public static Threat ToDataModel(this Contracts.Threat.CreateThreat create, RAAPEntities db)
{
var threat = new Threat
{
Name = create.Name,
Description = create.Description,
ThreatCategory = db.ThreatCategories.FirstOrDefault(tc => tc.ThreatCategoryId == create.Category.ThreatCategoryId),
CreatedOn = DateTime.Now,
UpdatedOn = DateTime.Now,
Confidenciality = create.Confidenciality,
AcceptRisk = create.AcceptRisk,
Availability = create.Availability,
Integrity = create.Integrity,
Authenticity = create.Authenticity,
InternalExternal = create.InternalExternal,
RiskAssessmentMethod = create.RiskAssessmentMethod,
SecuritySafety = create.SecuritySafety,
ReduceRisk = create.ReduceRisk,
AvoidRisk = create.AvoidRisk,
ShareRisk = create.ShareRisk,
};
if (create.AvoidRisk || create.AcceptRisk)
{
threat.RiskDate = DateTime.Now;
threat.RiskUser = HttpContext.Current.User.Identity.GetUserName();
}
create.Evaluations.Where(e => e.EvaluationId == 0 && !string.IsNullOrEmpty(e.Text)).OrderBy(e => e.Revision)
.ForEach(e => threat.HtmlComments.Add(e.ToDataModel(db, threat)));
create.Risks.ForEach(r => threat.ThreatRisks.Add(r.ToDataModel()));
threat.Attributes = create.Causes.Select(c => c.ToDataModel()).ToList();
return(threat);
}
public Contracts.Threat.Threat Create(Contracts.Threat.CreateThreat createThreat)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Threats.Any(a => a.Name == createThreat.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
RiskCalculator.CheckRiskTypes(createThreat, db);
RiskCalculator.CalculateRisk(createThreat);
var threat = createThreat.ToDataModel(db);
db.Threats.Add(threat);
AddControls(db, threat, createThreat.Controls);
db.SaveChanges();
return(threat.ToContract(_userService));
}
}
public IHttpActionResult Post([FromBody] Contracts.Threat.CreateThreat create)
{
var created = ThreatService.Create(create);
return(Ok(created));
}
