1557: Enforce Right: Manage Geographic Zone


Test Case #:1557

Test Case Name: Enforce Right: Manage Geographic Zone

System: OpenLMIS

Subsystem: blue

Test case designed by: Paulina Borowa

Design Date:18.01.2017

Short description

There should be an Administrative type Right that a User may be assigned via a Role that allows them to Manage (View, Create, Edit) the Geographic Zones.

Acceptance:

  • there is a new Administrative type of right named MANAGE_GEOGRAPHIC_ZONE in Reference Data DONE
  • the role creation api may use the above right in creating Administrative type of roles DONE
  • endpoints are updated for /api/geographicZones and /api/geographicZones/{id}
  • PUT, POST and DELETE checks if the user has the given right, returns a 403 if not
  • GET checks if the token is a valid service level token, or the user has the right. Returns 403 if not.
  • TECH DEBT CLEANUP: refactor returning a 404 on GET /api/geographicZones if there are none in the system, instead return an empty list.
  • TECH DEBT CLEANUP: RAML declares that the DELETE endpoint returns a 409. This seems possible only if a DataIntegrityViolationException is thrown, which it appears to not do. Check if this is actually used and remove it from RAML if it's not.
  • RAML is updated
  • both types of permission checks have tests

                                                                                                                                                   

Pre – conditions:

                                                                                                                                                                                                                                                       

 

 

Step

Action

Expected system response

Comment

1

                                                                                

 Use devadmin account to check if user without right  MANAGE_GEOGRAPHIC_ZONE cannot POST/PUT/DELETE requisition template


                                                                                      

 POST:

Status 403

{

  "messageKey": "requisition.error.unauthorized",

  "message": "requisition.error.unauthorized"

}

PUT:

Status 403

{

  "messageKey": "requisition.error.unauthorized",

  "message": "requisition.error.unauthorized"

}

DELETE:

Status 403

{

  "messageKey": "requisition.error.unauthorized",

  "message": "requisition.error.unauthorized"

}

GET:

Status 403

{

  "messageKey": "requisition.error.unauthorized",

  "message": "requisition.error.unauthorized"

}

GET/{id}:

Status 403

{

  "messageKey": "requisition.error.unauthorized",

  "message": "requisition.error.unauthorized"

}


                                                 

2

Use administrator account to check if user with right   MANAGE_GEOGRAPHIC_ZONE can GET/PUT/DELETE/POST requisition template  


 

PUT:

Status 200 OK

POST:

201 Created:

DELETE:

GET:

Status 200 OK

GET/{id}:

 

3

  

 

4

  

 

5

   

OpenLMIS: the global initiative for powerful LMIS software