Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Current »
Test Case #:1557 | Test Case Name: Enforce Right: Manage Geographic Zone
|
System: OpenLMIS
| Subsystem: blue |
Test case designed by: Paulina Borowa | Design Date:18.01.2017 |
Short description: There should be an Administrative type Right that a User may be assigned via a Role that allows them to Manage (View, Create, Edit) the Geographic Zones. Acceptance: there is a new Administrative type of right named MANAGE_GEOGRAPHIC_ZONE in Reference Data DONEthe role creation api may use the above right in creating Administrative type of roles DONE- endpoints are updated for /api/geographicZones and /api/geographicZones/{id}
- PUT, POST and DELETE checks if the user has the given right, returns a 403 if not
- GET checks if the token is a valid service level token, or the user has the right. Returns 403 if not.
- TECH DEBT CLEANUP: refactor returning a 404 on GET /api/geographicZones if there are none in the system, instead return an empty list.
- TECH DEBT CLEANUP: RAML declares that the DELETE endpoint returns a 409. This seems possible only if a DataIntegrityViolationException is thrown, which it appears to not do. Check if this is actually used and remove it from RAML if it's not.
- RAML is updated
- both types of permission checks have tests
| |
Step | Action | Expected system response | Comment |
1 | | | |
2 | | | |
3 | | | |
4 | | | |
5 | | | |