public async Task Cannot_Add_SensitiveDataLevel_If_Level_Already_Exists()
{
//Arrange
var cookie = await HttpApi.GetCookieAsync(OrganizationRole.GlobalAdmin);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Act
using (var result = await HttpApi.PatchWithCookieAsync(
TestEnvironment.CreateUrl(
$"api/v1/itsystemusage/{usage.Id}/sensitivityLevel/add"), cookie, sensitivityLevel))
{
//Assert
Assert.Equal(HttpStatusCode.Conflict, result.StatusCode);
var notUpdatedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
var sensitiveDataLevel = Assert.Single(notUpdatedUsage.SensitiveDataLevels);
Assert.Equal(sensitivityLevel, sensitiveDataLevel.DataSensitivityLevel);
}
}
private async Task <ItSystemUsageDTO> Create_System_Usage_And_Change_Value_By_Body(Object body)
{
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
return(await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body));
}
public async Task Can_Get_GDPRExportReport_With_All_Fields_Set()
{
//Arrange
var sensitiveDataLevel = A <SensitiveDataLevel>();
var datahandlerContractTypeId = "5";
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var dataProcessingRegistrationDto = await DataProcessingRegistrationHelper.CreateAsync(organizationId, A <string>());
await DataProcessingRegistrationHelper.SendChangeIsAgreementConcludedRequestAsync(dataProcessingRegistrationDto.Id, YesNoIrrelevantOption.YES);
using var setSystemResponse = await DataProcessingRegistrationHelper.SendAssignSystemRequestAsync(dataProcessingRegistrationDto.Id, usage.Id);
Assert.Equal(HttpStatusCode.OK, setSystemResponse.StatusCode);
var body = new
{
HostedAt = A <HostedAt>(),
IsBusinessCritical = A <DataOptions>(),
DataProcessorControl = A <DataOptions>(),
RiskAssessment = A <DataOptions>(),
PreRiskAssessment = A <RiskLevel>(),
DPIA = A <DataOptions>()
};
var contract = await ItContractHelper.CreateContract(A <string>(), organizationId);
await ItContractHelper.PatchContract(contract.Id, organizationId, new { contractTypeId = datahandlerContractTypeId });
await ItContractHelper.AddItSystemUsage(contract.Id, usage.Id, organizationId);
await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body);
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitiveDataLevel);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, true);
AssertSensitiveDataLevel(sensitiveDataLevel, gdprExportReport);
}
public async Task Can_Change_HostedAtOptions()
{
//Arrange
var hostedAtOption = A <HostedAt>();
var body = new { HostedAt = hostedAtOption };
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
//Act
var itSystemUsageDTO = await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body);
//Assert
Assert.NotNull(itSystemUsageDTO.HostedAt);
Assert.Equal(hostedAtOption, itSystemUsageDTO.HostedAt.Value);
}
public async Task Can_Add_SensitiveDataLevel()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
//Act
var sensitivityLevelDTO =
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Assert
Assert.Equal(sensitivityLevel, sensitivityLevelDTO.DataSensitivityLevel);
}
public async Task Can_Get_GDPRExportReport_With_Fresh_Usage()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, false);
AssertEmptyString(gdprExportReport.SensitiveDataTypes);
}
