1455: Enforce Right: Manage Requisition Template

Owned by Paulina Borowa (Unlicensed)
Last updated: Jan 18, 2017


Test Case #:1455

Test Case Name:Enforce Right: Manage Requisition Template

System: OpenLMIS

Subsystem: blue

Test case designed by: Paulina Borowa

Design Date:18.01.2017

Short description

There should be an Administrative type Right that a User may be assigned via a Role that allows them to Manage (View, Create, Edit) the Requisition Templates.

Acceptance:

  • there is a new Administrative type of right named manage requisition in Reference Data done
  • the role creation api may use the above right in creating Administrative type of roles done
  • the PUT endpoint checks if the User has the given right, returns a 403 if the User doesn't have the right
  • the GET endpoint requires the user has this right, or that the token is a service level token. Returns 403 otherwise.
  • the GET endpoint requires the user has ANY of the rights: manage requisition template, view requisition, or a service level token. Return 403 otherwise.
  • RAML is updated
  • Check to ensure clients of GET and PUT endpoints don't break - raise an issue to the larger group if it does.

acceptance criteria of GET endpoints are removed to  OLMIS-1099 To Do

                                                                                                                                                   

Pre – conditions:

Generate token for devadmin and administrator user                                                                                                                                                                                                                                                      

 

 

Step

Action

Expected system response

Comment

1

 Use devadmin account to check if user without right  REQUISITION_TEMPLATES_MANAGE cannot POST/PUT/DELETE requisition template 

   PUT: 

{
  "messageKey": "requisition.error.authorization.no-following-permission",
  "message": "You do not have following permission to perform this action: REQUISITION_TEMPLATES_MANAGE."
}                                                            

DELETE:

{
  "messageKey": "requisition.error.authorization.no-following-permission",
  "message": "You do not have following permission to perform this action: REQUISITION_TEMPLATES_MANAGE."
}

POST

{
  "messageKey": "requisition.error.authorization.no-following-permission",
  "message": "You do not have following permission to perform this action: REQUISITION_TEMPLATES_MANAGE."
}


GET ( currently working without right  REQUISITION_TEMPLATES_MANAGE it will be changed in  OLMIS-1099 To Do )

Status 200 OK

                                                 

2

 Use administrator account to check if user with right  REQUISITION_TEMPLATES_MANAGE can GET/PUT/DELETE/POST requisition template   

 GET:

Status 200 OK

   PUT:

POST:

Status 201 Created

DELETE:


 

3

  

 

4

  

 

5

   

OpenLMIS: the global initiative for powerful LMIS software