Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Test Case #:882


Test Case Name: Add Rights checks to requisitions save/submit/approve/delete endpoints

System: openLMIS

Subsystem: blue

Test case designed by: Lucyna Laska

Design Date:17.05.2016

Short description

Prior to this ticket, the Requisition Service has been built without validating security. The Requisition Service actually needs to apply security validations to restrict permissions based on RBAC and Supervisory Nodes. Now that RBAC is implemented ( Image Modified OLMIS-545 Done ), we can apply permissions to the Requisition Service.

Initiate a Requisition: REQUISITION_CREATE

Update a Requisition (setting fields in the line items): REQUISITION_CREATE or REQUISITION_APPROVE or REQUISITION_AUTHORIZE

Submit a Requisition: REQUISITION_CREATE

Approve a Requisition: REQUISITION_APPROVE

Authorize a Requisition: REQUISITION_AUTHORIZE

Delete a Requisition: REQUISITION_DELETE

View a Requisition: REQUISITION_VIEW

More info here: Requisition Rights

                                                                                                                                                   

Pre – conditions:

                                                                                                                                                                                                                                                       



Step

Action

Expected system response

Comment

1

                                                                                   Assign the user a right: REQUISITION_VIEW.                                                                             
      
                                                                                                                                                                                  

2

  

 

3

  

 

4

  

 

5

   

6

  

 

7

  

 

8

                                                  

Try to delete the requisition when REQUISITION_VIEW right is assigned to user.


3

Try to authorize the requisition when REQUISITION_VIEW right is assigned to user.


4

Try to approve the requisition when REQUISITION_VIEW right is assigned to user.


5

Try to initiate or submit the requisition when REQUISITION_VIEW right is assigned to user.

6

Try to view the requisition when REQUISITION_VIEW right is assigned to user.



7

Assign the user a right: REQUISITION_DELETE.


8

Try to delete the requisition when REQUISITION_DELETE right is assigned to user.


9Try to authorize the requisition when REQUISITION_DELETE right is assigned to user.

10Try to approve the requisition when REQUISITION_DELETE right is assigned to user.

11Try to initiate or submit the requisition when REQUISITION_DELETE right is assigned to user.

12Try to view the requisition when REQUISITION_DELETE right is assigned to user.

13Reassign the right: REQUISITION_DELETE and assign the user a right: REQUISITION_AUTHORIZE.

14Try to delete the requisition when REQUISITION_AUTHORIZE right is assigned to user.

15Try to authorize the requisition when REQUISITION_AUTHORIZE right is assigned to user.

16Try to approve the requisition when REQUISITION_AUTHORIZE right is assigned to user.

17Try to initiate or submit the requisition when REQUISITION_AUTHORIZE right is assigned to user.

18Try to view the requisition when REQUISITION_AUTHORIZE right is assigned to user.

19Reassign the right: REQUISITION_AUTHORIZE and assign the user a right: REQUISITION_APPROVE.

20Try to delete the requisition when REQUISITION_APPROVE right is assigned to user.

21Try to authorize the requisition when REQUISITION_APPROVE right is assigned to user.

22Try to approve the requisition when REQUISITION_APPROVE right is assigned to user.

23Try to initiate or submit the requisition when REQUISITION_APPROVE right is assigned to user.

24Try to view the requisition when REQUISITION_APPROVE right is assigned to user.

25Reassign the right: REQUISITION_APPROVE and assign the user a right: REQUISITION_CREATE.

26Try to delete the requisition when REQUISITION_CREATE right is assigned to user.

27Try to authorize the requisition when REQUISITION_CREATE right is assigned to user.

28Try to approve the requisition when REQUISITION_CREATE right is assigned to user.

29Try to initiate or submit the requisition when REQUISITION_CREATE right is assigned to user.

30Try to view the requisition when REQUISITION_CREATE right is assigned to user.



Post – conditions: