Merge pull request #835 from GhostManager/hotfix/report-template-fixes

Further Improve PowerPoint and Fix Admin Links

Author: chrismaddalena

CHANGELOG.md

@@ -5,6 +5,23 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.2.6] - 5 March 2026
+
+### Added
+
+* Added a "Download" link to the admin console for models with a file field — report templates, user profiles, and evidence
+
+### Changed
+
+* Updated PowerPoint slide generation to attempt to intelligently adjust for different slide layouts (Fixes #836)
+  * If shape indices are non-sequential (can happen when shapes are deleted), Ghostwriter will fallback to searching
+  * If there are multiple placeholders, it will try to find the first with the content type (7 or 17)
+  * Ghostwriter now uses the final layout for the final slide instead of expecting it at position 12
+
+### Fixed
+
+* Fixed file field links in the admin console returning a 404 Not Found after recent changes to media links (Fixes #837)
+
 ## [6.2.5] - 3 March 2026
 
 ### Changed
@@ -14,7 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
-* Fixed PowerPoint generation failing with some templates when slide layout content did not match expectation
+* Fixed PowerPoint generation failing with some templates when slide layout content did not match expectation (Fixes #836)
 * Fixed domain and server history not properly showing the "Checked Out By" column
 * Fixed updating a domain or server checkout setting the user value to null
 * Fixed some contrast issues with the objectives table and dark mode

DOCS/features/reporting/report-types/powerpoint-deck-customization.mdx

@@ -5,84 +5,127 @@ description: "Customizing PowerPoint slide deck generation"
 
 ## Getting Started with PowerPoint
 
-Ghostwriter uses template documents and the Jinja2 template language ([https://jinja.palletsprojects.com/en/2.11.x/](https://jinja.palletsprojects.com/en/2.11.x/)) to give you as much control over document generation as possible.
+Ghostwriter uses template documents and the Jinja2 template language ([https://jinja.palletsprojects.com/en/stable/](https://jinja.palletsprojects.com/en/stable/))
+to give you as much control over document generation as possible.
 
-Learn more about managing report templates here:
+Learn more about managing report templates here: [Report Templates](/features/reporting/report-templates)
 
-[Report Templates](/features/reporting/report-templates)
+You will need to upload at least one PowerPoint slide deck to use as a template. Once you have a template you can pick from, open your report and
+select the template from the dropdown menu under the **Generate Reports** section. You should see a notification when the template selection is saved.
+You can then click the PowerPoint icon to generate a report.
 
-You will need to upload at least one PowerPoint slide deck to use as a template. Once you have a template you can pick from, open your report and select the template from the dropdown menu under the **Generate Reports** section. You should see a notification when the template selection is saved. You can then click the PowerPoint icon to generate a report.
-
-Depending on the size of your report and template, rendering can take a few seconds. Once the report is done, your browser will download a new PowerPoint document.
+Depending on the size of your report and template, rendering can take a few seconds. Once the report is done, your browser will download a new PowerPoint
+document.
 
 The default filename will be: `YYYYMMDD_HHMMSS_CLIENT-NAME_ASESSMENT-TYPE.pptx`
 
 ### PowerPoint Templates
 
-There are fewer customization options for PowerPoint than Word. Your template slide deck controls how the generated slide deck looks, but the content will always be the same.
+There are fewer customization options for PowerPoint than Word. Your template slide deck controls how the generated slide deck looks, but the content
+will always be the same.
 
 <Warning>
-The PowerPoint template should be empty – i.e., should contain zero slides. Edit the master slides to control colors, layout, slide numbers, and other details.
+The PowerPoint template should be empty – i.e., should contain zero slides. Edit the master slides to control colors, layout, slide numbers, and other
+details.
 
 To open your slide master view in PowerPoint: *View* » *Slide Master*
-</Warning>
-Ghostwriter will add slides to your chosen template slide deck. The new slides include placeholders and dynamic project information.
-
-<Info>
-Each slide is set to fit text to the size of the text field. This auto-resizing happens in PowerPoint's rendering engine, so a slide's text might extend beyond the slide's lower boundary when you open your new presentation.
-
-PowerPoint should activate auto-resizing when you save the presentation or edit any text.
-</Info>
-* **Title Slide**
 
-  * Includes your configured company name, selected project type, and client name
-
-* **Agenda Slide**
+PowerPoint remembers if you closed the deck with the Slide Master view open or not and will re-open where you left off. To avoid every presentation opening
+on the view, close it before saving and uploading your template.
+</Warning>
 
-  * Placeholder for you to enter a meeting agenda
+Your templates should include at least three slide layouts in your _Slide Master_ view. Your first layout must be your title slide layout, the second layout
+must be your content layout, and your last layout must be your final/conclusion slide layout. Ghostwriter uses these three layouts, but you are welcome to
+include additional layouts between the content layout and the final slide layout. Just ensure the layout for your conclusion slide is last.
 
-* **Introduction Slide**
+Ghostwriter will attempt to intelligently use the placeholders you include in your layouts. The slide's title (type 1 placeholder) will go into the slide's
+title placeholder. Likewise, when Ghostwriter adds a subtitle to the title slide, it will try to use a subtitle placeholder (type 4 placeholder), if present.
+Finally, you want a content placeholder (type 7 placeholder) for the slide's main body.
 
-  * Placeholder for any presenter introductions
+<Info>
+Adding text boxes and other objects does not create placeholders. These are "shapes" that will always be present on slides created with the layout. If the
+expected placeholders are not present, Ghostwriter will try to fallback to using detected shapes. If there are no shapes, the reporting engine will create
+new shapes. Ghostwriter tries to make new shapes in the same position where title and content are often placed, but it's a best guess on our part.
 
-* **Methodology Slide**
+Make use of placeholders for the best output!
+</Info>
 
-  * Placeholder for reviewing testing methodology
+Title and subtitle are special placeholders. Each slide can contain one of each. You can verify you have these placeholders in a couple of different ways.
+You can see if you have a title placeholder by looking at your layout and verifying the _Title_ checkbox is checked under the _Slide Master_ section of the
+ribbon menu. It's a good idea to toggle it off and on to verify the placeholder you expect to be the title is really the title. If someone manually moved
+the title to repurpose it (e.g., for content or as a footer placeholder), that placeholder is still the title for that layout.
 
-* **Attack Path Overview Slide**
+Subtitles are trickier because PowerPoint actually offers no way to create these from the _Insert Placeholder_ menu. There is also no checkbox to create one
+like there is for _Title_ or _Footers_. Many default PowerPoint layouts include them, which is one way to get them. You can also copy and paste a subtitle placeholder from another slide. Finally, you can use a macro to insert a subtitle placeholder.
 
-  * Placeholder for where you might discuss assessment narratives
+These two macros can be helpful for identifying the type of placeholder you have selected and inserting a subtitle placeholder on your title slide (for use
+or copy/pasting):
 
-* **Findings Overview Slide**
+```vb
+Sub InsertSubtitlePlaceholder()
+  Dim oSlideMaster As Master
+  Dim oLayout As CustomLayout
+  Dim oSubtitleShape As Shape
 
-  * Includes a two-column table showing all findings (full title and severity)
+  ' Reference the first slide master
+  Set oSlideMaster = ActivePresentation.SlideMaster
 
-* **Findings Slides**
+  ' Reference the first layout (or specific layout)
+  Set oLayout = oSlideMaster.CustomLayouts(1)
 
-  * One slide per finding that includes:
+  ' Add a subtitle placeholder
+  Set oSubtitleShape = oLayout.Shapes.AddPlaceholder(Type:=ppPlaceholderSubtitle, _
+    Left:=100, Top:=300, Width:=500, Height:=100)
 
-    * Finding title as the slide title
+  oSubtitleShape.TextFrame.TextRange.Text = "Subtitle Placeholder"
+End Sub
 
-    * All image evidence files as inserted images
+Sub ShowPlaceholderType()
+  With ActiveWindow.Selection.ShapeRange
+    If .Type = msoPlaceholder Then
+      Select Case .PlaceholderFormat.Type
 
-    * All text evidence files as new text blocks 9styled with a fixed-width font)
+        Case ppPlaceholderTitle
+        MsgBox "Title Placeholder"
 
-    * Finding description as main slide content
+        Case ppPlaceholderCenterTitle
+        MsgBox "Centered Title Placeholder"
 
-    * All other finding information in the slide's notes field
+        Case ppPlaceholderSubtitle
+        MsgBox "Subtitle Placeholder"
 
-* **Observations Slide**
+        Case ppPlaceholderObject
+        MsgBox "Content Placeholder"
 
-  * Placeholder for any additional observations
+      End Select
+    End If
+  End With
+End Sub
+```
 
-* **Recommendations Slide**
+For further reference: [PowerPoint PpPlaceholderType Enumeration](https://learn.microsoft.com/en-us/office/vba/api/powerpoint.ppplaceholdertype)
 
-  * Placeholder for any recommendations
+### PowerPoint Generation
 
-* **Conclusion Slide**
+Ghostwriter will add slides to your chosen template slide deck. The new slides include placeholders and dynamic project information.
 
-  * Placeholder for closing statements or next steps
+<Info>
+Each slide is set to fit text to the size of the text field. This auto-resizing happens in PowerPoint's rendering engine, so a slide's text might extend
+beyond the slide's lower boundary when you open your new presentation.
 
-* **Final Slide**
+PowerPoint should activate auto-resizing when you save the presentation or edit any text.
+</Info>
 
-  * Closing title slide that includes your configured company name, social media account, and email address
+| Slide Type | Description |
+|------------|-------------|
+| Title Slide | Includes your configured company name, selected project type, and client name |
+| Agenda Slide | Placeholder for you to enter a meeting agenda |
+| Introduction Slide | Placeholder for any presenter introductions |
+| Methodology Slide | Placeholder for reviewing testing methodology |
+| Attack Path Overview Slide | Placeholder for where you might discuss assessment narratives |
+| Findings Overview Slide | Includes a two-column table showing all findings (full title and severity) |
+| Findings Slides | One slide per finding that includes:<br/>• Finding title as the slide title<br/>• All image evidence files as inserted images<br/>• All text evidence files as new text blocks (styled with a fixed-width font)<br/>• Finding description as main slide content<br/>• All other finding information in the slide's notes field |
+| Observations Slide | Placeholder for any additional observations |
+| Recommendations Slide | Placeholder for any recommendations |
+| Conclusion Slide | Placeholder for closing statements or next steps |
+| Final Slide | Closing title slide that includes your configured company name, social media account, and email address |

VERSION

@@ -1,2 +1,2 @@
-v6.2.5
-3 March 2026
+v6.2.6
+5 March 2026

config/settings/base.py

@@ -11,9 +11,9 @@
 # 3rd Party Libraries
 import environ
 
-__version__ = "6.2.5"
+__version__ = "6.2.6"
 VERSION = __version__
-RELEASE_DATE = "3 March 2026"
+RELEASE_DATE = "5 March 2026"
 
 ROOT_DIR = Path(__file__).resolve(strict=True).parent.parent.parent
 APPS_DIR = ROOT_DIR / "ghostwriter"

ghostwriter/home/admin.py

@@ -1,13 +1,41 @@
 """This contains customizations for displaying the Home application models in the admin panel."""
 
+# Standard Library Imports
+import os
+
 # Django Imports
+from django.conf import settings
 from django.contrib import admin
+from django.urls import reverse
+from django.utils.html import format_html
 
 # Ghostwriter Libraries
 from ghostwriter.home.models import UserProfile
 
 
 @admin.register(UserProfile)
 class UserProfileAdmin(admin.ModelAdmin):
-    list_display = ("user", "avatar")
+    list_display = ("user",)
     list_filter = ("user",)
+    readonly_fields = ("avatar_download_link",)
+    search_fields = ("user__username", "user__email")
+
+    class Media:
+        js = ('js/admin/userprofile_admin.js',)
+
+    def avatar_download_link(self, obj):
+        """Display a download link in the detail view."""
+        try:
+            file_path = obj.avatar.path
+        except ValueError:
+            file_path = os.path.join(settings.STATICFILES_DIRS[0], "images/default_avatar.png")
+
+        if os.path.exists(file_path) and obj.avatar and obj.id:
+            filename = os.path.basename(obj.avatar.name)
+            return format_html(
+                '<a href="{url}" download="{filename}">{filename}</a>',
+                url=reverse("users:avatar_download", args=[obj.user.username]),
+                filename=filename
+            )
+        return "File missing or not available for download"
+    avatar_download_link.short_description = "Download File"

ghostwriter/home/models.py

@@ -6,7 +6,6 @@
 # Django Imports
 from django.conf import settings
 from django.db import models
-from django.templatetags.static import static
 
 
 # Create your models here.
@@ -29,13 +28,3 @@ class Meta:
         ordering = ["user"]
         verbose_name = "User profile"
         verbose_name_plural = "User profiles"
-
-    @property
-    def avatar_url(self):
-        try:
-            # Only return the image URL if the file is present
-            if os.path.exists(self.avatar.path):
-                return self.avatar.url
-            return static("images/default_avatar.png")
-        except ValueError:
-            return static("images/default_avatar.png")

ghostwriter/home/tests/test_models.py

@@ -62,26 +62,3 @@ def test_crud_finding(self):
         # Delete
         user.delete()
         self.assertFalse(UserProfile.objects.all().exists())
-
-    def test_avatar_url_property(self):
-        user = UserFactory()
-        profile = UserProfile.objects.get(user=user)
-        try:
-            # Test default avatar file is returned
-            url = profile.avatar_url
-            self.assertIn("images/default_avatar.png", url)
-
-            # Set avatar file and confirm URL changes
-            profile.avatar = self.uploaded_image_file
-            profile.save()
-            profile.refresh_from_db()
-            url = profile.avatar_url
-            self.assertIn(f"images/user_avatars/{user.id}/fake.png", url)
-
-            # Delete the avatar file and confirm default avatar is returned
-            os.remove(profile.avatar.path)
-            profile.refresh_from_db()
-            url = profile.avatar_url
-            self.assertIn("images/default_avatar.png", url)
-        except Exception:
-            self.fail("UserProfile model `avatar_url` property failed unexpectedly!")

ghostwriter/modules/reportwriter/base/pptx.py

@@ -162,7 +162,6 @@ def lint(cls, template_loc: str) -> Tuple[List[str], List[str]]:
 # Slide styles (From Master Style counting top to bottom from 0..n)
 SLD_LAYOUT_TITLE = 0
 SLD_LAYOUT_TITLE_AND_CONTENT = 1
-SLD_LAYOUT_FINAL = 12
 
 
 def add_slide_number(txtbox):