1588: Create Right: Manage Users

Owned by Lucyna Laska (Unlicensed)
Jan 31, 2017
2 min read

Test Case #:1588


Test Case Name: Create Right: Manage Users

System: openLMIS

Subsystem: blue

Test case designed by: Lucyna Laska

Design Date:31.01.2017

Short description

  • there is a new Administrative type of right named USERS_MANAGE in Reference Data
  • the endpoint's that GET, PUT, POST & DELETE should require the right USERS_MANAGE or a Service token, otherwise a 403 should be returned for:
    • /api/users
    • /api/users/{userId}
    • /api/users/{userId}/roleAssignments
    • /api/users/{userId}/hasRight
    • /api/users/{userId}/programs
    • /api/users/{userId}/supervisedFacilities
    • /api/users/{userId}/fulfillmentFacilities
    • /api/users/search
  • RAML is updated
  • Check to ensure clients of updated endpoints don't break - raise an issue to the larger group if it does.

                                                                                                                                                   

Pre – conditions:

                                                                                                                                                                                                                                                       

 

 

Step

Action

Expected system response

Comment

1

  As a devadmin without USERS_MANAGE permission check, if it's possible to view all users:

   View the list of all users is only possible when USERS_MANAGE right is assigned with user.                                                                                                                         

2

 As a devadmin without USERS_MANAGE permission check, if it's possible to search all users:Searching users is only possible when USERS_MANAGE right is assigned with user. 

 

3

  As a devadmin without USERS_MANAGE permission, try to reset password:

 		The resetPassword is only possible when USERS_MANAGE right is assigned with user.

 

4

 As a devadmin without USERS_MANAGE permission, try to view his details using.

It's possible to check user's own details. 

5

  As a devadmin without USERS_MANAGE permission, try to view his own roleAssignments.

  • Method: GET
  • URL:
 It's possible to check own details.

 

6

   As a devadmin without USERS_MANAGE permission, try to check if I have right with certain criteria.

It's possible to check user's own details.

 

7

                     As a devadmin without USERS_MANAGE permission, try to get the programs at a user's home facility or programs that the user supervises.       

                     

It's possible to check user's own details. 

 

8    As a devadmin without USERS_MANAGE permission, try get all the facilities that the user supervises, by right and program.       
  • Method: GET

It's possible to check user's own details.



9As a devadmin without USERS_MANAGE permission, try to get all the facilities that the user has fulfillment rights for.       
  • Method: GET

It's possible to check user's own details.



10

As an administrator with USERS_MANAGE permission, try to view the list of all users.

It's possible to view the details of all users.
11As an administrator with USERS_MANAGE permission, try to search a user.
It's possible to search the user.
12

As an administrator with USERS_MANAGE permission, try to view the details of particular user.

It's possible to view the particular user.
13

As an administrator with USERS_MANAGE permission, try to delete the user.

It's possible to delete the particular user.Note: user can delete his own record.
14

As an administrator with USERS_MANAGE permission, try to reset password:

It's possible to reset password for every user.
16


17


18


 

 

Post – conditions:

OpenLMIS: the global initiative for powerful LMIS software