Patent management v1 backend update

[Saumitra-agrahari]

Issue that this pull request solves

Closes: # (issue number)

Proposed changes

Brief description of what is fixed or changed

Types of changes

Put an x in the boxes that apply

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Other (please describe):

Checklist

Put an x in the boxes that apply

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have created new branch for this pull request
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• My changes does not break the current system and it passes all the current test cases.

Screenshots

Please attach the screenshots of the changes made in case of change in user interface

Other information

Any other information that is important to this pull request

[FusionIIIT-Bot]

Congratulations for making your first Pull Request at Fusion!! 🎉 Someone from our team will review it soon.

[Copilot]

Pull request overview

Updates the FusionIIIT backend to support a new Patent Management module by registering the app, wiring new API routes, and expanding the patent_system data model + supporting utilities.

Changes:

• Register applications.patent_system in settings and mount its API under /patentsystem/.
• Extend patent-system models/migrations and add supporting service/selector/admin/seed utilities.
• Add workflow tests/smoke scripts and hardening in login middleware for missing ExtraInfo.

Reviewed changes

Copilot reviewed 34 out of 38 changed files in this pull request and generated 18 comments.

Show a summary per file

File	Description
tr patent	Adds an unrelated text artifact (appears accidental).
FusionIIIT/setup_admin_extrainfo.py	Adds a helper script to create admin ExtraInfo (currently incompatible with model fields).
FusionIIIT/Fusion/urls.py	Adds routing for the patent system API under /patentsystem/.
FusionIIIT/Fusion/settings/common.py	Registers applications.patent_system in INSTALLED_APPS.
FusionIIIT/Fusion/middleware/custom_middleware.py	Avoids crashing on login when ExtraInfo is missing; initializes session defaults safely.
FusionIIIT/create_superuser.py	Adds a script to recreate an admin superuser (contains hard-coded credentials).
FusionIIIT/create_admin.py	Adds a script to create an admin superuser (settings module mismatch + hard-coded credentials).
FusionIIIT/create_admin_extrainfo.py	Adds a script to create ExtraInfo for admin (non-portable path + missing-user handling).
FusionIIIT/assign_roles.py	Adds a script to assign designations/roles (currently incompatible with models).
FusionIIIT/applications/patent_system/views.py	Removes legacy patent_system views module.
FusionIIIT/applications/patent_system/urls.py	Removes legacy patent_system URLConf.
FusionIIIT/applications/patent_system/serializers.py	Removes legacy serializers (replaced by API serializers).
FusionIIIT/applications/patent_system/api/urls.py	Introduces/updates API endpoints for patent workflow and related resources.
FusionIIIT/applications/patent_system/api/serializers.py	Adds DRF serializers for the expanded patent-system models.
FusionIIIT/applications/patent_system/apps.py	Fixes app config path to applications.patent_system.
FusionIIIT/applications/patent_system/models.py	Expands the domain model (workflow fields, documents, logs, audits, etc.).
FusionIIIT/applications/patent_system/services.py	Adds role checks, auditing, notifications, and budget helper logic (contains a critical FK creation bug).
FusionIIIT/applications/patent_system/selectors.py	Adds query helpers for common patent-system list/detail needs.
FusionIIIT/applications/patent_system/admin.py	Registers patent models in admin and adds an ExtraInfo admin action for role assignment.
FusionIIIT/applications/patent_system/migrations/0002_pcc_admin_and_communication_log.py	Adds a no-op migration for historical alignment.
FusionIIIT/applications/patent_system/migrations/0003_auto_20260418_1253.py	Introduces initial schema for patent-system core models.
FusionIIIT/applications/patent_system/migrations/0004_auto_20260418_1519.py	Adds extended workflow/support models and fields.
FusionIIIT/applications/patent_system/migrations/0005_application_attorney_review_fields_and_statuses.py	Adds attorney review fields and extends status choices.
FusionIIIT/applications/patent_system/migrations/0006_application_assigned_director.py	Adds director assignment on applications.
FusionIIIT/applications/patent_system/management/__init__.py	Initializes management package.
FusionIIIT/applications/patent_system/management/commands/__init__.py	Initializes commands package.
FusionIIIT/applications/patent_system/management/commands/seed_saumitra_test_data.py	Adds a command to seed attorney data for testing.
FusionIIIT/applications/patent_system/management/commands/seed_patent_test_data_v2.py	Adds a command to seed multiple workflow scenarios (uses decision_status values outside model choices).
FusionIIIT/applications/patent_system/tests/test_workflow.py	Adds workflow tests (currently mismatched with API auth + state transitions).
FusionIIIT/applications/patent_system/tests/uc_api_smoke.py	Adds an API smoke runner script.
FusionIIIT/applications/patent_system/tests/runtime_smoke.py	Adds a runtime smoke runner script.
FusionIIIT/applications/patent_system/tests/seed_role_accounts.py	Adds a role-account seeding helper script for auth testing.
FusionIIIT/applications/patent_system/tests/role_auth_flow_smoke.py	Adds an end-to-end role/auth smoke runner (includes frontend availability checks).
FusionIIIT/applications/patent_system/tests/__init__.py	Test package init.
docker-compose.yml	Bumps Postgres image from 13-alpine to 15-alpine.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[vikrantwiz02]

Code Review

Reviewed the full diff. The middleware crash fix is genuinely good work. However, there are security concerns (hardcoded credentials committed, stray utility scripts), a model bug (__str__), a serializer gap, and an accidental file that must be removed before this can merge. See inline comments for specifics.

[vikrantwiz02]

Bug: def str is not the dunder method — should be def __str__. As written, str(attorney_instance) returns the default <Attorney object (id)> representation instead of self.name. Fix:

def __str__(self):
    return self.name

[vikrantwiz02]

AttorneySerializer is missing the three new fields added to Attorney in this PR. expertise_domain, is_panel_approved, and current_workload are all missing from fields. The frontend will never see these values until the serializer is updated.

[vikrantwiz02]

csrf_exempt is imported but never used. All views in this file use @api_view + TokenAuthentication, which already bypasses CSRF. Remove the import:

from django.views.decorators.csrf import csrf_exempt  # delete this line

[vikrantwiz02]

AllowAny is imported but never used. Every view in this file uses IsAuthenticated. Remove AllowAny from the import, or if there is an intentionally public endpoint planned, add a comment explaining which one and why.

[vikrantwiz02]

2,970-line monolithic views file. This is a maintainability hazard — it will become impossible to review and debug as the module grows. Split by role/domain: views_applicant.py, views_director.py, views_attorney.py, views_pcc_admin.py etc., and re-export from __init__.py or urls.py.

[vikrantwiz02]

Hardcoded credentials committed to the repo. This file contains User.objects.create_superuser('admin', 'admin@example.com', 'admin123'). Even for local dev, hardcoded passwords in the git history are a security risk — they are permanent even after deletion. Remove this file from the PR and add it to .gitignore.

[vikrantwiz02]

Same as create_admin.py — hardcoded credentials and a standalone script that should not be in the repo. Remove and add to .gitignore.

[vikrantwiz02]

Hardcoded passwords in seed data. password="pass1234" is repeated for every seeded user. Seed scripts should either use environment variables or a settings-derived default — never a literal password. Also consider renaming seed_saumitra_test_data.py to something generic; personal names in command files are a code smell.

[vikrantwiz02]

Test file will not be discovered by manage.py test. Django's test runner only discovers files named test_*.py or *_test.py. This file (role_auth_flow_smoke.py), along with runtime_smoke.py, uc_api_smoke.py, and seed_role_accounts.py, will be silently skipped. Rename them with the test_ prefix, e.g. test_role_auth_flow.py.

[vikrantwiz02]

Postgres version bump (13 → 15) is unrelated to this feature. An infrastructure change with potential data migration implications should be in a separate PR with its own review. Please revert this change here and open a dedicated PR for the upgrade.