/
1385: Enforce "Convert to order" permission on convert to order endpoint

1385: Enforce "Convert to order" permission on convert to order endpoint

Jan 04, 2017

Test Case #: 1385

Test Case Name: Enforce "Convert to order" permission on convert to order endpoint

System: openLMIS

Subsystem: blue

Test case designed by: Anna Czyrko

Design Date:03.01.2017

Short description

* Ensure there is a convert to order right; if not, create one in the reference data service bootstrap SQL script
* Update RAML with response of not having permission
* Add convert to order right check to endpoint, checking by current user, right and warehouse(s) specified in the request



                                                                                                                                                   

Pre – conditions:

 Log into application as administrator.                                                                                                                                                                                                                     





Step

Action

Expected system response

Comment





UI     

                                                 

1



 Log into application as administrator. From top menu select Requisitions and next Convert to order.

Appears Convert Requisitions to Order screen.



2

Do not select any requisition for convert to order. Click Convert to Order button.

Appears message: "Please select at least one Requisition for Converting to Order"



3

Select one Requisition. Supplying Depot field should be empty. Click Convert to Order button.

Should appear error message



4

Select one Requisition, select Supplying Depot and click Convert to Order button.

Should appear message "The requisition(s) have been successfully converted to Orders".



5

Select three requisitions, select Supplying Depots and click Convert to Order button.

Should appear message "The requisition(s) have been successfully converted to Orders".



6

Log in as devadmin.



Devadmin should not have permissions for converting to order.

7

From top menu select Requisitions. Converto to Order should not be visible.







API



1

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to convert requisition to order by user who has not permissions.

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }



2

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to convert to order requisition with not exist supplyingDepots

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }



3

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to select supplyingDepot not from drop down list by API and try to convert to order

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }







Post – conditions:

OpenLMIS: the global initiative for powerful LMIS software