Class: Admin::ControlsController

Inherits:
ApplicationController
  • Object
show all
Includes:
AutofilterHelper, ManyHelper
Defined in:
app/controllers/admin/controls_controller.rb

Instance Method Summary (collapse)

Methods included from AutofilterHelper

#filtered_controls, #filtered_sections

Methods included from ManyHelper

#edit_children, #edit_children_inline, #edit_many, #edit_many_anon, #edit_many_attach, #get_many2many, #post_many2many

Instance Method Details

- (Object) add_biz_process

Another way to attach a biz process



220
221
222
 
# File 'app/controllers/admin/controls_controller.rb', line 220

def add_biz_process
  @control = Control.find(params[:id])
end

- (Object) biz_processes

Many2many relationship to Biz Processes



170
171
172
173
174
175
176
177
178
179
180
181
 
# File 'app/controllers/admin/controls_controller.rb', line 170

def biz_processes
  if request.put?
    post_many2many(:left_class => Control,
                   :right_class => BizProcess,
                   :lefts => filtered_controls)
  else
    get_many2many(:left_class => Control,
                  :right_class => BizProcess,
                  :lefts => filtered_controls,
                  :show_slugfilter => true)
  end
end

- (Object) controls

Many2many relationship to self (which controls implement other controls)



184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
 
# File 'app/controllers/admin/controls_controller.rb', line 184

def controls
  if request.put?
    post_many2many(:left_class => Control,
                   :right_class => Control,
                   :right_relation => :implemented_controls,
                   :right_ids => :implemented_control_ids,
                   :lefts => filtered_controls)
  else
    get_many2many(:left_class => Control,
                  :lefts => filtered_controls.
                      joins(:program).
                      where(:programs => { :company => true }),
                  :right_class => Control,
                  :right_ids => :implemented_control_ids,
                  :show_slugfilter => true)
  end
end

- (Object) create

Create a control



44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'app/controllers/admin/controls_controller.rb', line 44

def create
  @control = Control.new(params[:control])

  respond_to do |format|
    if @control.save
      format.html { redirect_to(edit_control_path(@control), :notice => 'Control was successfully created.') }
      format.xml  { render :xml => @control, :status => :created, :location => @control }
    else
      flash.now[:error] = "Could not create."
      format.html { render :action => "new" }
      format.xml  { render :xml => @control.errors, :status => :unprocessable_entity }
    end
  end
end

- (Object) create_biz_process

Another way to attach a biz process



225
226
227
228
229
230
231
232
233
234
235
 
# File 'app/controllers/admin/controls_controller.rb', line 225

def create_biz_process
  @control = Control.find(params[:id])
  @biz_process_control = BizProcessControl.new(params[:biz_process_control])
  @biz_process_control.control = @control
  if @biz_process_control.save
    flash[:notice] = 'Biz Process was successfully attached.'
    redirect_to edit_control_path(@biz_process_control.control)
  else
    redirect_to add_biz_process_control_path(@biz_process_control.control)
  end
end

- (Object) destroy

Delete a control



88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'app/controllers/admin/controls_controller.rb', line 88

def destroy
  control = Control.find(params[:id])
  success = control && control.biz_process_controls.destroy &&
      control.system_controls.destroy &&
      control.control_document_descriptors.destroy &&
      control.destroy

  respond_to do |format|
    format.html { redirect_to(controls_url) }
    format.xml  { head :ok }
  end
end

- (Object) destroy_biz_process

Another way to detach a biz process



238
239
240
241
242
243
244
245
246
 
# File 'app/controllers/admin/controls_controller.rb', line 238

def destroy_biz_process
  bpc = BizProcessControl.first(:control_id => params[:id], :biz_process_id => params[:biz_process_id])
  if bpc.destroy
    flash[:notice] = 'Biz Process was successfully detached.'
  else
    flash[:error] = 'Failed'
  end
  redirect_to edit_control_path(bpc.control)
end

- (Object) destroy_control

Detach a control mapping from the implemented_controls perspective



260
261
262
263
264
265
266
267
268
269
270
271
 
# File 'app/controllers/admin/controls_controller.rb', line 260

def destroy_control
  cc = ControlControl.
      where(:implemented_control_id => params[:id],
            :control_id => params[:control_id]).
      first
  if cc && cc.destroy
    flash[:notice] = 'Control was successfully detached.'
  else
    flash[:error] = 'Failed'
  end
  redirect_to edit_control_path(Control.find(params[:id]))
end

- (Object) destroy_implemented_control

Detach a implemented_control mapping from the implementing controls perspective



274
275
276
277
278
279
280
281
282
283
284
285
 
# File 'app/controllers/admin/controls_controller.rb', line 274

def destroy_implemented_control
  cc = ControlControl.
      where(:control_id => params[:id],
            :implemented_control_id => params[:implemented_control_id]).
      first
  if cc && cc.destroy
    flash[:notice] = 'Control was successfully detached.'
  else
    flash[:error] = 'Failed'
  end
  redirect_to edit_control_path(Control.find(params[:id]))
end

- (Object) destroy_section

Another way to detach an implemented control



249
250
251
252
253
254
255
256
257
 
# File 'app/controllers/admin/controls_controller.rb', line 249

def destroy_section
  cs = ControlSection.first(:control_id => params[:id], :section_id => params[:section_id])
  if cs && cs.destroy
    flash[:notice] = 'Section was successfully detached.'
  else
    flash[:error] = 'Failed'
  end
  redirect_to edit_control_path(Control.find(params[:id]))
end

- (Object) edit

Edit control form



39
40
41
 
# File 'app/controllers/admin/controls_controller.rb', line 39

def edit
  @control = Control.find(params[:id])
end

- (Object) evidence_descriptors

Many2many relationship to Document Descriptors (describing what evidence can be attached)



203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
 
# File 'app/controllers/admin/controls_controller.rb', line 203

def evidence_descriptors
  if request.put?
    post_many2many(:left_class => Control,
                   :right_class => DocumentDescriptor,
                   :right_relation => :evidence_descriptors,
                   :right_ids => :evidence_descriptor_ids,
                   :lefts => filtered_controls)
  else
    get_many2many(:left_class => Control,
                  :lefts => filtered_controls,
                  :right_class => DocumentDescriptor,
                  :right_ids => :evidence_descriptor_ids,
                  :show_slugfilter => true)
  end
end

- (Object) implement 



287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
 
# File 'app/controllers/admin/controls_controller.rb', line 287

def implement
  unless @company
    flash[:error] = 'Must set a company first.'
    redirect_to controls_path
    return
  end
  @origin = Control.find(params[:id])

  @control = Control.new
  @control.program = @company
  @control.slug = "#{@company.slug}-#{@origin.slug}"
  @control.implemented_controls << @origin
  @control.title = @origin.title
  @control.is_key = @origin.is_key
  @control.frequency = @origin.frequency
  @control.frequency_type = @origin.frequency_type
  @control.fraud_related = @origin.fraud_related
  @control.technical = @origin.technical
  @control.assertion = @origin.assertion
  @control.effective_at = @origin.effective_at
  @control.business_area = @origin.business_area
  
  respond_to do |format|
    if @control.save
      format.html { redirect_to(edit_control_path(@control), :notice => 'Control was successfully created.') }
      format.xml  { render :xml => @control, :status => :created, :location => @control }
    else
      flash.now[:error] = "Could not create."
      format.html { redirect_to controls_path }
      format.xml  { render :xml => @control.errors, :status => :unprocessable_entity }
    end
  end
end

- (Object) index

List Controls



8
9
10
11
12
13
14
15
 
# File 'app/controllers/admin/controls_controller.rb', line 8

def index
  @controls = filtered_controls

  respond_to do |format|
    format.html # index.html.erb
    format.xml  { render :xml => @controls }
  end
end

- (Object) new

New control form



28
29
30
31
32
33
34
35
36
 
# File 'app/controllers/admin/controls_controller.rb', line 28

def new
  @control = Control.new
  @control.effective_at = Date.today

  respond_to do |format|
    format.html # new.html.erb
    format.xml  { render :xml => @control }
  end
end

- (Object) sections

Many2many relationship to Control Objectives



156
157
158
159
160
161
162
163
164
165
166
167
 
# File 'app/controllers/admin/controls_controller.rb', line 156

def sections
  if request.put?
    post_many2many(:left_class => Control,
                   :right_class => Section,
                   :lefts => filtered_controls)
  else
    get_many2many(:left_class => Control,
                  :right_class => Section,
                  :lefts => filtered_controls,
                  :show_slugfilter => true)
  end
end

- (Object) show

Show a Control



18
19
20
21
22
23
24
25
 
# File 'app/controllers/admin/controls_controller.rb', line 18

def show
  @control = Control.find(params[:id])

  respond_to do |format|
    format.html # show.html.erb
    format.xml  { render :xml => @control }
  end
end

- (Object) slug

Slug for AJAX



102
103
104
105
106
 
# File 'app/controllers/admin/controls_controller.rb', line 102

def slug
  respond_to do |format|
    format.js { Control.find(params[:id]).slug }
  end
end

- (Object) systems

Many2many relationship to Systems



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
 
# File 'app/controllers/admin/controls_controller.rb', line 109

def systems
  lefts = filtered_controls
  if lefts.empty?
    flash[:error] = 'No company controls'
    redirect_to controls_path
    return
  end
  if request.put?
    raise "cannot save without cycle" unless @cycle
    control = Control.find(params[:id])
    if params[:control]
      ids = params[:control]["system_ids"] || []
    else
      ids = []
    end
    #ids = params[:control]["system_ids"]
    control.system_controls.each do |sc|
      if sc.cycle == @cycle && !ids.include?(sc.system_id)
        ids.delete(sc.system_id)
        sc.authored_destroy(current_user)
      end
    end
    ids.each do |id|
      res = control.system_controls.create(:system => System.find(id), :cycle => @cycle)#, :modified_by => current_user)
      # FIXME why is this necessary?
      res.save!
    end
    # FIXME
    control.reload
  else
    if params[:id]
      control = Control.find(params[:id])
    else
      control = lefts.first
    end
  end
  if @cycle
    @left_nested = control.system_controls_for_cycle(@cycle)
  end
  get_many2many(:left_class => Control,
                :right_class => System,
                :lefts => lefts,
                :show_slugfilter => true,
               )
end

- (Object) update

Update a control



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'app/controllers/admin/controls_controller.rb', line 60

def update
  @control = Control.find(params[:id])

  # Connect to related Control Objectives
  co_ids = params["control"].delete("co_ids") || []

  if !equal_ids(co_ids, @control.sections)
    @control.sections = []
    co_ids.each do |co_id|
      co = Section.find(co_id)
      @control.sections << co
    end
  end

  respond_to do |format|
    res = @control.save
    if res && @control.authored_update(current_user, params["control"])
      format.html { redirect_to(edit_control_path(@control), :notice => 'Control was successfully updated.') }
      format.xml  { head :ok }
    else
      flash.now[:error] = "Could not update."
      format.html { render :action => "edit" }
      format.xml  { render :xml => @control.errors, :status => :unprocessable_entity }
    end
  end
end