Page Comparison

Test Case #:882

	Test Case Name: Add Rights checks to requisitions save/submit/approve/delete endpoints
System: openLMIS	Subsystem: blue
Test case designed by: Lucyna Laska	Design Date:17.05.2016
Short description: Prior to this ticket, the Requisition Service has been built without validating security. The Requisition Service actually needs to apply security validations to restrict permissions based on RBAC and Supervisory Nodes. Now that RBAC is implemented ( Image Modified OLMIS-545 Done ), we can apply permissions to the Requisition Service. Initiate a Requisition: REQUISITION_CREATE Update a Requisition (setting fields in the line items): REQUISITION_CREATE or REQUISITION_APPROVE or REQUISITION_AUTHORIZE Submit a Requisition: REQUISITION_CREATE Approve a Requisition: REQUISITION_APPROVE Authorize a Requisition: REQUISITION_AUTHORIZE Delete a Requisition: REQUISITION_DELETE View a Requisition: REQUISITION_VIEW More info here: Requisition Rights

Pre – conditions:

Step

Action

Expected system response

Comment

1

Note:

The jsons for creating the proper roles:

URL: http://10.222.17.134/referencedata/api/roles?access_token=de0d3ff7-acf9-42c8-aa52-5483d25d1c9d, POST

REQUISITION_VIEW

{

"id": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d",

"name": "Requisition view",

"rights": [

{

"id": "e101d2b8-6a0f-4af6-a5de-a9576b4ebc50",

"name": "REQUISITION_VIEW",

"type": "SUPERVISION",

"attachments": []

}

]

}

2. REQUISITION_DELETE

{

"id": "71fd8790-eb5b-45ad-b221-673e9f48bbe2",

"name": "Requisition delete",

"rights": [

{

"id": "c3eb5df0-c3ac-4e70-a978-02827462f60e",

"name": "REQUISITION_DELETE",

"type": "SUPERVISION",

"attachments": []

}

]

}

3. REQUISITION_AUTHORIZE

{

"id": "a9d3263c-8ad0-4fa1-beba-0ca0be94b021",

"name": "Requisition authorize",

"rights": [

{

"id": "feb4c0b8-f6d2-4289-b29d-811c1d0b2863",

"name": "REQUISITION_AUTHORIZE",

"type": "SUPERVISION",

"attachments": []

}

]

}

4. REQUISITION_APPROVE

{

"id": "e9d4825b-5138-47cb-b5d5-74cfc986a791",

"name": "Requisition approve",

"rights": [

{

"id": "bffa2de2-dc2a-47dd-b126-6501748ac3fc",

"name": "REQUISITION_APPROVE",

"type": "SUPERVISION",

"attachments": []

}

]

}

5. REQUISITION_CREATE

{

"id": "53cfc7dc-eb1b-4253-8b39-9bce02551107",

"name": "Requisition create",

"rights": [

{

"id": "9ade922b-3523-4582-bef4-a47701f7df14",

"name": "REQUISITION_CREATE",

"type": "SUPERVISION",

"attachments": []

}

]

}

The roles has been created successfully.

1

Assign the user (devadmin) a right: REQUISITION_VIEW.

URL: http://10.222.17.134/referencedata/api/users?access_token=de0d3ff7-acf9-42c8-aa52-5483d25d1c9d

Method: PUT

Body:

{
         "id": "56a50e9a-9668-437d-a09c-7e709ce22222",
    "username": "devadmin",
    "firstName": "Admin",
    "lastName": "Admin",
    "email": "devadmin@openlmis.org",
    "timezone": "CET",
    "homeFacility": {
      "code": "W01",
      "name": "CMST Warehouse",
      "geographicZone": {
        "code": "Mal-So",
        "name": "Southern Region",
        "level": {
          "code": "Region",
          "levelNumber": 2,
          "id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491"
        },
        "id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602"
      },
      "type": {
        "code": "WH",
        "name": "Warehouse",
        "displayOrder": 3,
        "active": true,
        "id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113"
      },
      "operator": {
        "code": "moh",
        "name": "Ministry of Health",
        "displayOrder": 1,
        "id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121"
      },
      "active": true,
      "enabled": true,
      "openLmisAccessible": true,
      "supportedPrograms": [
        {
          "code": "PRG003",
          "name": "New program",
          "active": true,
          "periodsSkippable": false,
          "id": "66032ea8-b69b-4102-a1eb-844e57143187"
        }
      ],
      "id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e"
    },
    "verified": true,
    "active": true,
    "loginRestricted": false,
    "roleAssignments": [
       {
           "roleId": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d",
           "programCode": "PRG001"
       }]

}	Role has been assigned properly.

2

3

4

5

6

7

8

Post – conditions:

Image Added	How to assign role to user: URL: http://10.222.17.134/referencedata/api/roles?access_token=de0d3ff7-acf9-42c8-aa52-5483d25d1c9d Body: { "id": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d", "name": "Requisition view", "rights": [ { "id": "e101d2b8-6a0f-4af6-a5de-a9576b4ebc50", "name": "REQUISITION_VIEW", "type": "SUPERVISION", "attachments": [] } ] }
2	Try to delete the requisition when REQUISITION_VIEW right is assigned to user.	Image Added User can't delete the requision. The proper right REQUISITION_DELETE is not associated with user.
3	Try to authorize the requisition when REQUISITION_VIEW right is assigned to user.	User can't authorize the requisition. The proper right REQUISITION_AUTHORIZE is not associated with User. Image Added
4	Try to approve the requisition when REQUISITION_VIEW right is assigned to user.	User can't approve the requisition. The proper right REQUISITION_APPROVE is not associated with User. Image Added
5	Try to initiate or submit the requisition when REQUISITION_VIEW right is assigned to user.	User can't initiate/submit the requisition. The proper right REQUISITION_CREATE is not associated with User. Image Added
6	Try to view the requisition when REQUISITION_VIEW right is assigned to user.	The details of requisition are displayed. Image Added
7	Assign the user a right: REQUISITION_DELETE. Body: { "id": "56a50e9a-9668-437d-a09c-7e709ce22222", "username": "devadmin", "firstName": "Admin", "lastName": "Admin", "email": "devadmin@openlmis.org", "timezone": "CET", "homeFacility": { "code": "W01", "name": "CMST Warehouse", "geographicZone": { "code": "Mal-So", "name": "Southern Region", "level": { "code": "Region", "levelNumber": 2, "id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491" }, "id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602" }, "type": { "code": "WH", "name": "Warehouse", "displayOrder": 3, "active": true, "id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113" }, "operator": { "code": "moh", "name": "Ministry of Health", "displayOrder": 1, "id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121" }, "active": true, "enabled": true, "openLmisAccessible": true, "supportedPrograms": [ { "code": "PRG003", "name": "New program", "active": true, "periodsSkippable": false, "id": "66032ea8-b69b-4102-a1eb-844e57143187" } ], "id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e" }, "verified": true, "active": true, "loginRestricted": false, "roleAssignments": [ { "roleId": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d", "programCode": "PRG001", "supervisoryNodeCode": "N1" }, { "roleId": "71fd8790-eb5b-45ad-b221-673e9f48bbe2", "programCode": "PRG001", "supervisoryNodeCode": "N1" }] }	Image Added
8	Try to delete the requisition when REQUISITION_DELETE right is assigned to user.
9	Try to authorize the requisition when REQUISITION_DELETE right is assigned to user.	User can't authorize the requisition. The proper right REQUISITION_AUTHORIZE is not associated with User. Image Added
10	Try to approve the requisition when REQUISITION_DELETE right is assigned to user.	User can't approve the requisition. The proper right REQUISITION_APPROVE is not associated with User. Image Added
11	Try to initiate or submit the requisition when REQUISITION_DELETE right is assigned to user.	User can't initiate/submit the requisition. The proper right REQUISITION_CREATE is not associated with User. Image Added
12	Try to view the requisition when REQUISITION_DELETE right is assigned to user.	The details of requisitions are visible. Image Added
13	Reassign the right: REQUISITION_DELETE and assign the user a right: REQUISITION_AUTHORIZE. Body: { "id": "56a50e9a-9668-437d-a09c-7e709ce22222", "username": "devadmin", "firstName": "Admin", "lastName": "Admin", "email": "devadmin@openlmis.org", "timezone": "CET", "homeFacility": { "code": "W01", "name": "CMST Warehouse", "geographicZone": { "code": "Mal-So", "name": "Southern Region", "level": { "code": "Region", "levelNumber": 2, "id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491" }, "id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602" }, "type": { "code": "WH", "name": "Warehouse", "displayOrder": 3, "active": true, "id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113" }, "operator": { "code": "moh", "name": "Ministry of Health", "displayOrder": 1, "id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121" }, "active": true, "enabled": true, "openLmisAccessible": true, "supportedPrograms": [ { "code": "PRG003", "name": "New program", "active": true, "periodsSkippable": false, "id": "66032ea8-b69b-4102-a1eb-844e57143187" } ], "id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e" }, "verified": true, "active": true, "loginRestricted": false, "roleAssignments": [ { "roleId": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d", "programCode": "PRG001", "supervisoryNodeCode": "N1" }, { "roleId": "a9d3263c-8ad0-4fa1-beba-0ca0be94b021", "programCode": "PRG001", "supervisoryNodeCode": "N1" }] }	Image Added
14	Try to delete the requisition when REQUISITION_AUTHORIZE right is assigned to user.	User can't delete the requisition. The proper right REQUISITION_DELETE is not associated with User. Image Added
15	Try to authorize the requisition when REQUISITION_AUTHORIZE right is assigned to user.	The requisition has been authorized successfully. Image Added
16	Try to approve the requisition when REQUISITION_AUTHORIZE right is assigned to user.	User can't approve the requisition. The proper right REQUISITION_APPROVE is not associated with User. Image Added
17	Try to initiate or submit the requisition when REQUISITION_AUTHORIZE right is assigned to user.	User can't initiate/submit the requisition. The proper right REQUISITION_CREATE is not associated with User. Image Added
18	Try to view the requisition when REQUISITION_AUTHORIZE right is assigned to user.	The details of requisitions are displayed. Image Added
19	Reassign the right: REQUISITION_AUTHORIZE and assign the user a right: REQUISITION_APPROVE. Body: { "id": "56a50e9a-9668-437d-a09c-7e709ce22222", "username": "devadmin", "firstName": "Admin", "lastName": "Admin", "email": "devadmin@openlmis.org", "timezone": "CET", "homeFacility": { "code": "W01", "name": "CMST Warehouse", "geographicZone": { "code": "Mal-So", "name": "Southern Region", "level": { "code": "Region", "levelNumber": 2, "id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491" }, "id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602" }, "type": { "code": "WH", "name": "Warehouse", "displayOrder": 3, "active": true, "id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113" }, "operator": { "code": "moh", "name": "Ministry of Health", "displayOrder": 1, "id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121" }, "active": true, "enabled": true, "openLmisAccessible": true, "supportedPrograms": [ { "code": "PRG003", "name": "New program", "active": true, "periodsSkippable": false, "id": "66032ea8-b69b-4102-a1eb-844e57143187" } ], "id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e" }, "verified": true, "active": true, "loginRestricted": false, "roleAssignments": [ { "roleId": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d", "programCode": "PRG001", "supervisoryNodeCode": "N1" }, { "roleId": "e9d4825b-5138-47cb-b5d5-74cfc986a791", "programCode": "PRG001", "supervisoryNodeCode": "N1" }] }	Image Added
20	Try to delete the requisition when REQUISITION_APPROVE right is assigned to user.	User can't delete the requisition. The proper right REQUISITION_DELETE is not associated with User. Image Added
21	Try to authorize the requisition when REQUISITION_APPROVE right is assigned to user.	User can't authorize the requisition. The proper right REQUISITION_AUTHORIZE is not associated with User. Image Added
22	Try to approve the requisition when REQUISITION_APPROVE right is assigned to user.	The requisition has been successfully approved. Image Added
23	Try to initiate or submit the requisition when REQUISITION_APPROVE right is assigned to user.	User can't initiate/submit the requisition. The proper right REQUISITION_CREATE is not associated with User. Image Added
24	Try to view the requisition when REQUISITION_APPROVE right is assigned to user.	The details of requisition are displayed. Image Added
25	Reassign the right: REQUISITION_APPROVE and assign the user a right: REQUISITION_CREATE. Body: { "id": "56a50e9a-9668-437d-a09c-7e709ce22222", "username": "devadmin", "firstName": "Admin", "lastName": "Admin", "email": "devadmin@openlmis.org", "timezone": "CET", "homeFacility": { "code": "W01", "name": "CMST Warehouse", "geographicZone": { "code": "Mal-So", "name": "Southern Region", "level": { "code": "Region", "levelNumber": 2, "id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491" }, "id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602" }, "type": { "code": "WH", "name": "Warehouse", "displayOrder": 3, "active": true, "id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113" }, "operator": { "code": "moh", "name": "Ministry of Health", "displayOrder": 1, "id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121" }, "active": true, "enabled": true, "openLmisAccessible": true, "supportedPrograms": [ { "code": "PRG003", "name": "New program", "active": true, "periodsSkippable": false, "id": "66032ea8-b69b-4102-a1eb-844e57143187" } ], "id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e" }, "verified": true, "active": true, "loginRestricted": false, "roleAssignments": [ { "roleId": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d", "programCode": "PRG001", "supervisoryNodeCode": "N1" }, { "roleId": "53cfc7dc-eb1b-4253-8b39-9bce02551107", "programCode": "PRG001", "supervisoryNodeCode": "N1" }] }	Image Added
26	Try to delete the requisition when REQUISITION_CREATE right is assigned to user.	User can't delete the requisition. The proper right REQUISITION_DELETE is not associated with User. Image Added
27	Try to authorize the requisition when REQUISITION_CREATE right is assigned to user.	User can't authorize the requisition. The proper right REQUISITION_AUTHORIZE is not associated with User. Image Added
28	Try to approve the requisition when REQUISITION_CREATE right is assigned to user.	User can't approve the requisition. The proper right REQUISITION_APPROVE is not associated with User. Image Added
29	Try to initiate or submit the requisition when REQUISITION_CREATE right is assigned to user.	It's possible to initiate the requisition. The submission process is possible too. Image Added
30	Try to view the requisition when REQUISITION_CREATE right is assigned to user.	The details of requisition has been displayed. Image Added

Post – conditions:

Versions Compared

Old Version 1

New Version Current

Key