Name

sn_risk.RiskGeneratorV2StrategyBase

Description

Generates risks when relationships between profiles, profile types, risk frameworks, and risk statements are made

Script

var RiskGeneratorV2StrategyBase = Class.create();
RiskGeneratorV2StrategyBase.prototype = Object.extend(new sn_grc.GRCAbstractGeneratorV2Strategy(), {
  itemTable: 'sn_risk_risk',

  getContentTable: function() {
      return 'sn_risk_definition';
  },

  getDocToProfileTypeTable: function() {
      return 'sn_risk_m2m_framework_profile_type';
  },

  getContentToProfileTypeTable: function() {
      return 'sn_risk_m2m_risk_definition_profile_type';
  },

  deleteRecords: function(gr, useWorkflow) {
      var enableWF = gs.nil(useWorkflow) ? true : useWorkflow;
      gr.setWorkflow(enableWF);
      gr.deleteMultiple();
  },

  contentShouldAssociateProfileTypes: function(riskStatementGr) {
      return riskStatementGr.active;
  },

  canAssociateContentToEntity: function(content, profile) {
      if (!content.isValidRecord() || !profile.isValidRecord())
          return false;

      return content.active && profile.active;
  },

  documentShouldAssociateProfileTypes: function(riskFrameworkGr) {
      return riskFrameworkGr.active && this._documentIncludeActiveContents(riskFrameworkGr.getUniqueValue());
  },

  documentHasContents: function(riskFrameworkId, activeValue) {
      var stmtToFramework = new GlideRecord('sn_risk_definition');
      if (!gs.nil(activeValue))
          stmtToFramework.addQuery('active', activeValue);
      stmtToFramework.addQuery('document', riskFrameworkId);
      stmtToFramework.setLimit(1);
      stmtToFramework.query();

      return stmtToFramework.hasNext();
  },

  documentHasEntityTypeAssociation: function(documentId, previousDocumentId) {
      // Check for Entity Type on current
      var entityType = new GlideRecord('sn_risk_m2m_framework_profile_type');
      entityType.addQuery('sn_risk_framework', documentId);
      entityType.query();
      if (entityType.next()) {
          return true;
      }

      //Check for Entity Type on previous
      var prevEntityType = new GlideRecord('sn_risk_m2m_framework_profile_type');
      prevEntityType.addQuery('sn_risk_framework', previousDocumentId);
      prevEntityType.query();
      if (prevEntityType.next()) {
          return true;
      }

  },

  activateRelatedContentAndItemsForDocument: function(frameworkId) {
      var riskStmtGR = new GlideRecord('sn_risk_definition');
      riskStmtGR.addQuery('document', frameworkId);
      riskStmtGR.addQuery('active', false);
      riskStmtGR.query();
      while (riskStmtGR.next()) {
          riskStmtGR.active = true;
          riskStmtGR.skipInsertActionToQueue = true;
          riskStmtGR.update();

          var actionParms = {
              action: 'activate_content',
              source: frameworkId,
              table: 'sn_risk_framework',
              content_id: riskStmtGR.getUniqueValue(),
          };

          new sn_grc.IGContentActionHandler(actionParms, this).execute();
      }
  },

  deactivateRelatedContentsAndItemsForDocument: function(riskFrameworkId) {
      var actveRiskStmtIds = [];

      var actveRiskStmt = new GlideRecord('sn_risk_definition');
      actveRiskStmt.addActiveQuery();
      actveRiskStmt.addQuery('document', riskFrameworkId);
      actveRiskStmt.query();

      while (actveRiskStmt.next()) {
          actveRiskStmtIds.push(actveRiskStmt.getUniqueValue());
          actveRiskStmt.skipInsertActionToQueue = true;
          actveRiskStmt.active = false;
          actveRiskStmt.update();
      }

      if (actveRiskStmtIds.length == 0) {
          return;
      }

      var actionParams = {
          'action': 'deactivate_content',
          'content_id': actveRiskStmtIds
      };
      new sn_grc.IGContentActionHandler(actionParams, this).execute();
  },

  updateContentToDocumentLink: function(contentId, documentId) {
      var arrayUtil = new global.ArrayUtil();
      var newDocumentToEntityType = [];
      var oldDocumentToEntityType = [];

      // Get Entity Types for Current Document
      var contentRec = new GlideRecord('sn_grc_content');
      contentRec.get(contentId);

      if (contentRec.isValidRecord() && contentRec.document) {
          var entityTypeToNewDocument = new GlideRecord('sn_risk_m2m_framework_profile_type');
          entityTypeToNewDocument.addQuery('sn_risk_framework', contentRec.document);
          entityTypeToNewDocument.query();
          while (entityTypeToNewDocument.next()) {
              newDocumentToEntityType.push(entityTypeToNewDocument.getValue('sn_grc_profile_type'));
          }
      }

      if (!gs.nil(documentId)) {
          // Get Entity Types for Previous Document
          var entityTypeToDocument = new GlideRecord('sn_risk_m2m_framework_profile_type');
          entityTypeToDocument.addQuery('sn_risk_framework', documentId);
          var entityTypeToContent = entityTypeToDocument.addJoinQuery('sn_risk_m2m_risk_definition_profile_type', 'sn_grc_profile_type', 'sn_grc_profile_type');
          entityTypeToContent.addCondition('statement', contentId);
          entityTypeToDocument.query();
          while (entityTypeToDocument.next()) {
              oldDocumentToEntityType.push(entityTypeToDocument.getValue('sn_grc_profile_type'));
          }
      }

      //Filter out Entity Types shared with new document
      var deleteEntityType = arrayUtil.diff(oldDocumentToEntityType, newDocumentToEntityType);

      var deleteContentToEntityType = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
      deleteContentToEntityType.addQuery('sn_grc_profile_type', deleteEntityType);
      deleteContentToEntityType.addQuery('statement', contentId);
      deleteContentToEntityType.query();
      while (deleteContentToEntityType.next()) {
          var entityTypeRemId = deleteContentToEntityType.sn_grc_profile_type;
          var contentToEntityTypeRemoveId = this._deleteContentToEntityTypeLinks(contentId, entityTypeRemId);

          var actionParamsRemove = {
              'action': 'remove_content_from_entity_type',
              'source': contentToEntityTypeRemoveId,
              'table': this.getContentToProfileTypeTable(),
              'entity_type_id': entityTypeRemId,
              'content_id': contentId
          };

          new sn_grc.IGContentToEntityTypeActionHandler(actionParamsRemove, this).execute();
      }

      //Filter out Entity Types that are already in place
      var addNewEntityType = arrayUtil.diff(newDocumentToEntityType, oldDocumentToEntityType);

      for (var i = 0; i < addNewEntityType.length; i++) {
          var entityTypeId = addNewEntityType[i];
          var contentToEntityTypeId = this.createContentToEntityTypeLinks(contentId, entityTypeId);

          if (gs.nil(contentToEntityTypeId)) {
              continue;
          }

          if (new sn_grc.ItemGenerationV2Conditions('sn_risk').contentShouldAssociateProfileTypes(entityTypeId, contentRec)) {
              var actionParams = {
                  'action': 'add_content_to_entity_type',
                  'source': contentToEntityTypeId,
                  'table': 'sn_risk_m2m_risk_definition_profile_type',
                  'entity_type_id': entityTypeId,
                  'content_id': contentId
              };

              new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
          }
      }
  },

  _documentIncludeActiveContents: function(riskFrameworkId) {
      var riskStmt = new GlideRecord('sn_risk_definition');
      riskStmt.addQuery('document', riskFrameworkId);
      riskStmt.setLimit(1);
      riskStmt.query();

      return riskStmt.hasNext();
  },

  addDocumentToEntityType: function(documentId, entityTypeId) {
      var content = new GlideRecord('sn_risk_definition');
      content.addActiveQuery();
      content.addQuery('document', documentId);
      content.query();

      while (content.next()) {
          var contentId = content.getUniqueValue();
          var contentToEntityTypeId = this.createContentToEntityTypeLinks(contentId, entityTypeId);

          if (gs.nil(contentToEntityTypeId)) {
              continue;
          }

          if (new sn_grc.ItemGenerationV2Conditions('sn_risk').contentShouldAssociateProfileTypes(entityTypeId, content)) {
              var actionParams = {
                  'action': 'add_content_to_entity_type',
                  'source': contentToEntityTypeId,
                  'table': this.getContentToProfileTypeTable(),
                  'entity_type_id': entityTypeId,
                  'content_id': contentId
              };

              new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
          }
      }
  },

  removeDocumentToEntityType: function(documentId, entityTypeId) {
      var content = new GlideRecord('sn_risk_definition');
      content.addQuery('document', documentId);
      content.query();

      while (content.next()) {
          var contentId = content.getUniqueValue();
          var contentToEntityTypeId = this._deleteContentToEntityTypeLinks(contentId, entityTypeId);

          if (gs.nil(contentToEntityTypeId)) {
              continue;
          }

          var actionParams = {
              'action': 'remove_content_from_entity_type',
              'source': contentToEntityTypeId,
              'table': this.getContentToProfileTypeTable(),
              'entity_type_id': entityTypeId,
              'content_id': contentId
          };

          new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
      }
  },

  createContentToEntityTypeLinks: function(contentId, entityTypeId) {
      var contentToEntityType = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
      contentToEntityType.addQuery('statement', contentId);
      contentToEntityType.addQuery('sn_grc_profile_type', entityTypeId);
      contentToEntityType.query();

      if (contentToEntityType.next()) {
          contentToEntityType.skipInsertActionToQueue = true;
          contentToEntityType.update();
      } else {
          contentToEntityType.statement = contentId;
          contentToEntityType.sn_grc_profile_type = entityTypeId;
          contentToEntityType.created_one_off = false;
          contentToEntityType.skipInsertActionToQueue = true;
          contentToEntityType.insert();
      }

      return contentToEntityType.getUniqueValue();
  },

  _deleteContentToEntityTypeLinks: function(contentId, entityTypeId) {
      var contentToEntityTypeId = null;

      var contentToEntityType = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
      contentToEntityType.addQuery('statement', contentId);
      contentToEntityType.addQuery('sn_grc_profile_type', entityTypeId);
      contentToEntityType.query();

      contentToEntityType.next();

      var riskStatement = new GlideRecord('sn_risk_definition');
      riskStatement.get(contentId);

      // If riskStatement is inactive delete all links
      if (!contentToEntityType.created_one_off || !riskStatement.active) {
          contentToEntityTypeId = contentToEntityType.getUniqueValue();
          contentToEntityType.skipInsertActionToQueue = true;
          contentToEntityType.deleteRecord();
      }

      return contentToEntityTypeId;
  },

  contentCreationToEntityType: function(contentId) {
      var entityTypeToContent = new GlideRecord('sn_risk_m2m_risk_definition_profile_type');
      entityTypeToContent.addQuery('statement', contentId);
      entityTypeToContent.query();
      while (entityTypeToContent.next()) {
          if (new sn_grc.ItemGenerationV2Conditions(this.getContentTable()).entityTypeHasActiveEntities(entityTypeToContent.sn_grc_profile_type)) {
              var actionParams = {
                  'action': 'add_content_to_entity_type',
                  'source': entityTypeToContent.getUniqueValue(),
                  'table': this.getContentToProfileTypeTable(),
                  'entity_type_id': entityTypeToContent.sn_grc_profile_type,
                  'content_id': contentId
              };

              new sn_grc.IGContentToEntityTypeActionHandler(actionParams, this).execute();
          }
      }
  },

  //Common risks related logic has to be implemented when the Common items feature is extended to risk 
  associateRiskToControl: function(source, sourceTable, skip) {
      // Get M2M Record Information
      var riskStatementToControlObj = new GlideRecord(sourceTable);
      riskStatementToControlObj.get(source);
      if (!riskStatementToControlObj.isValidRecord())
          return;
      var control = '';
      var lastAssociatedTime = '';
      if (!skip)
          lastAssociatedTime = riskStatementToControlObj.last_associated_timestamp;
      var riskStatement = riskStatementToControlObj.getValue('sn_risk_definition');
      var controlObjective = riskStatementToControlObj.getValue('sn_compliance_policy_statement');
      var risk = new GlideRecord('sn_risk_risk');
      risk.addQuery('content', riskStatement);
      risk.addQuery('instance', true);
      risk.addActiveQuery();
      if (lastAssociatedTime)
          risk.addQuery('sys_created_on', '>', lastAssociatedTime);
      risk.query();
      while (risk.next()) {
          control = '';
          control = this._getItemFromContent(controlObjective, risk.profile);
          if (control) {
              this._createRiskToControl(control, risk.getUniqueValue());
              continue;
          }
          var itemId = new sn_grc.ItemInheritance().getItemForReliantEntity(risk.profile + '', controlObjective);
          if (itemId) {
              this._createRiskToControl(itemId, risk.getUniqueValue());
          }
      }

      if (lastAssociatedTime) {
          control = new GlideRecord("sn_compliance_control");
          control.addQuery('content', controlObjective);
          control.addQuery('instance', true);
          control.addActiveQuery();
          control.addQuery('sys_created_on', '>', lastAssociatedTime);
          control.query();
          while (control.next()) {
              risk = '';
              risk = this._getItemFromContent(riskStatement, control.profile);
              if (risk) {
                  this._createRiskToControl(control.getUniqueValue(), risk);
              }
          }
      }
      lastAssociatedTime = new GlideDateTime();
      riskStatementToControlObj.last_associated_timestamp = lastAssociatedTime;
      riskStatementToControlObj.update();
  },

  //Common risks related logic has to be implemented when the Common items feature is extended to risk 
  associateRisksToControlsForEntity: function(entityId, riskStatementId, controlObjectiveId, allEntities) {
      //Get risk with riskStatementId, entityId
      var risk = this._getItemFromContent(riskStatementId, entityId);
      if (risk) {
          //Get control with controlObjectiveId, entityId
          var control = this._getItemFromContent(controlObjectiveId, entityId);
          if (control) {
              this._createRiskToControl(control, risk);
              return;
          }
          if (allEntities) {
              //Get common controls for entityId
              var itemId = new sn_grc.ItemInheritance().getItemForReliantEntity(entityId, controlObjectiveId);
              if (itemId) {
                  this._createRiskToControl(itemId, risk);
              }
          }
      }
  },

  _createRiskToControl: function(control, risk) {
      // Create Risk to Control Relationship
      var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
      riskToControl.addQuery('sn_compliance_control', control);
      riskToControl.addQuery('sn_risk_risk', risk);
      riskToControl.setLimit(1);
      riskToControl.query();
      if (!riskToControl.next()) {
          riskToControl.initialize();
          riskToControl.sn_compliance_control = control;
          riskToControl.sn_risk_risk = risk;
          riskToControl.insert();
      }
  },

  disassociateRiskFromControl: function(riskStatement, controlObjective) {
      var riskControlm2m = new GlideRecord('sn_risk_m2m_risk_control');
      riskControlm2m.addQuery('sn_compliance_control.content', controlObjective);
      riskControlm2m.addQuery('sn_compliance_control.instance', true);
      riskControlm2m.addQuery('sn_risk_risk.content', riskStatement);
      riskControlm2m.addQuery('sn_risk_risk.instance', true);
      riskControlm2m.deleteMultiple();
  },

  _deleteControlToRisk: function(control, risk) {
      var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
      riskToControl.addQuery('sn_compliance_control', control);
      riskToControl.addQuery('sn_risk_risk', risk);
      riskToControl.setLimit(1);
      riskToControl.deleteMultiple();
  },

  _getItemFromContent: function(content, entity) {
      var item = new GlideRecord('sn_grc_item');
      item.addQuery('content', content);
      item.addQuery('profile', entity);
      item.addQuery('instance', true);
      item.addActiveQuery();
      item.query();
      if (item.next()) {
          return item.getUniqueValue();
      }
  },

  deleteRiskControlRelationForItems: function(referenceFieldName, items) {
      var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
      riskToControl.addQuery(referenceFieldName, 'IN', items);
      riskToControl.deleteMultiple();
  },

  //Common risks related logic has to be implemented when the Common items feature is extended to risk
  associateRiskControlRelationsForItemEntity: function(entityId, itemId, contentId) {
      var RStoCO = new GlideRecord('sn_risk_m2m_risk_definition_policy_statement');
      RStoCO.addQuery('sn_compliance_policy_statement', contentId);
      RStoCO.query();
      while (RStoCO.next()) {
          risk = this._getItemFromContent(RStoCO.sn_risk_definition, entityId);
          if (risk) {
              this._createRiskToControl(itemId, risk);
          }

      }
  },

  //Common risks related logic has to be implemented when the Common items feature is extended to risk
  deleteRiskControlRelationForItemEntity: function(entityId, itemId) {
      var riskToControl = new GlideRecord('sn_risk_m2m_risk_control');
      riskToControl.addQuery("sn_compliance_control", itemId);
      riskToControl.addQuery("sn_risk_risk.profile", entityId);
      riskToControl.query();
      while(riskToControl.next())
          riskToControl.deleteRecord();
  	
      var mitigationRiskToControl = new GlideRecord("sn_risk_m2m_risk_mitigation_control");
      mitigationRiskToControl.addQuery("control", itemId);
      mitigationRiskToControl.addQuery("risk_mitigation.risk.profile", entityId);
      mitigationRiskToControl.query();
      while (mitigationRiskToControl.next())
          mitigationRiskToControl.deleteRecord();
  },

  type: 'RiskGeneratorV2StrategyBase'
});

Sys ID

c4e5751d07b22010bbc77f04a9d30040

Offical Documentation

Official Docs: