Assign roles to a user record for requisitions
Description
Attachments
- 30 Sep 2016, 12:41 PM
- 30 Sep 2016, 12:40 PM
- 28 Sep 2016, 09:06 AM
- 29 Jul 2016, 05:49 PM
- 27 Jul 2016, 11:36 PM
is blocked by
relates to
QAlity Plus - Test Management
Checklists
Activity
Hi @Chongsun Ahn, thank you for the explanation. Now, everything is clear.
My test process:
1. Create user without roles.
2. Create right with ORDER_FULFILLMENT right type.
3. Create right with SUPERVISION right type.
4. Create right with GENERAL_ADMIN right type.
5. Create right with REPORTS right type.
6. Create role with ORDER_FULFILLMENT right type.
7. Create role with SUPERVISION right type.
8. Create role with GENERAL_ADMIN right type.
9. Create role with REPORTS right type.
10. Create program, facility and supervisoryNode.
11. Assign home facility to User.
12. Assign invalid home facility to User.
13. Assign program to User.
14. Assign invalid program to User.
15. Get the programs at a user's home facility or programs that the user supervises.
16. Assign role by program and supervisoryNode
17. As a User, try to assign the role to another Users.
18. As an Admin, try to delete the role.
I noticed that User can also delete the role.
For more details, see test case:
https://openlmis.atlassian.net/wiki/x/S4A7BQ
Hey @Lucyna Laska, I think there is some confusion about programs associated with a home facility. You do not associate programs to a home facility using a homeFacilityPrograms attribute. Programs are associated with a user's home facility through the user's assigned roles. If the user has a role assignment with a specified program (and not a supervisory node), then that role is automatically associated with a home facility, and the program that goes with it is a "home facility program". You can see the home facility programs associated with a user by going to /api/users/{userId}/programs.
Please let me know if this does not make sense, and we can try to Skype about it.
Hi @Chongsun Ahn. Sorry for not testing this ticket earlier, but I was some problem with user creation. Problem has been eliminated, now everything works.
I tested some AC so far and I have some doubts about this one:
an admin can can associate programs to the home facility
programs must be from reference data, no new program can be defined
I assumed that homeFacilityPrograms attribute should be set to cover this AC.
When I try to do that, my user is updated properly, but in response I don’t see my homeFacilityPrograms. When I list all users, I don’t see this too. I can enter not existed ID for HomeFacilityPrograms and despite that, user will be created
Could you take a look of that?
my URL: http://172.23.0.1/referencedata/api/users?access_token=bd7aa178-2c96-48c4-985b-28027152dc36
body:
{
"id": "8c589aed-da97-46c9-b9f4-94ac68562d30",
"username" : "admin123",
"firstName" : "Admin2",
"lastName" : "User2",
"email" : "testowysoldevelo@gmail.com",
"verified" : false,
"active" : false,
"loginRestricted": true,
"homeFacility": {
"id": "8a2a0a6b-7614-41c8-b4d1-e887959956f7"
},
"homeFacilityPrograms": {
"id": "7ffb2b3c-4f9f-4121-b7a9-5d66558c729a"
},
"roleAssignments": [
{
"roleId": "00000000-0000-0000-0000-000000000004",
"programCode": "program02",
"supervisoryNodeCode": "supervisorycode"
},
{
"roleId": "00000000-0000-0000-0000-000000000001",
"warehouseCode": "hospital"
}]
}
Screen with my json:
The server response:
@Lucyna Laska please update the .env file with email properties - they have been externalized there
Details
Details
Assignee
Reporter
Original estimate
Time tracking
Sprint
Fix versions
Priority
Major
Time Assistant
Open Time Assistant
Time Assistant
As an administrator, I would like to assign roles to users to provide/restrict system permissions at a user level so that users can complete their business workflows (approve requisitions) to order the right stock. Initially we will focus on the Requisition service.
Roles are defined in OLMIS-545.
Review the RBAC and Entity Relationship Diagram - OLMIS-865: ERD - focus on entities required for Role-based authenticationDone
See User_Role assignment PDF attached for 2.0 UI.
Section for role based access:
For now start with the following two sections (the pdf has more)
Home Facility - supports the requisition process and apply specifically to the facility designated in the users profile as their home facility
Supervisory Roles - supports the requisition process and apply to facilities under a given supervisory node (or facilities under nodes that are children of a given supervisory node)
Within the above sections, an admin can assign a "role" by program. That role will only apply to that program with the section's scope. Home facility and Supervisory apply to requisitions.
Acceptance Criteria
Verify that:
an admin can assign a "home" facility to a user
home facility must be from a list of defined facilities (from reference data)
an error message is delivered if admin attempts to add a new facility
an admin can can associate programs to the home facility
programs must be from reference data, no new program can be defined
admin can designate one or more roles by program
admin can remove roles
Under Supervisory an admin can add a role by program and supervisory node
an admin must select a program and supervisory node for role assignment, if not a role cannot be added
if a user is given role permissions within a program and specific facility - the access to those rights within that program and facility should be enforced
If a user doesn't have access to certain rights, user access should be limited accordingly
admin user can save changes
only admin users can assign roles