feat: entity links on threats

Author: maxneuvians

valentine/lib/valentine/composer.ex

@@ -196,6 +196,7 @@ defmodule Valentine.Composer do
     from(t in Threat, where: t.workspace_id == ^workspace_id)
     |> list_threats_with_enum_filters(enum_filters)
     |> order_by([t], desc: t.numeric_id)
+    |> preload([:assumptions, :mitigations])
     |> Repo.all()
   end
 
@@ -213,7 +214,14 @@ defmodule Valentine.Composer do
       ** (Ecto.NoResultsError)
 
   """
-  def get_threat!(id), do: Repo.get!(Threat, id)
+  def get_threat!(id, _preload \\ nil)
+
+  def get_threat!(id, preload) when is_list(preload) do
+    Repo.get!(Threat, id)
+    |> Repo.preload(preload)
+  end
+
+  def get_threat!(id, preload) when is_nil(preload), do: Repo.get!(Threat, id)
 
   @doc """
   Creates a threat.

valentine/lib/valentine_web/live/workspace_live/assumption/index.ex

@@ -48,7 +48,7 @@ defmodule ValentineWeb.WorkspaceLive.Assumption.Index do
 
   defp apply_action(socket, :mitigations, %{"id" => id}) do
     socket
-    |> assign(:page_title, gettext("Link mitigations to mitigation"))
+    |> assign(:page_title, gettext("Link mitigations to assumption"))
     |> assign(:mitigations, socket.assigns.workspace.mitigations)
     |> assign(:assumption, Composer.get_assumption!(id, [:mitigations]))
   end

valentine/lib/valentine_web/live/workspace_live/components/dropdown_select_component.ex

@@ -85,7 +85,7 @@ defmodule ValentineWeb.WorkspaceLive.Components.DropdownSelectComponent do
 
     {:noreply,
      socket
-     |> assign(show_dropdown: false)}
+     |> assign(show_dropdown: true)}
   end
 
   def handle_event("toggle_dropdown", _, socket) do

valentine/lib/valentine_web/live/workspace_live/components/threat_component.ex

@@ -51,6 +51,28 @@ defmodule ValentineWeb.WorkspaceLive.Components.ThreatComponent do
             ]}
           />
           <div class="float-right">
+            <.button
+              is_icon_button
+              aria-label="Linked assumptions"
+              phx-click={
+                JS.patch(~p"/workspaces/#{@threat.workspace_id}/threats/#{@threat.id}/assumptions")
+              }
+              id={"linked-threat-assumptions-#{@threat.id}"}
+            >
+              <.octicon name="discussion-closed-16" />
+              <.counter>{assoc_length(@threat.assumptions)}</.counter>
+            </.button>
+            <.button
+              is_icon_button
+              aria-label="Linked mitigations"
+              phx-click={
+                JS.patch(~p"/workspaces/#{@threat.workspace_id}/threats/#{@threat.id}/mitigations")
+              }
+              id={"linked-threat-mitigations-#{@threat.id}"}
+            >
+              <.octicon name="check-circle-16" />
+              <.counter>{assoc_length(@threat.mitigations)}</.counter>
+            </.button>
             <.button
               is_icon_button
               aria-label="Edit"
@@ -224,4 +246,7 @@ defmodule ValentineWeb.WorkspaceLive.Components.ThreatComponent do
   def handle_event("update_comments", %{"comments" => comments}, socket) do
     {:noreply, assign(socket, :threat, %{socket.assigns.threat | comments: comments})}
   end
+
+  defp assoc_length(l) when is_list(l), do: length(l)
+  defp assoc_length(_), do: 0
 end

valentine/lib/valentine_web/live/workspace_live/threat/index.ex

@@ -6,12 +6,13 @@ defmodule ValentineWeb.WorkspaceLive.Threat.Index do
 
   @impl true
   def mount(%{"workspace_id" => workspace_id} = _params, _session, socket) do
-    workspace = Composer.get_workspace!(workspace_id)
+    workspace = Composer.get_workspace!(workspace_id, [:assumptions, :mitigations])
     ValentineWeb.Endpoint.subscribe("workspace_" <> workspace.id)
 
     {:ok,
      socket
      |> assign(:workspace_id, workspace_id)
+     |> assign(:workspace, workspace)
      |> assign(:filters, %{})
      |> assign(:threats, Composer.list_threats_by_workspace(workspace.id, %{}))}
   end
@@ -21,12 +22,26 @@ defmodule ValentineWeb.WorkspaceLive.Threat.Index do
     {:noreply, apply_action(socket, socket.assigns.live_action, params)}
   end
 
+  defp apply_action(socket, :assumptions, %{"id" => id}) do
+    socket
+    |> assign(:page_title, gettext("Link assumptions to threat"))
+    |> assign(:assumptions, socket.assigns.workspace.assumptions)
+    |> assign(:threat, Composer.get_threat!(id, [:assumptions]))
+  end
+
   defp apply_action(socket, :index, %{"workspace_id" => workspace_id} = _params) do
     socket
     |> assign(:page_title, gettext("Listing threats"))
     |> assign(:workspace_id, workspace_id)
   end
 
+  defp apply_action(socket, :mitigations, %{"id" => id}) do
+    socket
+    |> assign(:page_title, gettext("Link mitigations to threat"))
+    |> assign(:mitigations, socket.assigns.workspace.mitigations)
+    |> assign(:threat, Composer.get_threat!(id, [:mitigations]))
+  end
+
   @impl true
   def handle_event("delete", %{"id" => id}, socket) do
     case Composer.get_threat!(id) do
@@ -83,6 +98,19 @@ defmodule ValentineWeb.WorkspaceLive.Threat.Index do
     }
   end
 
+  @impl true
+  def handle_info(
+        {_, {:saved, _threat}},
+        socket
+      ) do
+    {:noreply,
+     assign(
+       socket,
+       :threats,
+       Composer.list_threats_by_workspace(socket.assigns.workspace_id, socket.assigns.filters)
+     )}
+  end
+
   @impl true
   def handle_info(%{topic: "workspace_" <> workspace_id}, socket) do
     {:noreply,

valentine/lib/valentine_web/live/workspace_live/threat/index.html.heex

@@ -71,3 +71,29 @@
     />
   </:row>
 </.box>
+
+<.live_component
+  :if={@live_action in [:assumptions]}
+  module={ValentineWeb.WorkspaceLive.Components.EntityLinkerComponent}
+  id={@threat.id}
+  source_entity_type={:threat}
+  target_entity_type={:assumptions}
+  entity={@threat}
+  linkable_entities={@assumptions}
+  linked_entities={@threat.assumptions}
+  workspace_id={@workspace_id}
+  patch={~p"/workspaces/#{@workspace_id}/threats"}
+/>
+
+<.live_component
+  :if={@live_action in [:mitigations]}
+  module={ValentineWeb.WorkspaceLive.Components.EntityLinkerComponent}
+  id={@threat.id}
+  source_entity_type={:threat}
+  target_entity_type={:mitigations}
+  entity={@threat}
+  linkable_entities={@mitigations}
+  linked_entities={@threat.mitigations}
+  workspace_id={@workspace_id}
+  patch={~p"/workspaces/#{@workspace_id}/threats"}
+/>

valentine/lib/valentine_web/router.ex

@@ -104,6 +104,14 @@ defmodule ValentineWeb.Router do
       live "/workspaces/:workspace_id/threats/new", WorkspaceLive.Threat.Show, :new
       live "/workspaces/:workspace_id/threats/:id", WorkspaceLive.Threat.Show, :edit
 
+      live "/workspaces/:workspace_id/threats/:id/assumptions",
+           WorkspaceLive.Threat.Index,
+           :assumptions
+
+      live "/workspaces/:workspace_id/threats/:id/mitigations",
+           WorkspaceLive.Threat.Index,
+           :mitigations
+
       live "/workspaces/:workspace_id/threat_model", WorkspaceLive.ThreatModel.Index, :index
       live "/workspaces/:workspace_id/threat_model/pdf", WorkspaceLive.ThreatModel.Index, :pdf
 

valentine/test/valentine/composer_test.exs

@@ -101,7 +101,7 @@ defmodule Valentine.ComposerTest do
 
     test "list_threats_by_workspace/2 returns all threats for a workspace" do
       threat = threat_fixture()
-      assert Composer.list_threats_by_workspace(threat.workspace_id) == [threat]
+      assert hd(Composer.list_threats_by_workspace(threat.workspace_id)).id == threat.id
     end
 
     test "list_threats_by_workspace/2 returns all threats for a workspace adnd not other workspaces" do

valentine/test/valentine_web/live/components/dropdown_select_component_test.exs

@@ -111,7 +111,7 @@ defmodule ValentineWeb.WorkspaceLive.Components.DropdownSelectComponentTest do
       {:noreply, socket} =
         DropdownSelectComponent.handle_event("select_item", %{"id" => 3}, socket)
 
-      assert socket.assigns.show_dropdown == false
+      assert socket.assigns.show_dropdown == true
     end
 
     test "selects the item when a target is defined" do
@@ -131,7 +131,7 @@ defmodule ValentineWeb.WorkspaceLive.Components.DropdownSelectComponentTest do
       {:noreply, socket} =
         DropdownSelectComponent.handle_event("select_item", %{"id" => 3}, socket)
 
-      assert socket.assigns.show_dropdown == false
+      assert socket.assigns.show_dropdown == true
     end
   end