545: Role-Based Access Control (RBAC) for Admin/Requisitions/Fulfillment

Owned by Lucyna Laska (Unlicensed)
Last updated: Sept 21, 2016
4 min read

Test Case #:284


Test Case Name: Role-Based Access Control (RBAC) for Admin/Requisitions/Fulfillment

System: OpenLMIS

Subsystem: referencedata

Test case designed by: Lucyna Kwidzińska

Design Date:21.09.2016

Short description: As an administrator, I want to be able to define role-based access so that I can assign users a role which will allow access the relevant screens/data/workflows users need to carry out their work in stock management.

                                                                                                                                                   

Pre – conditions:

                                                                                                                                                                                                                                                       



Step

Action

Expected system response

Comment

1

       Create an example right.  

URL:  http://localhost:8080/api/rights

Method: PUT

Example body:

{

"name": "right01",

"type": "ORDER_FULFILLMENT",

"description": "OrderRight01"

}

 The Right01 should be sucessfully created.

id: 13eace82-43cf-4db7-bc03-648c2e530012

                                                 

2

Create another example right with the same right Type as previously created right.

   URL:  http://localhost:8080/api/rights

Method: PUT

Example body:

{

"name": "right02",

"type": "ORDER_FULFILLMENT",

"description": "OrderRight02"

}



 The Right02 should be sucessfully created.

id: 9c7bdcd7-9e89-4ae6-98c8-2a458b3f505d



3

 Create the third right with different right Type.

URL: http://localhost:8080/api/rights

Method: PUT

Example body:

{

"name": "right03",

"type": "SUPERVISION",

"description": "OrderRight03"

}

The Right03 should be sucessfully created.

id: 5de4cb51-5fa9-4f20-873c-df73a5be68a2



4

Create role with three rights.

URL: http://localhost:8080/api/roles

Method: POST

Example body:

{

"id": "00000000-0000-0000-0000-000000000001",

"name": "OrderRole",

"rights":

[

{ "id": "13eace82-43cf-4db7-bc03-648c2e530012",

"name": "right01",

"type": "ORDER_FULFILLMENT",

"description": "OrderRight01"

},

{

"id": "9c7bdcd7-9e89-4ae6-98c8-2a458b3f505d",

"name": "right02",

"type": "ORDER_FULFILLMENT",

"description": "OrderRight02"

},

{

"id": "5de4cb51-5fa9-4f20-873c-df73a5be68a2",

"name": "right03",

"type": "SUPERVISION",

"description": "OrderRight03"

}


]

}


 The Role can't be created. The Rights contains the different right types.


5

 Create role with the rights from point 1 to 2.

URL: http://localhost:8080/api/roles

Method: POST

Example body:

{

"id": "00000000-0000-0000-0000-000000000001",

"name": "OrderRole",

"rights":

[

{ "id": "13eace82-43cf-4db7-bc03-648c2e530012",

"name": "right01",

"type": "ORDER_FULFILLMENT",

"description": "OrderRight01"

},

{

"id": "9c7bdcd7-9e89-4ae6-98c8-2a458b3f505d",

"name": "right02",

"type": "ORDER_FULFILLMENT",

"description": "OrderRight02"

}


]

}

 The role should be successfully created.


6

  Create "Requisition - Authorize" right

URL: PUT

Method:

http://localhost:8080/api/rights

  Example body:

{

"name": "Requisition - AUTHORIZE",

"type": "SUPERVISION",

"description": "Abbility to authorize the requisition"

}

The right should be successfully created.

id: d9093809-47ae-46c4-8a21-baaca9f9494a



7

Create "Requisition - Approve" right

URL:

http://localhost:8080/api/rights

Method: PUT


Example body:

{

"name": "Requisition - APPROVE",

"type": "SUPERVISION",

"description": "Abbility to approve the requisition"

}


The right should be successfully created.

id: 7d833277-eb59-4735-833a-a0767035cc71


8

Create "Requisition - Create" right

URL:

http://localhost:8080/api/rights

Method: PUT

Example body:

{

"name": "Requisition - CREATE",

"type": "SUPERVISION",

"description": "Abbility to create the requisition"

}


The right should be successfully created.

id: 305abeef-deb7-4907-b0dd-7360f7337efa


9

Create "Requisition - View" right

URL:

http://localhost:8080/api/rights

Method: PUT


Example body:

{

"name": "Requisition - VIEW",

"type": "SUPERVISION",

"description": "Abbility to view the requisition"

}

The right should be successfully created.

id: 0814fa6b-567c-4137-878e-b5a435e13f0b


10

Create "Delete Requisition" right

URL:

http://localhost:8080/api/rights

Method: PUT


Example body:

{

"name": "Delete Requisition",

"type": "SUPERVISION",

"description": "Abbility to delete the requisition"

}

The right should be successfully created.

id: 5ffd6d28-00e3-4365-a113-3332be361c47


11Create role named "RequisitionAuthorizeRole" with

"Requisition - Authorize" right

and

 "Requisition - View" right"


URL: http://localhost:8080/api/roles

Method: POST

Example body:

{

"id": "00000000-0000-0000-0000-000000000004",

"name": "RequisitionAuthorizeRole",

"rights":

[

{ "id": "d9093809-47ae-46c4-8a21-baaca9f9494a",

"name": "Requisition - AUTHORIZE",

"type": "SUPERVISION",

"description": "Abbility to authorize the requisition"

},

{

"id": "0814fa6b-567c-4137-878e-b5a435e13f0b",

"name": "Requisition - VIEW",

"type": "SUPERVISION",

"description": "Abbility to view the requisition"

}


]

}

 The role should be successfully created.


12Create role named "RequisitionApproveRole" with

"Requisition - Approve" right

and

 "Requisition - View" right"


URL: http://localhost:8080/api/roles

Method: POST

Example body:

{

"id": "00000000-0000-0000-0000-0000000000011",

"name": "RequisitionApproveRole",

"rights":

[

{ "id": "7d833277-eb59-4735-833a-a0767035cc71",

"name": "Requisition - APPROVE",

"type": "SUPERVISION",

"description": "Abbility to approve the requisition"

},

{

"id": "0814fa6b-567c-4137-878e-b5a435e13f0b",

"name": "Requisition - VIEW",

"type": "SUPERVISION",

"description": "Abbility to view the requisition"

}


]

}

 The role should be successfully created.



13Create role named "RequisitionCreateRole" with

"Requisition - Create" right

and

"Requisition - View" right"


URL: http://localhost:8080/api/roles

Method: POST

Example body:

{

"id": "00000000-0000-0000-0000-000000000003",

"name": "RequisitionCreateRole",

"rights":

[

{ "id": "305abeef-deb7-4907-b0dd-7360f7337efa",

"name": "Requisition - CREATE",

"type": "SUPERVISION",

"description": "Abbility to create the requisition"

},

{

"id": "0814fa6b-567c-4137-878e-b5a435e13f0b",

"name": "Requisition - VIEW",

"type": "SUPERVISION",

"description": "Abbility to view the requisition"

}


]

}

 The role should be successfully created.


14Create role named "RequisitionDeleteRole" with

"Delete Requisition" right

and

 "Requisition - View" right"


URL: http://localhost:8080/api/roles

Method: POST

Example body:

{

"id": "00000000-0000-0000-0000-000000000002",

"name": "RequisitionDeleteRole",

"rights":

[

{ "id": "305abeef-deb7-4907-b0dd-7360f7337efa",

"name": "Delete Requisition",

"type": "SUPERVISION",

"description": "Abbility to delete the requisition"

},

{

"id": "0814fa6b-567c-4137-878e-b5a435e13f0b",

"name": "Requisition - VIEW",

"type": "SUPERVISION",

"description": "Abbility to view the requisition"

}


]

}

 The role should be successfully created.




Post – conditions:

OpenLMIS: the global initiative for powerful LMIS software