OAM-269: Added authentication type check before another checkFacility…

…AndHomeFacilityLinkage

src/integration-test/java/org/openlmis/stockmanagement/service/StockCardServiceIntegrationTest.java

@@ -21,6 +21,7 @@
 import static org.junit.Assert.assertNull;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import static org.openlmis.stockmanagement.testutils.StockEventDtoDataBuilder.createStockEventDto;
 
@@ -69,6 +70,8 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.test.context.junit4.SpringRunner;
 
 @RunWith(SpringRunner.class)
@@ -291,6 +294,10 @@ public void shouldThrowPermissionExceptionIfUserHasNoPermissionToViewCard() {
     stockEventDto.getLineItems().get(0).setSourceId(node.getId());
     stockEventDto.getLineItems().get(0).setDestinationId(node.getId());
     StockEvent savedEvent = save(stockEventDto, randomUUID());
+
+    OAuth2Authentication authentication = mock(OAuth2Authentication.class);
+    when(authentication.isClientOnly()).thenReturn(false);
+    when(SecurityContextHolder.getContext().getAuthentication()).thenReturn(authentication);
     doThrow(new PermissionMessageException(new Message("some error")))
         .when(permissionService)
         .canViewStockCard(savedEvent.getProgramId(), savedEvent.getFacilityId());

src/main/java/org/openlmis/stockmanagement/service/StockCardService.java

@@ -152,10 +152,12 @@ public StockCardDto findStockCardById(UUID stockCardId) {
       return null;
     }
     StockCard foundCard = card.shallowCopy();
+    OAuth2Authentication authentication =
+        (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
 
     LOGGER.debug("Stock card found");
 
-    if (!homeFacilityPermissionService
+    if (!authentication.isClientOnly() && !homeFacilityPermissionService
         .checkFacilityAndHomeFacilityLinkage(foundCard.getFacilityId())) {
       permissionService.canViewStockCard(foundCard.getProgramId(), foundCard.getFacilityId());
     }

src/main/java/org/openlmis/stockmanagement/service/StockCardSummariesService.java

@@ -146,17 +146,15 @@ public Map<UUID, StockCardAggregate> getGroupedStockCards(UUID programId, UUID f
   public StockCardSummaries findStockCards(StockCardSummariesV2SearchParams params) {
     Profiler profiler = new Profiler("FIND_STOCK_CARD_SUMMARIES_FOR_PARAMS");
     profiler.setLogger(LOGGER);
-    OAuth2Authentication authentication = (OAuth2Authentication) SecurityContextHolder
-        .getContext()
-        .getAuthentication();
+    OAuth2Authentication authentication =
+        (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
 
-    if (!authentication.isClientOnly() && (!homeFacilityPermissionService
-          .checkFacilityAndHomeFacilityLinkage(params.getFacilityId()))) {
+    if (!authentication.isClientOnly() && !homeFacilityPermissionService
+        .checkFacilityAndHomeFacilityLinkage(params.getFacilityId())) {
       profiler.start("VALIDATE_VIEW_RIGHTS");
       for (UUID id : params.getProgramIds()) {
         permissionService.canViewStockCard(id, params.getFacilityId());
       }
-
     }
 
     profiler.start("GET_APPROVED_PRODUCTS");