private static void RemoveUnusedControls(Threat threat, Contracts.Threat.UpdateThreat updateThreat)
{
foreach (
var control in
threat.Controls.Where(c => updateThreat.Controls.All(uc => uc.ControlId != c.ControlId)).ToList())
{
threat.Controls.Remove(control);
}
}
public static void ApplyUpdate(this Threat dataItem, Contracts.Threat.UpdateThreat update, RAAPEntities db)
{
dataItem.Name = update.Name;
dataItem.Description = update.Description;
dataItem.ThreatCategory =
db.ThreatCategories.FirstOrDefault(tc => tc.ThreatCategoryId == update.Category.ThreatCategoryId);
dataItem.UpdatedOn = DateTime.Now;
dataItem.Confidenciality = update.Confidenciality;
dataItem.AcceptRisk = update.AcceptRisk;
dataItem.Availability = update.Availability;
dataItem.Integrity = update.Integrity;
dataItem.Authenticity = update.Authenticity;
dataItem.InternalExternal = update.InternalExternal;
dataItem.RiskAssessmentMethod = update.RiskAssessmentMethod;
dataItem.SecuritySafety = update.SecuritySafety;
dataItem.ReduceRisk = update.ReduceRisk;
dataItem.AvoidRisk = update.AvoidRisk;
dataItem.ShareRisk = update.ShareRisk;
update.Evaluations.Where(e => e.EvaluationId == 0 && !string.IsNullOrEmpty(e.Text)).OrderBy(e => e.Revision)
.ForEach(e => dataItem.HtmlComments.Add(e.ToDataModel(db, dataItem)));
if (update.AvoidRisk || update.AcceptRisk)
{
dataItem.RiskDate = DateTime.Now;
dataItem.RiskUser = HttpContext.Current.User.Identity.GetUserName();
}
else
{
dataItem.RiskDate = null;
dataItem.RiskUser = null;
}
//Remove deleted+
var risksToDelete = dataItem.ThreatRisks.Where(r => update.Risks.All(rr => rr.RiskId != r.ThreatRiskId)).ToArray();
foreach (var risk in risksToDelete)
{
dataItem.ThreatRisks.Remove(risk);
}
//Update existing
update.Risks.Where(r => r.RiskId > 0).ForEach(risk =>
dataItem.ThreatRisks.First(r => r.ThreatRiskId == risk.RiskId).UpdateFrom(risk));
//Add new
update.Risks.Where(r => r.RiskId <= 0).ForEach(risk => dataItem.ThreatRisks.Add(risk.ToDataModel()));
//Remove deleted
var itemsToRemove = new List <Database.Attribute>();
dataItem.Attributes.Where(r => update.Causes.All(rr => rr.AttributeId != r.AttributeId)).ForEach(r => itemsToRemove.Add(r));
itemsToRemove.ForEach(i => dataItem.Attributes.Remove(i));
//Add new
update.Causes.Where(r => dataItem.Attributes.All(rr => rr.AttributeId != r.AttributeId)).ForEach(r => dataItem.Attributes.Add(db.Attributes.FirstOrDefault(a => a.AttributeId == r.AttributeId)));
}
public Contracts.Threat.Threat Update(Contracts.Threat.UpdateThreat updateThreat)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var threat = db.Threats.Include("Controls").FirstOrDefault(a => a.ThreatId == updateThreat.ThreatId);
if (threat == null)
{
throw new RAAPNotFoundException("Item not found.");
}
RiskCalculator.CheckRiskTypes(updateThreat, db);
threat.ApplyUpdate(updateThreat, db);
RemoveUnusedControls(threat, updateThreat);
AddControls(db, threat, updateThreat.Controls);
RiskCalculator.ResetCalculatedRisk(threat);
RiskCalculator.CalculateRisk(threat);
db.SaveChanges();
return(threat.ToContract(_userService));
}
}
public IHttpActionResult Put([FromBody] Contracts.Threat.UpdateThreat update)
{
ThreatService.Update(update);
return(Ok());
}
