Name

sn_risk_advanced.RiskAssessmentAJAX

Description

Utility required for assessment instance ajax

Script

var RiskAssessmentAJAX = Class.create();
RiskAssessmentAJAX.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {

  getLatestAssessmentsOfRisks: function(scopeId) {
      return new sn_risk_advanced.RiskAssessmentUtils().filterAssessments(scopeId);
  },

  filterOverriddenAssessments: function() {
      return new RiskAssessmentUtils().filterOverriddenAssessments();
  },

  getAssessmentIdBasedOnApprover: function() {
      return new sn_risk_advanced.RiskAssessmentUtils().getAssessmentIdBasedOnApprover();
  },

  triggerRiskAssessment: function() {
      if (gs.hasRole("sn_risk.user")) {
          var result = new sn_risk_advanced.RiskAssessmentUtils().triggerRiskAssessment(this.getParameter('sysparm_risk'), null, this.getParameter('sysparm_assessor'), this.getParameter('sysparm_approver'), "user", "user", parseInt(this.getParameter('sysparm_days')));
          return JSON.stringify(result);
      }
  },

  createRiskAssessmentInstance: function() {

      if (!(new GlideRecord('sn_risk_advanced_risk_assessment_instance')).canCreate())
          return this._error(gs.getMessage('Insufficient privileges to generate assessments'));

      var riskStatementIds = this.getParameter('sysparm_content_ids');
      if (!riskStatementIds)
          return this._error(gs.getMessage('Risk statements are missing in the request'));

      riskStatementIds = riskStatementIds.split(',');
      if (riskStatementIds.length == 1 && riskStatementIds[0] == '')
          return this._error(gs.getMessage('Risk statements are missing in the request'));

      var scopeId = this.getParameter('sysparm_scope_id');
      if (!scopeId)
          return this._error(gs.getMessage("Risk assessment scope is missing in the request"));

      var entityId = this.getParameter('sysparm_entity_id');
      if (!entityId)
          return this._error(new sn_grc.GRCUtils().getMessage('missing_profile'));

      var riskCount = 0;
      var failedRiskCount = 0;
      var failedInstanceCount = 0;
      var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
      for (var i = 0; i < riskStatementIds.length; i++) {
          if (riskStatementIds[i] != '') {
              var riskId = assessmentUtils.getAssociatedRisk(entityId, riskStatementIds[i]);
              if (riskId == null) {
                  var riskObj = {};
                  riskObj.entityId = entityId;
                  riskObj.risk_statement = riskStatementIds[i];
                  riskId = assessmentUtils.createRisk(riskObj);
                  if (riskId == null) {
                      failedRiskCount++;
                      continue;
                  }
              }

              riskCount++;

              var assessmentInstanceId = assessmentUtils.getAssessmentInstance(riskId, scopeId);
              if (assessmentInstanceId == null) {
                  var scope = new GlideRecord('sn_risk_advanced_risk_assessment_scope');
                  scope.get(scopeId);

                  var instanceObj = {};
                  instanceObj.risk = riskId;
                  instanceObj.assessment_scope = scopeId;
                  instanceObj.entity_1 = entityId;
                  instanceObj.risk_assessment_methodology = scope.risk_assessment_methodology;
                  assessmentUtils.addAssessors(instanceObj, scope, riskId);
                  assessmentUtils.addApprovers(instanceObj, scope);
                  assessmentInstanceId = assessmentUtils.createAssessmentInstance(instanceObj);

                  if (assessmentInstanceId == null) {
                      failedInstanceCount++;
                      continue;
                  }
                  assessmentUtils.createAssessmentQuestions(assessmentInstanceId);
              } else {
                  var assessmentIdsInCompletedState = assessmentUtils.getClosedAssessments(assessmentInstanceId.getUniqueValue(), null);
                  var newAssessments = assessmentUtils.createNewAsmtInstance([assessmentIdsInCompletedState]);
              }
          }
          var contentProfileReference = new GlideRecord("sn_grc_m2m_content_profile");
          contentProfileReference.addQuery('sn_grc_profile', entityId);
          contentProfileReference.addQuery('sn_grc_content', riskStatementIds[i]);
          contentProfileReference.query();
          if (!contentProfileReference.next()) {
              contentProfileReference.initialize();
              contentProfileReference.sn_grc_profile = entityId;
              contentProfileReference.sn_grc_content = riskStatementIds[i];
              contentProfileReference.insert();
          }
      }
      var result = {
          newInstanceMsg: gs.getMessage('{0} risk(s) mapped to risk assessment scope', riskCount + ''),
          failedRiskMsg: failedRiskCount > 0 ? gs.getMessage('{0} risk(s) not able to generate', failedRiskCount + '') : '',
          failedInstanceMsg: failedInstanceCount > 0 ? gs.getMessage('{0} risk(s) ignored', failedInstanceCount + '') : ''
      };
      return new global.JSON().encode(result);

  },


  createRiskAssessmentInstanceFromRisks: function() {

      if (!(new GlideRecord('sn_risk_advanced_risk_assessment_instance')).canCreate())
          return this._error(gs.getMessage('Insufficient privileges to generate assessments'));

      var riskIds = this.getParameter('sysparm_risk_ids');
      var riskStatementIds = [];
      if (!riskIds)
          return this._error(gs.getMessage('Risks are missing in the request'));

      riskIds = riskIds.split(',');
      if (riskIds.length == 1 && riskIds[0] == '')
          return this._error(gs.getMessage('Risks are missing in the request'));

      var scopeId = this.getParameter('sysparm_scope_id');
      if (!scopeId)
          return this._error(gs.getMessage("Risk assessment scope is missing in the request"));

      var entityId = this.getParameter('sysparm_entity_id');
      if (!entityId)
          return this._error(new sn_grc.GRCUtils().getMessage('missing_profile'));

      var response = new sn_risk_advanced.RiskAssessmentUtils().createAssessmentInstanceFromRisks(riskIds, scopeId, entityId);

      riskStatementIds = response.riskStatements;
      var failedInstanceCount = response.failedInstances + '';
      var asmtsInProgressCount = response.asmtsInProgressCount + '';
      for (var i = 0; i < riskStatementIds.length; ++i) {
          var contentProfileReference = new GlideRecord("sn_grc_m2m_content_profile");
          contentProfileReference.addQuery('sn_grc_profile', entityId);
          contentProfileReference.addQuery('sn_grc_content', riskStatementIds[i]);
          contentProfileReference.query();
          if (!contentProfileReference.next()) {
              contentProfileReference.initialize();
              contentProfileReference.sn_grc_profile = entityId;
              contentProfileReference.sn_grc_content = riskStatementIds[i];
              contentProfileReference.insert();
          }
      }

      var result = {
          newInstanceMsg: gs.getMessage('{0} risk(s) mapped to risk assessment scope', (riskIds.length - failedInstanceCount) + ''),
          failedInstanceMsg: failedInstanceCount > 0 ? gs.getMessage('{0} risk(s) ignored', failedInstanceCount) : '',
          asmtsInProgressCount: asmtsInProgressCount > 0 ? gs.getMessage('{0} assessment(s) already in progress', asmtsInProgressCount) : ''
      };
      return new global.JSON().encode(result);

  },

  createIndividualControlAssessmentResponses: function() {
      var assessmentInstance = this.getParameter('sysparm_assessment_instance_id');
      if (!assessmentInstance)
          return this._error(gs.getMessage('Assessment instance is missing in the request'));

      var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();

      if (!assessmentUtils.canWriteAssessmentInstance(assessmentInstance))
          return this._error(gs.getMessage('Insufficient privileges to add controls'));

      var contentIds = this.getParameter('sysparm_content_ids');
      if (!contentIds)
          return this._error(gs.getMessage('Control Objectives are missing in the request'));

      contentIds = contentIds.split(',');
      if (contentIds.length == 1 && contentIds[0] == '')
          return this._error(gs.getMessage('Control Objectives are missing in the request'));

      var ramId = this.getParameter('sysparm_ram_id');
      if (!ramId)
          return this._error(gs.getMessage('Ram is missing in the request'));

      var entityId = this.getParameter('sysparm_entity_id');
      if (!entityId)
          return this._error(gs.getMessage('Entity is missing in the request'));

      var riskId = this.getParameter('sysparm_risk_id');
      if (!riskId)
          return this._error(gs.getMessage('Risk is missing in the request'));

      var responses = assessmentUtils.createIndividualControlAssessmentResponses(contentIds, ramId, assessmentInstance, entityId, riskId);

      if (responses.error)
          return this._error(responses.error);

      var result = {
          newResponsesCount: gs.getMessage('{0} control(s) added', responses.newResponsesCount + ''),
          existingResponsesCount: responses.existingResponsesCount > 0 ? gs.getMessage('{0} control(s) already added', responses.existingResponsesCount + '') : '',
          failedResponsesCount: responses.failedResponsesCount > 0 ? gs.getMessage('{0} control(s) failed to add', responses.failedResponsesCount + '') : '',
          ignoredResponsesCount: responses.ignoredResponsesCount > 0 ? gs.getMessage('{0} control(s) ignored', responses.ignoredResponsesCount + '') : '',
          assessmentResponses: responses.assessmentResponses
      };
      return new global.JSON().encode(result);
  },


  createIndividualControlAssessmentResponsesFromControls: function() {
      var assessmentInstance = this.getParameter('sysparm_assessment_instance_id');
      if (!assessmentInstance)
          return this._error(gs.getMessage('Assessment instance is missing in the request'));

      var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();

      if (!assessmentUtils.canWriteAssessmentInstance(assessmentInstance))
          return this._error(gs.getMessage('Insufficient privileges to add controls'));

      var controlIds = this.getParameter('sysparm_control_ids');
      if (!controlIds)
          return this._error(gs.getMessage('Controls are missing in the request'));

      controlIds = controlIds.split(',');
      if (controlIds.length == 1 && controlIds[0] == '')
          return this._error(gs.getMessage('Controls are missing in the request'));

      var ramId = this.getParameter('sysparm_ram_id');
      if (!ramId)
          return this._error(gs.getMessage('Ram is missing in the request'));

      var entityId = this.getParameter('sysparm_entity_id');
      if (!entityId)
          return this._error(gs.getMessage('Entity is missing in the request'));

      var riskId = this.getParameter('sysparm_risk_id');
      if (!riskId)
          return this._error(gs.getMessage('Risk is missing in the request'));

      var responses = assessmentUtils.createIndividualControlAssessmentResponsesFromControls(controlIds, ramId, assessmentInstance, entityId, riskId);

      if (responses.error)
          return this._error(responses.error);

      var result = {
          newResponsesCount: gs.getMessage('{0} control(s) added', responses.newResponsesCount + ''),
          existingResponsesCount: responses.existingResponsesCount > 0 ? gs.getMessage('{0} control(s) already added', responses.existingResponsesCount + '') : '',
          failedResponsesCount: responses.failedResponsesCount > 0 ? gs.getMessage('{0} control(s) failed to add', responses.failedResponsesCount + '') : '',
          ignoredResponsesCount: responses.ignoredResponsesCount > 0 ? gs.getMessage('{0} control(s) ignored', responses.ignoredResponsesCount + '') : '',
          assessmentResponses: responses.assessmentResponses
      };
      return new global.JSON().encode(result);
  },


  removeIndividualControlAssessmentResponses: function() {
      var assessmentInstanceId = this.getParameter('sysparm_assessment_instance_id');
      if (!assessmentInstanceId)
          return this._error(gs.getMessage('Assessment instance is missing in the request'));

      var controlIds = this.getParameter('sysparm_control_ids');
      if (!controlIds)
          return this._error(gs.getMessage('Controls are missing in the request'));

      return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().removeIndividualControlAssessmentResponses(assessmentInstanceId, controlIds));
  },

  createControl: function() {
      var controlObject = new global.JSON().decode(this.getParameter('sysparm_control_info'));
      return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().createControlAndItsResponse(controlObject));
  },

  getAssociatedControls: function(assessmentInstanceId) {
      return new sn_risk_advanced.RiskAssessmentUtils().getAssociatedControls(assessmentInstanceId);
  },


  getValidControls: function(assessmentInstanceId) {
      return new sn_risk_advanced.RiskAssessmentUtils().getValidControls(assessmentInstanceId);
  },

  getAssociatedControlObjectives: function() {
      var assessmentInstanceId = this.getParameter('sysparm_assessment_instance_id');
      return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().getAssociatedControlObjectives(assessmentInstanceId));
  },

  updateAssessmentAssessorApprover: function() {
      var scopeId = this.getParameter('sysparm_scope_id');

      var scope = new GlideRecord("sn_risk_advanced_risk_assessment_scope");
      scope.get(scopeId);

      var utils = new sn_risk_advanced.RiskAssessmentUtils();
      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.addQuery("state", "0");
      instance.addQuery("assessment_scope", scopeId);
      instance.query();

      while (instance.next()) {
          var riskId = instance.risk;
          utils.addAssessors(instance, scope, riskId);
          utils.addApprovers(instance, scope);
          instance.update();
      }
  },

  getColorsForRatingCriteria: function() {
      var ratingCriteriaId = this.getParameter('sysparm_rating_criteria_id');
      var ratingCriteria = new sn_risk_advanced.RiskAssessmentUtils().getRecordWithSysId(ratingCriteriaId, 'sn_risk_advanced_rating_criteria');
      var colours = {};
      colours.background_color = ratingCriteria.getValue('background_color');
      colours.text_color = ratingCriteria.getValue('text_color');
      return new global.JSON().encode(colours);
  },

  reportRisk: function() {
      var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
      var riskObject = new global.JSON().decode(this.getParameter('sysparm_risk_info'));
      var riskId = assessmentUtils.createRisk(riskObject);
      var assessmentInstanceId;
      if (riskId) {
          var scope = new GlideRecord('sn_risk_advanced_risk_assessment_scope');
          scope.get(riskObject.scopeId);
          var instanceObj = {};
          instanceObj.risk = riskId;
          instanceObj.assessment_scope = riskObject.scopeId;
          instanceObj.entity_1 = riskObject.entityId;
          instanceObj.risk_assessment_methodology = scope.risk_assessment_methodology;
          assessmentUtils.addAssessors(instanceObj, scope, riskId);
          assessmentUtils.addApprovers(instanceObj, scope);
          assessmentInstanceId = assessmentUtils.createAssessmentInstance(instanceObj);
          assessmentUtils.createAssessmentQuestions(assessmentInstanceId);
      }
      return new global.JSON().encode(assessmentInstanceId);
  },

  _error: function(msg) {
      return new global.JSON().encode({
          error: msg
      });
  },


  getEntityClass: function() {
      var gr = new GlideRecord('sn_grc_profile');
      gr.get(this.getParameter("sysparm_entity_id"));

      var classGr = new GlideRecord("sn_grc_profile_class");
      classGr.get(gr.getValue("profile_class"));
      return classGr.getDisplayValue("name");
  },

  getUserName: function() {
      var gr = new GlideRecord('sys_user');
      gr.get(this.getParameter("sysparm_ownerId"));
      return gr.name;
  },

  triggerAssessments: function(id) {
      if (gs.hasRole('sn_risk_advanced.ara_creator')) {
          var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
          var assesmentsArray = [];
          assesmentsArray = id ? [id] : this.getParameter("sysparm_assessment_ids").split(',');


          var assessmentIdsInCompletedState = assessmentUtils.getClosedAssessments(assesmentsArray, null);
          var newAssessments = assessmentUtils.createNewAsmtInstance(assessmentIdsInCompletedState);
          //Removing closed assessments from list of assessments
          for (var i = 0; i < assessmentIdsInCompletedState.length; i++) {
              var index;
              while ((index = assesmentsArray.indexOf(assessmentIdsInCompletedState[i])) !== -1) {
                  assesmentsArray.splice(index, 1);
              }
          }
          //Adding newly created assesments to existing list of assesments
          var allAsessments = assesmentsArray.concat(newAssessments);
          var count = assessmentUtils.markAssess(allAsessments, null);
          if (count == 0) {
              return gs.getMessage("No new assessments to initiate");
          } else if (count == 1) {
              return gs.getMessage("Initiated one risk assessment");
          } else {
              return gs.getMessage("Initiated {0} risk assessments", count);
          }
      }
  },

  triggerAssessmentsEvent: function() {
      gs.eventQueue('sn_risk_advanced.trigger_all_asmts', null, this.getParameter("sysparm_scope_id"));
      var gr = new GlideRecord("sn_risk_advanced_risk_assessment_scope");
      gr.get(this.getParameter("sysparm_scope_id"));
      gr.setValue("state", "5");
      gr.update();
      return gs.getMessage("Risk assessments are being initiated. This may take a while.");
  },

  getCountOfAssessmentsToTrigger: function(scopeId) {
      scopeId = gs.nil(scopeId) ? this.getParameter("sysparm_scope_id") : scopeId;
      var asmt = new GlideAggregate("sn_risk_advanced_risk_assessment_instance");
      asmt.addQuery('assessment_scope', scopeId);
      asmt.addQuery('state', 'IN', '0');
      asmt.addAggregate('COUNT');
      asmt.query();
      asmt.next();
      return parseInt(asmt.getAggregate('COUNT')) + (new sn_risk_advanced.RiskAssessmentUtils().getClosedAssessments(null, scopeId)).length;
  },

  getCountOfAssessmentsToTriggerForWorkspace: function(scopeId) {
      scopeId = scopeId ? scopeId : this.getParameter("sysparm_scope_id");
      var asmt = new GlideAggregate("sn_risk_advanced_risk_assessment_instance");
      asmt.addQuery('assessment_scope', scopeId);
      asmt.addAggregate('COUNT');
      asmt.query();
      asmt.next();
      return parseInt(asmt.getAggregate('COUNT'));
  },

  getAssessmentResponseData: function() {
      return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().getAssessmentResponseData(this.getParameter('sysparm_assessment_instance_id'), this.getParameter('sysparm_assessment_type'), this.getParameter('sysparm_ram_id')));
  },

  getAssessmentsToHide: function() {
      var result = {
          "inherent_assessment": false,
          "control_assessment": false,
          "residual_assessment": false,
          "risk_response": false,
      };
      var asmtInstanceId = this.getParameter("sysparm_instance_id");
      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.get(asmtInstanceId);
      var asmtTypes = new GlideRecord("sn_risk_advanced_assessment_type");
      asmtTypes.addQuery("risk_assessment_methodology", instance.risk_assessment_methodology);
      asmtTypes.query();
      while (asmtTypes.next()) {
          if (asmtTypes.sys_class_name == "sn_risk_advanced_inherent_assessment") {
              result.inherent_assessment = true;
          } else if (asmtTypes.sys_class_name == "sn_risk_advanced_control_assessment") {
              result.control_assessment = true;
          } else if (asmtTypes.sys_class_name == "sn_risk_advanced_residual_assessment") {
              result.residual_assessment = true;
          }
      }

      if (instance.risk_assessment_methodology.enable_risk_response_workflow)
          result.risk_response = true;

      var asmtStatesAndCurrentState = {
          "asmtStates": JSON.stringify(result),
          "currentState": instance.getValue('state'),
      };
      return JSON.stringify(asmtStatesAndCurrentState);
  },

  setAssessor: function() {
      var asmtInstanceId = this.getParameter("sysparm_instance_id");
      var assessor = this.getParameter("sysparm_assessor");
      var comments = this.getParameter("sysparm_comments");
      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.get(asmtInstanceId);
      instance.assessor_user = assessor;
      instance.assessor_group = '';
      if (comments != '')
          instance.comments = comments;
      instance.update();
      return true;
  },

  approveAssessments: function() {

      var count = new RiskAssessmentUtils().markApproved(this.getParameter("sysparm_assessment_ids"));
      if (count == 1) {
          return gs.getMessage("Approved one risk assessment");
      } else {
          return gs.getMessage("Approved {0} risk assessments", count);
      }
  },

  setApprover: function() {
      var asmtInstanceId = this.getParameter("sysparm_instance_id");
      var approver = this.getParameter("sysparm_approver");
      var comments = this.getParameter("sysparm_comments");
      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.get(asmtInstanceId);
      instance.approver_user = approver;
      instance.approver_type = '1';
      instance.approver_group = '';
      if (comments != '')
          instance.comments = comments;
      instance.update();
      return true;
  },

  requestReassessment: function() {
      var asmtInstanceId = this.getParameter("sysparm_instance_id");
      var comments = this.getParameter("sysparm_comments");
      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.get(asmtInstanceId);
      instance.sub_state = "0";
      instance.approver_user = gs.getUserID();
      instance.approver_type = '1';
      instance.approver_group = '';
      if (comments != '')
          instance.comments = comments;
      new RiskAssessmentUtils().assess(instance);
      instance.update();
      return true;
  },

  requestApproval: function() {
      var asmtInstanceId = this.getParameter("sysparm_instance_id");
      var comments = this.getParameter("sysparm_comments");
      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.get(asmtInstanceId);
      if (comments != '')
          instance.comments = comments;
      return new RiskAssessmentUtils().requestApproval(instance);
  },

  getContributingRiskAsmts: function(reportSysId) {
      if (!reportSysId)
          reportSysId = this.getParameter('sysparm_sys_id');
      var report = new GlideRecord("sn_risk_advanced_risk_assessment_result");
      report.get(reportSysId);
      return new RiskRollupUtils().getContributingRiskAsmts(report);
  },
  getRiskStatementsInAsmtInstance: function(id) {
      var scopeId;
      if (id)
          scopeId = id;
      else
          scopeId = this.getParameter('sysparm_scope_id');

      var scope = new GlideRecord('sn_risk_advanced_risk_assessment_scope');
      scope.get(scopeId);

      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.addQuery('risk_assessment_methodology', scope.risk_assessment_methodology);
      instance.addQuery('entity_1', scope.entity);
      instance.addQuery('risk.instance', true);
      instance.query();
      var riskStatementsId = [];
      while (instance.next()) {
          riskStatementsId.push(instance.risk.statement + "");
      }

      var gr = new GlideRecord('sn_risk_risk');
      gr.addQuery('profile', scope.entity);
      gr.addQuery('active', false);
      gr.addQuery('instance', true);
      gr.query();
      while (gr.next()) {
          if (riskStatementsId.indexOf(gr.getValue('statement')) == -1)
              riskStatementsId.push(gr.getValue('statement'));
      }

      return riskStatementsId;

  },

  getValidRisksForAsmtScope: function(scopeId, entity) {

      if (scopeId == null) {
          scopeId = this.getParameter('sysparm_scope_id');
      }
      if (entity == null) {
          entity = this.getParameter('sysparm_entity');
      }

      var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
      instance.addQuery('assessment_scope', scopeId);
      instance.addQuery('state', '!=', '8');
      instance.query();
      var riskIds = [];
      while (instance.next()) {
          riskIds.push(instance.risk + '');
      }
      var riskReference = new GlideRecord('sn_risk_risk');
      riskReference.addQuery('sys_id', 'NOT IN', riskIds);
      riskReference.addQuery('profile', entity);
      riskReference.addQuery('state', '!=', 'retired');
      riskReference.query();
      var finalRiskIds = [];
      while (riskReference.next()) {
          finalRiskIds.push(riskReference.getUniqueValue());
      }

      return finalRiskIds;
  },

  generateResponses: function() {
      var prevAsmtId = this.getParameter('sysparm_prevAsmtId');
      var currAsmtId = this.getParameter('sysparm_currAsmtId');
      return new RiskAssessmentUtils().generateResponsesForReTriggeredAsmts(prevAsmtId, currAsmtId);
  },

  saveMitigationCtrlAndResidualRiskFlags: function() {
      var asmtId = this.getParameter('sysparm_asmtId');
      var asmtState = this.getParameter('sysparm_state');
      var isMitigationControlsFlagSet = this.getParameter('sysparm_isMitigationCtrlsFlagSet');
      var isResidualRiskFlagSet = this.getParameter('sysparm_isResidualRiskFlagSet');
      return new RiskAssessmentUtils().saveMitigationCtrlAndResidualRiskFlags(asmtId, asmtState, isMitigationControlsFlagSet, isResidualRiskFlagSet);
  },

  getControlObjectives: function() {
      var result = this.validateInput();
      if (!result.error)
          return new global.JSON().encode(this.getAlreadyAssociatedControlObjectives(result.mitigationId));
      else
          return result.error;
  },

  getAlreadyAssociatedControlObjectives: function(mitigationId) {

      var alreadyAssociatedControlObjectives = [];
      var m2m = new GlideRecord("sn_risk_m2m_risk_mitigation_control");
      m2m.addQuery("risk_mitigation.active", true);
      m2m.addQuery("risk_mitigation", mitigationId);
      m2m.addQuery("control.instance", "true");
      m2m.query();
      while (m2m.next()) {
          if (!m2m.control.content.nil()) {
              alreadyAssociatedControlObjectives.push(m2m.control.content + '');
          }
      }
      return alreadyAssociatedControlObjectives;

  },

  validateInput: function() {

      if (!(new GlideRecord('sn_risk_m2m_risk_mitigation_control')).canCreate())
          return this._error(gs.getMessage('Insufficient privileges to create controls'));

      var riskId = this.getParameter('sysparm_risk_id');
      if (!riskId)
          return this._error(gs.getMessage('Risk is missing in the request'));

      var risk = new GlideRecord('sn_risk_risk');
      if (!risk.get(riskId))
          return this._error(gs.getMessage('Request is having invalid risk information'));

      var mitigationId = this.getParameter('sysparm_risk_mitigation');
      if (!mitigationId)
          return this._error(gs.getMessage('Mitigation task is missing in the request'));

      var mitigation = new GlideRecord('sn_risk_mitigation_task');
      if (!mitigation.get(mitigationId))
          return this._error(gs.getMessage('Request is having invalid mitigation information'));

      var obj = {
          risk: risk,
          mitigation: mitigation,
          riskId: riskId,
          mitigationId: mitigationId
      };

      return obj;
  },

  addMitigationControl: function() {

      var result = this.validateInput();
      if (!result.error) {

          var controlObjectiveMsg = new sn_grc.GRCUtils().getMessage('policy_statements');
          var controlObjectiveIds = this.getParameter('sysparm_content_ids');
          controlObjectiveIds = controlObjectiveIds.split(',');
          if (!controlObjectiveIds || (controlObjectiveIds.length == 1 && controlObjectiveIds[0] == ''))
              return this._error(gs.getMessage('{0} are missing in the request', controlObjectiveMsg));


          var risk = result.risk;
          var controlId;
          var controlsAdded = 0;

          for (var i = 0; i < controlObjectiveIds.length; i++) {
              /** below code returns control id if exist otherwise creates return control id**/
              controlId = this.createControlIfNotExists(controlObjectiveIds[i], risk.profile + '');
              if (controlId) {
                  if (new sn_risk.MitigationControls().createMitigationControlsToMitigationRisk(result.mitigationId, controlId))
                      controlsAdded++;
              }
          }

          return new global.JSON().encode({
              controlsMsg: gs.getMessage('{0} control(s) have been added to this mitigation task', controlsAdded + '')
          });
      } else
          return result.error;
  },

  createControlIfNotExists: function(controlObjective, entity) {
      var control = new GlideRecord('sn_compliance_control');
      control.addQuery('content', controlObjective);
      control.addQuery('profile', entity);
      control.query();

      if (control.next()) {
          return control.getUniqueValue();
      } else {
          control.initialize();
          control.setValue('content', controlObjective);
          control.setValue('profile', entity);
          var controlId = control.insert();

          if (controlId) {
              var m2m = new GlideRecord('sn_grc_m2m_content_profile');
              m2m.setValue('sn_grc_content', controlObjective);
              m2m.setValue('sn_grc_profile', entity);
              m2m.insert();
          }
          return controlId;
      }
  },

  reassess: function() {
      return new sn_risk_advanced.RiskAssessmentUtils().reassess(this.getParameter('sysparm_asmt_id'));
  },

  cancelAssessments: function() {
      var assesmentsArray = [];
      if (this.getParameter("sysparm_assessment_ids") != '')
          assesmentsArray = this.getParameter("sysparm_assessment_ids").split(',');
      return new sn_risk_advanced.RiskAssessmentUtils().cancelAssessments(assesmentsArray);
  },

  cancelRiskAssessment: function() {
      if (gs.hasRole("sn_risk.user")) {
          var riskGr = new GlideRecord("sn_risk_risk");
          riskGr.get(this.getParameter("sysparm_risk_id"));
          var asmt = new RiskUtilities().getLatestAssessment(riskGr);
          return new sn_risk_advanced.RiskAssessmentUtils().cancelAssessments(asmt.getUniqueValue());
      }
  },

  simulateAssessment: function() {
      var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
      var instanceObj = {};
      var assessmentId = '';
      var entityId = '';
      var result = {};

      if (gs.hasRole('sn_risk_advanced.ara_assessor')) {
          instanceObj.assessor_type = "1";
          instanceObj.assessor_user = gs.getUserID();
          instanceObj.orignal_assessor_user = gs.getUserID();
      } else {
          result.status = 0;
          result.errorMsg = gs.getMessage('simulate_assessment_error_msg', 'sn_risk_advanced.ara_assessor');
          return new global.JSON().encode(result);
      }

      if (gs.hasRole('sn_risk_advanced.ara_approver')) {
          instanceObj.approver_type = "1";
          instanceObj.approver_user = gs.getUserID();
          instanceObj.orignal_approver_user = gs.getUserID();
      } else {
          result.status = 0;
          result.errorMsg = gs.getMessage('simulate_assessment_error_msg', 'sn_risk_advanced.ara_approver');
          return new global.JSON().encode(result);
      }

      if (this.getParameter('sysparm_assessed_on') == "0") {
          var riskObject = new global.JSON().decode(this.getParameter('sysparm_risk_info'));
          if (riskObject.riskId) {
              var gr = new GlideRecord('sn_risk_risk');
              gr.addQuery('sys_id', riskObject.riskId);
              gr.query();
              if (gr.next()) {
                  entityId = gr.profile;
                  if (riskObject.riskAssessmentMethodology) {

                      assessmentId = assessmentUtils.checkIfRiskAssessmentExists(riskObject.riskAssessmentMethodology, riskObject.riskId, this.getParameter('sysparm_assessed_on'));

                      if (assessmentId != '')
                          assessmentUtils.deleteIfSimulatedRiskAssessmentExists(assessmentId);
                  }
                  instanceObj.risk = riskObject.riskId;
                  instanceObj.entity_1 = entityId;
                  instanceObj.risk_assessment_methodology = riskObject.riskAssessmentMethodology;

              }
          }
      } else {
          var objectInfo = new global.JSON().decode(this.getParameter('sysparm_obj_info'));
          if (objectInfo.objectId && objectInfo.riskAssessmentMethodology) {

              assessmentId = assessmentUtils.checkIfRiskAssessmentExists(objectInfo.riskAssessmentMethodology, objectInfo.objectId, this.getParameter('sysparm_assessed_on'));

              if (assessmentId != '')
                  assessmentUtils.deleteIfSimulatedRiskAssessmentExists(assessmentId);
          }
          instanceObj.source_record = objectInfo.objectId;
          instanceObj.table = objectInfo.table;
          instanceObj.risk_assessment_methodology = objectInfo.riskAssessmentMethodology;

      }
      var ram = new GlideRecord('sn_risk_advanced_risk_assessment_methodology');
      ram.addQuery('sys_id', instanceObj.risk_assessment_methodology);
      ram.query();

      if (ram.next()) {
          instanceObj.next_schedule_date = assessmentUtils.getNextScheduleDate(ram.getValue('reassessment_frequency'));
          instanceObj.asmt_due_date = assessmentUtils.getAssessmentDueDate(ram.getValue('days_to_overdue'));
      }
      instanceObj.state = "1";

      var instanceId = assessmentUtils.createAssessmentInstance(instanceObj);
      if (instanceId == null) {
          result.status = 0;
          result.errorMsg = gs.getMessage('Assessment could not be created.');
          return new global.JSON().encode(result);
      }
      result.status = 201;
      result.id = instanceId;
      gr = new GlideRecord('sn_risk_advanced_risk_assessment_instance');
      gr.addQuery('sys_id', instanceId);
      gr.query();
      if (gr.next()) {
          result.infoMsg = gs.getMessage("simulate_assessment_created_msg");
          result.number = gr.number + '';
      }
      assessmentUtils.createAssessmentQuestions(instanceId);
      return new global.JSON().encode(result);
  },


  type: 'RiskAssessmentAJAX'
});

Sys ID

7c2ccfe073a10010ec95d11ee2f6a710

Offical Documentation

Official Docs: