OAM-206: Added check for ward/services in stock functions (#57)

src/integration-test/java/org/openlmis/stockmanagement/web/StockEventsControllerrIntegrationTest.java

@@ -84,6 +84,8 @@ public void shouldReturn201WhenEventSuccessfullyCreated() throws Exception {
   @Test
   public void shouldReturn403WhenUserHasNoPermissionToAdjustStock() throws Exception {
     //given
+    when(homeFacilityPermissionService.checkFacilityAndHomeFacilityLinkage(any(UUID.class)))
+        .thenReturn(false);
     Mockito.doThrow(new PermissionMessageException(
         new Message(ERROR_NO_FOLLOWING_PERMISSION, STOCK_ADJUST)))
         .when(permissionService).canAdjustStock(any(UUID.class), any(UUID.class));

src/main/java/org/openlmis/stockmanagement/service/HomeFacilityPermissionService.java

@@ -54,6 +54,28 @@ public void checkProgramSupported(UUID programId) {
     }
   }
 
+  /**
+   * Returns true if facility is within the same geographic zone as the home facility.
+   * Returns false otherwise.
+   *
+   * @param facilityId UUID of facility
+   * @return boolean flag indicating linkage between facility and home facility
+   */
+  public boolean checkFacilityAndHomeFacilityLinkage(UUID facilityId) {
+    UUID homeFacilityId = authenticationHelper.getCurrentUser().getHomeFacilityId();
+    if (facilityId.equals(homeFacilityId)) {
+      return false;
+    }
+    FacilityDto facility = facilityService.findOne(facilityId);
+    if (facility.getType().getCode().equals("WS")) {
+      FacilityDto homeFacility = facilityService.findOne(homeFacilityId);
+      return homeFacility.getGeographicZone().getId().equals(facility.getGeographicZone().getId());
+    } else {
+      return false;
+    }
+  }
+
+
   private void throwException(String errorKey, String... params) {
     throw new PermissionMessageException(new Message(errorKey, (Object)params));
   }

src/main/java/org/openlmis/stockmanagement/service/StockCardSummariesService.java

@@ -94,6 +94,9 @@ public class StockCardSummariesService extends StockCardBaseService {
   @Autowired
   private PermissionService permissionService;
 
+  @Autowired
+  private HomeFacilityPermissionService homeFacilityPermissionService;
+
   /**
    * Get a map of stock cards assigned to orderable ids.
    * Stock cards are grouped using orderable fulfills endpoint.
@@ -139,8 +142,11 @@ public StockCardSummaries findStockCards(StockCardSummariesV2SearchParams params
     Profiler profiler = new Profiler("FIND_STOCK_CARD_SUMMARIES_FOR_PARAMS");
     profiler.setLogger(LOGGER);
 
-    profiler.start("VALIDATE_VIEW_RIGHTS");
-    permissionService.canViewStockCard(params.getProgramId(), params.getFacilityId());
+    if (!homeFacilityPermissionService
+        .checkFacilityAndHomeFacilityLinkage(params.getFacilityId())) {
+      profiler.start("VALIDATE_VIEW_RIGHTS");
+      permissionService.canViewStockCard(params.getProgramId(), params.getFacilityId());
+    }
 
     profiler.start("GET_APPROVED_PRODUCTS");
     OrderablesAggregator approvedProducts = approvedProductReferenceDataService

src/main/java/org/openlmis/stockmanagement/web/StockEventsController.java

@@ -91,10 +91,12 @@ private void checkPermission(StockEventDto eventDto, Profiler profiler) {
         profiler.start("CAN_EDIT_PHYSICAL_INVENTORY");
         permissionService.canEditPhysicalInventory(programId, facilityId);
       } else {
-        //we check STOCK_ADJUST permission for both adjustment and issue/receive
-        //this may change in the future
-        profiler.start("CAN_ADJUST_STOCK");
-        permissionService.canAdjustStock(programId, facilityId);
+        if (!homeFacilityPermissionService.checkFacilityAndHomeFacilityLinkage(facilityId)) {
+          //we check STOCK_ADJUST permission for both adjustment and issue/receive
+          //this may change in the future
+          profiler.start("CAN_ADJUST_STOCK");
+          permissionService.canAdjustStock(programId, facilityId);
+        }
       }
     }
   }

src/test/java/org/openlmis/stockmanagement/service/StockCardSummariesServiceTest.java

@@ -111,6 +111,8 @@ public class StockCardSummariesServiceTest {
   private PermissionService permissionService;
   @Mock
   private CalculatedStockOnHandRepository calculatedStockOnHandRepository;
+  @Mock
+  private HomeFacilityPermissionService homeFacilityPermissionService;
   @InjectMocks
   private StockCardSummariesService stockCardSummariesService;
 
@@ -235,6 +237,9 @@ public void shouldFindStockCards() {
     when(orderableReferenceDataService.getPage(any(RequestParameters.class)))
         .thenReturn(new PageImpl<>(Collections.emptyList()));
 
+    when(homeFacilityPermissionService.checkFacilityAndHomeFacilityLinkage(any(UUID.class)))
+        .thenReturn(false);
+
     StockEvent event = new StockEventDataBuilder()
         .withFacility(params.getFacilityId())
         .withProgram(params.getProgramId())
@@ -267,6 +272,9 @@ public void shouldThrowExceptionIfNoPermission() {
     StockCardSummariesV2SearchParams params =
         new StockCardSummariesV2SearchParamsDataBuilder().build();
 
+    when(homeFacilityPermissionService.checkFacilityAndHomeFacilityLinkage(any(UUID.class)))
+        .thenReturn(false);
+
     doThrow(new
         PermissionMessageException(new Message("no permission")))
         .when(permissionService)