1152: Initiate requisition endpoint should validate the user has right at the facility and program specified

Owned by Lucyna Laska (Unlicensed)
Last updated: Nov 30, 2016
4 min read

Test Case #: 1152


Test Case Name: Initiate requisition endpoint should validate the user has right at the facility and program specified

System: openLMIS

Subsystem: blue

Test case designed by: Lucyna Laska

Design Date:30.11.2016

Short description

The requisition initiate endpoint needs to validate the facilityId and programId passed in, by checking that the user initiating the requisition has the initiate requisition right at this facility and program. This will be done by calling the refactored hasRight endpoint ( OLMIS-1162 Done ).

  • /requisitions/initiate endpoint will allow users to initiate when they have that permission based on their home facility or supervisory node permissions, and deny them when they do not (where the API should give a proper error message to deny permissions).
  • Test different combinations of program, facility, suggestedPeriod, and emergency Y/N. That should include facility using their home facility, facility that is one they supervise, and a facility where they do not have permissions to initiate a requisition. It should also include a program they do have permissions for, as well as a program they are not part of.
  • QA testing of this needs to be done by hitting the JSON API (the UI does not really allow you to try to cheat the system and try to initiate a requisition at a facility where you don't have any permissions, so it's not as easy to test this from the UI)
  • RAML is matching what the API returns and includes a JSON schema, if needed.

                                                                                                                                                   

Pre – conditions:

                                                                                                                                                                                                                                                       



Step

Action

Expected system response

Comment

1

   Create a role for initiating the requisition.    

   URL:

Body:

{

"id": "cdc3a030-b9de-4f60-a414-49754ed614c9",

"name": "Initiate Requisition",

"rights": [

{

"id": "9ade922b-3523-4582-bef4-a47701f7df14",

"name": "REQUISITION_CREATE",

"type": "SUPERVISION",

"attachments": []

}

]

}

                                                                                                                            

                                                 

2

Create a role for viewing the requisition.

Body:

{

"id": "955596d6-fa9c-4d52-9461-75e946345e2c",

"name": "View Requisition",

"rights": [

{

"id": "e101d2b8-6a0f-4af6-a5de-a9576b4ebc50",

"name": "REQUISITION_VIEW",

"type": "SUPERVISION",

"attachments": []

}

]

}



3

Assign REQUISITION_CREATE role to user with proper program.

Body:

{

"username": "devadmin",

"firstName": "Admin",

"lastName": "Admin",

"email": "devadmin@openlmis.org",

"timezone": "CET",

"homeFacility": {

"code": "W01",

"name": "CMST Warehouse",

"geographicZone": {

"code": "Mal-So",

"name": "Southern Region",

"level": {

"code": "Region",

"levelNumber": 2,

"id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491"

},

"id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602"

},

"type": {

"code": "WH",

"name": "Warehouse",

"displayOrder": 3,

"active": true,

"id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113"

},

"operator": {

"code": "moh",

"name": "Ministry of Health",

"displayOrder": 1,

"id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121"

},

"active": true,

"enabled": true,

"openLmisAccessible": true,

"supportedPrograms": [

{

"code": "PRG003",

"name": "New program",

"active": true,

"periodsSkippable": false,

"id": "66032ea8-b69b-4102-a1eb-844e57143187"

}

],

"id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e"

},

"verified": true,

"active": true,

"loginRestricted": false,

"roleAssignments": [

{

"roleId": "cdc3a030-b9de-4f60-a414-49754ed614c9",

"programCode": "PRG003"

}

],

"id": "56a50e9a-9668-437d-a09c-7e709ce22222"

}



4

Initiate the requisition for home Facility and program.

URL:

http://10.222.17.134/requisition/api/requisitions/initiate?program=66032ea8-b69b-4102-a1eb-844e57143187&facility=19121381-9f3d-4e77-b9e5-d3f59fc1639e&emergency=false&access_token=810d7194-9ad7-4a67-bdf6-c78d3a9b45b3,

Method: POST

The requisition can be initiated when its emergency or not.

5

Submit the previously initiated requisition.

URL:

http://10.222.17.134/requisition/api/requisitions/27925b2c-c09e-4774-ae9f-14abbed5ceac/submit?access_token=810d7194-9ad7-4a67-bdf6-c78d3a9b45b3


6

Assign REQUISITION_CREATE role to user with facility which user will be supervise and program.

Body:

{

"username": "devadmin",

"firstName": "Admin",

"lastName": "Admin",

"email": "devadmin@openlmis.org",

"timezone": "CET",

"homeFacility": {

"code": "W01",

"name": "CMST Warehouse",

"geographicZone": {

"code": "Mal-So",

"name": "Southern Region",

"level": {

"code": "Region",

"levelNumber": 2,

"id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491"

},

"id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602"

},

"type": {

"code": "WH",

"name": "Warehouse",

"displayOrder": 3,

"active": true,

"id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113"

},

"operator": {

"code": "moh",

"name": "Ministry of Health",

"displayOrder": 1,

"id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121"

},

"active": true,

"enabled": true,

"openLmisAccessible": true,

"supportedPrograms": [

{

"code": "PRG003",

"name": "New program",

"active": true,

"periodsSkippable": false,

"id": "66032ea8-b69b-4102-a1eb-844e57143187"

}

],

"id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e"

},

"verified": true,

"active": true,

"loginRestricted": false,

"roleAssignments": [

{

"roleId": "cbc8bf52-0f5a-439f-a38f-49558fecb1c9",

"programCode": "PRG003"

},

{

"roleId": "955596d6-fa9c-4d52-9461-75e946345e2c",

"programCode": "PRG003"

},

{

"roleId": "cbc8bf52-0f5a-439f-a38f-49558fecb1c9",

"programCode": "PRG002",

"supervisoryNodeCode": "N1"

}

],

"id": "56a50e9a-9668-437d-a09c-7e709ce22222"

},



7

Try to initiate the requisition for the facility which user supervise.

URL:

http://10.222.17.134/requisition/api/requisitions/initiate?program=10845cb9-d365-4aaa-badd-b4fa39c6a26a&facility=e6799d64-d10d-4011-b8c2-0e4d4a3f65ce&emergency=true&access_token=810d7194-9ad7-4a67-bdf6-c78d3a9b45b3

Method: POST

The requisition can be initiated when its emergency or not.

8

                        Try to submit the requisition for the facility which user supervise          

URL: 

http://10.222.17.134/requisition/api/requisitions/05682275-854c-42e2-bade-ed01f27953ba/submit?access_token=810d7194-9ad7-4a67-bdf6-c78d3a9b45b3,

Method: POST

           


9

Try to initiate the requisition for the facility which user supervise when user does not have permission to some program.

URL:

http://10.222.17.134/requisition/api/requisitions/initiate?program=dce17f2e-af3e-40ad-8e00-3496adef44c3&facility=e6799d64-d10d-4011-b8c2-0e4d4a3f65ce&emergency=true&access_token=810d7194-9ad7-4a67-bdf6-c78d3a9b45b3

Method: POST


10

Try to initiate the requisition for the facility which user does not supervise.

URL:

http://10.222.17.134/requisition/api/requisitions/initiate?program=10845cb9-d365-4aaa-badd-b4fa39c6a26a&facility=13037147-1769-4735-90a7-b9b310d128b8&emergency=true&access_token=810d7194-9ad7-4a67-bdf6-c78d3a9b45b3

Method: POST








Post – conditions:

OpenLMIS: the global initiative for powerful LMIS software