/
1385: Enforce "Convert to order" permission on convert to order endpoint

1385: Enforce "Convert to order" permission on convert to order endpoint

Jan 04, 2017

Test Case #: 1385

Test Case Name: Enforce "Convert to order" permission on convert to order endpoint

System: openLMIS

Subsystem: blue

Test case designed by: Anna Czyrko

Design Date:03.01.2017

Short description

* Ensure there is a convert to order right; if not, create one in the reference data service bootstrap SQL script
* Update RAML with response of not having permission
* Add convert to order right check to endpoint, checking by current user, right and warehouse(s) specified in the request

 

                                                                                                                                                   

Pre – conditions:

 Log into application as administrator.                                                                                                                                                                                                                     

 

 

Step

Action

Expected system response

Comment

 

 

UI     

                                                 

1

 

 Log into application as administrator. From top menu select Requisitions and next Convert to order.

Appears Convert Requisitions to Order screen.

 

2

Do not select any requisition for convert to order. Click Convert to Order button.

Appears message: "Please select at least one Requisition for Converting to Order"

 

3

Select one Requisition. Supplying Depot field should be empty. Click Convert to Order button.

Should appear error message

 

4

Select one Requisition, select Supplying Depot and click Convert to Order button.

Should appear message "The requisition(s) have been successfully converted to Orders".

 

5

Select three requisitions, select Supplying Depots and click Convert to Order button.

Should appear message "The requisition(s) have been successfully converted to Orders".

 

6

Log in as devadmin.

 

Devadmin should not have permissions for converting to order.

7

From top menu select Requisitions. Converto to Order should not be visible.

 

 

 

API

 

1

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to convert requisition to order by user who has not permissions.

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }

 

2

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to convert to order requisition with not exist supplyingDepots

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }

 

3

Go to swagger (http://test.openlmis.org/requisition/docs), use POST /api/requisitions/convertToOrder.

Try to select supplyingDepot not from drop down list by API and try to convert to order

Should appear message: { "message": "User is lacking permission to access the resource", "description": "You do not have the following permission to perform this action: REQUISITION_CONVERT_TO_ORDER" }

 

 

 

Post – conditions:

OpenLMIS: the global initiative for powerful LMIS software