Name
sn_risk.RiskGeneratorV2StrategyBase
Description
Generates risks when relationships between profiles, profile types, risk frameworks, and risk statements are made
Script
var RiskGeneratorV2StrategyBase = Class.create();
RiskGeneratorV2StrategyBase.prototype = Object.extend(new sn_grc.GRCAbstractGeneratorV2Strategy(), {
itemTable: 'sn_risk_risk',
getContentTable: function() {
return 'sn_risk_definition';
},
getDocToProfileTypeTable: function() {
return 'sn_risk_m2m_framework_profile_type';
},
getContentToProfileTypeTable: function() {
return 'sn_risk_m2m_risk_definition_profile_type';
},
deleteRecords: function(gr, useWorkflow) {
var enableWF = gs.nil(useWorkflow) ? true : useWorkflow;
gr.setWorkflow(enableWF);
gr.deleteMultiple();
},
contentShouldAssociateProfileTypes: function(riskStatementGr) {
return riskStatementGr.active;
},
canAssociateContentToEntity: function(content, profile) {
if (!content.isValidRecord() || !profile.isValidRecord())
return false;
return content.active && profile.active;
},
documentShouldAssociateProfileTypes: function(riskFrameworkGr) {
return riskFrameworkGr.active && this._documentIncludeActiveContents(riskFrameworkGr.getUniqueValue());
},
documentHasContents: function(riskFrameworkId, activeValue) {
var stmtToFramework = new GlideRecord('sn_risk_definition');
if (!gs.nil(activeValue))
stmtToFramework.addQuery('active', activeValue);
stmtToFramework.addQuery('document', riskFrameworkId);
stmtToFramework.setLimit(1);
stmtToFramework.query();
return stmtToFramework.hasNext();
},
documentHasEntityTypeAssociation: function(documentId, previousDocumentId) {
// Check for Entity Type on current
var entityType = new GlideRecord('sn_risk_m2m_framework_profile_type');
entityType.addQuery('sn_risk_framework', documentId);
entityType.query();
if (entityType.next()) {
return true;
}
//Check for Entity Type on previous
var prevEntityType = new GlideRecord('sn_risk_m2m_framework_profile_type');
prevEntityType.addQuery('sn_risk_framework', previousDocumentId);
prevEntityType.query();
if (prevEntityType.next()) {
return true;
}
},
activateRelatedContentAndItemsForDocument: function(frameworkId) {
var riskStmtGR = new GlideRecord('sn_risk_definition');
riskStmtGR.addQuery('document', frameworkId);
riskStmtGR.addQuery('active', false);
riskStmtGR.query();
while (riskStmtGR.next()) {
riskStmtGR.active = true;
riskStmtGR.skipInsertActionToQueue = true;
riskStmtGR.update();
var actionParms = {
action: 'activate_content',
source: frameworkId,
table: 'sn_risk_framework',
content_id: riskStmtGR.getUniqueValue(),
};
new sn_grc.IGContentActionHandler(actionParms, this).execute();
}
},
deactivateRelatedContentsAndItemsForDocument: function(riskFrameworkId) {
var actveRiskStmtIds = [];
var actveRiskStmt = new GlideRecord('sn_risk_definition');
actveRiskStmt.addActiveQuery();
actveRiskStmt.addQuery('document', riskFrameworkId);
actveRiskStmt.query();
while (actveRiskStmt.next()) {
actveRiskStmtIds.push(actveRiskStmt.getUniqueValue());
actveRiskStmt.skipInsertActionToQueue = true;
actveRiskStmt.active = false;
actveRiskStmt.update();
}
if (actveRiskStmtIds.length == 0) {
return;
}
var actionParams = {
'action': 'deactivate_content',
'content_id': actveRiskStmtIds
};
new sn_grc.IGContentActionHandler(actionParams, this).execute();
},
updateContentToDocumentLink: function(contentId, documentId) {
var arrayUtil = new global.ArrayUtil();
var newDocumentToEntityType = [];
var oldDocumentToEntityType = [];
// Get Entity Types for Current Document
var contentRec = new GlideRecord('sn_grc_content');
contentRec.get(contentId);
if (contentRec.isValidRecord() && contentRec.document) {
var entityTypeToNewDocument = new GlideRecord('sn_risk_m2m_framework_profile_type');
entityTypeToNewDocument.addQuery('sn_risk_framework', contentRec.document);
entityTypeToNewDocument.query();
while (entityTypeToNewDocument.next()) {
newDocumentToEntityType.push(entityTypeToNewDocument.getValue('sn_grc_profile_type'));
}
}
if (!gs.nil(documentId)) {
// Get Entity Types for Previous Document
var entityTypeToDocument = new GlideRecord('sn_risk_m2m_framework_profile_type');
entityTypeToDocument.addQuery('sn_risk_framework', documentId);
var entityTypeToContent = entityTypeToDocument.addJoinQuery('sn_risk_m2m_risk_definition_profile_type', 'sn_grc_profile_type', 'sn_grc_profile_type');
entityTypeToContent.addCondition('statement', contentId);
entityTypeToDocument.query();
while (entityTypeToDocument.next()) {
oldDocumentToEntityType.push(entityTypeToDocument.getValue('sn_grc_profile_type'));
}
}
//Filter out Entity Types shared with new document
var deleteEntityType = arrayUtil.diff(oldDocumentToEntityType, newDocumentToEntityType);
var deleteContentToEntityType = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
deleteContentToEntityType.addQuery('sn_grc_profile_type', deleteEntityType);
deleteContentToEntityType.addQuery('statement', contentId);
deleteContentToEntityType.query();
while (deleteContentToEntityType.next()) {
var entityTypeRemId = deleteContentToEntityType.sn_grc_profile_type;
var contentToEntityTypeRemoveId = this._deleteContentToEntityTypeLinks(contentId, entityTypeRemId);
var actionParamsRemove = {
'action': 'remove_content_from_entity_type',
'source': contentToEntityTypeRemoveId,
'table': this.getContentToProfileTypeTable(),
'entity_type_id': entityTypeRemId,
'content_id': contentId
};
new sn_grc.IGContentToEntityTypeActionHandler(actionParamsRemove, this).execute();
}
//Filter out Entity Types that are already in place
var addNewEntityType = arrayUtil.diff(newDocumentToEntityType, oldDocumentToEntityType);
for (var i = 0; i < addNewEntityType.length; i++) {
var entityTypeId = addNewEntityType[i];
var contentToEntityTypeId = this.createContentToEntityTypeLinks(contentId, entityTypeId);
if (gs.nil(contentToEntityTypeId)) {
continue;
}
if (new sn_grc.ItemGenerationV2Conditions('sn_risk').contentShouldAssociateProfileTypes(entityTypeId, contentRec)) {
var actionParams = {
'action': 'add_content_to_entity_type',
'source': contentToEntityTypeId,
'table': 'sn_risk_m2m_risk_definition_profile_type',
'entity_type_id': entityTypeId,
'content_id': contentId
};
new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
}
}
},
_documentIncludeActiveContents: function(riskFrameworkId) {
var riskStmt = new GlideRecord('sn_risk_definition');
riskStmt.addQuery('document', riskFrameworkId);
riskStmt.setLimit(1);
riskStmt.query();
return riskStmt.hasNext();
},
addDocumentToEntityType: function(documentId, entityTypeId) {
var content = new GlideRecord('sn_risk_definition');
content.addActiveQuery();
content.addQuery('document', documentId);
content.query();
while (content.next()) {
var contentId = content.getUniqueValue();
var contentToEntityTypeId = this.createContentToEntityTypeLinks(contentId, entityTypeId);
if (gs.nil(contentToEntityTypeId)) {
continue;
}
if (new sn_grc.ItemGenerationV2Conditions('sn_risk').contentShouldAssociateProfileTypes(entityTypeId, content)) {
var actionParams = {
'action': 'add_content_to_entity_type',
'source': contentToEntityTypeId,
'table': this.getContentToProfileTypeTable(),
'entity_type_id': entityTypeId,
'content_id': contentId
};
new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
}
}
},
removeDocumentToEntityType: function(documentId, entityTypeId) {
var content = new GlideRecord('sn_risk_definition');
content.addQuery('document', documentId);
content.query();
while (content.next()) {
var contentId = content.getUniqueValue();
var contentToEntityTypeId = this._deleteContentToEntityTypeLinks(contentId, entityTypeId);
if (gs.nil(contentToEntityTypeId)) {
continue;
}
var actionParams = {
'action': 'remove_content_from_entity_type',
'source': contentToEntityTypeId,
'table': this.getContentToProfileTypeTable(),
'entity_type_id': entityTypeId,
'content_id': contentId
};
new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
}
},
createContentToEntityTypeLinks: function(contentId, entityTypeId) {
var contentToEntityType = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
contentToEntityType.addQuery('statement', contentId);
contentToEntityType.addQuery('sn_grc_profile_type', entityTypeId);
contentToEntityType.query();
if (contentToEntityType.next()) {
contentToEntityType.skipInsertActionToQueue = true;
contentToEntityType.update();
} else {
contentToEntityType.statement = contentId;
contentToEntityType.sn_grc_profile_type = entityTypeId;
contentToEntityType.created_one_off = false;
contentToEntityType.skipInsertActionToQueue = true;
contentToEntityType.insert();
}
return contentToEntityType.getUniqueValue();
},
_deleteContentToEntityTypeLinks: function(contentId, entityTypeId) {
var contentToEntityTypeId = null;
var contentToEntityType = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
contentToEntityType.addQuery('statement', contentId);
contentToEntityType.addQuery('sn_grc_profile_type', entityTypeId);
contentToEntityType.query();
contentToEntityType.next();
var riskStatement = new GlideRecord('sn_risk_definition');
riskStatement.get(contentId);
// If riskStatement is inactive delete all links
if (!contentToEntityType.created_one_off || !riskStatement.active) {
contentToEntityTypeId = contentToEntityType.getUniqueValue();
contentToEntityType.skipInsertActionToQueue = true;
contentToEntityType.deleteRecord();
}
return contentToEntityTypeId;
},
contentCreationToEntityType: function(contentId) {
var entityTypeToContent = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
entityTypeToContent.addQuery('statement', contentId);
entityTypeToContent.query();
while (entityTypeToContent.next()) {
if (new sn_grc.ItemGenerationV2Conditions(this.getContentTable()).entityTypeHasActiveEntities(entityTypeToContent.sn_grc_profile_type)) {
var actionParams = {
'action': 'add_content_to_entity_type',
'source': entityTypeToContent.getUniqueValue(),
'table': this.getContentToProfileTypeTable(),
'entity_type_id': entityTypeToContent.sn_grc_profile_type,
'content_id': contentId
};
new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
}
}
},
//Common risks related logic has to be implemented when the Common items feature is extended to risk
associateRiskToControl: function(source, sourceTable, skip) {
// Get M2M Record Information
var riskStatementToControlObj = new GlideRecord(sourceTable);
riskStatementToControlObj.get(source);
if (!riskStatementToControlObj.isValidRecord())
return;
var control = '';
var lastAssociatedTime = '';
if (!skip)
lastAssociatedTime = riskStatementToControlObj.last_associated_timestamp;
var riskStatement = riskStatementToControlObj.getValue('sn_risk_definition');
var controlObjective = riskStatementToControlObj.getValue('sn_compliance_policy_statement');
var risk = new GlideRecord('sn_risk_risk');
risk.addQuery('content', riskStatement);
risk.addQuery('instance', true);
risk.addActiveQuery();
if (lastAssociatedTime)
risk.addQuery('sys_created_on', '>', lastAssociatedTime);
risk.query();
while (risk.next()) {
control = '';
control = this._getItemFromContent(controlObjective, risk.profile);
if (control) {
this._createRiskToControl(control, risk.getUniqueValue());
continue;
}
var itemId = new sn_grc.ItemInheritance().getItemForReliantEntity(risk.profile + '', controlObjective);
if (itemId) {
this._createRiskToControl(itemId, risk.getUniqueValue());
}
}
if (lastAssociatedTime) {
control = new GlideRecord("sn_compliance_control");
control.addQuery('content', controlObjective);
control.addQuery('instance', true);
control.addActiveQuery();
control.addQuery('sys_created_on', '>', lastAssociatedTime);
control.query();
while (control.next()) {
risk = '';
risk = this._getItemFromContent(riskStatement, control.profile);
if (risk) {
this._createRiskToControl(control.getUniqueValue(), risk);
}
}
}
lastAssociatedTime = new GlideDateTime();
riskStatementToControlObj.last_associated_timestamp = lastAssociatedTime;
riskStatementToControlObj.update();
},
//Common risks related logic has to be implemented when the Common items feature is extended to risk
associateRisksToControlsForEntity: function(entityId, riskStatementId, controlObjectiveId, allEntities) {
//Get risk with riskStatementId, entityId
var risk = this._getItemFromContent(riskStatementId, entityId);
if (risk) {
//Get control with controlObjectiveId, entityId
var control = this._getItemFromContent(controlObjectiveId, entityId);
if (control) {
this._createRiskToControl(control, risk);
return;
}
if (allEntities) {
//Get common controls for entityId
var itemId = new sn_grc.ItemInheritance().getItemForReliantEntity(entityId, controlObjectiveId);
if (itemId) {
this._createRiskToControl(itemId, risk);
}
}
}
},
_createRiskToControl: function(control, risk) {
// Create Risk to Control Relationship
var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
riskToControl.addQuery('sn_compliance_control', control);
riskToControl.addQuery('sn_risk_risk', risk);
riskToControl.setLimit(1);
riskToControl.query();
if (!riskToControl.next()) {
riskToControl.initialize();
riskToControl.sn_compliance_control = control;
riskToControl.sn_risk_risk = risk;
riskToControl.insert();
}
},
disassociateRiskFromControl: function(riskStatement, controlObjective) {
var riskControlm2m = new GlideRecord('sn_risk_m2m_risk_control');
riskControlm2m.addQuery('sn_compliance_control.content', controlObjective);
riskControlm2m.addQuery('sn_compliance_control.instance', true);
riskControlm2m.addQuery('sn_risk_risk.content', riskStatement);
riskControlm2m.addQuery('sn_risk_risk.instance', true);
riskControlm2m.deleteMultiple();
},
_deleteControlToRisk: function(control, risk) {
var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
riskToControl.addQuery('sn_compliance_control', control);
riskToControl.addQuery('sn_risk_risk', risk);
riskToControl.setLimit(1);
riskToControl.deleteMultiple();
},
_getItemFromContent: function(content, entity) {
var item = new GlideRecord('sn_grc_item');
item.addQuery('content', content);
item.addQuery('profile', entity);
item.addQuery('instance', true);
item.addActiveQuery();
item.query();
if (item.next()) {
return item.getUniqueValue();
}
},
deleteRiskControlRelationForItems: function(referenceFieldName, items) {
var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
riskToControl.addQuery(referenceFieldName, 'IN', items);
riskToControl.deleteMultiple();
},
//Common risks related logic has to be implemented when the Common items feature is extended to risk
associateRiskControlRelationsForItemEntity: function(entityId, itemId, contentId) {
var RStoCO = new GlideRecord('sn_risk_m2m_risk_definition_policy_statement');
RStoCO.addQuery('sn_compliance_policy_statement', contentId);
RStoCO.query();
while (RStoCO.next()) {
risk = this._getItemFromContent(RStoCO.sn_risk_definition, entityId);
if (risk) {
this._createRiskToControl(itemId, risk);
}
}
},
//Common risks related logic has to be implemented when the Common items feature is extended to risk
deleteRiskControlRelationForItemEntity: function(entityId, itemId) {
var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
riskToControl.addQuery("sn_compliance_control", itemId);
riskToControl.addQuery("sn_risk_risk.profile", entityId);
riskToControl.query();
while(riskToControl.next())
riskToControl.deleteRecord();
var mitigationRiskToControl = new GlideRecord("sn_risk_m2m_risk_mitigation_control");
mitigationRiskToControl.addQuery("control", itemId);
mitigationRiskToControl.addQuery("risk_mitigation.risk.profile", entityId);
mitigationRiskToControl.query();
while (mitigationRiskToControl.next())
mitigationRiskToControl.deleteRecord();
},
type: 'RiskGeneratorV2StrategyBase'
});
Sys ID
c4e5751d07b22010bbc77f04a9d30040