private static Task <ItSystemDTO> CreateSystemAsync(
int organizationId = TestEnvironment.DefaultOrganizationId,
string name = null,
AccessModifier accessModifier = AccessModifier.Local)
{
return(ItSystemHelper.CreateItSystemInOrganizationAsync(name ?? CreateName(), organizationId, accessModifier));
}
public async Task Api_User_Can_Get_It_System_ParentId(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var mainSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var childSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
await ItSystemHelper.SendSetParentSystemRequestAsync(childSystem.Id, mainSystem.Id, organizationId, login);
var token = await HttpApi.GetTokenAsync(role);
var url = TestEnvironment.CreateUrl($"api/itsystem/{childSystem.Id}?hierarchy=true");
//Act
using (var httpResponse = await HttpApi.GetWithTokenAsync(url, token.Token))
{
//Assert
var response = await httpResponse.ReadResponseBodyAsKitosApiResponseAsync <IEnumerable <ItSystemDTO> >();
Assert.Equal(HttpStatusCode.OK, httpResponse.StatusCode);
var itSystemDtos = response.ToList();
Assert.NotEmpty(itSystemDtos);
Assert.Equal(mainSystem.Id, itSystemDtos.First(x => x.Id == childSystem.Id).ParentId);
}
}
public async Task CanModifyArchiveDutyValues(ArchiveDutyRecommendationTypes recommendation)
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var comment = A <string>();
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var initialValues = await ItSystemHelper.GetSystemAsync(system.Id);
//Act
using (var changeDutyResponse = await ItSystemHelper.SendChangeArchiveDutyRecommendationRequestAsync(system.Id, recommendation))
using (var changeCommentResponse = await ItSystemHelper.SendChangeArchiveDutyRecommendationCommentRequestAsync(system.Id, comment))
{
//Assert - initial and changed values
Assert.Equal(HttpStatusCode.OK, changeDutyResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, changeCommentResponse.StatusCode);
Assert.Null(initialValues.ArchiveDuty);
Assert.Null(initialValues.ArchiveDutyComment);
var changedValues = await ItSystemHelper.GetSystemAsync(system.Id);
Assert.Equal(recommendation, changedValues.ArchiveDuty);
Assert.Equal(comment, changedValues.ArchiveDutyComment);
}
}
public async Task Get_CurrentCsv_Returns_Unicode_Encoded_Csv()
{
//Arrange - a broken link in both a system and an interface
PurgeBrokenExternalReferencesReportTable();
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <Guid>().ToString("N"), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var systemReferenceName = A <string>();
await ReferencesHelper.CreateReferenceAsync(systemReferenceName, null, SystemReferenceUrl, Display.Url, r => r.ItSystem_Id = system.Id);
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public));
interfaceDto = await InterfaceHelper.SetUrlAsync(interfaceDto.Id, InterfaceUrl);
//Act
await BrokenExternalReferencesReportHelper.TriggerRequestAsync();
var dto = await WaitForReportGenerationCompletedAsync();
//Assert that the two controlled errors are present
Assert.True(dto.Available);
var report = await GetBrokenLinksReportAsync();
var brokenSystemLink = Assert.Single(report[system.Name]);
AssertBrokenLinkRow(brokenSystemLink, "IT System", system.Name, systemReferenceName, "Se fejlkode", "404", SystemReferenceUrl);
var brokenInterfaceLink = Assert.Single(report[interfaceDto.Name]);
AssertBrokenLinkRow(brokenInterfaceLink, "Snitflade", interfaceDto.Name, string.Empty, "Se fejlkode", "404", InterfaceUrl);
}
public async Task Delete_SystemRelation_Returns_204()
{
//Arrange
var system1 = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var system2 = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var usage1 = await ItSystemHelper.TakeIntoUseAsync(system1.Id, OrganizationId);
var usage2 = await ItSystemHelper.TakeIntoUseAsync(system2.Id, OrganizationId);
var input = new CreateSystemRelationDTO
{
FromUsageId = usage1.Id,
ToUsageId = usage2.Id,
Description = A <string>(),
Reference = A <string>(),
};
using (var response = await SystemRelationHelper.SendPostRelationRequestAsync(input))
{
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
var createdRelation = await response.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
//Act
using (var deleteResponse = await SystemRelationHelper.SendDeleteRelationRequestAsync(usage1.Id, createdRelation.Id))
{
//Assert
Assert.Equal(HttpStatusCode.NoContent, deleteResponse.StatusCode);
}
}
}
public async Task GET_Many_With_BusinessTypeFilter()
{
//Arrange
var(token, _) = await CreateStakeHolderUserInNewOrganizationAsync();
var businessType1 = A <string>();
var businessType2 = A <string>();
const int organizationId = TestEnvironment.DefaultOrganizationId;
var correctBusinessType = await EntityOptionHelper.CreateBusinessTypeAsync(businessType1, organizationId);
var incorrectBusinessType = await EntityOptionHelper.CreateBusinessTypeAsync(businessType2, organizationId);
var correctBusinessTypeId = TestEnvironment.GetEntityUuid <BusinessType>(correctBusinessType.Id);
var unexpectedWrongBusinessType = await CreateSystemAsync(organizationId, AccessModifier.Public);
var expected = await CreateSystemAsync(organizationId, AccessModifier.Public);
using var setBt1 = await ItSystemHelper.SendSetBusinessTypeRequestAsync(expected.dbId, correctBusinessType.Id, organizationId);
using var setBt2 = await ItSystemHelper.SendSetBusinessTypeRequestAsync(unexpectedWrongBusinessType.dbId, incorrectBusinessType.Id, organizationId);
Assert.Equal(HttpStatusCode.OK, setBt1.StatusCode);
Assert.Equal(HttpStatusCode.OK, setBt2.StatusCode);
//Act
var systems = (await ItSystemV2Helper.GetManyAsync(token, businessTypeId: correctBusinessTypeId)).ToList();
//Assert
var dto = Assert.Single(systems);
Assert.Equal(dto.Uuid, expected.uuid);
}
private static async Task TakeSystemIntoUseIn(int systemDbId, params int[] organizationIds)
{
foreach (var organizationId in organizationIds)
{
await ItSystemHelper.TakeIntoUseAsync(systemDbId, organizationId);
}
}
public async Task Can_Get_Available_Systems()
{
//Arrange
var systemPrefix = A <Guid>().ToString("N");
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system1Name = $"{systemPrefix}{1}";
var system2Name = $"{systemPrefix}{2}";
var filteredOutSystemName = A <string>();
var registration = await DataProcessingRegistrationHelper.CreateAsync(organizationId, A <string>());
var system1 = await ItSystemHelper.CreateItSystemInOrganizationAsync(system1Name, organizationId, AccessModifier.Public);
var system2 = await ItSystemHelper.CreateItSystemInOrganizationAsync(system2Name, organizationId, AccessModifier.Public);
var filteredOutSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(filteredOutSystemName, organizationId, AccessModifier.Public);
var usage1 = await ItSystemHelper.TakeIntoUseAsync(system1.Id, organizationId);
var usage2 = await ItSystemHelper.TakeIntoUseAsync(system2.Id, organizationId);
await ItSystemHelper.TakeIntoUseAsync(filteredOutSystem.Id, organizationId);
//Act
var dtos = (await DataProcessingRegistrationHelper.GetAvailableSystemsAsync(registration.Id, systemPrefix)).ToList();
//Assert
Assert.Equal(2, dtos.Count);
dtos.Select(x => new { x.Id, x.Name }).ToExpectedObject().ShouldMatch(new[] { new { usage1.Id, system1.Name }, new { usage2.Id, system2.Name } });
}
public async Task Cannot_Delete_System_With_Interface_Exhibits(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var itInterfaceDto = InterfaceHelper.CreateInterfaceDto(
A <string>(),
A <string>(),
organizationId,
AccessModifier.Public);
var itInterface = await InterfaceHelper.CreateInterface(itInterfaceDto);
await InterfaceExhibitHelper.CreateExhibit(system.Id, itInterface.Id);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(system.Id, organizationId, login))
{
//Assert
await AssertCorrectConflictResponseAsync(SystemDeleteConflict.HasInterfaceExhibits, result, system.Id);
}
}
public async Task Can_Delete_Objects_Which_Are_Referred_By_Report()
{
//Arrange - a broken link in both a system and an interface
PurgeBrokenExternalReferencesReportTable();
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <Guid>().ToString("N"), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
await ReferencesHelper.CreateReferenceAsync(A <string>(), null, SystemReferenceUrl, Display.Url, r => r.ItSystem_Id = system.Id);
var referenceToBeExplicitlyDeleted = await ReferencesHelper.CreateReferenceAsync(A <string>(), null, SystemReferenceUrl, Display.Url, r => r.ItSystem_Id = system.Id);
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public));
interfaceDto = await InterfaceHelper.SetUrlAsync(interfaceDto.Id, InterfaceUrl);
await BrokenExternalReferencesReportHelper.TriggerRequestAsync();
var dto = await WaitForReportGenerationCompletedAsync();
Assert.True(dto.Available);
//Act
using (var deleteReferenceResponse = await ReferencesHelper.DeleteReferenceAsync(referenceToBeExplicitlyDeleted.Id))
using (var deleteItSystemResponse = await ItSystemHelper.DeleteItSystemAsync(system.Id, TestEnvironment.DefaultOrganizationId))
using (var deleteInterfaceResponse = await InterfaceHelper.SendDeleteInterfaceRequestAsync(interfaceDto.Id))
{
Assert.Equal(HttpStatusCode.OK, deleteReferenceResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, deleteItSystemResponse.StatusCode);
Assert.Equal(HttpStatusCode.OK, deleteInterfaceResponse.StatusCode);
}
}
public async Task Can_Get_AvailableDestinationSystems()
{
//Arrange
var prefix = CreateName();
var source = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var target1 = await ItSystemHelper.CreateItSystemInOrganizationAsync(prefix + 1, OrganizationId, AccessModifier.Public);
var target2 = await ItSystemHelper.CreateItSystemInOrganizationAsync(prefix + 2, OrganizationId, AccessModifier.Public);
var ignoredSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(CreateName(), OrganizationId, AccessModifier.Public);
var sourceUsage = await ItSystemHelper.TakeIntoUseAsync(source.Id, OrganizationId);
var targetUsage1 = await ItSystemHelper.TakeIntoUseAsync(target1.Id, OrganizationId);
var targetUsage2 = await ItSystemHelper.TakeIntoUseAsync(target2.Id, OrganizationId);
await ItSystemHelper.TakeIntoUseAsync(ignoredSystem.Id, OrganizationId);
//Act
var availableDestinationSystems = (await SystemRelationHelper.GetAvailableDestinationSystemsAsync(sourceUsage.Id, prefix))?.ToList();
//Assert
Assert.NotNull(availableDestinationSystems);
Assert.Equal(2, availableDestinationSystems.Count);
Assert.True(new[] { targetUsage1.Id, targetUsage2.Id }.SequenceEqual(availableDestinationSystems.Select(x => x.Id)));
}
public async Task Changing_Exposing_System_On_Interface_Clears_InterfaceField_In_All_Relations_To_Old_Exposing_System()
{
//Arrange
var newExhibitor = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var input = await PrepareFullRelationAsync(false, false, true);
//Act
using (var response = await SystemRelationHelper.SendPostRelationRequestAsync(input))
using (var changeExposingSystem = await InterfaceExhibitHelper.SendCreateExhibitRequest(newExhibitor.Id, input.InterfaceId.GetValueOrDefault()))
{
//Assert
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
Assert.Equal(HttpStatusCode.Created, changeExposingSystem.StatusCode);
var relation = await response.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.NotNull(relation.Interface);
using (var getAfterDeleteResponse = await SystemRelationHelper.SendGetRelationRequestAsync(input.FromUsageId, relation.Id))
{
Assert.Equal(HttpStatusCode.OK, getAfterDeleteResponse.StatusCode);
var relationAfterChange = await getAfterDeleteResponse.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.Null(relationAfterChange.Interface);
}
}
}
public async Task Changing_Exposing_System_To_Same_As_Existing_Does_Nothing()
{
//Arrange
var input = await PrepareFullRelationAsync(false, false, true);
var toUsage = await ItSystemHelper.GetItSystemUsage(input.ToUsageId);
//Act
using (var response = await SystemRelationHelper.SendPostRelationRequestAsync(input))
using (var changeExposingSystem = await InterfaceExhibitHelper.SendCreateExhibitRequest(toUsage.ItSystemId, input.InterfaceId.GetValueOrDefault()))
{
//Assert
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
Assert.Equal(HttpStatusCode.Created, changeExposingSystem.StatusCode);
var relation = await response.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.NotNull(relation.Interface);
using (var getAfterDeleteResponse = await SystemRelationHelper.SendGetRelationRequestAsync(input.FromUsageId, relation.Id))
{
Assert.Equal(HttpStatusCode.OK, getAfterDeleteResponse.StatusCode);
var relationAfterChange = await getAfterDeleteResponse.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.NotNull(relationAfterChange.Interface); //interface should not have been cleared since the same exhibitor was provided as the existing --> no change
}
}
}
public async Task Cannot_Add_SensitiveDataLevel_If_Level_Already_Exists()
{
//Arrange
var cookie = await HttpApi.GetCookieAsync(OrganizationRole.GlobalAdmin);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Act
using (var result = await HttpApi.PatchWithCookieAsync(
TestEnvironment.CreateUrl(
$"api/v1/itsystemusage/{usage.Id}/sensitivityLevel/add"), cookie, sensitivityLevel))
{
//Assert
Assert.Equal(HttpStatusCode.Conflict, result.StatusCode);
var notUpdatedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
var sensitiveDataLevel = Assert.Single(notUpdatedUsage.SensitiveDataLevels);
Assert.Equal(sensitivityLevel, sensitiveDataLevel.DataSensitivityLevel);
}
}
public async Task GET_Many_With_NumberOfUsers_Filter()
{
//Arrange - Scope the test with additional rightsHolder filter so that we can control which response we get
var(token, organization) = await CreateStakeHolderUserInNewOrganizationAsync();
var rightsHolder = await CreateOrganizationAsync();
var excludedSinceTooFewUsages = await CreateSystemAsync(TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var includedLowerBound = await CreateSystemAsync(TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var includedAboveLowerBound = await CreateSystemAsync(TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
using var resp1 = await ItSystemHelper.SendSetBelongsToRequestAsync(excludedSinceTooFewUsages.dbId, rightsHolder.Id, TestEnvironment.DefaultOrganizationId);
using var resp2 = await ItSystemHelper.SendSetBelongsToRequestAsync(includedLowerBound.dbId, rightsHolder.Id, TestEnvironment.DefaultOrganizationId);
using var resp3 = await ItSystemHelper.SendSetBelongsToRequestAsync(includedAboveLowerBound.dbId, rightsHolder.Id, organization.Id);
await TakeSystemIntoUseIn(excludedSinceTooFewUsages.dbId, TestEnvironment.DefaultOrganizationId);
await TakeSystemIntoUseIn(includedLowerBound.dbId, TestEnvironment.DefaultOrganizationId, TestEnvironment.SecondOrganizationId);
await TakeSystemIntoUseIn(includedAboveLowerBound.dbId, TestEnvironment.DefaultOrganizationId, TestEnvironment.SecondOrganizationId, rightsHolder.Id);
Assert.Equal(HttpStatusCode.OK, resp1.StatusCode);
Assert.Equal(HttpStatusCode.OK, resp2.StatusCode);
Assert.Equal(HttpStatusCode.OK, resp3.StatusCode);
//Act
var systems = (await ItSystemV2Helper.GetManyAsync(token, rightsHolderId: rightsHolder.Uuid, numberOfUsers: 2)).ToList();
//Assert - only 2 are actually valid since the excluded one was hidden to the stakeholder
Assert.Equal(2, systems.Count);
Assert.Contains(systems, dto => dto.Uuid == includedLowerBound.uuid);
Assert.Contains(systems, dto => dto.Uuid == includedAboveLowerBound.uuid);
}
public async Task GET_Many_With_RightsHolderFilter()
{
//Arrange - make sure there are always systems to satisfy the test regardless of order
var(token, organization) = await CreateStakeHolderUserInNewOrganizationAsync();
var rightsHolder = await CreateOrganizationAsync();
var unExpectedAsItIsLocalInNonMemberOrg = await CreateSystemAsync(TestEnvironment.DefaultOrganizationId, AccessModifier.Local);
var expected1 = await CreateSystemAsync(TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var expected2 = await CreateSystemAsync(organization.Id, AccessModifier.Local);
using var resp1 = await ItSystemHelper.SendSetBelongsToRequestAsync(unExpectedAsItIsLocalInNonMemberOrg.dbId, rightsHolder.Id, TestEnvironment.DefaultOrganizationId);
using var resp2 = await ItSystemHelper.SendSetBelongsToRequestAsync(expected1.dbId, rightsHolder.Id, TestEnvironment.DefaultOrganizationId);
using var resp3 = await ItSystemHelper.SendSetBelongsToRequestAsync(expected2.dbId, rightsHolder.Id, organization.Id);
Assert.Equal(HttpStatusCode.OK, resp1.StatusCode);
Assert.Equal(HttpStatusCode.OK, resp2.StatusCode);
Assert.Equal(HttpStatusCode.OK, resp3.StatusCode);
//Act
var systems = (await ItSystemV2Helper.GetManyAsync(token, rightsHolderId: rightsHolder.Uuid)).ToList();
//Assert - only 2 are actually valid since the excluded one was hidden to the stakeholder
Assert.Equal(2, systems.Count);
Assert.Contains(systems, dto => dto.Uuid == expected1.uuid);
Assert.Contains(systems, dto => dto.Uuid == expected2.uuid);
}
private async Task <ItSystemUsageDTO> Create_System_Usage_And_Change_Value_By_Body(Object body)
{
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
return(await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body));
}
private async Task <(Guid uuid, int dbId)> CreateSystemAsync(int organizationId, AccessModifier accessModifier)
{
var systemName = CreateName();
var createdSystem = await ItSystemHelper.CreateItSystemInOrganizationAsync(systemName, organizationId, accessModifier);
var entityUuid = TestEnvironment.GetEntityUuid <Core.DomainModel.ItSystem.ItSystem>(createdSystem.Id);
return(entityUuid, createdSystem.Id);
}
public async Task Put_Removes_Obsoleted_And_Removes_Usages_In_Systems()
{
//Arrange
await PrepareForDetailedTest();
var systemDto = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
//Add some task refs to a system and save the expected keys (keys not removed)
MutateDatabase(context =>
{
using (var taskRefs = new GenericRepository <TaskRef>(context))
using (var systems = new GenericRepository <Core.DomainModel.ItSystem.ItSystem>(context))
{
var itSystem = systems.GetByKey(systemDto.Id);
var toKeep = taskRefs.AsQueryable().Take(2).ToList();
toKeep.ForEach(itSystem.TaskRefs.Add);
systems.Save();
}
});
var expectedTaskRefs = GetSystemTaskKeys(systemDto.Id);
Assert.Equal(2, expectedTaskRefs.Count);
//Add the task refs subject to removal
MutateDatabase(db =>
{
using (var systems = new GenericRepository <Core.DomainModel.ItSystem.ItSystem>(db))
using (var taskRefs = new GenericRepository <TaskRef>(db))
{
var other = taskRefs.AsQueryable().First();
var objectOwnerId = other.ObjectOwnerId;
var organizationUnitId = other.OwnedByOrganizationUnitId;
var taskRef1 = taskRefs.Insert(CreateTaskRef(objectOwnerId, organizationUnitId));
var taskRef2 = taskRefs.Insert(CreateTaskRef(objectOwnerId, organizationUnitId));
taskRefs.Save();
//Add usages which we expect to be removed
var itSystem = systems.GetByKey(systemDto.Id);
itSystem.TaskRefs.Add(taskRef1);
itSystem.TaskRefs.Add(taskRef2);
systems.Save();
}
});
//Act
await PutKle();
//Assert
var actualTaskRefs = GetSystemTaskKeys(systemDto.Id);
VerifyTaskRefUsageKeys(expectedTaskRefs, actualTaskRefs);
}
public async Task Can_Delete_SystemUsageWithRelations()
{
//Arrange
var input = await PrepareFullRelationAsync(false, false, false);
using (await SystemRelationHelper.SendPostRelationRequestAsync(input))
using (var deletionResponse = await ItSystemHelper.SendRemoveUsageAsync(input.FromUsageId, OrganizationId))
using (var getAfterDeleteResponse = await SystemRelationHelper.SendGetRelationRequestAsync(input.FromUsageId, OrganizationId))
{
Assert.Equal(HttpStatusCode.OK, deletionResponse.StatusCode);
Assert.Equal(HttpStatusCode.NotFound, getAfterDeleteResponse.StatusCode);
}
}
public async Task GET_Many_With_KLE_Filter(bool useKeyAsFilter)
{
//Arrange
var(token, _) = await CreateStakeHolderUserInNewOrganizationAsync();
const int organizationId = TestEnvironment.DefaultOrganizationId;
var rand = new Random(DateTime.UtcNow.Millisecond);
var correctRef = new
{
uuid = A <Guid>(),
key = rand.Next().ToString("D"),
};
var incorrectRef = new
{
uuid = A <Guid>(),
key = rand.Next().ToString("D"),
};
CreateTaskRefInDatabase(correctRef.key, correctRef.uuid);
CreateTaskRefInDatabase(incorrectRef.key, incorrectRef.uuid);
var correctRefDbId = DatabaseAccess.MapFromEntitySet <TaskRef, int>(rep => rep.AsQueryable().ByUuid(correctRef.uuid).Id);
var incorrectRefDbId = DatabaseAccess.MapFromEntitySet <TaskRef, int>(rep => rep.AsQueryable().ByUuid(incorrectRef.uuid).Id);
var systemWithWrongRef = await CreateSystemAsync(organizationId, AccessModifier.Public);
var system1WithCorrectRef = await CreateSystemAsync(organizationId, AccessModifier.Public);
var system2WithCorrectRef = await CreateSystemAsync(organizationId, AccessModifier.Public);
using var addRefResponse1 = await ItSystemHelper.SendAddTaskRefRequestAsync(system1WithCorrectRef.dbId, correctRefDbId, organizationId);
using var addRefResponse2 = await ItSystemHelper.SendAddTaskRefRequestAsync(system2WithCorrectRef.dbId, correctRefDbId, organizationId);
using var addRefResponse3 = await ItSystemHelper.SendAddTaskRefRequestAsync(systemWithWrongRef.dbId, incorrectRefDbId, organizationId);
Assert.Equal(HttpStatusCode.OK, addRefResponse1.StatusCode);
Assert.Equal(HttpStatusCode.OK, addRefResponse2.StatusCode);
Assert.Equal(HttpStatusCode.OK, addRefResponse3.StatusCode);
//Act
var kleKeyFilter = useKeyAsFilter ? correctRef.key : null;
var kleUuidFilter = useKeyAsFilter ? (Guid?)null : correctRef.uuid;
var systems = (await ItSystemV2Helper.GetManyAsync(token, kleKey: kleKeyFilter, kleUuid: kleUuidFilter)).ToList();
//Assert
Assert.Equal(2, systems.Count);
Assert.Contains(systems, x => x.Uuid == system1WithCorrectRef.uuid);
Assert.Contains(systems, x => x.Uuid == system2WithCorrectRef.uuid);
}
public async Task Can_Get_GDPRExportReport_With_All_Fields_Set()
{
//Arrange
var sensitiveDataLevel = A <SensitiveDataLevel>();
var datahandlerContractTypeId = "5";
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var dataProcessingRegistrationDto = await DataProcessingRegistrationHelper.CreateAsync(organizationId, A <string>());
await DataProcessingRegistrationHelper.SendChangeIsAgreementConcludedRequestAsync(dataProcessingRegistrationDto.Id, YesNoIrrelevantOption.YES);
using var setSystemResponse = await DataProcessingRegistrationHelper.SendAssignSystemRequestAsync(dataProcessingRegistrationDto.Id, usage.Id);
Assert.Equal(HttpStatusCode.OK, setSystemResponse.StatusCode);
var body = new
{
HostedAt = A <HostedAt>(),
IsBusinessCritical = A <DataOptions>(),
DataProcessorControl = A <DataOptions>(),
RiskAssessment = A <DataOptions>(),
PreRiskAssessment = A <RiskLevel>(),
DPIA = A <DataOptions>()
};
var contract = await ItContractHelper.CreateContract(A <string>(), organizationId);
await ItContractHelper.PatchContract(contract.Id, organizationId, new { contractTypeId = datahandlerContractTypeId });
await ItContractHelper.AddItSystemUsage(contract.Id, usage.Id, organizationId);
await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body);
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitiveDataLevel);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, true);
AssertSensitiveDataLevel(sensitiveDataLevel, gdprExportReport);
}
public async Task Cannot_Delete_System(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(system.Id, organizationId, login))
{
//Assert
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
await AssertSystemNotDeletedAsync(system.Id);
}
}
public async Task Cannot_Set_Exposing_System(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), organizationId, AccessModifier.Public));
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
//Act - perform the action with the actual role
using (var result = await InterfaceExhibitHelper.SendCreateExhibitRequest(system.Id, interfaceDto.Id, login))
{
//Assert
Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
}
}
public async Task Can_Change_HostedAtOptions()
{
//Arrange
var hostedAtOption = A <HostedAt>();
var body = new { HostedAt = hostedAtOption };
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
//Act
var itSystemUsageDTO = await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body);
//Assert
Assert.NotNull(itSystemUsageDTO.HostedAt);
Assert.Equal(hostedAtOption, itSystemUsageDTO.HostedAt.Value);
}
public async Task Cannot_Delete_System_In_Use(OrganizationRole role)
{
//Arrange
var login = await HttpApi.GetCookieAsync(role);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
//Act
using (var result = await ItSystemHelper.DeleteItSystemAsync(system.Id, organizationId, login))
{
//Assert
await AssertCorrectConflictResponseAsync(SystemDeleteConflict.InUse, result, system.Id);
}
}
public async Task Can_Add_SensitiveDataLevel()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
//Act
var sensitivityLevelDTO =
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Assert
Assert.Equal(sensitivityLevel, sensitivityLevelDTO.DataSensitivityLevel);
}
public async Task Can_Create_Reference_In_ItSystem()
{
//Arrange
var systemDto = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
//Act - create two similar references... we expect the first one to be the master
var expectedMasterReference = await ReferencesHelper.CreateReferenceAsync(_title, _externalReferenceId, _referenceUrl, _display, dto => dto.ItSystem_Id = systemDto.Id);
await ReferencesHelper.CreateReferenceAsync(_title, _externalReferenceId, _referenceUrl, _display, dto => dto.ItSystem_Id = systemDto.Id);
//Assert
AssertCreatedReference(_title, expectedMasterReference, _externalReferenceId, _referenceUrl, _display);
systemDto = await ItSystemHelper.GetSystemAsync(systemDto.Id);
Assert.Equal(2, systemDto.ExternalReferences.Count);
Assert.Equal(expectedMasterReference.Id, systemDto.ReferenceId.GetValueOrDefault(-1)); //First reference must be marked as "the reference"
}
public async Task BelongsTo_Is_Same_As_Exhibit_System()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var interfaceDto = await InterfaceHelper.CreateInterface(InterfaceHelper.CreateInterfaceDto(A <string>(), A <string>(), organizationId, AccessModifier.Public));
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
//Act - perform the action with the actual role
await InterfaceExhibitHelper.CreateExhibit(system.Id, interfaceDto.Id);
//Assert
var interfaceResult = await InterfaceHelper.GetInterfaceById(interfaceDto.Id);
var systemResult = await ItSystemHelper.GetSystemAsync(system.Id);
Assert.Equal(systemResult.BelongsToName, interfaceResult.BelongsToName);
}
public async Task Can_Get_GDPRExportReport_With_Fresh_Usage()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, false);
AssertEmptyString(gdprExportReport.SensitiveDataTypes);
}
