Name
sn_risk_advanced.RiskIdentificationUtilsBase
Description
No description available
Script
var RiskIdentificationUtilsBase = Class.create();
RiskIdentificationUtilsBase.prototype = {
initialize: function() {},
moveControlsToAttestation: function(riId, table, recordIds_list) {
return this._moveControlsToAttestation(riId, table, recordIds_list);
},
refreshListActivity: function(rID) {
var gr = new GlideRecord('sn_risk_advanced_risk_identification');
gr.get(rID);
if (gr.state == 'compliance_mapping') {
gr.sys_mod_count = gr.sys_mod_count + 1;
gr.setWorkflow(false);
gr.update();
} else {
new sn_grc.GRCUtils().updateEntityModCount(gr.entity);
}
},
createRiForEntity: function(riskIdentificationConfigurationObject, entity_ids) {
return this._createRiForEntity(riskIdentificationConfigurationObject, entity_ids);
},
getEntitiesForRiskIdentificationConfiguration: function(riskIdentificationConfigurationObject) {
return this._getEntitiesForRiskIdentificationConfiguration(riskIdentificationConfigurationObject);
},
reinitiateRiskIdentificationWorkflow: function(riskIdentificationObject) {
this._reinitiateRiskIdentificationWorkflow(riskIdentificationObject);
},
showReinitaieWorkflowButton: function(riskIdentificationObject) {
return this._showReinitaieWorkflowButton(riskIdentificationObject);
},
showRetireButton: function(riskIdentificationObject) {
return this._showRetireButton(riskIdentificationObject);
},
reinitiateRiskIdentification: function() {
this._reinitiateRiskIdentification();
},
reinitiateRiskIdentificationAction: function(sourceTable, sourceId, entityId, isEntity) {
return this._reinitiateRiskIdentificationAction(sourceTable, sourceId, entityId, isEntity);
},
removeAssociationToRiskIdentification: function(riId, table, recordIds_list) {
return this._removeAssociationToRiskIdentification(riId, table, recordIds_list);
},
associateRecordToRiskIdentification: function(riId, table, column, recordId) {
return this._associateRecordToRiskIdentification(riId, table, column, recordId);
},
filterRiskStatementsByInformationObjects: function(riskIdentificationObject) {
return this._filterRiskStatementsByInformationObjects(riskIdentificationObject);
},
filterCitationsByInformationObjects: function(riskIdentificationObject) {
return this._filterCitationsByInformationObjects(riskIdentificationObject);
},
filterPoliciesByInformationObjects: function(riskIdentificationObject) {
return this._filterPoliciesByInformationObjects(riskIdentificationObject);
},
filterControlObjectivesByInformationObjects: function(riskIdentificationObject) {
return this._filterControlObjectivesByInformationObjects(riskIdentificationObject);
},
rejectQuestionnaire: function(asmt, noMessage) {
return this._rejectQuestionnaire(asmt, noMessage);
},
canAttest: function(ri) {
return this._canAttest(ri);
},
hasControlsToAttest: function(entityID) {
return this._hasControlsToAttest(entityID);
},
_canAttest: function(ri) {
return ri.state == 'control_mapping' && this._canAccessButtonsAsComplianceManager(ri) && this._hasControlsToAttest(ri.entity);
},
_hasControlsToAttest: function(entityID) {
var gr = new GlideRecord('sn_compliance_control');
gr.addQuery('profile', entityID);
gr.addQuery('state', 'IN', 'draft,monitor');
gr.setLimit(1);
gr.query();
return gr.hasNext();
},
_rejectQuestionnaire: function(asmt, noMessage) {
asmt.state = 'wip';
asmt.update();
//Change state of Risk Identification to Information Gathering
var currentAsmtQues = new GlideRecord('asmt_assessment_instance_question');
currentAsmtQues.addQuery('instance', asmt.getUniqueValue());
currentAsmtQues.query();
while (currentAsmtQues.next()) {
if (currentAsmtQues.metric.datatype == "attachment") {
var metricResult = new GlideRecord('asmt_metric_result');
metricResult.addQuery('instance', asmt.getUniqueValue());
metricResult.addQuery('metric', currentAsmtQues.metric);
metricResult.query();
if (metricResult.next()) {
var copyAtt = new GlideSysAttachment();
copyAtt.copy('asmt_metric_result', metricResult.getUniqueValue(), 'asmt_assessment_instance_question', currentAsmtQues.getUniqueValue());
}
}
}
var ri = new GlideRecord('sn_risk_advanced_risk_identification');
ri.get(asmt.risk_identification);
ri.state = "information_gathering";
ri.update();
if (!noMessage)
gs.addInfoMessage(gs.getMessage("The previous responses are defaulted and the questionnaire has been sent back to the respondent successfully."));
gs.eventQueue("sn_risk_advanced.assessment_rejected", asmt, ri.comments.getJournalEntry(1).split("(Additional comments)")[1]);
},
filterTableRecords: function(riskIdentificationObject, table, column, riskIdentificationTable) {
var records = [];
var infoObjectsArray = [];
var rel_attributes = [];
var rel = new GlideRecord('cmdb_rel_attributes');
rel.addQuery('relation.parent', riskIdentificationObject.entity.applies_to);
rel.addQuery('relation.child.sys_class_name', 'cmdb_ci_information_object');
rel.addQuery('qualifier_type', 'cmdb_ci_qualifier_crud');
rel.query();
while (rel.next()) {
infoObjectsArray.push(rel.relation.child);
if (rel.qualifier_properties != "") {
rel_attributes.push(rel.qualifier_properties + '');
} else {
rel_attributes.push("");
}
}
if (infoObjectsArray.length != 0) {
for (var i = 0; i < infoObjectsArray.length; i = i + 1) {
var tableToIo = new GlideRecord(table);
if (riskIdentificationTable == "sn_risk_risk") {
tableToIo.addQuery('sn_grc_content.sys_class_name', 'sn_risk_definition');
}
if (riskIdentificationTable == "sn_risk_advanced_m2m_content_risk_identification") {
tableToIo.addQuery('sn_grc_content.sys_class_name', 'sn_compliance_citation');
}
tableToIo.addQuery('information_object', 'IN', infoObjectsArray[i]);
var no_of_attributes = 0;
if (rel_attributes[i] != '')
no_of_attributes = rel_attributes[i].split(',').length;
if (no_of_attributes > 0) {
var attributes_list = rel_attributes[i].split(',');
var tableToIo_condition = tableToIo.addQuery('applicable_for', 'CONTAINS', attributes_list[0]);
for (var j = 1; j < no_of_attributes; j = j + 1) {
tableToIo_condition.addOrCondition('applicable_for', 'CONTAINS', attributes_list[j]);
}
}
tableToIo.query();
while (tableToIo.next()) {
var riTable = new GlideRecord(riskIdentificationTable);
if (riskIdentificationTable == "sn_risk_risk") {
var entity = riskIdentificationObject.entity;
riTable.addQuery('profile', '=', entity);
riTable.addQuery('statement', tableToIo[column] + '');
} else {
riTable.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
riTable.addQuery(column, tableToIo[column] + '');
}
riTable.query();
if (!riTable.next())
records.push(tableToIo[column] + '');
}
}
}
return records;
},
getRespondent: function(riskIdentificationObject) {
return this._getRespondent(riskIdentificationObject);
},
sendAssessment: function(riskIdentificationObject, respondent) {
this._sendAssessment(riskIdentificationObject, respondent);
},
filterEntities: function() {
return this._filterEntities();
},
getConfiguration: function(entity) {
return this._getConfiguration(entity);
},
showPerformInherentAsmtButton: function(riskIdentificationObject) {
return this._showPerformInherentAsmtButton(riskIdentificationObject);
},
showAssociateRisksButton: function(riskIdentificationObject) {
return this._showAssociateRisksButton(riskIdentificationObject);
},
showMonitorButton: function(riskIdentificationObject) {
return this._showMonitorButton(riskIdentificationObject);
},
showRecommendedRiskStatementButton: function(riskIdentificationObject) {
return this._showRecommendedRiskStatementButton(riskIdentificationObject);
},
showAssociateControlsButton: function(riskIdentificationObject) {
return this._showAssociateControlsButton(riskIdentificationObject);
},
showAssociateCitationsAndPoliciesButton: function(riskIdentificationObject) {
return this._showAssociateCitationsAndPoliciesButton(riskIdentificationObject);
},
showRecommendedCitationsButton: function(riskIdentificationObject) {
return this._showRecommendedCitationsButton(riskIdentificationObject);
},
showRecommendedControlsButton: function(riskIdentificationObject) {
return this._showRecommendedControlsButton(riskIdentificationObject);
},
showRecommendedPoliciesButton: function(riskIdentificationObject) {
return this._showRecommendedPoliciesButton(riskIdentificationObject);
},
showRequestReassessmentButton: function(riskIdentificationObject) {
return this._showRequestReassessmentButton(riskIdentificationObject);
},
showInitiateQuestionnaireButton: function(riskIdentificationObject) {
return this._showInitiateQuestionnaireButton(riskIdentificationObject);
},
getValidRiskManagers: function(riskIdentificationObject) {
return this._getValidRiskManagers(riskIdentificationObject);
},
canAccessButtons: function(riskIdentificationObject) {
return this._canAccessButtons(riskIdentificationObject);
},
sendInherentAssessment: function(riskIdentificationObject) {
return this._sendInherentAssessment(riskIdentificationObject);
},
canChangeConfigurationState: function(riskIdentificationConfiguration) {
return this._canChangeConfigurationState(riskIdentificationConfiguration);
},
canAccessButtonsAsComplianceManager: function(riskIdentificationObject) {
return this._canAccessButtonsAsComplianceManager(riskIdentificationObject);
},
canAccessComplianceAddFromLibraryButtons: function(riskIdentificationObject) {
return this._canAccessComplianceAddFromLibraryButtons(riskIdentificationObject);
},
_canAccessComplianceAddFromLibraryButtons: function(riskIdentificationObject) {
return riskIdentificationObject.getTableName() == 'sn_risk_advanced_risk_identification' && riskIdentificationObject.getValue("state") == 'compliance_mapping' && this._canAccessButtonsAsComplianceManager(riskIdentificationObject);
},
getAllControlListFromEntity: function(entity) {
return this._getAllControlListFromEntity(entity);
},
_getAllControlListFromEntity: function(entity) {
var commonControlIdList = [];
var commonControlId = new GlideRecord("sn_compliance_m2m_control_entity");
commonControlId.addActiveQuery();
commonControlId.addQuery("entity", entity);
commonControlId.query();
while (commonControlId.next()) {
commonControlIdList.push(commonControlId.getValue("control"));
}
return commonControlIdList;
},
getUnassignedRisksFromLibrary: function(riskIdentificationObject) {
var riskStatements = [];
var entity_id = riskIdentificationObject.entity;
var risks = new GlideRecord('sn_risk_risk');
risks.addQuery('profile', '=', entity_id);
risks.addQuery('instance', true);
risks.query();
while (risks.next()) {
riskStatements.push(risks.statement + '');
}
return riskStatements.join(',');
},
getUnassignedCitationsFromLibrary: function(riskIdentificationObject) {
var addedCitations = [];
var ciToRi = new GlideRecord('sn_risk_advanced_m2m_content_risk_identification');
ciToRi.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
ciToRi.addQuery('sn_grc_content.sys_class_name', "sn_compliance_citation");
ciToRi.query();
while (ciToRi.next()) {
addedCitations.push(ciToRi.sn_grc_content + '');
}
return addedCitations.join(',');
},
getUnassignedPoliciesFromLibrary: function(riskIdentificationObject) {
var addedPolicies = [];
var poToRi = new GlideRecord('sn_risk_advanced_m2m_document_risk_identification');
poToRi.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
poToRi.addQuery('sn_grc_document.sys_class_name', "sn_compliance_policy");
poToRi.query();
while (poToRi.next()) {
addedPolicies.push(poToRi.sn_grc_document + '');
}
return addedPolicies.join(',');
},
getUnassignedControlObjectivesFromLibrary: function(riskIdentificationObject) {
var addedCo = [];
var ri = riskIdentificationObject;
var coToProfile = new GlideRecord('sn_compliance_control');
coToProfile.addQuery('profile', ri.entity + '');
coToProfile.addQuery('instance', true);
coToProfile.query();
while (coToProfile.next()) {
addedCo.push(coToProfile.content + '');
}
return addedCo.join(',');
},
_reinitiateRiskIdentificationAction: function(sourceTable, sourceId, entityId, isEntity) {
var riskIdentificationObject = new GlideRecord('sn_risk_advanced_risk_identification');
if (isEntity) {
riskIdentificationObject.addQuery('entity', entityId);
} else {
riskIdentificationObject.addQuery('entitiy.applies_to', sourceId);
riskIdentificationObject.addQuery('entity.table', 'sourceTable');
}
riskIdentificationObject.query();
if (riskIdentificationObject.next()) {
if (riskIdentificationObject.state == "monitor") {
riskIdentificationObject.setValue('entity', entityId);
riskIdentificationObject.setValue('state', 'new');
riskIdentificationObject.setValue('next_initiation_date', '');
riskIdentificationObject.update();
gs.info("SUCCESS: Successfully reinitiated risk identification.");
return "Successfully reinitiated risk identification.";
} else {
gs.info("FAILED: Risk Identification record should be in monitor state before reinitating.");
return "Risk Identification record should be in monitor state before reinitating.";
}
} else {
gs.info("FAILED: No risk identification record found with the current entity");
return "No risk identification record found with the current entity.";
}
},
_associateRecordToRiskIdentification: function(riId, table, column, recordId) {
var recordToRiskIdentification = new GlideRecord(table);
recordToRiskIdentification.addQuery(column, recordId);
recordToRiskIdentification.addQuery('risk_identification', riId);
recordToRiskIdentification.query();
if (!recordToRiskIdentification.hasNext()) {
recordToRiskIdentification.initialize();
recordToRiskIdentification.setValue(column, recordId);
recordToRiskIdentification.setValue('risk_identification', riId);
var result = recordToRiskIdentification.insert();
if (result != "") {
return "success";
}
}
},
_canChangeConfigurationState: function(riskIdentificationConfiguration) {
var ri = new GlideRecord('sn_risk_advanced_risk_identification');
ri.addQuery('risk_identification_configuration', riskIdentificationConfiguration.getUniqueValue());
ri.addQuery('state', '!=', 'retired');
ri.setLimit(1);
ri.query();
if (ri.hasNext()) {
return false;
} else {
return true;
}
},
_canAccessButtons: function(riskIdentificationObject) {
if (riskIdentificationObject.risk_manager != '')
return gs.getUserID() == riskIdentificationObject.risk_manager + '';
else
return gs.getUser().isMemberOf(riskIdentificationObject.risk_identification_configuration.risk_manager_group + '');
},
_canAccessButtonsAsComplianceManager: function(riskIdentificationObject) {
return this._canAccessButtons(riskIdentificationObject) && gs.hasRole('sn_compliance.manager');
},
_getValidRiskManagers: function(riskIdentificationObject) {
var members = new GlideRecord("sys_user_grmember");
members.addQuery("group", riskIdentificationObject.risk_identification_configuration.risk_manager_group + '');
members.query();
var list = [];
while (members.next()) {
list.push(members.user + '');
}
return "sys_idIN" + list.join(",") + "^active=true";
},
_showRequestReassessmentButton: function(riskIdentificationObject) {
return riskIdentificationObject.state == 'review' && this._canAccessButtons(riskIdentificationObject);
},
_showInitiateQuestionnaireButton: function(riskIdentificationObject) {
return riskIdentificationObject.state == 'new' && riskIdentificationObject.risk_identification_configuration.initiate_questionnaire && this._canAccessButtons(riskIdentificationObject);
},
_showPerformInherentAsmtButton: function(riskIdentificationObject) {
return riskIdentificationObject.entity.applies_to && riskIdentificationObject.risk_identification_configuration.inherent_assessment && ((riskIdentificationObject.state == 'new' && !riskIdentificationObject.risk_identification_configuration.initiate_questionnaire) || (riskIdentificationObject.state == 'review') || (this._isQuestionnaireCompleted(riskIdentificationObject) && riskIdentificationObject.state == 'information_gathering')) && this._canAccessButtons(riskIdentificationObject);
},
_isQuestionnaireCompleted: function(riskIdentificationObject) {
var asmt = new GlideRecord("asmt_assessment_instance");
asmt.addQuery("risk_identification", riskIdentificationObject.getUniqueValue());
asmt.orderByDesc("sys_created_on");
asmt.setLimit(1);
asmt.query();
if (asmt.next()) {
return asmt.getValue("state") == "complete";
}
return false;
},
_showAssociateRisksButton: function(riskIdentificationObject) {
return ((riskIdentificationObject.state == 'new' && (!riskIdentificationObject.risk_identification_configuration.initiate_questionnaire && (!riskIdentificationObject.risk_identification_configuration.inherent_assessment || !riskIdentificationObject.entity.applies_to))) || (riskIdentificationObject.state == "review" && (!riskIdentificationObject.risk_identification_configuration.inherent_assessment || !riskIdentificationObject.entity.applies_to)) || (riskIdentificationObject.state == "compliance_mapping") || (riskIdentificationObject.state == "control_mapping" && !riskIdentificationObject.creating_controls)) && this._canAccessButtons(riskIdentificationObject);
},
_showRecommendedRiskStatementButton: function(riskIdentificationObject) {
return (riskIdentificationObject.state == "risk_mapping" && riskIdentificationObject.risk_identification_configuration.enable_recommendation_engine && this._canAccessButtons(riskIdentificationObject));
},
_showAssociateCitationsAndPoliciesButton: function(riskIdentificationObject) {
return ((riskIdentificationObject.state == "risk_mapping" || (riskIdentificationObject.state == "control_mapping" && !riskIdentificationObject.creating_controls)) && this._canAccessButtons(riskIdentificationObject));
},
_showAssociateControlsButton: function(riskIdentificationObject) {
return riskIdentificationObject.state == "compliance_mapping" && this._canAccessButtonsAsComplianceManager(riskIdentificationObject);
},
_showRecommendedCitationsButton: function(riskIdentificationObject) {
return (riskIdentificationObject.state == "compliance_mapping" && riskIdentificationObject.risk_identification_configuration.enable_recommendation_engine && this._canAccessButtonsAsComplianceManager(riskIdentificationObject));
},
_showRecommendedPoliciesButton: function(riskIdentificationObject) {
return (riskIdentificationObject.state == "compliance_mapping" && riskIdentificationObject.risk_identification_configuration.enable_recommendation_engine && this._canAccessButtonsAsComplianceManager(riskIdentificationObject));
},
_showMonitorButton: function(riskIdentificationObject) {
var isComplianceInstalled = GlidePluginManager.isActive('com.sn_compliance') || GlidePluginManager.isActive('sn_compliance');
if (isComplianceInstalled) {
return riskIdentificationObject.state == "control_mapping" && !riskIdentificationObject.creating_controls && this._canAccessButtons(riskIdentificationObject);
} else {
return riskIdentificationObject.state == "risk_mapping" && this._canAccessButtons(riskIdentificationObject);
}
},
_getConfiguration: function(entity) {
var config = '';
var rec = new GlideRecord('sn_risk_advanced_risk_identification_configuration');
rec.addNotNullQuery('table');
rec.addQuery('table', entity.table);
rec.addQuery('state', '2');
rec.query();
//if Published Configuration with Entity's table exists
if (rec.next()) {
config = rec.getUniqueValue();
} //if Published Configuration with Entity's entity class exists
else if (entity.profile_class != '') {
rec = new GlideRecord('sn_risk_advanced_risk_identification_configuration');
rec.addNotNullQuery('target_entity_class');
rec.addNullQuery('table');
rec.addQuery('target_entity_class', entity.profile_class);
rec.addQuery('state', '2');
rec.query();
if (rec.next())
config = rec.getUniqueValue();
}
return config;
},
_filterEntities: function() {
var query = '';
//Get all entities whose entity class has a published configuration
var configs = new GlideRecord("sn_risk_advanced_risk_identification_configuration");
configs.addQuery("state", "2");
configs.addNotNullQuery("target_entity_class");
configs.addNullQuery("table");
configs.query();
while (configs.next()) {
if (query == '') {
query += "profile_classIN";
}
query += configs.target_entity_class + ',';
}
if (query[query.length - 1] == ',')
query = query.substring(0, query.length - 1);
//Get all entities whose table has a published configuration
configs.initialize();
configs.addQuery("state", "2");
configs.addNotNullQuery("table");
configs.query();
if (configs.hasNext()) {
if (query == '')
query += "tableIN";
else
query += "^ORtableIN";
}
while (configs.next()) {
query += configs.table + ',';
}
if (query[query.length - 1] == ',')
query = query.substring(0, query.length - 1);
if (query != '') {
query += '^active=true';
//Get all entities which already has Risk identification record
query += '^sys_idNOT IN';
var ident = new GlideRecord("sn_risk_advanced_risk_identification");
ident.query();
while (ident.next()) {
query += ident.entity + ',';
}
if (query[query.length - 1] == ',')
query = query.substring(0, query.length - 1);
} else
query = 'sys_id=';
return query;
},
_getRespondent: function(riskIdentificationObject) {
var respondantID = '';
if (riskIdentificationObject.risk_identification_configuration.respondent_type == "0") {
if (riskIdentificationObject.entity.owned_by != "") {
respondantID = riskIdentificationObject.entity.owned_by + '';
}
} else {
var table = new GlideRecord(riskIdentificationObject.entity.table);
table.get(riskIdentificationObject.entity.applies_to);
var element = table.getElement(riskIdentificationObject.risk_identification_configuration.respondant_field);
if (element.getED().getInternalType() == 'reference' && element.getReferenceTable() == 'sys_user' && table.getValue(riskIdentificationObject.risk_identification_configuration.respondant_field))
respondantID = table.getValue(riskIdentificationObject.risk_identification_configuration.respondant_field);
}
if (respondantID != '') {
var hasRole = new GlideRecord("sys_user_has_role");
hasRole.addEncodedQuery('user=' + respondantID + '^role.name=sn_grc.business_user^ORrole.name=sn_grc.business_user_lite');
hasRole.query();
if (hasRole.hasNext())
return respondantID;
else
return false;
}
return false;
},
_sendAssessment: function(riskIdentificationObject, respondent) {
var metricType = riskIdentificationObject.risk_identification_configuration.questionnaire;
var entity = riskIdentificationObject.entity;
var entityGr = new GlideRecord('sn_grc_profile');
entityGr.get(entity);
// Check if assessable record exists and Create new assessment instance
new global.AssessmentUtils().checkRecord(entityGr, metricType + '');
var output = new global.AssessmentUtils().createAssessments(metricType, entity, respondent);
// Verifying Instance gets created
if (output) {
var asmt = new GlideRecord("asmt_assessment_instance");
var instanceId = asmt.get(output.substring(0, 32));
if (instanceId) {
var name = riskIdentificationObject.entity.name + '';
if (riskIdentificationObject.entity.profile_class)
name = riskIdentificationObject.entity.profile_class.name + ' - ' + riskIdentificationObject.entity.name;
var escapeElement = GlideStringUtil.escapeHTML(riskIdentificationObject.risk_identification_configuration.questionnaire.name);
gs.addInfoMessage(gs.getMessage("The questionnaire {0} to collect details about {1} has been successfully sent to the respondent.", [escapeElement, name]));
// Risk Identification -> asmt_instance
asmt.risk_identification = riskIdentificationObject.getUniqueValue();
asmt.update();
//Update state to information_gathering if new assessment is succesfully created
riskIdentificationObject.state = "information_gathering";
riskIdentificationObject.update();
//copy previous responses if any
if (riskIdentificationObject.risk_identification_configuration.copy_previous_questionnaire_response) {
var prevAsmt = new GlideRecord('asmt_assessment_instance');
prevAsmt.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
prevAsmt.addQuery('state', 'complete');
prevAsmt.orderByDesc("sys_created_on");
prevAsmt.setLimit(1);
prevAsmt.query();
if (prevAsmt.next()) {
//Get all metric responses of previous questionnaire
var prevAsmtQues = new GlideRecord('asmt_assessment_instance_question');
prevAsmtQues.addQuery('instance', prevAsmt.getUniqueValue());
prevAsmtQues.query();
while (prevAsmtQues.next()) {
//Get current assessment's reponse of previous metric
var que = new GlideRecord('asmt_assessment_instance_question');
que.addQuery('instance', asmt.getUniqueValue());
que.addQuery('metric', prevAsmtQues.metric);
que.query();
// For multi selection question, asmt_assessment_instance_question records will be as many as choices selected. By default when new assesssment is created, only 1 record of asmt_assessment_instance_question is created. If previous response had say 2 choices selected, we need to create 1 record manually
var doesQueExists = que.hasNext();
if (que.next() && que.value == '' && que.string_value == '') {
if (que.metric.datatype == "attachment") {
//asmt instance question is attachment
var metricResult = new GlideRecord('asmt_metric_result');
metricResult.addQuery('instance', prevAsmt.getUniqueValue());
metricResult.addQuery('metric', que.metric);
metricResult.query();
if (metricResult.next()) {
var copyAtt = new GlideSysAttachment();
copyAtt.copy('asmt_metric_result', metricResult.getUniqueValue(), 'asmt_assessment_instance_question', que.getUniqueValue());
}
} else {
que.value = prevAsmtQues.value;
que.string_value = prevAsmtQues.string_value;
que.update();
}
} else if (doesQueExists && (que.value != '' || que.string_value != '')) {
que.value = prevAsmtQues.value;
que.string_value = prevAsmtQues.string_value;
que.insert();
}
}
}
}
}
}
},
_filterControlObjectivesByInformationObjects: function(riskIdentificationObject) {
var controlObjectives = [];
var co = '';
var ctTori = new GlideRecord('sn_risk_advanced_m2m_content_risk_identification');
ctTori.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
ctTori.query();
var ctToco = new GlideRecord('sn_compliance_m2m_statement_citation');
while (ctTori.next()) {
ctToco.initialize();
ctToco.addQuery('sn_compliance_citation', ctTori.sn_grc_content);
ctToco.query();
while (ctToco.next()) {
co = this._checkIfControlObjectiveExists(riskIdentificationObject, ctToco.sn_compliance_policy_statement + '');
if (co != '') {
controlObjectives.push(co);
}
}
}
var pTori = new GlideRecord('sn_risk_advanced_m2m_document_risk_identification');
pTori.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
pTori.query();
var pToco = new GlideRecord('sn_compliance_m2m_policy_policy_statement');
while (pTori.next()) {
pToco.initialize();
pToco.addQuery('document', pTori.sn_grc_document);
pToco.addQuery('content', 'NOT IN', controlObjectives);
pToco.query();
while (pToco.next()) {
co = this._checkIfControlObjectiveExists(riskIdentificationObject, pToco.content + '');
if (co != '') {
controlObjectives.push(co);
}
}
}
var rsToRi = new GlideRecord('sn_risk_risk');
rsToRi.addQuery('active', true);
rsToRi.addQuery('profile', riskIdentificationObject.entity);
rsToRi.query();
var rsToco = new GlideRecord('sn_risk_m2m_risk_definition_policy_statement');
while (rsToRi.next()) {
rsToco.initialize();
rsToco.addQuery('sn_risk_definition', rsToRi.statement);
rsToco.addQuery('sn_compliance_policy_statement', 'NOT IN', controlObjectives);
rsToco.query();
while (rsToco.next()) {
co = this._checkIfControlObjectiveExists(riskIdentificationObject, rsToco.sn_compliance_policy_statement + '');
if (co != '') {
controlObjectives.push(co);
}
}
}
return controlObjectives;
},
_checkIfControlObjectiveExists: function(riskIdentificationObject, content) {
var co = new GlideRecord('sn_compliance_policy_statement');
co.get(content);
if (!co.active)
return '';
var riTable = new GlideRecord('sn_compliance_control');
riTable.addQuery('profile', riskIdentificationObject.entity);
riTable.addQuery('content', content);
riTable.query();
if (!riTable.next()) {
return content;
}
return '';
},
_filterRiskStatementsByInformationObjects: function(riskIdentificationObject) {
return this.filterTableRecords(riskIdentificationObject, 'sn_grc_m2m_content_information_object', 'sn_grc_content', 'sn_risk_risk');
},
_filterPoliciesByInformationObjects: function(riskIdentificationObject) {
return this.filterTableRecords(riskIdentificationObject, 'sn_grc_m2m_document_information_object', 'sn_grc_document', 'sn_risk_advanced_m2m_document_risk_identification');
},
_filterCitationsByInformationObjects: function(riskIdentificationObject) {
return this.filterTableRecords(riskIdentificationObject, 'sn_grc_m2m_content_information_object', 'sn_grc_content', 'sn_risk_advanced_m2m_content_risk_identification');
},
_sendInherentAssessment: function(riskIdentificationObject) {
var result = {};
var isAssessorUser = false,
isApproverUser = false,
assessorID = '',
approverID = '';
var sourceRecord = new GlideRecord(riskIdentificationObject.entity.table);
sourceRecord.get(riskIdentificationObject.entity.applies_to);
var utils = new sn_risk_advanced.RiskAssessmentUtils();
//Assessor
if (riskIdentificationObject.risk_manager) {
isAssessorUser = true;
assessorID = riskIdentificationObject.risk_manager;
} else {
assessorID = riskIdentificationObject.risk_identification_configuration.risk_manager_group;
}
//Approver
if (riskIdentificationObject.risk_identification_configuration.review_inherent_assessment) {
if (riskIdentificationObject.risk_identification_configuration.approver_type == '2') {
approverID = riskIdentificationObject.risk_identification_configuration.approver_group;
} else {
if (!sourceRecord.getValue(riskIdentificationObject.risk_identification_configuration.approver)) {
var msg = gs.getMessage("The inherent assessment could not be initiated as the approver is not available. Please contact your administrator to review the risk identification configuration and then try to initiate the assessment again.");
result.status = 0;
result.errorMsg = msg;
gs.addErrorMessage(msg);
return result;
} else if (!utils.checkApproverRolePresent(sourceRecord.getElement(riskIdentificationObject.risk_identification_configuration.approver).getRefRecord())) {
var msg = gs.getMessage("The inherent assessment could not be initiated as the approver doesn't have sn_risk_advanced.ara_approver role. Please contact your administrator and then try to initiate the assessment again.");
result.status = 0;
result.errorMsg = msg;
gs.addErrorMessage(msg);
return result;
} else {
isApproverUser = true;
approverID = sourceRecord.getValue(riskIdentificationObject.risk_identification_configuration.approver);
}
}
}
result = utils.createRiskAssessment(sourceRecord, assessorID, approverID, isAssessorUser, isApproverUser);
if (result.status == 0) {
gs.addErrorMessage(result.errorMsg);
} else {
gs.addInfoMessage(result.msg);
riskIdentificationObject.state = "inherent_assessment";
riskIdentificationObject.update();
}
return result;
},
_removeAssociationToRiskIdentification: function(riId, table, recordIds_list) {
var confirmed_deletion = 0;
var table_name = table;
if (table_name == "sn_compliance_citation") {
var contentM2mRi = new GlideRecord('sn_risk_advanced_m2m_content_risk_identification');
contentM2mRi.addQuery('risk_identification', riId);
contentM2mRi.addEncodedQuery('sn_grc_contentIN' + recordIds_list);
contentM2mRi.query();
while (contentM2mRi.next()) {
if (contentM2mRi.deleteRecord()) {
confirmed_deletion = confirmed_deletion + 1;
}
}
return confirmed_deletion + '';
} else if (table_name == "sn_compliance_policy") {
var documentM2mRi = new GlideRecord('sn_risk_advanced_m2m_document_risk_identification');
documentM2mRi.addQuery('risk_identification', riId);
documentM2mRi.addEncodedQuery('sn_grc_documentIN' + recordIds_list);
documentM2mRi.query();
while (documentM2mRi.next()) {
if (documentM2mRi.deleteRecord()) {
confirmed_deletion = confirmed_deletion + 1;
}
}
return confirmed_deletion + '';
}
return 0;
},
_reinitiateRiskIdentification: function() {
//Set Risk Identification state as new
var today = new GlideDate();
var ri = new GlideRecord('sn_risk_advanced_risk_identification');
ri.addQuery('state', 'monitor');
ri.addQuery('next_initiation_date', '!=', "");
ri.addQuery('next_initiation_date', '<=', today.getValue());
ri.query();
while (ri.next()) {
ri.setValue('state', 'new');
ri.setValue("next_initiation_date", "");
ri.update();
}
},
_reinitiateRiskIdentificationWorkflow: function(riskIdentificationObject) {
riskIdentificationObject.state = "new";
riskIdentificationObject.next_initiation_date = "";
riskIdentificationObject.update();
},
_showReinitaieWorkflowButton: function(riskIdentificationObject) {
return this._canAccessButtons(riskIdentificationObject) && riskIdentificationObject.entity.active && (riskIdentificationObject.state == "monitor" || riskIdentificationObject.state == "retired");
},
_showRetireButton: function(riskIdentificationObject) {
return riskIdentificationObject.state != "retired" && !riskIdentificationObject.creating_controls && this._canAccessButtons(riskIdentificationObject);
},
_moveControlsToAttestation: function(riId, table, recordIds_list) {
var result = 0;
if (table == "sn_compliance_control") {
var control = new GlideRecord('sn_compliance_control');
var riskIdentificationObject = new GlideRecord('sn_risk_advanced_risk_identification');
riskIdentificationObject.get(riId);
control.addQuery('profile', riskIdentificationObject.entity);
control.addEncodedQuery('sys_idIN' + recordIds_list);
control.addQuery('state', 'draft');
control.query();
while (control.next()) {
control.setValue("state", "attest");
var response = control.update();
if (response != "") {
result = result + 1;
}
}
}
return result + '';
},
_getEntitiesForRiskIdentificationConfiguration: function(riskIdentificationConfigurationObject) {
var records = [];
var entitiesWithRI = [];
var entity = new GlideRecord('sn_grc_profile');
entity.addQuery('active', true);
var config_level = riskIdentificationConfigurationObject.configuration_level;
//Configuration level is Entity class
var ri = new GlideRecord('sn_risk_advanced_risk_identification');
ri.addQuery('risk_identification_configuration', riskIdentificationConfigurationObject.getUniqueValue());
if (config_level == 1) {
entity.addQuery('profile_class', riskIdentificationConfigurationObject.target_entity_class);
ri.addQuery('entity.profile_class', riskIdentificationConfigurationObject.target_entity_class);
}
//Configuration level is Table
else if (config_level == 2) {
entity.addQuery('table', riskIdentificationConfigurationObject.table);
ri.addQuery('entity.table', riskIdentificationConfigurationObject.table);
}
ri.query();
while (ri.next()) {
entitiesWithRI.push(ri.entity + '');
}
//Get entitites without RI
entity.addEncodedQuery('sys_idNOT IN' + entitiesWithRI);
entity.query();
while (entity.next()) {
records.push(entity.getUniqueValue());
}
return records;
},
_createRiForEntity: function(riskIdentificationConfigurationObject, entity_ids) {
var count = 0;
var ri = new GlideRecord('sn_risk_advanced_risk_identification');
for (var i = 0; i < entity_ids.length; i = i + 1) {
ri.initialize();
ri.entity = entity_ids[i];
ri.risk_identification_configuration = riskIdentificationConfigurationObject.getUniqueValue();
var result = ri.insert();
if (result != "") {
count = count + 1;
}
}
return count + '';
},
type: 'RiskIdentificationUtilsBase'
};
Sys ID
d8b261d477f110102a272f589a106113