Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(sdk): vendor-compliance cross-module integration — VVT, obligations, TOM, loeschfristen

Browse Source 
Integrate the vendor-compliance module with four DSGVO modules to eliminate
data silos and resolve the VVT processor tab's ephemeral state problem.

- Reposition vendor-compliance sidebar from seq 4200 to 2500 (after VVT)
- VVT: replace ephemeral ProcessorRecord state with Vendor-API fetch (read-only)
- Obligations: add linked_vendor_ids (JSONB) + compliance check #12 MISSING_VENDOR_LINK
- TOM: add vendor TOM-controls cross-reference table in overview tab
- Loeschfristen: add linked_vendor_ids (JSONB) + vendor picker + document section
- Migrations: 069_obligations_vendor_link.sql, 070_loeschfristen_vendor_link.sql
- Tests: 12 new backend tests (125 total pass)
- Docs: update obligations.md + vendors.md with cross-module integration

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-03-19 13:59:43 +01:00
parent 4b1eede45b
commit c3afa628ed
19 changed files with 2852 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
backend-compliance/tests/test_obligation_routes.py
View File

@@ -52,6 +52,7 @@ def _make_obligation_row(overrides=None):
"priority": "medium",
"responsible": None,
"linked_systems": [],
"linked_vendor_ids": [],
"assessment_id": None,
"rule_code": None,
"notes": None,
@@ -607,3 +608,60 @@ class TestObligationSearchRoute:
resp = client.get("/obligations?source=AI Act")
assert resp.status_code == 200
assert resp.json()["obligations"][0]["source"] == "AI Act"
# =============================================================================
# Linked Vendor IDs Tests (Art. 28 DSGVO)
# =============================================================================
class TestLinkedVendorIds:
def test_create_with_linked_vendor_ids(self, client, mock_db):
row = _make_obligation_row({"linked_vendor_ids": ["vendor-1", "vendor-2"]})
mock_db.execute.return_value = MagicMock(fetchone=MagicMock(return_value=row))
resp = client.post("/obligations", json={
"title": "Vendor-Prüfung Art. 28",
"linked_vendor_ids": ["vendor-1", "vendor-2"],
})
assert resp.status_code == 201
assert resp.json()["linked_vendor_ids"] == ["vendor-1", "vendor-2"]
def test_create_without_linked_vendor_ids_defaults_empty(self, client, mock_db):
row = _make_obligation_row()
mock_db.execute.return_value = MagicMock(fetchone=MagicMock(return_value=row))
resp = client.post("/obligations", json={"title": "Ohne Vendor"})
assert resp.status_code == 201
# Schema allows it — linked_vendor_ids defaults to None in the schema
schema = ObligationCreate(title="Ohne Vendor")
assert schema.linked_vendor_ids is None
def test_update_linked_vendor_ids(self, client, mock_db):
updated = _make_obligation_row({"linked_vendor_ids": ["v1"]})
mock_db.execute.return_value = MagicMock(fetchone=MagicMock(return_value=updated))
resp = client.put(f"/obligations/{OBLIGATION_ID}", json={
"linked_vendor_ids": ["v1"],
})
assert resp.status_code == 200
assert resp.json()["linked_vendor_ids"] == ["v1"]
def test_update_clears_linked_vendor_ids(self, client, mock_db):
updated = _make_obligation_row({"linked_vendor_ids": []})
mock_db.execute.return_value = MagicMock(fetchone=MagicMock(return_value=updated))
resp = client.put(f"/obligations/{OBLIGATION_ID}", json={
"linked_vendor_ids": [],
})
assert resp.status_code == 200
assert resp.json()["linked_vendor_ids"] == []
def test_schema_create_includes_linked_vendor_ids(self):
schema = ObligationCreate(
title="Test Vendor Link",
linked_vendor_ids=["a", "b"],
)
assert schema.linked_vendor_ids == ["a", "b"]
data = schema.model_dump()
assert data["linked_vendor_ids"] == ["a", "b"]
def test_schema_update_includes_linked_vendor_ids(self):
schema = ObligationUpdate(linked_vendor_ids=["a"])
data = schema.model_dump(exclude_unset=True)
assert data["linked_vendor_ids"] == ["a"]