Skip to end of metadata
Go to start of metadata
Test Case #:1586 | Test Case Name:Enforce Right: Manage Facility |
System:
| Subsystem: |
Test case designed by: Paulina Borowa | Design Date:01.02.2017 |
Short description: There should be an Administrative type Right that a User may be assigned via a Role that allows them to Manage (View, Create, Edit) Facilities, FacilityTypes and FacilityOperators. Acceptance: - there is a new Administrative type of right named FACILITIES_MANAGE in Reference Data - this should be done
- the endpoint's that GET, PUT, POST & DELETE for: /api/facilities, /api/facilities/{id}, /api/facilityTypes, /api/facilityTypes/{id}, /api/facilityOperators, /api/facilityOperators/{id} should require the right FACILITIES_MANAGE or a service level token, otherwise return a 403.
- the GET endpoints for /api/facilities/{id}/approvedProducts, /api/facilities/{id}/supplying, /api/facilities/{id}/search should require the user has the right FACILITIES_MANAGE or a service level token. Otherwise should return a 403.
- TECH DEBT: The endpoint /api/facilities/{id}/orders should be removed - verify there is no Java code that does this, and when verified remove from RAML.
- RAML is updated
- Check to ensure clients of updated endpoints don't break - raise an issue to the larger group if it does.
- the product grid should work and user should be able to add non full supply product (also when I user don't have the FACILITIES_MANAGE permission)
| |
Step | Action | Expected system response | Comment |
1 | Use devadmin account to check if user without right FACILITIES_MANAGE cannot GET, PUT, POST & DELETE for: /api/facilities, /api/facilities/{id}, /api/facilityTypes, /api/facilityTypes/{id}, /api/facilityOperators, /api/facilityOperators/{id} | Response Code 403 {
"messageKey": "referenceData.error.unauthorized",
"message": "You do not have the following right to perform this action: FACILITIES_MANAGE"
}
For all these endpoints:
| |
2 | Use administrator account to check if user with right FACILITIES_MANAGE canGET, PUT, POST & DELETE for: /api/facilities, /api/facilities/{id}, /api/facilityTypes, /api/facilityTypes/{id}, /api/facilityOperators, /api/facilityOperators/{id} | Response Code200 for these endpoints: | |
3 | | | |
4 | | | |
5 | | | |
6 | | | |
7 | | | |
8 | | | |