883: Permission Check Tool

1

Note: To test this ticket, I created a few rights and roles. Then, I assigned some roles to Users.

2

            Create a few roles and assigne them to user.             

User: testowyUser01

 "id": "45230742-b0f4-4928-aa91-6517ad81626d",
    "username": "testowyUser",
    "firstName": "abc",
    "lastName": "example",
    "email": "soldeveloteam@gmail.com",
    "homeFacility": {
      "id": "c904d0c3-e943-4a8d-91ba-da203fdfa342",
      "code": "hospital",
      "name": "Facility Active Enabled03",
      "description": null,
      "geographicZone": {
        "id": "913f2e73-e9d5-4145-86c3-246b9a2a0721",
        "code": "geocode02",
        "name": "geoname02",
        "level": {
          "id": "b4453f90-3302-4fa2-ac51-488fbdb312fb",
          "code": "Country123",
          "name": null,
          "levelNumber": 3
        },
        "catchmentPopulation": null,
        "latitude": null,
        "longitude": null
      },
      "type": {
        "id": "7be7bafd-ca65-44c2-886b-950c56bafbbd",
        "code": "warehouse",
        "name": null,
        "description": null,
        "displayOrder": null,
        "active": null
      },
      "operator": null,
      "active": true,
      "goLiveDate": null,
      "goDownDate": null,
      "comment": null,
      "enabled": true,
      "openLmisAccessible": true,
      "supportedPrograms": []
    },
    "verified": true,
    "active": true,
    "roleAssignments": [
      {
        "roleId": "00000000-0000-0000-0000-000000000004"
      },
      {
        "roleId": "00000000-0000-0000-0000-000000000999",
        "programCode": "program02",
        "supervisoryNodeCode": "supercode"
      },
      {
        "roleId": "00000000-0000-0000-0000-000000000002",
        "programCode": "program03"
      },
      {
        "roleId": "00000000-0000-0000-0000-000000000001",
        "warehouseCode": "hospital"
      }
    ]
  }
]

3

Assign a roles to different program/supervisoryNode.

User: example01

 "id": "c4e877e5-8093-4d90-a44e-af339a187924",
    "username": "example01",
    "firstName": "test",
    "lastName": "Strator",
    "email": "testowysoldev@gmail.com",
    "homeFacility": {
      "id": "f2f285ad-bb1c-48ec-aa87-4407bcde1088",
      "code": "warehouse",
      "name": "Facility Active Enabled",
      "description": null,
      "geographicZone": {
        "id": "b6cb85a8-4bd9-4c6a-8d80-2af827c65065",
        "code": "geocode01",
        "name": "geoname01",
        "level": {
          "id": "b4453f90-3302-4fa2-ac51-488fbdb312fb",
          "code": "Country123",
          "name": null,
          "levelNumber": 3
        },
        "catchmentPopulation": null,
        "latitude": null,
        "longitude": null
      },
      "type": {
        "id": "7be7bafd-ca65-44c2-886b-950c56bafbbd",
        "code": "warehouse",
        "name": null,
        "description": null,
        "displayOrder": null,
        "active": null
      },
      "operator": null,
      "active": true,
      "goLiveDate": null,
      "goDownDate": null,
      "comment": null,
      "enabled": true,
      "openLmisAccessible": true,
      "supportedPrograms": []
    },
    "verified": true,
    "active": true,
    "roleAssignmentshecl ": [
      {
        "roleId": "00000000-0000-0000-0000-000000000003"
      },
      {
        "roleId": "00000000-0000-0000-0000-000000000002",
        "programCode": "program02"
      },
      {
        "roleId": "00000000-0000-0000-0000-000000000001",
        "warehouseCode": "warehouse"
      }
    ]

4

Check If user example01 has access to program with code: program02.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right04&programCode=program02&access_token=d76adf10-b947-44ed-913b-c72bd5db4f03

OR

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right03&programCode=program02&access_token=d76adf10-b947-44ed-913b-c72bd5db4f03

Method: GET

The server will return 200 OK status and message: true. It is correct.

5

Check If user: testowyUser has an access to program with code: program03.

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right03&programCode=program03&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

OR

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right04&programCode=program03&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: true. It is correct.

6

Check If user: example01 has access to program with code: program03. 

URL:

 http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right03&programCode=program04&access_token=266e8b58-d339-4d09-a26d-3b3ce080b36c

OR

 http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right04&programCode=program04&access_token=266e8b58-d339-4d09-a26d-3b3ce080b36c

Method: GET

The server will return 200OK status with message: false. The example01 user does not have access to this program. The testowyUser is assigned to it.

7

Check If user:testowyUser has an access to program with code: program02.
URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right03&programCode=program02&access_token=60c5c81b-a185-4563-8262-bb73d812d120

OR

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right04&programCode=program02&access_token=60c5c81b-a185-4563-8262-bb73d812d120

Method: GET

The server will return 200OK status with message: false. The testowyUser user does not have access to this program. The example01 user is assigned to it.

8

Check If user: example01 has assigned role: ORDER FULFILMENT to warehouse: warehouse.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right02&warehouseCode=warehouse&access_token=d76adf10-b947-44ed-913b-c72bd5db4f03

Method: GET

The server will return 200OK status and message: true. It is correct.

9

 Check If user: testowyUser has assigned role: ORDER FULFILMENT to warehouse: hospital.    

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right01&warehouseCode=hospital&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: true. It is correct.

10

Check If user: testowyUser has assigned role: ORDER FULFILMENT to warehouse: warehouse.

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right02&warehouseCode=warehouse&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: false. It is correct. For this user, warehouse code is different.

11

Check If user: example01 has assigned role: ORDER FULFILMENT to warehouse: hospital.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right02&warehouseCode=hospital&access_token=d76adf10-b947-44ed-913b-c72bd5db4f03

Method: GET

The server will return 200OK status and message: false. It is correct. For this user, warehouse code is different.

12

Check If user: testowyUser has assigned role: SUPERVISION to program with code program02, supervisoryNode with code supercode.

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right99&&programCode=program02&supervisoryNodeCode=supercode&access_token=21d3e475-01a8-4c1a-825f-58ccd33ff2c3

Method: GET

The server will return 200OK status and message: true.

13

Check If user: example01 has assigned role: SUPERVISION to program with code program02, supervisoryNode with code supercode.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right99&&programCode=program02&supervisoryNodeCode=supercode&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: false. User does not have this permission.

14

Check If user: testowyUser has assigned role: SUPERVISION to program with code program02, supervisoryNodeCode with code supercode but REQUEST did not contain the supervisoryNodeCode.

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right99&&programCode=program02&access_token=21d3e475-01a8-4c1a-825f-58ccd33ff2c3

Method: GET

The server will return 200OK status and message: false. The supervisoryNodeCode should be added to the request.

15

Check If user: testowyUser has assigned role: ADMIN_GENERAL.

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right08&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: true.

16

Check If user: example01 has assigned role: ADMIN_GENERAL.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right08&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: false. User does not have this permission.

17

Check If user: testowyUser has assigned role: REPORTS.

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right05&access_token=60c5c81b-a185-4563-8262-bb73d812d120

Method: GET

The server will return 200OK status and message: false. User does not have this permission.

18

Check If user: example01 has assigned role: REPORTS.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right06&access_token=60c5c81b-a185-4563-8262-bb73d812d120

Method: GET

The server will return 200OK status and message: true. 

19

Check If user: example01 has access to assigned program without programCode in the request.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right04&&access_token=d76adf10-b947-44ed-913b-c72bd5db4f03

Method: GET

The server will return 200OK status and message: false. The programCode should be added to the request.

20

Check If user: testowyUser has access to assigned program without programCode in the request.

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right03&&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: false. The programCode should be added to the request.

18

 Check If user: example 01 has assigned role: ORDER FULFILMENT to warehouse: warehouse without the warehouseCode in request.

URL:

http://localhost/referencedata/api/users/c4e877e5-8093-4d90-a44e-af339a187924/hasRight?rightName=right01&access_token=60c5c81b-a185-4563-8262-bb73d812d120

Method: GET

The server will return 200OK status and message: false. The warehouseCode should be added to the request.

21

 Check If user: testowyUser has assigned role: ORDER FULFILMENT to warehouse: hospital without warehouseCode in the request.

URL:

http://localhost/referencedata/api/users/45230742-b0f4-4928-aa91-6517ad81626d/hasRight?rightName=right01&&access_token=73ad2d20-6fe5-49da-b67b-51cd113cb119

Method: GET

The server will return 200OK status and message: false. The warehouseCode should be added to the request.