Add Rights checks to requisitions save/submit/approve/delete endpoints

Description

Prior to this ticket, the Requisition Service has been built without validating security. The Requisition Service actually needs to apply security validations to restrict permissions based on RBAC and Supervisory Nodes. Now that RBAC is implemented (), we can apply permissions to the Requisition Service.

The first sub-task of this ticket will fill in this description to specify the permissions required for each action:

Initiate a Requisition: REQUISITION_CREATE

Update a Requisition (setting fields in the line items): REQUISITION_CREATE or REQUISITION_APPROVE or REQUISITION_AUTHORIZE

Submit a Requisition: REQUISITION_CREATE

Approve a Requisition: REQUISITION_APPROVE

Authorize a Requisition: REQUISITION_AUTHORIZE

Delete a Requisition: REQUISITION_DELETE

View a Requisition: REQUISITION_VIEW

More info here: https://openlmis.atlassian.net/wiki/display/OP/Requisition+Rights

-Initiate a Requisition: User must have "Requisition - Create" permission at the facility for which they are trying to create the requisition. This happens either by the user's home facility or by supervisory node. Cross-reference and page 50 in the Configuration Guide.- (Covered by )

Convert Requisition to Order is NOT in scope of this ticket. There is a separate ticket for enforcing permissions for Convert to Order.

Acceptance Criteria
The sub-tasks now contain all the acceptance criteria.

(This ticket was raised in discussion in OLMIS-1081.)

Assignee

Sebastian Brudziński

Reporter

Mary Jo Kochendorfer

Labels

None

Story Points

13

Epic Link

Components

Sprint

None

Fix versions

Priority

Major
Configure