Bug - Policy "Reviewer"

When a policy is created you must define what we call a “Reviewer”

This is one or more user/groups that will be assigned on the review records created by this policy as review, so after you create a policy the review records will be created:

Now two things can happen:

1- i edit the incomplete review (the second) by clicking on the review and then edit
2- i create a new review record (by clicking “add”)

Either way i need to define who is doing the (current) review , eramba by default will show you the user you specified (in #1, not #1)

When we save this review the record gets updated and a new record is created (with the new review date) … now who is suppossed to be the reviewer of this new review? The system should use whatever is specified as “Reviewer” on the parent policy. Well is not:

And that is a bug: https://github.com/eramba/eramba_v2/issues/2371

===== FIX ======

The fix must apply to all three: Policy, Risk and Asset as they all have the review logic … the “reviewer” should be populated as follow:

Policy: use the parent policy “Reviewer”
Risk: use the parent risk “Stakeholder”
Asset: use the parent asset “Owner, Guardian and User” (all three)

We anyway need to fix this in a more profound way … the user needs to be able to choose what they want and the “stakeholder” (in risk) and guardian,owner and user (on assets) might not make sense to them.