Done
Pinned fields
Click on the next to a field label to start pinning.
Details
Details
Assignee
Paweł Gesek
Paweł GesekReporter
Brandon Bowersox-Johnson
Brandon Bowersox-Johnson
Story Points
3
Time tracking
1d 1h 30m logged
Components
Sprint
None
Fix versions
Priority
Major
Time Assistant
Time Assistant
Created October 4, 2016 at 6:24 PM
Updated December 16, 2016 at 2:04 PM
Resolved December 16, 2016 at 2:04 PM
There are additional validation checks needed in the API code for submitting/saving a requisition.
EG: https://github.com/OpenLMIS/openlmis-requisition/blob/master/src/main/java/org/openlmis/requisition/web/RequisitionController.java#L100
This endpoint starts by taking as input both a requisition object, and a requisition ID. The Requisition object passed in is never verified to be the one stored. So we need to add that verification, and write an automated test to show that passing in bad data. Validation checks for ensuring we don’t change the requisition’s facility, processing period, program, etc appear to be missing. The domain object should enforce that these are immutable after creation. Trying to change these should return an error.
In addition, the Requisition passed in doesn’t make use of a standard save(Requistion) method, or the updateFrom(Requistion) method of the Requisition class. This appears inconsistent and causes concern that input validation is not enough. We should refactor repeated validations into shared methods so that code is not repeated. The refactoring of repeated code is also covered in OLMIS-1100, so this ticket and that one should be done together and by the same person/people.
This ticket is based on the Requisition Service Design Analysis; see background in OLMIS-1081.