public ActionResult Add(int id, int projectId, Risk risk, string likelihoodId, int impactId, string magnitudeId) { // validate access if (!_projectService.HasAccess(projectId, CurrentUserId)) { return this.RedirectToAction<ErrorController>(a => a.NoAccessToStep()); } // remove modelstate validation ModelState.Remove("risk.Project"); ModelState.Remove("risk.SquareType"); ModelState.Remove("risk.AssessmentType"); // load all the objects var projectStep = Db.ProjectSteps.Include("Project").Include("Project.SecurityAssessmentType") .Include("Project.PrivacyAssessmentType").Include("Step") .Include("Step.SquareType").Where(a => a.Id == id).Single(); var likelihood = Db.RiskLevels.Where(a => a.Id == likelihoodId).SingleOrDefault(); var impact = Db.Impacts.Where(a => a.Id == impactId).SingleOrDefault(); var magnitude = Db.RiskLevels.Where(a => a.Id == magnitudeId).SingleOrDefault(); // set up the object if (likelihood == null) ModelState.AddModelError("Likelihood", "Likelihood is required."); if (impact == null) ModelState.AddModelError("Impact", "Impact is required."); if (magnitude == null) ModelState.AddModelError("Magnitude", "Magnitude is required."); if (ModelState.IsValid) { risk.Likelihood = likelihood; risk.Impact = impact; risk.Magnitude = magnitude; risk.Project = projectStep.Project; risk.SquareType = projectStep.Step.SquareType; risk.RiskLevel = CalculateRiskLevel(likelihood, magnitude); if (projectStep.Step.SquareType.Name == SquareTypes.Security) { risk.AssessmentType = projectStep.Project.SecurityAssessmentType; } else { risk.AssessmentType = projectStep.Project.PrivacyAssessmentType; } Db.Risks.Add(risk); Db.SaveChanges(); Message = string.Format(Messages.Saved, "Risk"); return this.RedirectToAction(a => a.Index(id, projectId)); } var viewModel = NIST800_30EditViewModel.Create(Db, _projectService, id, projectId, CurrentUserId, risk); return View(viewModel); }
public ActionResult Add(int id, int projectId, Risk risk, string likelihoodId, string damageId) { // clear the modelstate errors ModelState.Remove("risk.Name"); ModelState.Remove("risk.Project"); ModelState.Remove("risk.SquareType"); ModelState.Remove("risk.AssessmentType"); if (!_projectService.HasAccess(projectId, CurrentUserId)) { return this.RedirectToAction<ErrorController>(a => a.NoAccessToStep()); } try { var project = Db.Projects.Include("SecurityAssessmentType").Include("PrivacyAssessmentType").Where(a => a.Id == projectId).Single(); var projectStep = Db.ProjectSteps.Include("Step").Include("Step.SquareType").Where(a => a.Id == id).Single(); var likelihood = Db.RiskLevels.Where(a => a.Id == likelihoodId).Single(); var damage = Db.RiskLevels.Where(a => a.Id == damageId).Single(); risk.Project = project; risk.SquareType = projectStep.Step.SquareType; if (projectStep.Step.SquareType.Name == SquareTypes.Security) { risk.AssessmentType = project.SecurityAssessmentType; } else { risk.AssessmentType = project.PrivacyAssessmentType; } risk.Likelihood = likelihood; risk.Damage = damage; risk.RiskLevel = CalculateRiskLevel(likelihood, damage, risk.Cost); risk.Name = "Created using PRAUC controller"; if (ModelState.IsValid) { Db.Risks.Add(risk); Db.SaveChanges(); Message = string.Format(Messages.Saved, "Risk"); return this.RedirectToAction(a => a.Index(id, projectId)); } var viewModel = PRAUCEditViewModel.Create(Db, _projectService, id, projectId, CurrentUserId, risk); return View(viewModel); } catch (SecurityException) { return this.RedirectToAction<ErrorController>(a => a.NoAccessToStep()); } }
public static RiskRecommendationViewModel Create(int projectStepId, Risk risk, RiskRecommendation riskRecommendation = null) { Check.Require(risk != null, "risk is required."); var viewModel = new RiskRecommendationViewModel() { ProjectStepId = projectStepId, RiskRecommendation = riskRecommendation ?? new RiskRecommendation(), Risk = risk }; return viewModel; }
public static PRAUCEditViewModel Create(SquareContext db, IProjectService projectService, int projectStepId, int projectId, string userId, Risk risk = null) { var viewModel = new PRAUCEditViewModel() { ProjectStep = projectService.GetProjectStep(projectStepId, userId), Project = projectService.GetProject(projectId, userId), RiskLevels = db.RiskLevels.OrderBy(a=>a.Order).ToList(), Risk = risk ?? new Risk() }; Check.Ensure(viewModel.Risk.Project.Id == viewModel.Project.Id, "Risk does not belong to the intended project."); return viewModel; }
public ActionResult Create(int id, int projectId, Risk risk, string riskLevelId) { if (!Db.RiskLevels.Any(a=>a.Id == riskLevelId)) ModelState.Remove("risk.RiskLevel"); ModelState.Remove("risk.Project"); ModelState.Remove("risk.SquareType"); ModelState.Remove("risk.AssessmentType"); if (ModelState.IsValid) { var step = Db.ProjectSteps.Include("Step").Include("Step.SquareType").Where(a => a.Id == id).Single(); _projectService.CreateRisk(projectId, step.Step.SquareType.Id, CurrentUserId, risk.Name, risk.Source, risk.Vulnerability, riskLevelId); Message = "Risk created."; return this.RedirectToAction(a => a.Index(id, projectId)); } var viewModel = GenericRiskViewModel.Create(_projectService, projectId, id, CurrentUserId, risk); return View(viewModel); }
public static NIST800_30EditViewModel Create(SquareContext db, IProjectService projectService, int projectStepId, int projectId, string userId, Risk risk = null) { Check.Require(db != null, "db is required."); var viewModel = new NIST800_30EditViewModel() { ProjectStep = projectService.GetProjectStep(projectStepId, userId), Project = projectService.GetProject(projectId, userId), RiskLevels = db.RiskLevels.OrderBy(a=>a.Order).ToList(), Impacts = db.Impacts.ToList(), Risk = risk ?? new Risk(), RiskLevelColor = string.Empty }; // figure out the risk level color, if not null if (risk != null) { viewModel.RiskLevelColor = risk.RiskLevel != null ? risk.RiskLevel.Color : string.Empty; } Check.Ensure(viewModel.Risk.Project.Id == viewModel.Project.Id, "Risk does not belong to the intended project."); return viewModel; }
public ActionResult Edit(int id, int projectStepId, Risk risk, string riskLevelId) { if (!Db.RiskLevels.Any(a => a.Id == riskLevelId)) ModelState.Remove("risk.RiskLevel"); ModelState.Remove("risk.Project"); ModelState.Remove("risk.SquareType"); ModelState.Remove("risk.AssessmentType"); var riskToEdit = Db.Risks.Include("SquareType").Include("AssessmentType").Include("Project").Include("RiskLevel").Where(a => a.Id == id).Single(); if (ModelState.IsValid) { var riskLevel = Db.RiskLevels.Where(a => a.Id == riskLevelId).SingleOrDefault(); riskToEdit.Name = risk.Name; riskToEdit.Source = risk.Source; riskToEdit.Vulnerability = risk.Vulnerability; riskToEdit.RiskLevel = Db.RiskLevels.Where(a => a.Id == riskLevelId).Single(); Db.SaveChanges(); return this.RedirectToAction(a => a.Index(projectStepId, riskToEdit.Project.Id)); } var viewModel = GenericRiskViewModel.Create(_projectService, risk.Project.Id, projectStepId, CurrentUserId, riskToEdit); return View(viewModel); }
public static GenericRiskViewModel Create(IProjectService projectService, int projectId, int projectStepId, string userId, Risk risk = null) { var context = new SquareContext(); var viewModel = new GenericRiskViewModel() {Risk = risk ?? new Risk(), RiskLevels = context.RiskLevels.ToList()}; viewModel.SetProjectInfo(projectService, projectId, projectStepId, userId); return viewModel; }
/// <summary> /// Create a risk /// </summary> /// <param name="id">Project Id</param> /// <param name="userId"></param> /// <param name="name"></param> /// <param name="source"></param> /// <param name="vulnerability"></param> /// <param name="riskLevelId"></param> public void CreateRisk(int id, int squareTypeId, string userId, string name, string source, string vulnerability, string riskLevelId) { using(var db = new SquareContext()) { var project = db.Projects.Include("SecurityAssessmentType").Include("PrivacyAssessmentType").Where(a => a.Id == id).Single(); var riskLevel = db.RiskLevels.Where(a => a.Id == riskLevelId).Single(); var squareType = db.SquareTypes.Where(a => a.Id == squareTypeId).Single(); var risk = new Risk() { Name = name, Source = source, Vulnerability = vulnerability, Project = project, RiskLevel = riskLevel, SquareType = squareType}; if (squareType.Name == SquareTypes.Security) risk.AssessmentType = project.SecurityAssessmentType; else if (squareType.Name == SquareTypes.Privacy) risk.AssessmentType = project.PrivacyAssessmentType; db.Risks.Add(risk); db.SaveChanges(); } }
public ActionResult Edit(int id, int projectId, int riskId, Risk risk, string likelihoodId, string damageId) { // clear the modelstate errors ModelState.Remove("risk.Name"); ModelState.Remove("risk.Project"); ModelState.Remove("risk.SquareType"); ModelState.Remove("risk.AssessmentType"); try { // load objects var origRisk = Db.Risks.Include("Project").Include("Likelihood").Include("Damage").Where(a => a.Id == riskId).Single(); var likelihood = Db.RiskLevels.Where(a => a.Id == likelihoodId).Single(); var damage = Db.RiskLevels.Where(a => a.Id == damageId).Single(); // copy in the values that were altered origRisk.Description = risk.Description; origRisk.Cost = risk.Cost; origRisk.Likelihood = likelihood; origRisk.Damage = damage; origRisk.RiskLevel = CalculateRiskLevel(likelihood, damage, risk.Cost); // valid go ahead and save if (ModelState.IsValid) { Db.SaveChanges(); Message = string.Format(Messages.Saved, "Risk"); return this.RedirectToAction(a => a.Index(id, projectId)); } // failed, go back to the view var viewModel = PRAUCEditViewModel.Create(Db, _projectService, id, projectId, CurrentUserId, origRisk); return View(viewModel); } catch (SecurityException) { return this.RedirectToAction<ErrorController>(a => a.NoAccessToStep()); } }