1385: Enforce "Convert to order" permission on convert to order endpoint

Test Case #: 1385

Test Case Name: Enforce "Convert to order" permission on convert to order endpoint

System: openLMIS

Subsystem: blue

Test case designed by: Anna Czyrko

Design Date:03.01.2017

Short description

* Ensure there is a convert to order right; if not, create one in the reference data service bootstrap SQL script
* Update RAML with response of not having permission
* Add convert to order right check to endpoint, checking by current user, right and warehouse(s) specified in the request


                                                                                                                                                   

Pre – conditions:

 Log into application as administrator.                                                                                                                                                                                                                     



Step

Action

Expected system response

Comment



UI     

                                                 
1


 Log into application as administrator. From top menu select Requisitions and next Convert to order.

Appears Convert Requisitions to Order screen.


2Do not select any requisition for convert to order. Click Convert to Order button.

Appears message: "Please select at least one Requisition for Converting to Order"


3Select one Requisition. Supplying Depot field should be empty. Click Convert to Order button.Should appear error message
4Select one Requisition, select Supplying Depot and click Convert to Order button.

Should appear message "The requisition(s) have been successfully converted to Orders".


5Select three requisitions, select Supplying Depots and click Convert to Order button.Should appear message "The requisition(s) have been successfully converted to Orders".
6Log in as devadmin.
Devadmin should not have permissions for converting to order.
7From top menu select Requisitions. Converto to Order should not be visible.




API
1

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to convert requisition to order by user who has not permissions.

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }
2

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to convert to order requisition with not exist supplyingDepots

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }
3

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to select supplyingDepot not from drop down list by API and try to convert to order

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }



Post – conditions:

OpenLMIS: the global initiative for powerful LMIS software