Name
sn_risk_advanced.RiskAssessmentAJAX
Description
Utility required for assessment instance ajax
Script
var RiskAssessmentAJAX = Class.create();
RiskAssessmentAJAX.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {
getLatestAssessmentsOfRisks: function(scopeId) {
return new sn_risk_advanced.RiskAssessmentUtils().filterAssessments(scopeId);
},
filterOverriddenAssessments: function() {
return new RiskAssessmentUtils().filterOverriddenAssessments();
},
getAssessmentIdBasedOnApprover: function() {
return new sn_risk_advanced.RiskAssessmentUtils().getAssessmentIdBasedOnApprover();
},
triggerRiskAssessment: function() {
if (gs.hasRole("sn_risk.user")) {
var result = new sn_risk_advanced.RiskAssessmentUtils().triggerRiskAssessment(this.getParameter('sysparm_risk'), null, this.getParameter('sysparm_assessor'), this.getParameter('sysparm_approver'), "user", "user", parseInt(this.getParameter('sysparm_days')));
return JSON.stringify(result);
}
},
createRiskAssessmentInstance: function() {
if (!(new GlideRecord('sn_risk_advanced_risk_assessment_instance')).canCreate())
return this._error(gs.getMessage('Insufficient privileges to generate assessments'));
var riskStatementIds = this.getParameter('sysparm_content_ids');
if (!riskStatementIds)
return this._error(gs.getMessage('Risk statements are missing in the request'));
riskStatementIds = riskStatementIds.split(',');
if (riskStatementIds.length == 1 && riskStatementIds[0] == '')
return this._error(gs.getMessage('Risk statements are missing in the request'));
var scopeId = this.getParameter('sysparm_scope_id');
if (!scopeId)
return this._error(gs.getMessage("Risk assessment scope is missing in the request"));
var entityId = this.getParameter('sysparm_entity_id');
if (!entityId)
return this._error(new sn_grc.GRCUtils().getMessage('missing_profile'));
var riskCount = 0;
var failedRiskCount = 0;
var failedInstanceCount = 0;
var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
for (var i = 0; i < riskStatementIds.length; i++) {
if (riskStatementIds[i] != '') {
var riskId = assessmentUtils.getAssociatedRisk(entityId, riskStatementIds[i]);
if (riskId == null) {
var riskObj = {};
riskObj.entityId = entityId;
riskObj.risk_statement = riskStatementIds[i];
riskId = assessmentUtils.createRisk(riskObj);
if (riskId == null) {
failedRiskCount++;
continue;
}
}
riskCount++;
var assessmentInstanceId = assessmentUtils.getAssessmentInstance(riskId, scopeId);
if (assessmentInstanceId == null) {
var scope = new GlideRecord('sn_risk_advanced_risk_assessment_scope');
scope.get(scopeId);
var instanceObj = {};
instanceObj.risk = riskId;
instanceObj.assessment_scope = scopeId;
instanceObj.entity_1 = entityId;
instanceObj.risk_assessment_methodology = scope.risk_assessment_methodology;
assessmentUtils.addAssessors(instanceObj, scope, riskId);
assessmentUtils.addApprovers(instanceObj, scope);
assessmentInstanceId = assessmentUtils.createAssessmentInstance(instanceObj);
if (assessmentInstanceId == null) {
failedInstanceCount++;
continue;
}
assessmentUtils.createAssessmentQuestions(assessmentInstanceId);
} else {
var assessmentIdsInCompletedState = assessmentUtils.getClosedAssessments(assessmentInstanceId.getUniqueValue(), null);
var newAssessments = assessmentUtils.createNewAsmtInstance([assessmentIdsInCompletedState]);
}
}
var contentProfileReference = new GlideRecord("sn_grc_m2m_content_profile");
contentProfileReference.addQuery('sn_grc_profile', entityId);
contentProfileReference.addQuery('sn_grc_content', riskStatementIds[i]);
contentProfileReference.query();
if (!contentProfileReference.next()) {
contentProfileReference.initialize();
contentProfileReference.sn_grc_profile = entityId;
contentProfileReference.sn_grc_content = riskStatementIds[i];
contentProfileReference.insert();
}
}
var result = {
newInstanceMsg: gs.getMessage('{0} risk(s) mapped to risk assessment scope', riskCount + ''),
failedRiskMsg: failedRiskCount > 0 ? gs.getMessage('{0} risk(s) not able to generate', failedRiskCount + '') : '',
failedInstanceMsg: failedInstanceCount > 0 ? gs.getMessage('{0} risk(s) ignored', failedInstanceCount + '') : ''
};
return new global.JSON().encode(result);
},
createRiskAssessmentInstanceFromRisks: function() {
if (!(new GlideRecord('sn_risk_advanced_risk_assessment_instance')).canCreate())
return this._error(gs.getMessage('Insufficient privileges to generate assessments'));
var riskIds = this.getParameter('sysparm_risk_ids');
var riskStatementIds = [];
if (!riskIds)
return this._error(gs.getMessage('Risks are missing in the request'));
riskIds = riskIds.split(',');
if (riskIds.length == 1 && riskIds[0] == '')
return this._error(gs.getMessage('Risks are missing in the request'));
var scopeId = this.getParameter('sysparm_scope_id');
if (!scopeId)
return this._error(gs.getMessage("Risk assessment scope is missing in the request"));
var entityId = this.getParameter('sysparm_entity_id');
if (!entityId)
return this._error(new sn_grc.GRCUtils().getMessage('missing_profile'));
var response = new sn_risk_advanced.RiskAssessmentUtils().createAssessmentInstanceFromRisks(riskIds, scopeId, entityId);
riskStatementIds = response.riskStatements;
var failedInstanceCount = response.failedInstances + '';
var asmtsInProgressCount = response.asmtsInProgressCount + '';
for (var i = 0; i < riskStatementIds.length; ++i) {
var contentProfileReference = new GlideRecord("sn_grc_m2m_content_profile");
contentProfileReference.addQuery('sn_grc_profile', entityId);
contentProfileReference.addQuery('sn_grc_content', riskStatementIds[i]);
contentProfileReference.query();
if (!contentProfileReference.next()) {
contentProfileReference.initialize();
contentProfileReference.sn_grc_profile = entityId;
contentProfileReference.sn_grc_content = riskStatementIds[i];
contentProfileReference.insert();
}
}
var result = {
newInstanceMsg: gs.getMessage('{0} risk(s) mapped to risk assessment scope', (riskIds.length - failedInstanceCount) + ''),
failedInstanceMsg: failedInstanceCount > 0 ? gs.getMessage('{0} risk(s) ignored', failedInstanceCount) : '',
asmtsInProgressCount: asmtsInProgressCount > 0 ? gs.getMessage('{0} assessment(s) already in progress', asmtsInProgressCount) : ''
};
return new global.JSON().encode(result);
},
createIndividualControlAssessmentResponses: function() {
var assessmentInstance = this.getParameter('sysparm_assessment_instance_id');
if (!assessmentInstance)
return this._error(gs.getMessage('Assessment instance is missing in the request'));
var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
if (!assessmentUtils.canWriteAssessmentInstance(assessmentInstance))
return this._error(gs.getMessage('Insufficient privileges to add controls'));
var contentIds = this.getParameter('sysparm_content_ids');
if (!contentIds)
return this._error(gs.getMessage('Control Objectives are missing in the request'));
contentIds = contentIds.split(',');
if (contentIds.length == 1 && contentIds[0] == '')
return this._error(gs.getMessage('Control Objectives are missing in the request'));
var ramId = this.getParameter('sysparm_ram_id');
if (!ramId)
return this._error(gs.getMessage('Ram is missing in the request'));
var entityId = this.getParameter('sysparm_entity_id');
if (!entityId)
return this._error(gs.getMessage('Entity is missing in the request'));
var riskId = this.getParameter('sysparm_risk_id');
if (!riskId)
return this._error(gs.getMessage('Risk is missing in the request'));
var responses = assessmentUtils.createIndividualControlAssessmentResponses(contentIds, ramId, assessmentInstance, entityId, riskId);
if (responses.error)
return this._error(responses.error);
var result = {
newResponsesCount: gs.getMessage('{0} control(s) added', responses.newResponsesCount + ''),
existingResponsesCount: responses.existingResponsesCount > 0 ? gs.getMessage('{0} control(s) already added', responses.existingResponsesCount + '') : '',
failedResponsesCount: responses.failedResponsesCount > 0 ? gs.getMessage('{0} control(s) failed to add', responses.failedResponsesCount + '') : '',
ignoredResponsesCount: responses.ignoredResponsesCount > 0 ? gs.getMessage('{0} control(s) ignored', responses.ignoredResponsesCount + '') : '',
assessmentResponses: responses.assessmentResponses
};
return new global.JSON().encode(result);
},
createIndividualControlAssessmentResponsesFromControls: function() {
var assessmentInstance = this.getParameter('sysparm_assessment_instance_id');
if (!assessmentInstance)
return this._error(gs.getMessage('Assessment instance is missing in the request'));
var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
if (!assessmentUtils.canWriteAssessmentInstance(assessmentInstance))
return this._error(gs.getMessage('Insufficient privileges to add controls'));
var controlIds = this.getParameter('sysparm_control_ids');
if (!controlIds)
return this._error(gs.getMessage('Controls are missing in the request'));
controlIds = controlIds.split(',');
if (controlIds.length == 1 && controlIds[0] == '')
return this._error(gs.getMessage('Controls are missing in the request'));
var ramId = this.getParameter('sysparm_ram_id');
if (!ramId)
return this._error(gs.getMessage('Ram is missing in the request'));
var entityId = this.getParameter('sysparm_entity_id');
if (!entityId)
return this._error(gs.getMessage('Entity is missing in the request'));
var riskId = this.getParameter('sysparm_risk_id');
if (!riskId)
return this._error(gs.getMessage('Risk is missing in the request'));
var responses = assessmentUtils.createIndividualControlAssessmentResponsesFromControls(controlIds, ramId, assessmentInstance, entityId, riskId);
if (responses.error)
return this._error(responses.error);
var result = {
newResponsesCount: gs.getMessage('{0} control(s) added', responses.newResponsesCount + ''),
existingResponsesCount: responses.existingResponsesCount > 0 ? gs.getMessage('{0} control(s) already added', responses.existingResponsesCount + '') : '',
failedResponsesCount: responses.failedResponsesCount > 0 ? gs.getMessage('{0} control(s) failed to add', responses.failedResponsesCount + '') : '',
ignoredResponsesCount: responses.ignoredResponsesCount > 0 ? gs.getMessage('{0} control(s) ignored', responses.ignoredResponsesCount + '') : '',
assessmentResponses: responses.assessmentResponses
};
return new global.JSON().encode(result);
},
removeIndividualControlAssessmentResponses: function() {
var assessmentInstanceId = this.getParameter('sysparm_assessment_instance_id');
if (!assessmentInstanceId)
return this._error(gs.getMessage('Assessment instance is missing in the request'));
var controlIds = this.getParameter('sysparm_control_ids');
if (!controlIds)
return this._error(gs.getMessage('Controls are missing in the request'));
return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().removeIndividualControlAssessmentResponses(assessmentInstanceId, controlIds));
},
createControl: function() {
var controlObject = new global.JSON().decode(this.getParameter('sysparm_control_info'));
return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().createControlAndItsResponse(controlObject));
},
getAssociatedControls: function(assessmentInstanceId) {
return new sn_risk_advanced.RiskAssessmentUtils().getAssociatedControls(assessmentInstanceId);
},
getValidControls: function(assessmentInstanceId) {
return new sn_risk_advanced.RiskAssessmentUtils().getValidControls(assessmentInstanceId);
},
getAssociatedControlObjectives: function() {
var assessmentInstanceId = this.getParameter('sysparm_assessment_instance_id');
return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().getAssociatedControlObjectives(assessmentInstanceId));
},
updateAssessmentAssessorApprover: function() {
var scopeId = this.getParameter('sysparm_scope_id');
var scope = new GlideRecord("sn_risk_advanced_risk_assessment_scope");
scope.get(scopeId);
var utils = new sn_risk_advanced.RiskAssessmentUtils();
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.addQuery("state", "0");
instance.addQuery("assessment_scope", scopeId);
instance.query();
while (instance.next()) {
var riskId = instance.risk;
utils.addAssessors(instance, scope, riskId);
utils.addApprovers(instance, scope);
instance.update();
}
},
getColorsForRatingCriteria: function() {
var ratingCriteriaId = this.getParameter('sysparm_rating_criteria_id');
var ratingCriteria = new sn_risk_advanced.RiskAssessmentUtils().getRecordWithSysId(ratingCriteriaId, 'sn_risk_advanced_rating_criteria');
var colours = {};
colours.background_color = ratingCriteria.getValue('background_color');
colours.text_color = ratingCriteria.getValue('text_color');
return new global.JSON().encode(colours);
},
reportRisk: function() {
var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
var riskObject = new global.JSON().decode(this.getParameter('sysparm_risk_info'));
var riskId = assessmentUtils.createRisk(riskObject);
var assessmentInstanceId;
if (riskId) {
var scope = new GlideRecord('sn_risk_advanced_risk_assessment_scope');
scope.get(riskObject.scopeId);
var instanceObj = {};
instanceObj.risk = riskId;
instanceObj.assessment_scope = riskObject.scopeId;
instanceObj.entity_1 = riskObject.entityId;
instanceObj.risk_assessment_methodology = scope.risk_assessment_methodology;
assessmentUtils.addAssessors(instanceObj, scope, riskId);
assessmentUtils.addApprovers(instanceObj, scope);
assessmentInstanceId = assessmentUtils.createAssessmentInstance(instanceObj);
assessmentUtils.createAssessmentQuestions(assessmentInstanceId);
}
return new global.JSON().encode(assessmentInstanceId);
},
_error: function(msg) {
return new global.JSON().encode({
error: msg
});
},
getEntityClass: function() {
var gr = new GlideRecord('sn_grc_profile');
gr.get(this.getParameter("sysparm_entity_id"));
var classGr = new GlideRecord("sn_grc_profile_class");
classGr.get(gr.getValue("profile_class"));
return classGr.getDisplayValue("name");
},
getUserName: function() {
var gr = new GlideRecord('sys_user');
gr.get(this.getParameter("sysparm_ownerId"));
return gr.name;
},
triggerAssessments: function(id) {
if (gs.hasRole('sn_risk_advanced.ara_creator')) {
var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
var assesmentsArray = [];
assesmentsArray = id ? [id] : this.getParameter("sysparm_assessment_ids").split(',');
var assessmentIdsInCompletedState = assessmentUtils.getClosedAssessments(assesmentsArray, null);
var newAssessments = assessmentUtils.createNewAsmtInstance(assessmentIdsInCompletedState);
//Removing closed assessments from list of assessments
for (var i = 0; i < assessmentIdsInCompletedState.length; i++) {
var index;
while ((index = assesmentsArray.indexOf(assessmentIdsInCompletedState[i])) !== -1) {
assesmentsArray.splice(index, 1);
}
}
//Adding newly created assesments to existing list of assesments
var allAsessments = assesmentsArray.concat(newAssessments);
var count = assessmentUtils.markAssess(allAsessments, null);
if (count == 0) {
return gs.getMessage("No new assessments to initiate");
} else if (count == 1) {
return gs.getMessage("Initiated one risk assessment");
} else {
return gs.getMessage("Initiated {0} risk assessments", count);
}
}
},
triggerAssessmentsEvent: function() {
gs.eventQueue('sn_risk_advanced.trigger_all_asmts', null, this.getParameter("sysparm_scope_id"));
var gr = new GlideRecord("sn_risk_advanced_risk_assessment_scope");
gr.get(this.getParameter("sysparm_scope_id"));
gr.setValue("state", "5");
gr.update();
return gs.getMessage("Risk assessments are being initiated. This may take a while.");
},
getCountOfAssessmentsToTrigger: function(scopeId) {
scopeId = gs.nil(scopeId) ? this.getParameter("sysparm_scope_id") : scopeId;
var asmt = new GlideAggregate("sn_risk_advanced_risk_assessment_instance");
asmt.addQuery('assessment_scope', scopeId);
asmt.addQuery('state', 'IN', '0');
asmt.addAggregate('COUNT');
asmt.query();
asmt.next();
return parseInt(asmt.getAggregate('COUNT')) + (new sn_risk_advanced.RiskAssessmentUtils().getClosedAssessments(null, scopeId)).length;
},
getCountOfAssessmentsToTriggerForWorkspace: function(scopeId) {
scopeId = scopeId ? scopeId : this.getParameter("sysparm_scope_id");
var asmt = new GlideAggregate("sn_risk_advanced_risk_assessment_instance");
asmt.addQuery('assessment_scope', scopeId);
asmt.addAggregate('COUNT');
asmt.query();
asmt.next();
return parseInt(asmt.getAggregate('COUNT'));
},
getAssessmentResponseData: function() {
return new global.JSON().encode(new sn_risk_advanced.RiskAssessmentUtils().getAssessmentResponseData(this.getParameter('sysparm_assessment_instance_id'), this.getParameter('sysparm_assessment_type'), this.getParameter('sysparm_ram_id')));
},
getAssessmentsToHide: function() {
var result = {
"inherent_assessment": false,
"control_assessment": false,
"residual_assessment": false,
"risk_response": false,
};
var asmtInstanceId = this.getParameter("sysparm_instance_id");
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.get(asmtInstanceId);
var asmtTypes = new GlideRecord("sn_risk_advanced_assessment_type");
asmtTypes.addQuery("risk_assessment_methodology", instance.risk_assessment_methodology);
asmtTypes.query();
while (asmtTypes.next()) {
if (asmtTypes.sys_class_name == "sn_risk_advanced_inherent_assessment") {
result.inherent_assessment = true;
} else if (asmtTypes.sys_class_name == "sn_risk_advanced_control_assessment") {
result.control_assessment = true;
} else if (asmtTypes.sys_class_name == "sn_risk_advanced_residual_assessment") {
result.residual_assessment = true;
}
}
if (instance.risk_assessment_methodology.enable_risk_response_workflow)
result.risk_response = true;
var asmtStatesAndCurrentState = {
"asmtStates": JSON.stringify(result),
"currentState": instance.getValue('state'),
};
return JSON.stringify(asmtStatesAndCurrentState);
},
setAssessor: function() {
var asmtInstanceId = this.getParameter("sysparm_instance_id");
var assessor = this.getParameter("sysparm_assessor");
var comments = this.getParameter("sysparm_comments");
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.get(asmtInstanceId);
instance.assessor_user = assessor;
instance.assessor_group = '';
if (comments != '')
instance.comments = comments;
instance.update();
return true;
},
approveAssessments: function() {
var count = new RiskAssessmentUtils().markApproved(this.getParameter("sysparm_assessment_ids"));
if (count == 1) {
return gs.getMessage("Approved one risk assessment");
} else {
return gs.getMessage("Approved {0} risk assessments", count);
}
},
setApprover: function() {
var asmtInstanceId = this.getParameter("sysparm_instance_id");
var approver = this.getParameter("sysparm_approver");
var comments = this.getParameter("sysparm_comments");
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.get(asmtInstanceId);
instance.approver_user = approver;
instance.approver_type = '1';
instance.approver_group = '';
if (comments != '')
instance.comments = comments;
instance.update();
return true;
},
requestReassessment: function() {
var asmtInstanceId = this.getParameter("sysparm_instance_id");
var comments = this.getParameter("sysparm_comments");
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.get(asmtInstanceId);
instance.sub_state = "0";
instance.approver_user = gs.getUserID();
instance.approver_type = '1';
instance.approver_group = '';
if (comments != '')
instance.comments = comments;
new RiskAssessmentUtils().assess(instance);
instance.update();
return true;
},
requestApproval: function() {
var asmtInstanceId = this.getParameter("sysparm_instance_id");
var comments = this.getParameter("sysparm_comments");
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.get(asmtInstanceId);
if (comments != '')
instance.comments = comments;
return new RiskAssessmentUtils().requestApproval(instance);
},
getContributingRiskAsmts: function(reportSysId) {
if (!reportSysId)
reportSysId = this.getParameter('sysparm_sys_id');
var report = new GlideRecord("sn_risk_advanced_risk_assessment_result");
report.get(reportSysId);
return new RiskRollupUtils().getContributingRiskAsmts(report);
},
getRiskStatementsInAsmtInstance: function(id) {
var scopeId;
if (id)
scopeId = id;
else
scopeId = this.getParameter('sysparm_scope_id');
var scope = new GlideRecord('sn_risk_advanced_risk_assessment_scope');
scope.get(scopeId);
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.addQuery('risk_assessment_methodology', scope.risk_assessment_methodology);
instance.addQuery('entity_1', scope.entity);
instance.addQuery('risk.instance', true);
instance.query();
var riskStatementsId = [];
while (instance.next()) {
riskStatementsId.push(instance.risk.statement + "");
}
var gr = new GlideRecord('sn_risk_risk');
gr.addQuery('profile', scope.entity);
gr.addQuery('active', false);
gr.addQuery('instance', true);
gr.query();
while (gr.next()) {
if (riskStatementsId.indexOf(gr.getValue('statement')) == -1)
riskStatementsId.push(gr.getValue('statement'));
}
return riskStatementsId;
},
getValidRisksForAsmtScope: function(scopeId, entity) {
if (scopeId == null) {
scopeId = this.getParameter('sysparm_scope_id');
}
if (entity == null) {
entity = this.getParameter('sysparm_entity');
}
var instance = new GlideRecord("sn_risk_advanced_risk_assessment_instance");
instance.addQuery('assessment_scope', scopeId);
instance.addQuery('state', '!=', '8');
instance.query();
var riskIds = [];
while (instance.next()) {
riskIds.push(instance.risk + '');
}
var riskReference = new GlideRecord('sn_risk_risk');
riskReference.addQuery('sys_id', 'NOT IN', riskIds);
riskReference.addQuery('profile', entity);
riskReference.addQuery('state', '!=', 'retired');
riskReference.query();
var finalRiskIds = [];
while (riskReference.next()) {
finalRiskIds.push(riskReference.getUniqueValue());
}
return finalRiskIds;
},
generateResponses: function() {
var prevAsmtId = this.getParameter('sysparm_prevAsmtId');
var currAsmtId = this.getParameter('sysparm_currAsmtId');
return new RiskAssessmentUtils().generateResponsesForReTriggeredAsmts(prevAsmtId, currAsmtId);
},
saveMitigationCtrlAndResidualRiskFlags: function() {
var asmtId = this.getParameter('sysparm_asmtId');
var asmtState = this.getParameter('sysparm_state');
var isMitigationControlsFlagSet = this.getParameter('sysparm_isMitigationCtrlsFlagSet');
var isResidualRiskFlagSet = this.getParameter('sysparm_isResidualRiskFlagSet');
return new RiskAssessmentUtils().saveMitigationCtrlAndResidualRiskFlags(asmtId, asmtState, isMitigationControlsFlagSet, isResidualRiskFlagSet);
},
getControlObjectives: function() {
var result = this.validateInput();
if (!result.error)
return new global.JSON().encode(this.getAlreadyAssociatedControlObjectives(result.mitigationId));
else
return result.error;
},
getAlreadyAssociatedControlObjectives: function(mitigationId) {
var alreadyAssociatedControlObjectives = [];
var m2m = new GlideRecord("sn_risk_m2m_risk_mitigation_control");
m2m.addQuery("risk_mitigation.active", true);
m2m.addQuery("risk_mitigation", mitigationId);
m2m.addQuery("control.instance", "true");
m2m.query();
while (m2m.next()) {
if (!m2m.control.content.nil()) {
alreadyAssociatedControlObjectives.push(m2m.control.content + '');
}
}
return alreadyAssociatedControlObjectives;
},
validateInput: function() {
if (!(new GlideRecord('sn_risk_m2m_risk_mitigation_control')).canCreate())
return this._error(gs.getMessage('Insufficient privileges to create controls'));
var riskId = this.getParameter('sysparm_risk_id');
if (!riskId)
return this._error(gs.getMessage('Risk is missing in the request'));
var risk = new GlideRecord('sn_risk_risk');
if (!risk.get(riskId))
return this._error(gs.getMessage('Request is having invalid risk information'));
var mitigationId = this.getParameter('sysparm_risk_mitigation');
if (!mitigationId)
return this._error(gs.getMessage('Mitigation task is missing in the request'));
var mitigation = new GlideRecord('sn_risk_mitigation_task');
if (!mitigation.get(mitigationId))
return this._error(gs.getMessage('Request is having invalid mitigation information'));
var obj = {
risk: risk,
mitigation: mitigation,
riskId: riskId,
mitigationId: mitigationId
};
return obj;
},
addMitigationControl: function() {
var result = this.validateInput();
if (!result.error) {
var controlObjectiveMsg = new sn_grc.GRCUtils().getMessage('policy_statements');
var controlObjectiveIds = this.getParameter('sysparm_content_ids');
controlObjectiveIds = controlObjectiveIds.split(',');
if (!controlObjectiveIds || (controlObjectiveIds.length == 1 && controlObjectiveIds[0] == ''))
return this._error(gs.getMessage('{0} are missing in the request', controlObjectiveMsg));
var risk = result.risk;
var controlId;
var controlsAdded = 0;
for (var i = 0; i < controlObjectiveIds.length; i++) {
/** below code returns control id if exist otherwise creates return control id**/
controlId = this.createControlIfNotExists(controlObjectiveIds[i], risk.profile + '');
if (controlId) {
if (new sn_risk.MitigationControls().createMitigationControlsToMitigationRisk(result.mitigationId, controlId))
controlsAdded++;
}
}
return new global.JSON().encode({
controlsMsg: gs.getMessage('{0} control(s) have been added to this mitigation task', controlsAdded + '')
});
} else
return result.error;
},
createControlIfNotExists: function(controlObjective, entity) {
var control = new GlideRecord('sn_compliance_control');
control.addQuery('content', controlObjective);
control.addQuery('profile', entity);
control.query();
if (control.next()) {
return control.getUniqueValue();
} else {
control.initialize();
control.setValue('content', controlObjective);
control.setValue('profile', entity);
var controlId = control.insert();
if (controlId) {
var m2m = new GlideRecord('sn_grc_m2m_content_profile');
m2m.setValue('sn_grc_content', controlObjective);
m2m.setValue('sn_grc_profile', entity);
m2m.insert();
}
return controlId;
}
},
reassess: function() {
return new sn_risk_advanced.RiskAssessmentUtils().reassess(this.getParameter('sysparm_asmt_id'));
},
cancelAssessments: function() {
var assesmentsArray = [];
if (this.getParameter("sysparm_assessment_ids") != '')
assesmentsArray = this.getParameter("sysparm_assessment_ids").split(',');
return new sn_risk_advanced.RiskAssessmentUtils().cancelAssessments(assesmentsArray);
},
cancelRiskAssessment: function() {
if (gs.hasRole("sn_risk.user")) {
var riskGr = new GlideRecord("sn_risk_risk");
riskGr.get(this.getParameter("sysparm_risk_id"));
var asmt = new RiskUtilities().getLatestAssessment(riskGr);
return new sn_risk_advanced.RiskAssessmentUtils().cancelAssessments(asmt.getUniqueValue());
}
},
simulateAssessment: function() {
var assessmentUtils = new sn_risk_advanced.RiskAssessmentUtils();
var instanceObj = {};
var assessmentId = '';
var entityId = '';
var result = {};
if (gs.hasRole('sn_risk_advanced.ara_assessor')) {
instanceObj.assessor_type = "1";
instanceObj.assessor_user = gs.getUserID();
instanceObj.orignal_assessor_user = gs.getUserID();
} else {
result.status = 0;
result.errorMsg = gs.getMessage('simulate_assessment_error_msg', 'sn_risk_advanced.ara_assessor');
return new global.JSON().encode(result);
}
if (gs.hasRole('sn_risk_advanced.ara_approver')) {
instanceObj.approver_type = "1";
instanceObj.approver_user = gs.getUserID();
instanceObj.orignal_approver_user = gs.getUserID();
} else {
result.status = 0;
result.errorMsg = gs.getMessage('simulate_assessment_error_msg', 'sn_risk_advanced.ara_approver');
return new global.JSON().encode(result);
}
if (this.getParameter('sysparm_assessed_on') == "0") {
var riskObject = new global.JSON().decode(this.getParameter('sysparm_risk_info'));
if (riskObject.riskId) {
var gr = new GlideRecord('sn_risk_risk');
gr.addQuery('sys_id', riskObject.riskId);
gr.query();
if (gr.next()) {
entityId = gr.profile;
if (riskObject.riskAssessmentMethodology) {
assessmentId = assessmentUtils.checkIfRiskAssessmentExists(riskObject.riskAssessmentMethodology, riskObject.riskId, this.getParameter('sysparm_assessed_on'));
if (assessmentId != '')
assessmentUtils.deleteIfSimulatedRiskAssessmentExists(assessmentId);
}
instanceObj.risk = riskObject.riskId;
instanceObj.entity_1 = entityId;
instanceObj.risk_assessment_methodology = riskObject.riskAssessmentMethodology;
}
}
} else {
var objectInfo = new global.JSON().decode(this.getParameter('sysparm_obj_info'));
if (objectInfo.objectId && objectInfo.riskAssessmentMethodology) {
assessmentId = assessmentUtils.checkIfRiskAssessmentExists(objectInfo.riskAssessmentMethodology, objectInfo.objectId, this.getParameter('sysparm_assessed_on'));
if (assessmentId != '')
assessmentUtils.deleteIfSimulatedRiskAssessmentExists(assessmentId);
}
instanceObj.source_record = objectInfo.objectId;
instanceObj.table = objectInfo.table;
instanceObj.risk_assessment_methodology = objectInfo.riskAssessmentMethodology;
}
var ram = new GlideRecord('sn_risk_advanced_risk_assessment_methodology');
ram.addQuery('sys_id', instanceObj.risk_assessment_methodology);
ram.query();
if (ram.next()) {
instanceObj.next_schedule_date = assessmentUtils.getNextScheduleDate(ram.getValue('reassessment_frequency'));
instanceObj.asmt_due_date = assessmentUtils.getAssessmentDueDate(ram.getValue('days_to_overdue'));
}
instanceObj.state = "1";
var instanceId = assessmentUtils.createAssessmentInstance(instanceObj);
if (instanceId == null) {
result.status = 0;
result.errorMsg = gs.getMessage('Assessment could not be created.');
return new global.JSON().encode(result);
}
result.status = 201;
result.id = instanceId;
gr = new GlideRecord('sn_risk_advanced_risk_assessment_instance');
gr.addQuery('sys_id', instanceId);
gr.query();
if (gr.next()) {
result.infoMsg = gs.getMessage("simulate_assessment_created_msg");
result.number = gr.number + '';
}
assessmentUtils.createAssessmentQuestions(instanceId);
return new global.JSON().encode(result);
},
type: 'RiskAssessmentAJAX'
});
Sys ID
7c2ccfe073a10010ec95d11ee2f6a710