Added the monitoring and review, last review date and review frequency functionality.

Author: ruslanbaidan

migrations/db/20260515101000_add_risk_review_metadata.php

@@ -0,0 +1,35 @@
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2026 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
+use Phinx\Migration\AbstractMigration;
+
+class AddRiskReviewMetadata extends AbstractMigration
+{
+    public function up(): void
+    {
+        $this->table('instances_risks')
+            ->addColumn('last_review_date', 'date', ['null' => true, 'after' => 'comment_after'])
+            ->addColumn('review_frequency', 'string', ['limit' => 50, 'null' => true, 'after' => 'last_review_date'])
+            ->update();
+
+        $this->table('anr_reassessment_triggers')
+            ->addColumn('monitoring_approach', 'text', ['null' => true, 'after' => 'description'])
+            ->update();
+    }
+
+    public function down(): void
+    {
+        $this->table('instances_risks')
+            ->removeColumn('review_frequency')
+            ->removeColumn('last_review_date')
+            ->update();
+
+        $this->table('anr_reassessment_triggers')
+            ->removeColumn('monitoring_approach')
+            ->update();
+    }
+}

src/Controller/ApiAnrInstancesRisksController.php

@@ -60,6 +60,8 @@ public function update($id, $data)
             'id' => $instanceRisk->getId(),
             'riskSourceId' => $instanceRisk->getRiskSource()?->getId(),
             'riskSourceLabel' => $instanceRisk->getRiskSource()?->getLabel() ?? '',
+            'lastReviewDate' => $instanceRisk->getLastReviewDate()?->format('Y-m-d'),
+            'reviewFrequency' => $instanceRisk->getReviewFrequency(),
             'threatRate' => $instanceRisk->getThreatRate(),
             'vulnerabilityRate' => $instanceRisk->getVulnerabilityRate(),
             'reductionAmount' => $instanceRisk->getReductionAmount(),

src/Controller/ApiAnrReassessmentTriggersController.php

@@ -102,6 +102,7 @@ private function prepareReassessmentTriggerData(ReassessmentTrigger $reassessmen
             'id' => $reassessmentTrigger->getId(),
             'triggerType' => $reassessmentTrigger->getTriggerType(),
             'description' => $reassessmentTrigger->getDescription(),
+            'monitoringApproach' => $reassessmentTrigger->getMonitoringApproach(),
             'isActive' => $reassessmentTrigger->isActive(),
             'position' => $reassessmentTrigger->getPosition(),
         ];

src/Export/Service/AnrExportService.php

@@ -574,6 +574,7 @@ private function prepareReassessmentTriggersData(Entity\Anr $anr): array
             $result[] = [
                 'triggerType' => $reassessmentTrigger->getTriggerType(),
                 'description' => $reassessmentTrigger->getDescription(),
+                'monitoringApproach' => $reassessmentTrigger->getMonitoringApproach(),
                 'isActive' => $reassessmentTrigger->isActive(),
                 'position' => $reassessmentTrigger->getPosition(),
             ];

src/Export/Service/Traits/InformationInstanceRiskExportTrait.php

@@ -70,6 +70,8 @@ private function prepareInformationInstanceRiskData(
             'riskAvailability' => $withEval ? $instanceRisk->getRiskAvailability() : -1,
             'context' => $withEval ? $instanceRisk->getContext() : '',
             'riskOwner' => $withEval ? $instanceRisk->getInstanceRiskOwner()?->getName() : '',
+            'lastReviewDate' => $withEval ? $instanceRisk->getLastReviewDate()?->format('Y-m-d') : null,
+            'reviewFrequency' => $withEval ? $instanceRisk->getReviewFrequency() : null,
             'recommendations' => $recommendationsData,
         ];
     }

src/Import/Processor/InstanceRiskImportProcessor.php

@@ -7,6 +7,7 @@
 
 namespace Monarc\FrontOffice\Import\Processor;
 
+use DateTime;
 use Monarc\Core\Entity\ScaleSuperClass;
 use Monarc\FrontOffice\Entity;
 use Monarc\FrontOffice\Import\Helper\ImportCacheHelper;
@@ -114,6 +115,17 @@ private function processInstanceRiskData(Entity\Instance $instance, array $insta
                 ->setIsThreatRateNotSetOrModifiedExternally(
                     (bool)$instanceRiskData['isThreatRateNotSetOrModifiedExternally']
                 );
+            if (array_key_exists('lastReviewDate', $instanceRiskData)) {
+                $instanceRisk->setLastReviewDate(
+                    empty($instanceRiskData['lastReviewDate'])
+                        ? null
+                        : (DateTime::createFromFormat('Y-m-d', $instanceRiskData['lastReviewDate']) ?: null)
+                );
+            }
+            if (array_key_exists('reviewFrequency', $instanceRiskData)) {
+                $reviewFrequency = trim((string)$instanceRiskData['reviewFrequency']);
+                $instanceRisk->setReviewFrequency($reviewFrequency === '' ? null : $reviewFrequency);
+            }
             if (!empty($instanceRiskData['riskOwner'])) {
                 $this->instanceRiskOwnerService
                     ->processRiskOwnerNameAndAssign($instanceRiskData['riskOwner'], $instanceRisk);
@@ -196,6 +208,8 @@ private function applyRiskDataToItsSibling(
         $toInstanceRisk
             ->setContext($fromInstanceRisk->getContext())
             ->setInstanceRiskOwner($fromInstanceRisk->getInstanceRiskOwner())
+            ->setLastReviewDate($fromInstanceRisk->getLastReviewDate())
+            ->setReviewFrequency($fromInstanceRisk->getReviewFrequency())
             ->setThreatRate($fromInstanceRisk->getThreatRate())
             ->setVulnerabilityRate($fromInstanceRisk->getVulnerabilityRate())
             ->setKindOfMeasure($fromInstanceRisk->getKindOfMeasure())

src/Import/Traits/ImportDataStructureAdapterTrait.php

@@ -284,6 +284,8 @@ private function prepareInstanceRisksData(array $data, int $languageIndex): arra
                 'riskAvailability' => $instanceRiskDatum['riskD'],
                 'context' => $instanceRiskDatum['context'],
                 'riskOwner' => $instanceRiskDatum['riskOwner'],
+                'lastReviewDate' => $instanceRiskDatum['lastReviewDate'] ?? null,
+                'reviewFrequency' => $instanceRiskDatum['reviewFrequency'] ?? null,
                 'recommendations' => $recommendationsData,
             ];
         }

src/Service/AnrInstanceRiskService.php

@@ -7,6 +7,7 @@
 
 namespace Monarc\FrontOffice\Service;
 
+use DateTime;
 use Dom\Entity as DomEntity;
 use Monarc\Core\Exception\Exception;
 use Monarc\Core\Entity as CoreEntity;
@@ -127,6 +128,12 @@ public function getInstanceRisks(Entity\Anr $anr, ?int $instanceId, array $param
                     'comment' => $instanceRisk->getComment(),
                     'scope' => $object->getScope(),
                     'kindOfMeasure' => $instanceRisk->getKindOfMeasure(),
+                    'lastReviewDate' => $instanceRisk->getLastReviewDate()?->format('Y-m-d'),
+                    'reviewFrequency' => $instanceRisk->getReviewFrequency(),
+                    'reviewFrequencyLabel' => $this->getReviewFrequencyLabel(
+                        $instanceRisk->getReviewFrequency(),
+                        $languageIndex
+                    ),
                     't' => $instanceRisk->isTreated(),
                     'tid' => $threat->getUuid(),
                     'vid' => $vulnerability->getUuid(),
@@ -232,6 +239,15 @@ public function createInstanceRisks(
                             );
                             $instanceRisk->setInstanceRiskOwner($instanceRiskOwner);
                         }
+                        if (array_key_exists('lastReviewDate', $instanceRiskData)) {
+                            $instanceRisk->setLastReviewDate(
+                                $this->createLastReviewDateFromString($instanceRiskData['lastReviewDate'])
+                            );
+                        }
+                        if (array_key_exists('reviewFrequency', $instanceRiskData)) {
+                            $reviewFrequency = trim((string)$instanceRiskData['reviewFrequency']);
+                            $instanceRisk->setReviewFrequency($reviewFrequency === '' ? null : $reviewFrequency);
+                        }
                     }
                 }
 
@@ -380,6 +396,8 @@ public function getInstanceRisksInCsv(Entity\Anr $anr, int $instanceId = null, a
             $this->translateService->translate('Residual risk', $languageIndex),
             $this->translateService->translate('Risk owner', $languageIndex),
             $this->translateService->translate('Risk context', $languageIndex),
+            $this->translateService->translate('Last review date', $languageIndex),
+            $this->translateService->translate('Review frequency', $languageIndex),
             $this->translateService->translate('Recommendations', $languageIndex),
             $this->translateService->translate('Security referentials', $languageIndex),
         ]) . "\n";
@@ -450,6 +468,8 @@ public function getInstanceRisksInCsv(Entity\Anr $anr, int $instanceId = null, a
                     $instanceRisk->getCacheTargetedRisk() === -1 ? null : $instanceRisk->getCacheTargetedRisk(),
                     $instanceRisk->getInstanceRiskOwner() ? $instanceRisk->getInstanceRiskOwner()->getName() : '',
                     $instanceRisk->getContext(),
+                    $instanceRisk->getLastReviewDate()?->format('Y-m-d'),
+                    $this->getReviewFrequencyLabel($instanceRisk->getReviewFrequency(), $languageIndex),
                     implode("\n", $recommendationData),
                     implode("\n", $measuresData),
                 ];
@@ -471,6 +491,13 @@ private function updateInstanceRiskData(Entity\InstanceRisk $instanceRisk, array
             $riskSourceId = empty($data['riskSourceId']) ? null : $data['riskSourceId'];
             $instanceRisk->setRiskSource($this->riskSourceTable->findById((int)$riskSourceId));
         }
+        if (array_key_exists('lastReviewDate', $data)) {
+            $instanceRisk->setLastReviewDate($this->prepareLastReviewDate($instanceRisk, $data['lastReviewDate']));
+        }
+        if (array_key_exists('reviewFrequency', $data)) {
+            $reviewFrequency = trim((string)$data['reviewFrequency']);
+            $instanceRisk->setReviewFrequency($reviewFrequency === '' ? null : $reviewFrequency);
+        }
         if (isset($data['owner'])) {
             $this->instanceRiskOwnerService->processRiskOwnerNameAndAssign((string)$data['owner'], $instanceRisk);
         }
@@ -518,6 +545,57 @@ private function getOrCreateRiskSourceByLabel(Entity\Anr $anr, string $label): E
         return $riskSource;
     }
 
+    private function prepareLastReviewDate(Entity\InstanceRisk $instanceRisk, mixed $lastReviewDate): ?DateTime
+    {
+        $normalizedDate = $this->createLastReviewDateFromString($lastReviewDate);
+        $currentLastReviewDate = $instanceRisk->getLastReviewDate();
+        if (
+            $normalizedDate !== null
+            && $currentLastReviewDate !== null
+            && $normalizedDate->format('Y-m-d') !== $currentLastReviewDate->format('Y-m-d')
+            && $normalizedDate <= $currentLastReviewDate
+        ) {
+            throw new Exception('Last review date must be later than the existing last review date.', 412);
+        }
+
+        return $normalizedDate;
+    }
+
+    private function createLastReviewDateFromString(mixed $lastReviewDate): ?DateTime
+    {
+        if ($lastReviewDate === null || $lastReviewDate === '') {
+            return null;
+        }
+
+        $normalizedDate = DateTime::createFromFormat('Y-m-d', (string)$lastReviewDate);
+        if ($normalizedDate === false) {
+            throw new Exception('Invalid last review date format.', 412);
+        }
+
+        return $normalizedDate;
+    }
+
+    private function getReviewFrequencyLabel(?string $reviewFrequency, int $languageIndex): string
+    {
+        if ($reviewFrequency === null || $reviewFrequency === '') {
+            return '';
+        }
+
+        $suggestedReviewFrequencies = [
+            'Monthly',
+            'Quarterly',
+            'Semi-annually',
+            'Annually',
+            'On trigger',
+        ];
+
+        if (\in_array($reviewFrequency, $suggestedReviewFrequencies, true)) {
+            return $this->translateService->translate($reviewFrequency, $languageIndex);
+        }
+
+        return $reviewFrequency;
+    }
+
     private function duplicateRecommendationRisks(
         Entity\InstanceRisk $fromInstanceRisk,
         Entity\InstanceRisk $newInstanceRisk