Implement rights checks on save/submit/approve/delete requisition endpoints

Description

This sub-task is for the implementation once design/documentation is finished. Please make sure that the code which calls the /hasRight endpoint is generic and reusable by the Requisition Service.

Acceptance Criteria

  • Necessary rights are being created in the system/bootstrap data.

  • Rights checks are in place.

  • Test that the rights checks apply to save, submit and approve Requisitions. This should work at the API level, and you should also be able to test and confirm it using the UI. You will need to attempt to save, submit and approve a requisition that you actually don't have permissions to (either because of your role and home facility OR because of the status of the requisition).

  • Automated tests validate that security is applied properly, including checking that users are correctly prohibited from trying to create, update, approve, or delete requisitions when they don't have the right permissions to do so.

Assignee

Sebastian Brudziński

Reporter

Brandon Bowersox-Johnson

Labels

None

Components

Sprint

None

Fix versions

Priority

Major
Configure