feat: entity linker component

Author: maxneuvians

valentine/lib/valentine/composer.ex

@@ -666,6 +666,27 @@ defmodule Valentine.Composer do
     end
   end
 
+  def add_threat_to_assumption(%Assumption{} = assumption, %Threat{} = threat) do
+    %AssumptionThreat{assumption_id: assumption.id, threat_id: threat.id}
+    |> Repo.insert()
+    |> case do
+      {:ok, _} -> {:ok, assumption |> Repo.preload(:threats, force: true)}
+      {:error, _} -> {:error, assumption}
+    end
+  end
+
+  def remove_threat_from_assumption(%Assumption{} = assumption, %Threat{} = threat) do
+    Repo.delete_all(
+      from(at in AssumptionThreat,
+        where: at.assumption_id == ^assumption.id and at.threat_id == ^threat.id
+      )
+    )
+    |> case do
+      {1, nil} -> {:ok, assumption |> Repo.preload(:threats, force: true)}
+      {:error, _} -> {:error, assumption}
+    end
+  end
+
   def add_assumption_to_mitigation(%Mitigation{} = mitigation, %Assumption{} = assumption) do
     %AssumptionMitigation{assumption_id: assumption.id, mitigation_id: mitigation.id}
     |> Repo.insert()
@@ -687,6 +708,27 @@ defmodule Valentine.Composer do
     end
   end
 
+  def add_threat_to_mitigation(%Mitigation{} = mitigation, %Threat{} = threat) do
+    %MitigationThreat{mitigation_id: mitigation.id, threat_id: threat.id}
+    |> Repo.insert()
+    |> case do
+      {:ok, _} -> {:ok, mitigation |> Repo.preload(:threats, force: true)}
+      {:error, _} -> {:error, mitigation}
+    end
+  end
+
+  def remove_threat_from_mitigation(%Mitigation{} = mitigation, %Threat{} = threat) do
+    Repo.delete_all(
+      from(mt in MitigationThreat,
+        where: mt.mitigation_id == ^mitigation.id and mt.threat_id == ^threat.id
+      )
+    )
+    |> case do
+      {1, nil} -> {:ok, mitigation |> Repo.preload(:threats, force: true)}
+      {:error, _} -> {:error, mitigation}
+    end
+  end
+
   def add_mitigation_to_assumption(%Assumption{} = assumption, %Mitigation{} = mitigation) do
     %AssumptionMitigation{assumption_id: assumption.id, mitigation_id: mitigation.id}
     |> Repo.insert()

valentine/lib/valentine_web/live/workspace_live/components/entity_linker_component.ex

@@ -0,0 +1,153 @@
+defmodule ValentineWeb.WorkspaceLive.Components.EntityLinkerComponent do
+  use ValentineWeb, :live_component
+  use PrimerLive
+
+  @impl true
+  def render(assigns) do
+    ~H"""
+    <div>
+      <.dialog id="linker-modal" is_backdrop is_show is_wide on_cancel={JS.patch(@patch)}>
+        <:header_title>
+          {gettext("Link %{source_entity_type} to %{target_entity_type}",
+            source_entity_type: Atom.to_string(@source_entity_type),
+            target_entity_type: Atom.to_string(@target_entity_type)
+          )}
+        </:header_title>
+        <:body>
+          <.live_component
+            module={ValentineWeb.WorkspaceLive.Components.DropdownSelectComponent}
+            id="link-dropdown"
+            name={Atom.to_string(@target_entity_type)}
+            target={@myself}
+            items={
+              (@linkable_entities -- @linked_entities)
+              |> Enum.map(fn e -> %{id: e.id, name: entity_content(e)} end)
+            }
+          />
+          <div class="mt-2">
+            <%= for entity <- @linked_entities || [] do %>
+              <.button
+                phx-click="remove_entity"
+                phx-target={@myself}
+                phx-value-id={entity.id}
+                class="tag-button mt-2"
+              >
+                <span>{entity_content(entity)}</span>
+                <.octicon name="x-16" />
+              </.button>
+            <% end %>
+          </div>
+        </:body>
+        <:footer>
+          <.button is_primary phx-click="save" phx-target={@myself}>
+            {gettext("Save")}
+          </.button>
+          <.button phx-click={cancel_dialog("linker-modal")}>{gettext("Cancel")}</.button>
+        </:footer>
+      </.dialog>
+    </div>
+    """
+  end
+
+  @impl true
+  def handle_event("remove_entity", %{"id" => id}, socket) do
+    entity = Enum.find(socket.assigns.linked_entities, fn t -> t.id == id end)
+
+    {:noreply,
+     socket
+     |> assign(:linked_entities, socket.assigns.linked_entities -- [entity])
+     |> assign(:linkable_entities, [entity | socket.assigns.linkable_entities])}
+  end
+
+  @impl true
+  def handle_event("save", _params, socket) do
+    %{
+      entity: entity,
+      linked_entities: linked_entities,
+      source_entity_type: source_entity_type,
+      target_entity_type: target_entity_type
+    } =
+      socket.assigns
+
+    current = get_in(entity, [Access.key!(target_entity_type)])
+
+    to_add = linked_entities -- current
+    to_remove = current -- linked_entities
+
+    {adder, remover} =
+      case {source_entity_type, target_entity_type} do
+        {:assumption, :mitigations} ->
+          {&Valentine.Composer.add_mitigation_to_assumption/2,
+           &Valentine.Composer.remove_mitigation_from_assumption/2}
+
+        {:assumption, :threats} ->
+          {&Valentine.Composer.add_threat_to_assumption/2,
+           &Valentine.Composer.remove_threat_from_assumption/2}
+
+        {:mitigation, :assumptions} ->
+          {&Valentine.Composer.add_assumption_to_mitigation/2,
+           &Valentine.Composer.remove_assumption_from_mitigation/2}
+
+        {:mitigation, :threats} ->
+          {&Valentine.Composer.add_threat_to_mitigation/2,
+           &Valentine.Composer.remove_threat_from_mitigation/2}
+
+        {:threat, :assumptions} ->
+          {&Valentine.Composer.add_assumption_to_threat/2,
+           &Valentine.Composer.remove_assumption_from_threat/2}
+
+        {:threat, :mitigations} ->
+          {&Valentine.Composer.add_mitigation_to_threat/2,
+           &Valentine.Composer.remove_mitigation_from_threat/2}
+
+        {_, _} ->
+          {nil, nil}
+      end
+
+    if adder && remover do
+      to_add
+      |> Enum.each(fn e -> apply(adder, [entity, e]) end)
+
+      to_remove
+      |> Enum.each(fn e -> apply(remover, [entity, e]) end)
+
+      send(self(), {__MODULE__, {:saved, entity}})
+    end
+
+    {:noreply,
+     socket
+     |> put_flash(
+       :info,
+       gettext("Linked %{source_entity_type} updated",
+         source_entity_type: Atom.to_string(source_entity_type)
+       )
+     )
+     |> push_patch(to: socket.assigns.patch)}
+  end
+
+  @impl true
+  def update(%{selected_item: %{id: id}}, socket) do
+    entity = Enum.find(socket.assigns.linkable_entities, fn t -> t.id == id end)
+
+    {:ok,
+     socket
+     |> assign(:linked_entities, [entity | socket.assigns.linked_entities])
+     |> assign(
+       :linkable_entities,
+       socket.assigns.linkable_entities
+       |> Enum.reject(fn t -> t.id == id end)
+     )}
+  end
+
+  @impl true
+  def update(assigns, socket) do
+    {:ok,
+     socket
+     |> assign(assigns)}
+  end
+
+  defp entity_content(%Valentine.Composer.Threat{} = threat),
+    do: Valentine.Composer.Threat.show_statement(threat)
+
+  defp entity_content(entity), do: entity.content
+end

valentine/lib/valentine_web/live/workspace_live/components/mitigation_component.ex

@@ -35,6 +35,32 @@ defmodule ValentineWeb.WorkspaceLive.Components.MitigationComponent do
           ]}
         />
         <div class="float-right">
+          <.button
+            is_icon_button
+            aria-label="Linked assumptions"
+            phx-click={
+              JS.patch(
+                ~p"/workspaces/#{@mitigation.workspace_id}/mitigations/#{@mitigation.id}/assumptions"
+              )
+            }
+            id={"linked-mitigation-assumptions-#{@mitigation.id}"}
+          >
+            <.octicon name="discussion-closed-16" />
+            <.counter>{assoc_length(@mitigation.assumptions)}</.counter>
+          </.button>
+          <.button
+            is_icon_button
+            aria-label="Linked threats"
+            phx-click={
+              JS.patch(
+                ~p"/workspaces/#{@mitigation.workspace_id}/mitigations/#{@mitigation.id}/threats"
+              )
+            }
+            id={"linked-mitigation-threats-#{@mitigation.id}"}
+          >
+            <.octicon name="squirrel-16" />
+            <.counter>{assoc_length(@mitigation.threats)}</.counter>
+          </.button>
           <.button
             is_icon_button
             aria-label="Categorize"
@@ -221,4 +247,7 @@ defmodule ValentineWeb.WorkspaceLive.Components.MitigationComponent do
   def handle_event("update_comments", %{"comments" => comments}, socket) do
     {:noreply, assign(socket, :mitigation, %{socket.assigns.mitigation | comments: comments})}
   end
+
+  defp assoc_length(l) when is_list(l), do: length(l)
+  defp assoc_length(_), do: 0
 end

valentine/lib/valentine_web/live/workspace_live/mitigation/index.ex

@@ -13,6 +13,7 @@ defmodule ValentineWeb.WorkspaceLive.Mitigation.Index do
     {:ok,
      socket
      |> assign(:workspace_id, workspace_id)
+     |> assign(:workspace, workspace)
      |> assign(:filters, %{})
      |> assign(
        :mitigations,
@@ -25,6 +26,13 @@ defmodule ValentineWeb.WorkspaceLive.Mitigation.Index do
     {:noreply, apply_action(socket, socket.assigns.live_action, params)}
   end
 
+  defp apply_action(socket, :assumptions, %{"id" => id}) do
+    socket
+    |> assign(:page_title, gettext("Link assumptions to mitigation"))
+    |> assign(:assumptions, socket.assigns.workspace.assumptions)
+    |> assign(:mitigation, Composer.get_mitigation!(id, [:assumptions]))
+  end
+
   defp apply_action(socket, :categorize, %{"id" => id}) do
     socket
     |> assign(:page_title, gettext("Categorize Mitigation"))
@@ -37,6 +45,13 @@ defmodule ValentineWeb.WorkspaceLive.Mitigation.Index do
     |> assign(:mitigation, Composer.get_mitigation!(id))
   end
 
+  defp apply_action(socket, :threats, %{"id" => id}) do
+    socket
+    |> assign(:page_title, gettext("Link threats to mitigation"))
+    |> assign(:threats, socket.assigns.workspace.threats)
+    |> assign(:mitigation, Composer.get_mitigation!(id, [:threats]))
+  end
+
   defp apply_action(socket, :new, _params) do
     socket
     |> assign(
@@ -117,6 +132,6 @@ defmodule ValentineWeb.WorkspaceLive.Mitigation.Index do
   end
 
   defp get_workspace(id) do
-    Composer.get_workspace!(id, [:mitigations])
+    Composer.get_workspace!(id, [:assumptions, :threats, mitigations: [:assumptions, :threats]])
   end
 end

valentine/lib/valentine_web/live/workspace_live/mitigation/index.html.heex

@@ -74,3 +74,29 @@
   workspace_id={@workspace_id}
   patch={~p"/workspaces/#{@workspace_id}/mitigations"}
 />
+
+<.live_component
+  :if={@live_action in [:assumptions]}
+  module={ValentineWeb.WorkspaceLive.Components.EntityLinkerComponent}
+  id={@mitigation.id}
+  source_entity_type={:mitigation}
+  target_entity_type={:assumptions}
+  entity={@mitigation}
+  linkable_entities={@assumptions}
+  linked_entities={@mitigation.assumptions}
+  workspace_id={@workspace_id}
+  patch={~p"/workspaces/#{@workspace_id}/mitigations"}
+/>
+
+<.live_component
+  :if={@live_action in [:threats]}
+  module={ValentineWeb.WorkspaceLive.Components.EntityLinkerComponent}
+  id={@mitigation.id}
+  source_entity_type={:mitigation}
+  target_entity_type={:threats}
+  entity={@mitigation}
+  linkable_entities={@threats}
+  linked_entities={@mitigation.threats}
+  workspace_id={@workspace_id}
+  patch={~p"/workspaces/#{@workspace_id}/mitigations"}
+/>

valentine/lib/valentine_web/router.ex

@@ -80,10 +80,18 @@ defmodule ValentineWeb.Router do
       live "/workspaces/:workspace_id/mitigations/new", WorkspaceLive.Mitigation.Index, :new
       live "/workspaces/:workspace_id/mitigations/:id/edit", WorkspaceLive.Mitigation.Index, :edit
 
+      live "/workspaces/:workspace_id/mitigations/:id/assumptions",
+           WorkspaceLive.Mitigation.Index,
+           :assumptions
+
       live "/workspaces/:workspace_id/mitigations/:id/categorize",
            WorkspaceLive.Mitigation.Index,
            :categorize
 
+      live "/workspaces/:workspace_id/mitigations/:id/threats",
+           WorkspaceLive.Mitigation.Index,
+           :threats
+
       live "/workspaces/:workspace_id/threats", WorkspaceLive.Threat.Index, :index
       live "/workspaces/:workspace_id/threats/new", WorkspaceLive.Threat.Show, :new
       live "/workspaces/:workspace_id/threats/:id", WorkspaceLive.Threat.Show, :edit