public async Task Changing_Exposing_System_To_Same_As_Existing_Does_Nothing()
{
//Arrange
var input = await PrepareFullRelationAsync(false, false, true);
var toUsage = await ItSystemHelper.GetItSystemUsage(input.ToUsageId);
//Act
using (var response = await SystemRelationHelper.SendPostRelationRequestAsync(input))
using (var changeExposingSystem = await InterfaceExhibitHelper.SendCreateExhibitRequest(toUsage.ItSystemId, input.InterfaceId.GetValueOrDefault()))
{
//Assert
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
Assert.Equal(HttpStatusCode.Created, changeExposingSystem.StatusCode);
var relation = await response.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.NotNull(relation.Interface);
using (var getAfterDeleteResponse = await SystemRelationHelper.SendGetRelationRequestAsync(input.FromUsageId, relation.Id))
{
Assert.Equal(HttpStatusCode.OK, getAfterDeleteResponse.StatusCode);
var relationAfterChange = await getAfterDeleteResponse.ReadResponseBodyAsKitosApiResponseAsync <SystemRelationDTO>();
Assert.NotNull(relationAfterChange.Interface); //interface should not have been cleared since the same exhibitor was provided as the existing --> no change
}
}
}
public async Task Cannot_Add_SensitiveDataLevel_If_Level_Already_Exists()
{
//Arrange
var cookie = await HttpApi.GetCookieAsync(OrganizationRole.GlobalAdmin);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Act
using (var result = await HttpApi.PatchWithCookieAsync(
TestEnvironment.CreateUrl(
$"api/v1/itsystemusage/{usage.Id}/sensitivityLevel/add"), cookie, sensitivityLevel))
{
//Assert
Assert.Equal(HttpStatusCode.Conflict, result.StatusCode);
var notUpdatedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
var sensitiveDataLevel = Assert.Single(notUpdatedUsage.SensitiveDataLevels);
Assert.Equal(sensitivityLevel, sensitiveDataLevel.DataSensitivityLevel);
}
}
public async Task Can_Get_GDPRExportReport_With_All_Fields_Set()
{
//Arrange
var sensitiveDataLevel = A <SensitiveDataLevel>();
var datahandlerContractTypeId = "5";
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var dataProcessingRegistrationDto = await DataProcessingRegistrationHelper.CreateAsync(organizationId, A <string>());
await DataProcessingRegistrationHelper.SendChangeIsAgreementConcludedRequestAsync(dataProcessingRegistrationDto.Id, YesNoIrrelevantOption.YES);
using var setSystemResponse = await DataProcessingRegistrationHelper.SendAssignSystemRequestAsync(dataProcessingRegistrationDto.Id, usage.Id);
Assert.Equal(HttpStatusCode.OK, setSystemResponse.StatusCode);
var body = new
{
HostedAt = A <HostedAt>(),
IsBusinessCritical = A <DataOptions>(),
DataProcessorControl = A <DataOptions>(),
RiskAssessment = A <DataOptions>(),
PreRiskAssessment = A <RiskLevel>(),
DPIA = A <DataOptions>()
};
var contract = await ItContractHelper.CreateContract(A <string>(), organizationId);
await ItContractHelper.PatchContract(contract.Id, organizationId, new { contractTypeId = datahandlerContractTypeId });
await ItContractHelper.AddItSystemUsage(contract.Id, usage.Id, organizationId);
await ItSystemUsageHelper.PatchSystemUsage(usage.Id, organizationId, body);
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitiveDataLevel);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, true);
AssertSensitiveDataLevel(sensitiveDataLevel, gdprExportReport);
}
public async Task Can_Get_GDPRExportReport_With_Fresh_Usage()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, organizationId);
var expectedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
//Act
var report = await ItSystemUsageHelper.GetGDPRExportReport(organizationId);
//Assert
var gdprExportReport = Assert.Single(report.Where(x => x.Name == system.Name));
AssertCorrectGdprExportReport(expectedUsage, gdprExportReport, false);
AssertEmptyString(gdprExportReport.SensitiveDataTypes);
}
public async Task Can_Create_Reference_In_ItSystemUsage()
{
//Arrange
var systemDto = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), TestEnvironment.DefaultOrganizationId, AccessModifier.Public);
var usageDTO = await ItSystemHelper.TakeIntoUseAsync(systemDto.Id, TestEnvironment.DefaultOrganizationId);
//Act - create two similar references... we expect the first one to be the master
var expectedMasterReference = await ReferencesHelper.CreateReferenceAsync(_title, _externalReferenceId, _referenceUrl, _display, dto => dto.ItSystemUsage_Id = usageDTO.Id);
await ReferencesHelper.CreateReferenceAsync(_title, _externalReferenceId, _referenceUrl, _display, dto => dto.ItSystemUsage_Id = usageDTO.Id);
//Assert
AssertCreatedReference(_title, expectedMasterReference, _externalReferenceId, _referenceUrl, _display);
usageDTO = await ItSystemHelper.GetItSystemUsage(usageDTO.Id);
Assert.Equal(2, usageDTO.ExternalReferences.Count);
Assert.Equal(expectedMasterReference.Id, usageDTO.ReferenceId.GetValueOrDefault(-1)); //First reference must be marked as "the reference"
}
public async Task Can_Remove_SensitiveDataLevel()
{
//Arrange
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
var sensitivityLevel = A <SensitiveDataLevel>();
await ItSystemUsageHelper.AddSensitiveDataLevel(usage.Id, sensitivityLevel);
//Act
var sensitivityLevelDTO =
await ItSystemUsageHelper.RemoveSensitiveDataLevel(usage.Id, sensitivityLevel);
//Assert
Assert.Equal(sensitivityLevel, sensitivityLevelDTO.DataSensitivityLevel);
var updatedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
Assert.Empty(updatedUsage.SensitiveDataLevels);
}
public async Task Cannot_Remove_SensitiveDataLevel_If_Level_Does_Not_Exists()
{
//Arrange
var cookie = await HttpApi.GetCookieAsync(OrganizationRole.GlobalAdmin);
const int organizationId = TestEnvironment.DefaultOrganizationId;
var system = await ItSystemHelper.CreateItSystemInOrganizationAsync(A <string>(), organizationId, AccessModifier.Public);
var usage = await ItSystemHelper.TakeIntoUseAsync(system.Id, system.OrganizationId);
//Act
using (var result = await HttpApi.PatchWithCookieAsync(
TestEnvironment.CreateUrl(
$"api/v1/itsystemusage/{usage.Id}/sensitivityLevel/remove"), cookie, A <SensitiveDataLevel>()))
{
//Assert
Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode);
var notUpdatedUsage = await ItSystemHelper.GetItSystemUsage(usage.Id);
Assert.Empty(notUpdatedUsage.SensitiveDataLevels);
}
}
private static async Task <ItSystemUsageDTO> GetItSystemUsageAsync(int systemUsageId)
{
return(await ItSystemHelper.GetItSystemUsage(systemUsageId));
}