Test Case #:882
Test Case Name: Add Rights checks to requisitions save/submit/approve/delete endpoints | |
System: openLMIS | Subsystem: blue |
Test case designed by: Lucyna Laska | Design Date:17.05.2016 |
Short description: Prior to this ticket, the Requisition Service has been built without validating security. The Requisition Service actually needs to apply security validations to restrict permissions based on RBAC and Supervisory Nodes. Now that RBAC is implemented ( OLMIS-545 Done ), we can apply permissions to the Requisition Service. Initiate a Requisition: REQUISITION_CREATE Update a Requisition (setting fields in the line items): REQUISITION_CREATE or REQUISITION_APPROVE or REQUISITION_AUTHORIZE Submit a Requisition: REQUISITION_CREATE Approve a Requisition: REQUISITION_APPROVE Authorize a Requisition: REQUISITION_AUTHORIZE Delete a Requisition: REQUISITION_DELETE View a Requisition: REQUISITION_VIEW More info here: Requisition Rights |
|
Pre – conditions: |
Step | Action | Expected system response | Comment |
Note: | The jsons for creating the proper roles: URL: http://10.222.17.134/referencedata/api/roles?access_token=de0d3ff7-acf9-42c8-aa52-5483d25d1c9d, POST
{ "id": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d", "name": "Requisition view", "rights": [ { "id": "e101d2b8-6a0f-4af6-a5de-a9576b4ebc50", "name": "REQUISITION_VIEW", "type": "SUPERVISION", "attachments": [] } ] } 2. REQUISITION_DELETE { "id": "71fd8790-eb5b-45ad-b221-673e9f48bbe2", "name": "Requisition delete", "rights": [ { "id": "c3eb5df0-c3ac-4e70-a978-02827462f60e", "name": "REQUISITION_DELETE", "type": "SUPERVISION", "attachments": [] } ] } 3. REQUISITION_AUTHORIZE { "id": "a9d3263c-8ad0-4fa1-beba-0ca0be94b021", "name": "Requisition authorize", "rights": [ { "id": "feb4c0b8-f6d2-4289-b29d-811c1d0b2863", "name": "REQUISITION_AUTHORIZE", "type": "SUPERVISION", "attachments": [] } ] } 4. REQUISITION_APPROVE { "id": "e9d4825b-5138-47cb-b5d5-74cfc986a791", "name": "Requisition approve", "rights": [ { "id": "bffa2de2-dc2a-47dd-b126-6501748ac3fc", "name": "REQUISITION_APPROVE", "type": "SUPERVISION", "attachments": [] } ] } 5. REQUISITION_CREATE { "id": "53cfc7dc-eb1b-4253-8b39-9bce02551107", "name": "Requisition create", "rights": [ { "id": "9ade922b-3523-4582-bef4-a47701f7df14", "name": "REQUISITION_CREATE", "type": "SUPERVISION", "attachments": [] } ] } | The roles has been created successfully. | |
1 | Assign the user (devadmin) a right: REQUISITION_VIEW. URL: http://10.222.17.134/referencedata/api/users?access_token=de0d3ff7-acf9-42c8-aa52-5483d25d1c9d Method: PUT Body: { | Role has been assigned properly. | How to assign role to user: URL: http://10.222.17.134/referencedata/api/roles?access_token=de0d3ff7-acf9-42c8-aa52-5483d25d1c9d Body: { "id": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d", "name": "Requisition view", "rights": [ { "id": "e101d2b8-6a0f-4af6-a5de-a9576b4ebc50", "name": "REQUISITION_VIEW", "type": "SUPERVISION", "attachments": [] } ] } |
2 | Try to delete the requisition when REQUISITION_VIEW right is assigned to user. | ||
3 | Try to authorize the requisition when REQUISITION_VIEW right is assigned to user. | ||
4 | Try to approve the requisition when REQUISITION_VIEW right is assigned to user. | ||
5 | Try to initiate or submit the requisition when REQUISITION_VIEW right is assigned to user. | ||
6 | Try to view the requisition when REQUISITION_VIEW right is assigned to user. | ||
7 | Assign the user a right: REQUISITION_DELETE. Body: | ||
8 | Try to delete the requisition when REQUISITION_DELETE right is assigned to user. | ||
9 | Try to authorize the requisition when REQUISITION_DELETE right is assigned to user. | ||
10 | Try to approve the requisition when REQUISITION_DELETE right is assigned to user. | ||
11 | Try to initiate or submit the requisition when REQUISITION_DELETE right is assigned to user. | ||
12 | Try to view the requisition when REQUISITION_DELETE right is assigned to user. | ||
13 | Reassign the right: REQUISITION_DELETE and assign the user a right: REQUISITION_AUTHORIZE.
{ | ||
14 | Try to delete the requisition when REQUISITION_AUTHORIZE right is assigned to user. | ||
15 | Try to authorize the requisition when REQUISITION_AUTHORIZE right is assigned to user. | ||
16 | Try to approve the requisition when REQUISITION_AUTHORIZE right is assigned to user. | ||
17 | Try to initiate or submit the requisition when REQUISITION_AUTHORIZE right is assigned to user. | ||
18 | Try to view the requisition when REQUISITION_AUTHORIZE right is assigned to user. | ||
19 | Reassign the right: REQUISITION_AUTHORIZE and assign the user a right: REQUISITION_APPROVE.
{ | ||
20 | Try to delete the requisition when REQUISITION_APPROVE right is assigned to user. | ||
21 | Try to authorize the requisition when REQUISITION_APPROVE right is assigned to user. | ||
22 | Try to approve the requisition when REQUISITION_APPROVE right is assigned to user. | ||
23 | Try to initiate or submit the requisition when REQUISITION_APPROVE right is assigned to user. | ||
24 | Try to view the requisition when REQUISITION_APPROVE right is assigned to user. | ||
25 | Reassign the right: REQUISITION_APPROVE and assign the user a right: REQUISITION_CREATE.
{ | ||
26 | Try to delete the requisition when REQUISITION_CREATE right is assigned to user. | ||
27 | Try to authorize the requisition when REQUISITION_CREATE right is assigned to user. | ||
28 | Try to approve the requisition when REQUISITION_CREATE right is assigned to user. | ||
29 | Try to initiate or submit the requisition when REQUISITION_CREATE right is assigned to user. | ||
30 | Try to view the requisition when REQUISITION_CREATE right is assigned to user. |
Post – conditions: |
{
"id": "56a50e9a-9668-437d-a09c-7e709ce22222",
"username": "devadmin",
"firstName": "Admin",
"lastName": "Admin",
"email": "devadmin@openlmis.org",
"timezone": "CET",
"homeFacility": {
"code": "W01",
"name": "CMST Warehouse",
"geographicZone": {
"code": "Mal-So",
"name": "Southern Region",
"level": {
"code": "Region",
"levelNumber": 2,
"id": "9b497d87-cdd9-400e-bb04-fae0bf6a9491"
},
"id": "0bbd69c1-e20f-48f5-aae4-26dcd8aa7602"
},
"type": {
"code": "WH",
"name": "Warehouse",
"displayOrder": 3,
"active": true,
"id": "e2faaa9e-4b2d-4212-bb60-fd62970b2113"
},
"operator": {
"code": "moh",
"name": "Ministry of Health",
"displayOrder": 1,
"id": "9456c3e9-c4a6-4a28-9e08-47ceb16a4121"
},
"active": true,
"enabled": true,
"openLmisAccessible": true,
"supportedPrograms": [
{
"code": "PRG003",
"name": "New program",
"active": true,
"periodsSkippable": false,
"id": "66032ea8-b69b-4102-a1eb-844e57143187"
}
],
"id": "19121381-9f3d-4e77-b9e5-d3f59fc1639e"
},
"verified": true,
"active": true,
"loginRestricted": false,
"roleAssignments": [
{
"roleId": "a5481d8e-d7e2-4427-8e22-d6b3142d4c1d",
"programCode": "PRG001",
"supervisoryNodeCode": "N1"
},
{
"roleId": "71fd8790-eb5b-45ad-b221-673e9f48bbe2",
"programCode": "PRG001",
"supervisoryNodeCode": "N1"
}]
}