Ability to create custom trust center controls

.task/checksum/generate-ent-smart

@@ -1 +1 @@
-c6b25036c8c31992fb717adc1a079f77
+4c64f3f331549a093e39318c14d1a15

.task/checksum/generate-graphql-smart

@@ -1 +1 @@
-5811c37439be5e024f83a9105568990c
+90ad196d067073bdf9caf8672951bcb2

internal/ent/checksum/.history_schema_checksum

@@ -1 +1 @@
-756dab20acaccaa9e8d3a1a828e98f941860c80351db020ead63fa42c9246cd1
+774a1b2017f36008a59d7336286eefb77000cdbb07b9095d74747602001e0b88

internal/ent/checksum/.schema_checksum

@@ -1 +1 @@
-078bb7642ac976c08a11add82250e09a0b8675d0c570d0c1b8e6f35fc56943bd
+998757daa7ac08acccd5ed9bab8efc4cfe6df3a0505db74c35f322050e74c330

internal/ent/hooks/control.go

@@ -17,6 +17,57 @@ import (
 	"github.com/theopenlane/core/pkg/logx"
 )
 
+// HookControlTrustcenter runs on control mutations when adding making a trustcenter control
+func HookControlTrustcenter() ent.Hook {
+	return hook.On(func(next ent.Mutator) ent.Mutator {
+		return hook.ControlFunc(func(ctx context.Context, m *generated.ControlMutation) (generated.Value, error) {
+			val, ok := m.IsTrustCenterControl()
+			if !ok || !val {
+				return next.Mutate(ctx, m)
+			}
+
+			publicRepresentation, publicExists := m.PublicRepresentation()
+			standardID, standardExists := m.StandardID()
+
+			switch m.Op() {
+			case ent.OpCreate:
+				if !publicExists || publicRepresentation == "" {
+					return nil, ErrTrustCenterControlNoPublicRepresentation
+				}
+
+				if standardExists && standardID != "" {
+					return nil, ErrTrustCenterControlNoStandardRequired
+				}
+
+			case ent.OpUpdateOne:
+				if !publicExists {
+					oldRepresentation, err := m.OldPublicRepresentation(ctx)
+					if err != nil {
+						return nil, err
+					}
+
+					if oldRepresentation == "" {
+						return nil, ErrTrustCenterControlNoPublicRepresentation
+					}
+				}
+
+				if !standardExists {
+					oldStandardID, err := m.OldStandardID(ctx)
+					if err != nil {
+						return nil, err
+					}
+
+					if oldStandardID != "" {
+						return nil, ErrTrustCenterControlNoStandardRequired
+					}
+				}
+			}
+
+			return next.Mutate(ctx, m)
+		})
+	}, ent.OpCreate|ent.OpUpdate|ent.OpUpdateOne)
+}
+
 // HookControlReferenceFramework runs on control mutations to set the reference framework
 // based on the standard's short name
 func HookControlReferenceFramework() ent.Hook {

internal/ent/hooks/errors.go

@@ -189,6 +189,10 @@ var (
 	ErrFailedToTriggerWorkflow = errors.New("failed to trigger workflow")
 	// ErrMissingIDForTrustCenterNDARequest is returned when a mutation for trust center nda request is missing the ID field, which is required to determine the trust center and send the appropriate email
 	ErrMissingIDForTrustCenterNDARequest = errors.New("missing ID for trust center NDA request mutation")
+	// ErrTrustCenterControlNoPublicRepresentation is returned when a control does not have a public representation yet when being linked to a trustcenter
+	ErrTrustCenterControlNoPublicRepresentation = errors.New("a trust center control requires a public representation")
+	// ErrTrustCenterControlNoStandardRequired is returned when a control is already linked to a standard and it is being connected to a trustcenter
+	ErrTrustCenterControlNoStandardRequired = errors.New("a trust center control must not be linked to a standard")
 )
 
 // IsUniqueConstraintError reports if the error resulted from a DB uniqueness constraint violation.

internal/ent/schema/control.go

@@ -9,13 +9,14 @@ import (
 	"entgo.io/ent/schema/field"
 	"entgo.io/ent/schema/index"
 	"github.com/gertd/go-pluralize"
-	"github.com/theopenlane/core/common/enums"
-	"github.com/theopenlane/core/common/models"
 	"github.com/theopenlane/entx"
 	"github.com/theopenlane/entx/accessmap"
 	"github.com/theopenlane/entx/oscalgen"
 	"github.com/theopenlane/iam/entfga"
 
+	"github.com/theopenlane/core/common/enums"
+	"github.com/theopenlane/core/common/models"
+
 	"github.com/theopenlane/core/internal/ent/generated"
 	"github.com/theopenlane/core/internal/ent/hooks"
 	"github.com/theopenlane/core/internal/ent/interceptors"
@@ -79,10 +80,6 @@ func (Control) Fields() []ent.Field {
 		field.Bool("is_trust_center_control").
 			Default(false).
 			Optional().
-			Immutable().
-			Annotations(
-				entgql.Skip(entgql.SkipMutationCreateInput, entgql.SkipMutationUpdateInput),
-			).
 			Comment("indicates the control is derived from the trust center standard, set by the system during control clone"),
 	}
 
@@ -225,6 +222,7 @@ func (Control) Hooks() []ent.Hook {
 	return []ent.Hook{
 		hooks.HookControlReferenceFramework(),
 		hooks.HookControlTrustCenterVisibility(),
+		hooks.HookControlTrustcenter(),
 	}
 }
 

internal/graphapi/checksum/.history_schema_checksum

@@ -1 +1 @@
-56551cc51a4057cc66c71d8df667bc883601712d215771cf3c407403f16ec417
+c35864d5a8f663ddb8fb142caa1d17899ff24b6e5a5db97f1e146d7b7508e5e1

internal/graphapi/checksum/.schema_checksum

@@ -1 +1 @@
-5484f1f1567b3762c4d2d09f872c5ff0d04c720686c95c145879077d68b29cbf
+f404b0a42627d262dadb0acdf67cc43fdb23a6076f6bd59f1429c0b2e16f424a

internal/graphapi/clientschema/checksum/.schema_checksum

@@ -1 +1 @@
-106152007288b8f81fecfc31255695f8d0c73908d053180e710a2c010e3de059
+b25d7335d5761714ad4fe44cf0979c8a6021b320425d027ab355fc6104f4f197

internal/graphapi/clientschema/schema.graphql

@@ -11363,6 +11363,10 @@ input CreateControlInput {
 	visibility of the control on the trust center, controls the publishing state for trust center display
 	"""
 	trustCenterVisibility: ControlTrustCenterControlVisibility
+	"""
+	indicates the control is derived from the trust center standard, set by the system during control clone
+	"""
+	isTrustCenterControl: Boolean
 	evidenceIDs: [ID!]
 	controlObjectiveIDs: [ID!]
 	taskIDs: [ID!]
@@ -83981,6 +83985,11 @@ input UpdateControlInput {
 	"""
 	trustCenterVisibility: ControlTrustCenterControlVisibility
 	clearTrustCenterVisibility: Boolean
+	"""
+	indicates the control is derived from the trust center standard, set by the system during control clone
+	"""
+	isTrustCenterControl: Boolean
+	clearIsTrustCenterControl: Boolean
 	addEvidenceIDs: [ID!]
 	removeEvidenceIDs: [ID!]
 	clearEvidence: Boolean