT admins. Password policy doc leaked on Pastebin (expired).
"}, - ]}, - {"title": "Exploitation", "type": "folder", "children": [ - {"title": "Initial Access", "type": "note", "content": "Phishing payload delivered via macro-enabled doc. User jane.doe clicked.
"}, - {"title": "Lateral Movement", "type": "note", "content": "Used Pass-the-Hash from workstation WS-042 to reach DC01.
"}, - ]}, - {"title": "Meeting Notes", "type": "note", "content": "Kickoff call 2026-03-17. Client wants focus on AD attack paths.
"}, - ], - }, - ], - }, - { - "name": "Globex Industries", - "short_name": "GLOBEX", - "codename": "NIGHTSHADE", - "contacts": [ - ("Hank Scorpio", "hank@globex.example.com", "CEO", "555-0200"), - ], - "projects": [ - { - "codename": "SHADOW NEXUS", - "project_type": pt_webapp, - "lead": "bob", - "operators": ["charlie"], - "start": date.today() - timedelta(days=7), - "end": date.today() + timedelta(days=23), - "scopes": ["https://portal.globex.example.com", "https://api.globex.example.com/v2"], - "targets": ["Customer Portal", "REST API v2", "Admin Panel"], - "notes_tree": [ - {"title": "API Testing", "type": "folder", "children": [ - {"title": "Authentication Bypass", "type": "note", "content": "JWT validation can be bypassed by setting alg=none. Critical finding.
"}, - {"title": "IDOR on /users endpoint", "type": "note", "content": "Changing user_id in request allows access to other users' data.
"}, - ]}, - {"title": "Portal XSS", "type": "note", "content": "Stored XSS in profile bio field. Payload: <img src=x onerror=alert(1)>
No DoS. No production DB modification. Physical access authorized M-F 8am-6pm only.
"}, - {"title": "C2 Infrastructure", "type": "note", "content": "Cobalt Strike teamserver on AWS. Redirector chain: CloudFront → Nginx → TS.
"}, - ]}, - {"title": "Execution Log", "type": "folder", "children": []}, - ], - }, - ], - }, -] - -for cdata in clients_data: - client, created = Client.objects.get_or_create( - name=cdata["name"], - defaults=dict(short_name=cdata["short_name"], codename=cdata["codename"]), + ) + if node["type"] == "note" and node.get("content"): + ProjectCollabNoteField.objects.get_or_create( + note=note, + position=0, + defaults={ + "field_type": "rich_text", + "content": node["content"], + }, + ) + if "children" in node: + create_notes_tree(node["children"], project, parent=note) + + +def seed_users(): + """Create test users and return a dict of username -> User.""" + users = {} + user_specs = [ + ("alice", "alice@example.com", "Alice Rivera"), + ("bob", "bob@example.com", "Bob Chen"), + ("charlie", "charlie@example.com", "Charlie Okafor"), + ] + for username, email, name in user_specs: + user, created = User.objects.get_or_create( + username=username, + defaults={"email": email, "name": name, "role": "user"}, + ) + if created: + user.set_password("TestPass123!") + user.save() + print(f" Created user: {username} / TestPass123!") + else: + print(f" User already exists: {username}") + users[username] = user + + mgr, created = User.objects.get_or_create( + username="manager", + defaults={"email": "mgr@example.com", "name": "Morgan Taylor", "role": "manager"}, ) - action = "Created" if created else "Exists" - print(f"\n{action} client: {client.name}") - - for cname, cemail, ctitle, cphone in cdata["contacts"]: - ClientContact.objects.get_or_create( - client=client, - email=cemail, - defaults=dict(name=cname, job_title=ctitle, phone=cphone), + if created: + mgr.set_password("TestPass123!") + mgr.save() + print(" Created manager: manager / TestPass123!") + else: + print(" Manager already exists: manager") + users["manager"] = mgr + return users + + +def seed_clients(users): + """Create test clients, projects, assignments, and collab notes.""" + pt_pentest = ProjectType.objects.get(project_type="Penetration Test") + pt_webapp = ProjectType.objects.get(project_type="Web Application Assessment") + pt_redteam = ProjectType.objects.get(project_type="Red Team") + + role_lead = ProjectRole.objects.get(project_role="Assessment Lead") + role_operator = ProjectRole.objects.get(project_role="Operator") + + clients_data = [ + { + "name": "Acme Corporation", + "short_name": "ACME", + "codename": "THUNDERBOLT", + "contacts": [ + ("Jane Doe", "jane.doe@acme.example.com", "CISO", "555-0101"), + ("John Smith", "john.smith@acme.example.com", "IT Director", "555-0102"), + ], + "projects": [ + { + "codename": "IRON FALCON", + "project_type": pt_pentest, + "lead": "alice", + "operators": ["bob"], + "start": date.today() - timedelta(days=14), + "end": date.today() + timedelta(days=16), + "scopes": ["10.10.0.0/16", "web.acme.example.com", "api.acme.example.com"], + "targets": ["Domain Controller (DC01)", "Exchange Server", "VPN Gateway"], + "notes_tree": [ + {"title": "Reconnaissance", "type": "folder", "children": [ + {"title": "External Recon", "type": "note", "content": "Ran subdomain enumeration against acme.example.com. Found 14 subdomains.
"}, + {"title": "OSINT Findings", "type": "note", "content": "LinkedIn reveals 3 IT admins. Password policy doc leaked on Pastebin (expired).
"}, + ]}, + {"title": "Exploitation", "type": "folder", "children": [ + {"title": "Initial Access", "type": "note", "content": "Phishing payload delivered via macro-enabled doc. User jane.doe clicked.
"}, + {"title": "Lateral Movement", "type": "note", "content": "Used Pass-the-Hash from workstation WS-042 to reach DC01.
"}, + ]}, + {"title": "Meeting Notes", "type": "note", "content": "Kickoff call 2026-03-17. Client wants focus on AD attack paths.
"}, + ], + }, + ], + }, + { + "name": "Globex Industries", + "short_name": "GLOBEX", + "codename": "NIGHTSHADE", + "contacts": [ + ("Hank Scorpio", "hank@globex.example.com", "CEO", "555-0200"), + ], + "projects": [ + { + "codename": "SHADOW NEXUS", + "project_type": pt_webapp, + "lead": "bob", + "operators": ["charlie"], + "start": date.today() - timedelta(days=7), + "end": date.today() + timedelta(days=23), + "scopes": ["https://portal.globex.example.com", "https://api.globex.example.com/v2"], + "targets": ["Customer Portal", "REST API v2", "Admin Panel"], + "notes_tree": [ + {"title": "API Testing", "type": "folder", "children": [ + {"title": "Authentication Bypass", "type": "note", "content": "JWT validation can be bypassed by setting alg=none. Critical finding.
"}, + {"title": "IDOR on /users endpoint", "type": "note", "content": "Changing user_id in request allows access to other users' data.
"}, + ]}, + {"title": "Portal XSS", "type": "note", "content": "Stored XSS in profile bio field. Payload: <img src=x onerror=alert(1)>
No DoS. No production DB modification. Physical access authorized M-F 8am-6pm only.
"}, + {"title": "C2 Infrastructure", "type": "note", "content": "Cobalt Strike teamserver on AWS. Redirector chain: CloudFront → Nginx → TS.
"}, + ]}, + {"title": "Execution Log", "type": "folder", "children": []}, + ], + }, + ], + }, + ] + + for cdata in clients_data: + client, created = Client.objects.get_or_create( + name=cdata["name"], + defaults={"short_name": cdata["short_name"], "codename": cdata["codename"]}, ) + print(f"\n{'Created' if created else 'Exists'} client: {client.name}") - # Invite all users to the client - for u in users.values(): - ClientInvite.objects.get_or_create(client=client, user=u) - - for pdata in cdata["projects"]: - project, created = Project.objects.get_or_create( - codename=pdata["codename"], - defaults=dict( + for cname, cemail, ctitle, cphone in cdata["contacts"]: + ClientContact.objects.get_or_create( client=client, - project_type=pdata["project_type"], - start_date=pdata["start"], - end_date=pdata["end"], - complete=False, - ), - ) - action = "Created" if created else "Exists" - print(f" {action} project: {project.codename}") - - # Assignments - lead_user = users[pdata["lead"]] - ProjectAssignment.objects.get_or_create( - project=project, operator=lead_user, - defaults=dict(role=role_lead, start_date=pdata["start"], end_date=pdata["end"]), - ) - for op_name in pdata["operators"]: - op_user = users[op_name] - ProjectAssignment.objects.get_or_create( - project=project, operator=op_user, - defaults=dict(role=role_operator, start_date=pdata["start"], end_date=pdata["end"]), + email=cemail, + defaults={"name": cname, "job_title": ctitle, "phone": cphone}, ) - # Invite manager - ProjectInvite.objects.get_or_create(project=project, user=users["manager"]) - - # Scopes - for i, scope_name in enumerate(pdata["scopes"]): - ProjectScope.objects.get_or_create( - project=project, name=scope_name, - defaults=dict(scope=scope_name), + for user in users.values(): + ClientInvite.objects.get_or_create(client=client, user=user) + + for pdata in cdata["projects"]: + proj, proj_created = Project.objects.get_or_create( + codename=pdata["codename"], + defaults={ + "client": client, + "project_type": pdata["project_type"], + "start_date": pdata["start"], + "end_date": pdata["end"], + "complete": False, + }, ) + print(f" {'Created' if proj_created else 'Exists'} project: {proj.codename}") - # Targets - for i, target_name in enumerate(pdata["targets"]): - ProjectTarget.objects.get_or_create( - project=project, hostname=target_name, + lead_user = users[pdata["lead"]] + ProjectAssignment.objects.get_or_create( + project=proj, operator=lead_user, + defaults={"role": role_lead, "start_date": pdata["start"], "end_date": pdata["end"]}, ) + for op_name in pdata["operators"]: + ProjectAssignment.objects.get_or_create( + project=proj, operator=users[op_name], + defaults={"role": role_operator, "start_date": pdata["start"], "end_date": pdata["end"]}, + ) - # Collab notes tree - def create_notes_tree(nodes, project, parent=None, pos_start=0): - for i, node in enumerate(nodes): - position = (pos_start + i) * 1000 - note, _ = ProjectCollabNote.objects.get_or_create( - project=project, - title=node["title"], - parent=parent, - defaults=dict( - node_type=node["type"], - content=node.get("content", ""), - position=position, - ), + ProjectInvite.objects.get_or_create(project=proj, user=users["manager"]) + + for scope_name in pdata["scopes"]: + ProjectScope.objects.get_or_create( + project=proj, name=scope_name, + defaults={"scope": scope_name}, ) - if node["type"] == "note" and node.get("content"): - ProjectCollabNoteField.objects.get_or_create( - note=note, - position=0, - defaults=dict( - field_type="rich_text", - content=node["content"], - ), - ) - if "children" in node: - create_notes_tree(node["children"], project, parent=note) - if created: - create_notes_tree(pdata["notes_tree"], project) + for target_name in pdata["targets"]: + ProjectTarget.objects.get_or_create(project=proj, hostname=target_name) + + if proj_created: + create_notes_tree(pdata["notes_tree"], proj) + + +users = seed_users() +seed_clients(users) print("\n" + "=" * 60) print("SEED DATA COMPLETE")