public async Task Can_Get_Available_Systems()
{
//Arrange
var systemPrefix = A <Guid>().ToString("N");
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system1Name = $"{systemPrefix}{1}";
var system2Name = $"{systemPrefix}{2}";
var filteredOutSystemName = A <string>();
var registration = await DataProcessingRegistrationHelper.CreateAsync(organizationId, A <string>());
var system1 = await ItSystemHelper.CreateItSystemInOrganizationAsync(system1Name, organizationId, AccessModifier.Public);
var system2 = await ItSystemHelper.CreateItSystemInOrganizationAsync(system2Name, organizationId, AccessModifier.Public);
var filteredOutSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(filteredOutSystemName, organizationId, AccessModifier.Public);
var usage1 = await ItSystemHelper.TakeIntoUseAsync(system1.Id, organizationId);
var usage2 = await ItSystemHelper.TakeIntoUseAsync(system2.Id, organizationId);
await ItSystemHelper.TakeIntoUseAsync(filteredOutSystem.Id, organizationId);
//Act
var dtos = (await DataProcessingRegistrationHelper.GetAvailableSystemsAsync(registration.Id, systemPrefix)).ToList();
//Assert
Assert.Equal(2, dtos.Count);
dtos.Select(x => new { x.Id, x.Name }).ToExpectedObject().ShouldMatch(new[] { new { usage1.Id, system1.Name }, new { usage2.Id, system2.Name } });
}
public async Task CanModifyArchiveDutyValues(ArchiveDutyRecommendationTypes recommendation)
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var comment = A <string>();
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var initialValues = await ItSystemHelper.GetSystemAsync(system.Id);
//Act
using (var changeDutyResponse = await ItSystemHelper.SendChangeArchiveDutyRecommendationRequestAsync(system.Id, recommendation))
using (var changeCommentResponse = await ItSystemHelper.SendChangeArchiveDutyRecommendationCommentRequestAsync(system.Id, comment))
{
//Assert - initial and changed values
Assert.Equal(HttpStatusCode.OK, changeDutyResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, changeCommentResponse.StatusCode);
Assert.Null(initialValues.ArchiveDuty);
Assert.Null(initialValues.ArchiveDutyComment);
var changedValues = await ItSystemHelper.GetSystemAsync(system.Id);
Assert.Equal(recommendation, changedValues.ArchiveDuty);
Assert.Equal(comment, changedValues.ArchiveDutyComment);
}
}
public async Task Can_Get_AvailableDestinationSystems()
{
//Arrange
var prefix = CreateName();
var source = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var target1 = await ItSystemHelper.CreateItSystemInOrganizationAsync(prefix + 1, OrganizationId, AccessModifier.Public);
var target2 = await ItSystemHelper.CreateItSystemInOrganizationAsync(prefix + 2, OrganizationId, AccessModifier.Public);
var ignoredSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var sourceUsage = await ItSystemHelper.TakeIntoUseAsync(source.Id, OrganizationId);
var targetUsage1 = await ItSystemHelper.TakeIntoUseAsync(target1.Id, OrganizationId);
var targetUsage2 = await ItSystemHelper.TakeIntoUseAsync(target2.Id, OrganizationId);
await ItSystemHelper.TakeIntoUseAsync(ignoredSystem.Id, OrganizationId);
//Act
var availableDestinationSystems = (await SystemRelationHelper.GetAvailableDestinationSystemsAsync(sourceUsage.Id, prefix))?.ToList();
//Assert
Assert.NotNull(availableDestinationSystems);
Assert.Equal(2, availableDestinationSystems.Count);
Assert.True(new[] { targetUsage1.Id, targetUsage2.Id }.SequenceEqual(availableDestinationSystems.Select(x => x.Id)));
}
public async Task Cannot_Add_SensitiveDataLevel_If_Level_Already_Exists()
{
//Arrange
var cookie = await HttpApi.GetCookieAsync(OrganizationRole.GlobalAdmin);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Act
using (var result = await HttpApi.PatchWithCookieAsync(
TestEnvironment.CreateUrl(
$"api/v1/itsystemusage/{usage.Id}/sensitivityLevel/add"), cookie, sensitivityLevel))
{
//Assert
Assert.Equal(HttpStatusCode.Conflict, result.StatusCode);
var notUpdatedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
var sensitiveDataLevel = Assert.Single(notUpdatedUsage.SensitiveDataLevels);
Assert.Equal(sensitivityLevel, sensitiveDataLevel.DataSensitivityLevel);
}
}
public async Task Changing_Exposing_System_On_Interface_Clears_InterfaceField_In_All_Relations_To_Old_Exposing_System()
{
//Arrange
var newExhibitor = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var input = await PrepareFullRelationAsync(false, false, true);
//Act
using (var response = await SystemRelationHelper.SendPostRelationRequestAsync(input))
using (var changeExposingSystem = await InterfaceExhibitHelper.SendCreateExhibitRequest(newExhibitor.Id, input.InterfaceId.GetValueOrDefault()))
{
//Assert
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
Assert.Equal(HttpStatusCode.Created, changeExposingSystem.StatusCode);
var relation = await response.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.NotNull(relation.Interface);
using (var getAfterDeleteResponse = await SystemRelationHelper.SendGetRelationRequestAsync(input.FromUsageId, relation.Id))
{
Assert.Equal(HttpStatusCode.OK, getAfterDeleteResponse.StatusCode);
var relationAfterChange = await getAfterDeleteResponse.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.Null(relationAfterChange.Interface);
}
}
}
public async Task Delete_SystemRelation_Returns_204()
{
//Arrange
var system1 = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var system2 = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var usage1 = await ItSystemHelper.TakeIntoUseAsync(system1.Id, OrganizationId);
var usage2 = await ItSystemHelper.TakeIntoUseAsync(system2.Id, OrganizationId);
var input = new CreateSystemRelationDTO
{
FromUsageId = usage1.Id,
ToUsageId = usage2.Id,
Description = A <string>(),
Reference = A <string>(),
};
using (var response = await SystemRelationHelper.SendPostRelationRequestAsync(input))
{
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
var createdRelation = await response.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
//Act
using (var deleteResponse = await SystemRelationHelper.SendDeleteRelationRequestAsync(usage1.Id, createdRelation.Id))
{
//Assert
Assert.Equal(HttpStatusCode.NoContent, deleteResponse.StatusCode);
}
}
}
private static Task <ItSystemDTO> CreateSystemAsync(
int organizationId = TestEnvironment.DefaultOrganizationId,
string name = null,
AccessModifier accessModifier = AccessModifier.Local)
{
return(ItSystemHelper.CreateItSystemInOrganizationAsync(name ?? CreateName(), organizationId, accessModifier));
}
public async Task Api_User_Can_Get_It_System_ParentId(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var mainSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var childSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
await ItSystemHelper.SendSetParentSystemRequestAsync(childSystem.Id, mainSystem.Id, organizationId, login);
var token = await HttpApi.GetTokenAsync(role);
var url = TestEnvironment.CreateUrl($"api/itsystem/{childSystem.Id}?hierarchy=true");
//Act
using (var httpResponse = await HttpApi.GetWithTokenAsync(url, token.Token))
{
//Assert
var response = await httpResponse.ReadResponseBodyAsKitosApiResponseAsync <IEnumerable <ItSystemDTO> >();
Assert.Equal(HttpStatusCode.OK, httpResponse.StatusCode);
var itSystemDtos = response.ToList();
Assert.NotEmpty(itSystemDtos);
Assert.Equal(mainSystem.Id, itSystemDtos.First(x => x.Id == childSystem.Id).ParentId);
}
}
public async Task Can_Delete_Objects_Which_Are_Referred_By_Report()
{
//Arrange - a broken link in both a system and an interface
PurgeBrokenExternalReferencesReportTable();
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <Guid>().ToString("N"), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
await ReferencesHelper.CreateReferenceAsync(A <string>(), null, SystemReferenceUrl, Display.Url, r => r.ItSystem_Id = system.Id);
var referenceToBeExplicitlyDeleted = await ReferencesHelper.CreateReferenceAsync(A <string>(), null, SystemReferenceUrl, Display.Url, r => r.ItSystem_Id = system.Id);
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public));
interfaceDto = await InterfaceHelper.SetUrlAsync(interfaceDto.Id, InterfaceUrl);
await BrokenExternalReferencesReportHelper.TriggerRequestAsync();
var dto = await WaitForReportGenerationCompletedAsync();
Assert.True(dto.Available);
//Act
using (var deleteReferenceResponse = await ReferencesHelper.DeleteReferenceAsync(referenceToBeExplicitlyDeleted.Id))
using (var deleteItSystemResponse = await ItSystemHelper.DeleteItSystemAsync(system.Id, TestEnvironment.DefaultOrganizationId))
using (var deleteInterfaceResponse = await InterfaceHelper.SendDeleteInterfaceRequestAsync(interfaceDto.Id))
{
Assert.Equal(HttpStatusCode.OK, deleteReferenceResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, deleteItSystemResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, deleteInterfaceResponse.StatusCode);
}
}
public async Task Cannot_Delete_System_With_Interface_Exhibits(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var itInterfaceDto = InterfaceHelper.CreateInterfaceDto(
A <string>(),
A <string>(),
organizationId,
AccessModifier.Public);
var itInterface = await InterfaceHelper.CreateInterface(itInterfaceDto);
await InterfaceExhibitHelper.CreateExhibit(system.Id, itInterface.Id);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(system.Id, organizationId, login))
{
//Assert
await AssertCorrectConflictResponseAsync(SystemDeleteConflict.HasInterfaceExhibits, result, system.Id);
}
}
public async Task Get_CurrentCsv_Returns_Unicode_Encoded_Csv()
{
//Arrange - a broken link in both a system and an interface
PurgeBrokenExternalReferencesReportTable();
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <Guid>().ToString("N"), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var systemReferenceName = A <string>();
await ReferencesHelper.CreateReferenceAsync(systemReferenceName, null, SystemReferenceUrl, Display.Url, r => r.ItSystem_Id = system.Id);
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public));
interfaceDto = await InterfaceHelper.SetUrlAsync(interfaceDto.Id, InterfaceUrl);
//Act
await BrokenExternalReferencesReportHelper.TriggerRequestAsync();
var dto = await WaitForReportGenerationCompletedAsync();
//Assert that the two controlled errors are present
Assert.True(dto.Available);
var report = await GetBrokenLinksReportAsync();
var brokenSystemLink = Assert.Single(report[system.Name]);
AssertBrokenLinkRow(brokenSystemLink, "IT System", system.Name, systemReferenceName, "Se fejlkode", "404", SystemReferenceUrl);
var brokenInterfaceLink = Assert.Single(report[interfaceDto.Name]);
AssertBrokenLinkRow(brokenInterfaceLink, "Snitflade", interfaceDto.Name, string.Empty, "Se fejlkode", "404", InterfaceUrl);
}
private async Task <(Guid uuid, int dbId)> CreateSystemAsync(int organizationId, AccessModifier accessModifier)
{
var systemName = CreateName();
var createdSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(systemName, organizationId, accessModifier);
var entityUuid = TestEnvironment.GetEntityUuid <Core.DomainModel.ItSystem.ItSystem>(createdSystem.Id);
return(entityUuid, createdSystem.Id);
}
private async Task <ItSystemUsageDTO> Create_System_Usage_And_Change_Value_By_Body(Object body)
{
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
return(await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body));
}
public async Task Put_Removes_Obsoleted_And_Removes_Usages_In_Systems()
{
//Arrange
await PrepareForDetailedTest();
var systemDto = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
//Add some task refs to a system and save the expected keys (keys not removed)
MutateDatabase(context =>
{
using (var taskRefs = new GenericRepository <TaskRef>(context))
using (var systems = new GenericRepository <Core.DomainModel.ItSystem.ItSystem>(context))
{
var itSystem = systems.GetByKey(systemDto.Id);
var toKeep = taskRefs.AsQueryable().Take(2).ToList();
toKeep.ForEach(itSystem.TaskRefs.Add);
systems.Save();
}
});
var expectedTaskRefs = GetSystemTaskKeys(systemDto.Id);
Assert.Equal(2, expectedTaskRefs.Count);
//Add the task refs subject to removal
MutateDatabase(db =>
{
using (var systems = new GenericRepository <Core.DomainModel.ItSystem.ItSystem>(db))
using (var taskRefs = new GenericRepository <TaskRef>(db))
{
var other = taskRefs.AsQueryable().First();
var objectOwnerId = other.ObjectOwnerId;
var organizationUnitId = other.OwnedByOrganizationUnitId;
var taskRef1 = taskRefs.Insert(CreateTaskRef(objectOwnerId, organizationUnitId));
var taskRef2 = taskRefs.Insert(CreateTaskRef(objectOwnerId, organizationUnitId));
taskRefs.Save();
//Add usages which we expect to be removed
var itSystem = systems.GetByKey(systemDto.Id);
itSystem.TaskRefs.Add(taskRef1);
itSystem.TaskRefs.Add(taskRef2);
systems.Save();
}
});
//Act
await PutKle();
//Assert
var actualTaskRefs = GetSystemTaskKeys(systemDto.Id);
VerifyTaskRefUsageKeys(expectedTaskRefs, actualTaskRefs);
}
public async Task Can_Get_GDPRExportReport_With_All_Fields_Set()
{
//Arrange
var sensitiveDataLevel = A <SensitiveDataLevel>();
var datahandlerContractTypeId = "5";
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var dataProcessingRegistrationDto = await DataProcessingRegistrationHelper.CreateAsync(organizationId, A <string>());
await DataProcessingRegistrationHelper.SendChangeIsAgreementConcludedRequestAsync(dataProcessingRegistrationDto.Id, YesNoIrrelevantOption.YES);
using var setSystemResponse = await DataProcessingRegistrationHelper.SendAssignSystemRequestAsync(dataProcessingRegistrationDto.Id, usage.Id);
Assert.Equal(HttpStatusCode.OK, setSystemResponse.StatusCode);
var body = new
{
HostedAt = A <HostedAt>(),
IsBusinessCritical = A <DataOptions>(),
DataProcessorControl = A <DataOptions>(),
RiskAssessment = A <DataOptions>(),
PreRiskAssessment = A <RiskLevel>(),
DPIA = A <DataOptions>()
};
var contract = await ItContractHelper.CreateContract(A <string>(), organizationId);
await ItContractHelper.PatchContract(contract.Id, organizationId, new { contractTypeId = datahandlerContractTypeId });
await ItContractHelper.AddItSystemUsage(contract.Id, usage.Id, organizationId);
await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body);
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitiveDataLevel);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, true);
AssertSensitiveDataLevel(sensitiveDataLevel, gdprExportReport);
}
public async Task Cannot_Set_Exposing_System(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), organizationId, AccessModifier.Public));
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
//Act - perform the action with the actual role
using (var result = await InterfaceExhibitHelper.SendCreateExhibitRequest(system.Id, interfaceDto.Id, login))
{
//Assert
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
}
}
public async Task Cannot_Delete_System(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(system.Id, organizationId, login))
{
//Assert
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
await AssertSystemNotDeletedAsync(system.Id);
}
}
public async Task Can_Add_SensitiveDataLevel()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
//Act
var sensitivityLevelDTO =
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Assert
Assert.Equal(sensitivityLevel, sensitivityLevelDTO.DataSensitivityLevel);
}
public async Task Can_Create_Reference_In_ItSystem()
{
//Arrange
var systemDto = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
//Act - create two similar references... we expect the first one to be the master
var expectedMasterReference = await ReferencesHelper.CreateReferenceAsync(_title, _externalReferenceId, _referenceUrl, _display, dto => dto.ItSystem_Id = systemDto.Id);
await ReferencesHelper.CreateReferenceAsync(_title, _externalReferenceId, _referenceUrl, _display, dto => dto.ItSystem_Id = systemDto.Id);
//Assert
AssertCreatedReference(_title, expectedMasterReference, _externalReferenceId, _referenceUrl, _display);
systemDto = await ItSystemHelper.GetSystemAsync(systemDto.Id);
Assert.Equal(2, systemDto.ExternalReferences.Count);
Assert.Equal(expectedMasterReference.Id, systemDto.ReferenceId.GetValueOrDefault(-1)); //First reference must be marked as "the reference"
}
public async Task BelongsTo_Is_Same_As_Exhibit_System()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), organizationId, AccessModifier.Public));
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
//Act - perform the action with the actual role
await InterfaceExhibitHelper.CreateExhibit(system.Id, interfaceDto.Id);
//Assert
var interfaceResult = await InterfaceHelper.GetInterfaceById(interfaceDto.Id);
var systemResult = await ItSystemHelper.GetSystemAsync(system.Id);
Assert.Equal(systemResult.BelongsToName, interfaceResult.BelongsToName);
}
public async Task Can_Change_HostedAtOptions()
{
//Arrange
var hostedAtOption = A <HostedAt>();
var body = new { HostedAt = hostedAtOption };
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
//Act
var itSystemUsageDTO = await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body);
//Assert
Assert.NotNull(itSystemUsageDTO.HostedAt);
Assert.Equal(hostedAtOption, itSystemUsageDTO.HostedAt.Value);
}
public async Task Cannot_Delete_System_In_Use(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(system.Id, organizationId, login))
{
//Assert
await AssertCorrectConflictResponseAsync(SystemDeleteConflict.InUse, result, system.Id);
}
}
public async Task Can_Get_GDPRExportReport_With_Fresh_Usage()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, false);
AssertEmptyString(gdprExportReport.SensitiveDataTypes);
}
private async Task <CreateSystemRelationDTO> PrepareFullRelationAsync(bool withContract, bool withFrequency, bool withInterface)
{
var system1 = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var system2 = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var usage1 = await ItSystemHelper.TakeIntoUseAsync(system1.Id, OrganizationId);
var usage2 = await ItSystemHelper.TakeIntoUseAsync(system2.Id, OrganizationId);
var targetInterface = Maybe <ItInterfaceDTO> .None;
if (withInterface)
{
targetInterface = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(CreateName(), CreateName(), OrganizationId, AccessModifier.Public));
await InterfaceExhibitHelper.CreateExhibit(system2.Id, targetInterface.Value.Id);
}
var contract = withContract ? await ItContractHelper.CreateContract(CreateName(), OrganizationId) : Maybe <ItContractDTO> .None;
var targetFrequencyTypeId = withFrequency ? DatabaseAccess.MapFromEntitySet <RelationFrequencyType, int>(repo =>
{
var first = repo
.AsQueryable()
.First(x => x.IsEnabled);
return(first.Id);
}) : default(int?);
var input = new CreateSystemRelationDTO
{
FromUsageId = usage1.Id,
ToUsageId = usage2.Id,
ContractId = contract.Select <int?>(x => x.Id).GetValueOrDefault(),
InterfaceId = targetInterface.Select <int?>(x => x.Id).GetValueOrDefault(),
Description = A <string>(),
Reference = A <string>(),
FrequencyTypeId = targetFrequencyTypeId
};
return(input);
}
public async Task Can_Delete_System_With_Task_Ref(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
const int taskRefId = TestEnvironment.DefaultTaskRefId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
await ItSystemHelper.SendSetTaskRefOnSystemRequestAsync(system.Id, taskRefId, organizationId, login);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(system.Id, organizationId, login))
{
//Assert
Assert.Equal(HttpStatusCode.OK, result.StatusCode);
await AssertSystemDeletedAsync(system.Id);
}
}
public async Task Cannot_Delete_System_With_Child_Systems(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var mainSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var childSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
await ItSystemHelper.SendSetParentSystemRequestAsync(childSystem.Id, mainSystem.Id, organizationId, login);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(mainSystem.Id, organizationId, login))
{
//Assert
await AssertCorrectConflictResponseAsync(SystemDeleteConflict.HasChildren, result, mainSystem.Id);
}
}
public async Task Can_Assign_And_Remove_System()
{
//Arrange
var systemPrefix = A <Guid>().ToString("N");
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system1Name = $"{systemPrefix}{1}";
var registration = await DataProcessingRegistrationHelper.CreateAsync(organizationId, A <string>());
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(system1Name, organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
//Act - Add
using var assignResponse = await DataProcessingRegistrationHelper.SendAssignSystemRequestAsync(registration.Id, usage.Id);
using var duplicateResponse = await DataProcessingRegistrationHelper.SendAssignSystemRequestAsync(registration.Id, usage.Id);
//Assert
Assert.Equal(HttpStatusCode.OK, assignResponse.StatusCode);
Assert.Equal(HttpStatusCode.Conflict, duplicateResponse.StatusCode);
var dto = await DataProcessingRegistrationHelper.GetAsync(registration.Id);
var systemDTO = Assert.Single(dto.ItSystems);
Assert.Equal(usage.Id, systemDTO.Id);
Assert.Equal(system.Name, systemDTO.Name);
//Act - remove
using var removeResponse = await DataProcessingRegistrationHelper.SendRemoveSystemRequestAsync(registration.Id, usage.Id);
using var duplicateRemoveResponse = await DataProcessingRegistrationHelper.SendRemoveSystemRequestAsync(registration.Id, usage.Id);
//Assert
Assert.Equal(HttpStatusCode.OK, removeResponse.StatusCode);
Assert.Equal(HttpStatusCode.BadRequest, duplicateRemoveResponse.StatusCode);
dto = await DataProcessingRegistrationHelper.GetAsync(registration.Id);
Assert.Empty(dto.ItSystems);
}
public async Task Cannot_Remove_SensitiveDataLevel_If_Level_Does_Not_Exists()
{
//Arrange
var cookie = await HttpApi.GetCookieAsync(OrganizationRole.GlobalAdmin);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
//Act
using (var result = await HttpApi.PatchWithCookieAsync(
TestEnvironment.CreateUrl(
$"api/v1/itsystemusage/{usage.Id}/sensitivityLevel/remove"), cookie, A <SensitiveDataLevel>()))
{
//Assert
Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode);
var notUpdatedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
Assert.Empty(notUpdatedUsage.SensitiveDataLevels);
}
}
public async Task Put_Removes_Obsoleted_And_Removes_Usages_And_Opt_Out_In_SystemUsages()
{
//Arrange
await PrepareForDetailedTest();
var systemDto = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
//Add some task refs to a system, and an opt out in the system usage as well as additional task refs
MutateDatabase(context =>
{
using (var taskRefs = new GenericRepository <TaskRef>(context))
using (var systems = new GenericRepository <Core.DomainModel.ItSystem.ItSystem>(context))
{
var itSystem = systems.GetByKey(systemDto.Id);
var toKeep = taskRefs.AsQueryable().OrderBy(x => x.Id).Take(2).ToList();
toKeep.ForEach(itSystem.TaskRefs.Add);
systems.Save();
}
});
//Take system into use and add additional task refs as well as an opt out
var usage = await ItSystemHelper.TakeIntoUseAsync(systemDto.Id, TestEnvironment.DefaultOrganizationId);
MutateDatabase(context =>
{
using (var taskRefs = new GenericRepository <TaskRef>(context))
using (var systems = new GenericRepository <ItSystemUsage>(context))
{
var systemUsage = systems.GetByKey(usage.Id);
var toOptOut = taskRefs.AsQueryable().OrderBy(x => x.Id).Skip(1).First();
var additional = taskRefs.AsQueryable().OrderBy(x => x.Id).Skip(2).First();
systemUsage.TaskRefs.Add(additional);
systemUsage.TaskRefsOptOut.Add(toOptOut);
systems.Save();
}
});
var(expectedTaskRefKeys, expectedInheritedKeys, expectedOptOutKeys) = GetSystemUsageTasks(usage.Id);
Assert.Equal(1, expectedTaskRefKeys.Count);
Assert.Equal(2, expectedInheritedKeys.Count);
Assert.Equal(1, expectedOptOutKeys.Count);
//Add some additional which will be removed by import .. both to main system, opt out and local
MutateDatabase(db =>
{
using (var systems = new GenericRepository <Core.DomainModel.ItSystem.ItSystem>(db))
using (var usages = new GenericRepository <ItSystemUsage>(db))
using (var taskRefs = new GenericRepository <TaskRef>(db))
{
var reference = taskRefs.AsQueryable().First();
var objectOwnerId = reference.ObjectOwnerId;
var organizationUnitId = reference.OwnedByOrganizationUnitId;
var taskRef1 = taskRefs.Insert(CreateTaskRef(objectOwnerId, organizationUnitId));
var taskRef2 = taskRefs.Insert(CreateTaskRef(objectOwnerId, organizationUnitId));
var taskRef3 = taskRefs.Insert(CreateTaskRef(objectOwnerId, organizationUnitId));
taskRefs.Save();
//Add inherited key which should be removed
var system = systems.GetByKey(systemDto.Id);
system.TaskRefs.Add(taskRef1);
systems.Save();
//Add additional task ref and opt out which should be removed
var systemUsage = usages.GetByKey(usage.Id);
systemUsage.TaskRefs.Add(taskRef2);
systemUsage.TaskRefsOptOut.Add(taskRef3);
usages.Save();
}
});
//Act
await PutKle();
//Assert
var(actualTaskRefKeys, actualInheritedKeys, actualOptOutKeys) = GetSystemUsageTasks(usage.Id);
VerifyTaskRefUsageKeys(expectedTaskRefKeys, actualTaskRefKeys);
VerifyTaskRefUsageKeys(expectedInheritedKeys, actualInheritedKeys);
VerifyTaskRefUsageKeys(expectedOptOutKeys, actualOptOutKeys);
}
public async Task ReadModels_Contain_Correct_Content()
{
//Arrange
var name = A <string>();
var dpName = $"Dp:{name}";
var subDpName = $"Sub_Dp:{name}";
var systemName = $"SYSTEM:{name}";
var contractName = $"CONTRACT:{name}";
var refName = $"REF:{name}";
var refUserAssignedId = $"REF:{name}EXT_ID";
var refUrl = $"https://www.test-rm{A<uint>()}.dk";
var refDisp = A <Display>();
var organizationId = TestEnvironment.DefaultOrganizationId;
var isAgreementConcluded = A <YesNoIrrelevantOption>();
var oversightInterval = A <YearMonthIntervalOption>();
var oversightCompleted = A <YesNoUndecidedOption>();
var oversightDate = A <DateTime>();
var oversightRemark = A <string>();
Console.Out.WriteLine($"Testing in the context of DPR with name:{name}");
var dataProcessor = await OrganizationHelper.CreateOrganizationAsync(organizationId, dpName, "22334455", OrganizationTypeKeys.Virksomhed, AccessModifier.Public);
var subDataProcessor = await OrganizationHelper.CreateOrganizationAsync(organizationId, subDpName, "22314455", OrganizationTypeKeys.Virksomhed, AccessModifier.Public);
var registration = await DataProcessingRegistrationHelper.CreateAsync(organizationId, name);
await DataProcessingRegistrationHelper.SendChangeOversightIntervalOptionRequestAsync(registration.Id, oversightInterval);
await DataProcessingRegistrationHelper.SendChangeIsOversightCompletedRequestAsync(registration.Id, oversightCompleted);
var businessRoleDtos = await DataProcessingRegistrationHelper.GetAvailableRolesAsync(registration.Id);
var role = businessRoleDtos.First();
var availableUsers = await DataProcessingRegistrationHelper.GetAvailableUsersAsync(registration.Id, role.Id);
var user = availableUsers.First();
_testOutputHelper.WriteLine($"Attempting to assign user {user.Id}:{user.Email} as role {role.Id}:{role.Name} in dpr {registration.Id}:{registration.Name}");
using var response = await DataProcessingRegistrationHelper.SendAssignRoleRequestAsync(registration.Id, role.Id, user.Id);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
//Basis for transfer
var options = (await DataProcessingRegistrationHelper.GetBasisForTransferOptionsAsync(TestEnvironment.DefaultOrganizationId)).ToList();
var basisForTransfer = options[Math.Abs(A <int>()) % options.Count];
using var assignResponse = await DataProcessingRegistrationHelper.SendAssignBasisForTransferRequestAsync(registration.Id, basisForTransfer.Id);
Assert.Equal(HttpStatusCode.OK, assignResponse.StatusCode);
//Enable and set third country
var transferToThirdCountries = A <YesNoUndecidedOption>();
using var setInsecureCountryStateResponse = await DataProcessingRegistrationHelper.SendSetUseTransferToInsecureThirdCountriesStateRequestAsync(registration.Id, transferToThirdCountries);
Assert.Equal(HttpStatusCode.OK, setInsecureCountryStateResponse.StatusCode);
//Set data responsible
var dataOptions = await DataProcessingRegistrationHelper.GetAvailableOptionsRequestAsync(organizationId);
var dataResponsibleOption = dataOptions.DataResponsibleOptions.First();
using var setDataResponsibleResponse = await DataProcessingRegistrationHelper.SendAssignDataResponsibleRequestAsync(registration.Id, dataResponsibleOption.Id);
Assert.Equal(HttpStatusCode.OK, setDataResponsibleResponse.StatusCode);
//Set oversight option
var oversightOption = dataOptions.OversightOptions.First();
using var setOversightOptionResponse = await DataProcessingRegistrationHelper.SendAssignOversightOptionRequestAsync(registration.Id, oversightOption.Id);
Assert.Equal(HttpStatusCode.OK, setDataResponsibleResponse.StatusCode);
//Enable and set sub processors
using var setStateRequest = await DataProcessingRegistrationHelper.SendSetUseSubDataProcessorsStateRequestAsync(registration.Id, YesNoUndecidedOption.Yes);
Assert.Equal(HttpStatusCode.OK, setStateRequest.StatusCode);
using var sendAssignDataProcessorRequestAsync = await DataProcessingRegistrationHelper.SendAssignDataProcessorRequestAsync(registration.Id, dataProcessor.Id);
Assert.Equal(HttpStatusCode.OK, sendAssignDataProcessorRequestAsync.StatusCode);
using var sendAssignSubDataProcessorRequestAsync = await DataProcessingRegistrationHelper.SendAssignSubDataProcessorRequestAsync(registration.Id, subDataProcessor.Id);
Assert.Equal(HttpStatusCode.OK, sendAssignSubDataProcessorRequestAsync.StatusCode);
//Concluded state
await DataProcessingRegistrationHelper.SendChangeIsAgreementConcludedRequestAsync(registration.Id, isAgreementConcluded);
//Latest oversight date
await DataProcessingRegistrationHelper.SendAssignOversightDateRequestAsync(registration.Id, oversightDate, oversightRemark);
//References
await ReferencesHelper.CreateReferenceAsync(refName, refUserAssignedId, refUrl, refDisp, dto => dto.DataProcessingRegistration_Id = registration.Id);
//Systems
var itSystemDto = await ItSystemHelper.CreateItSystemInOrganizationAsync(systemName, organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(itSystemDto.Id, organizationId);
using var assignSystemResponse = await DataProcessingRegistrationHelper.SendAssignSystemRequestAsync(registration.Id, usage.Id);
Assert.Equal(HttpStatusCode.OK, assignSystemResponse.StatusCode);
//Contracts
var contractDto = await ItContractHelper.CreateContract(contractName, organizationId);
using var assignDataProcessingResponse = await ItContractHelper.SendAssignDataProcessingRegistrationAsync(contractDto.Id, registration.Id);
Assert.Equal(HttpStatusCode.OK, assignDataProcessingResponse.StatusCode);
//Wait for read model to rebuild (wait for the LAST mutation)
await WaitForReadModelQueueDepletion();
Console.Out.WriteLine("Read models are up to date");
//Act
var readModels = (await DataProcessingRegistrationHelper.QueryReadModelByNameContent(organizationId, name, 1, 0)).ToList();
//Assert
var readModel = Assert.Single(readModels);
Console.Out.WriteLine("Read model found");
Assert.Equal(name, readModel.Name);
Assert.Equal(registration.Id, readModel.SourceEntityId);
Assert.Equal(refName, readModel.MainReferenceTitle);
Assert.Equal(refUrl, readModel.MainReferenceUrl);
Assert.Equal(refUserAssignedId, readModel.MainReferenceUserAssignedId);
Assert.Equal(oversightInterval, readModel.OversightInterval);
Assert.Equal(oversightCompleted, readModel.IsOversightCompleted);
Assert.Equal(dataProcessor.Name, readModel.DataProcessorNamesAsCsv);
Assert.Equal(subDataProcessor.Name, readModel.SubDataProcessorNamesAsCsv);
Assert.Equal(isAgreementConcluded, readModel.IsAgreementConcluded);
Assert.Equal(transferToThirdCountries, readModel.TransferToInsecureThirdCountries);
Assert.Equal(basisForTransfer.Name, readModel.BasisForTransfer);
Assert.Equal(dataResponsibleOption.Name, readModel.DataResponsible);
Assert.Equal(oversightOption.Name, readModel.OversightOptionNamesAsCsv);
Assert.Equal(contractName, readModel.ContractNamesAsCsv);
Assert.Equal(systemName, readModel.SystemNamesAsCsv);
Assert.Equal(oversightDate, readModel.LatestOversightDate);
Console.Out.WriteLine("Flat values asserted");
Console.Out.WriteLine("Asserting role assignments");
var roleAssignment = Assert.Single(readModel.RoleAssignments);
Console.Out.WriteLine("Found one role assignment as expected");
Assert.Equal(role.Id, roleAssignment.RoleId);
Assert.Equal(user.Id, roleAssignment.UserId);
Assert.Equal(user.Name, roleAssignment.UserFullName);
Console.Out.WriteLine("Role data verified");
//Assert that the source object can be deleted and that the readmodel is gone now
var deleteResponse = await DataProcessingRegistrationHelper.SendDeleteRequestAsync(registration.Id);
Assert.Equal(HttpStatusCode.OK, deleteResponse.StatusCode);
readModels = (await DataProcessingRegistrationHelper.QueryReadModelByNameContent(organizationId, name, 1, 0)).ToList();
Assert.Empty(readModels);
}
