OpenLMIS · palbecki · May 16, 2017 · May 16, 2017
diff --git a/src/main/java/org/openlmis/requisition/service/PermissionService.java b/src/main/java/org/openlmis/requisition/service/PermissionService.java
@@ -184,12 +184,7 @@ public void canConvertToOrder(List<ConvertToOrderDto> list) {
    * Checks if current user has permission to manage a requisition template.
    */
   public void canManageRequisitionTemplate() {
-    OAuth2Authentication authentication = (OAuth2Authentication) SecurityContextHolder.getContext()
-        .getAuthentication();
-
-    if (!authentication.isClientOnly()) {
-      checkPermission(REQUISITION_TEMPLATES_MANAGE, null, null, null);
-    }
+    checkPermission(REQUISITION_TEMPLATES_MANAGE, null, null, null);
   }
 
   public void canEditReportTemplates() {
@@ -222,6 +217,11 @@ private void checkPermission(String rightName, UUID program, UUID facility, UUID
   }
 
   private Boolean hasPermission(String rightName, UUID program, UUID facility, UUID warehouse) {
+    OAuth2Authentication authentication = (OAuth2Authentication) SecurityContextHolder.getContext()
+            .getAuthentication();
+    if (authentication.isClientOnly()) {
+      return true;
+    }
     UserDto user = authenticationHelper.getCurrentUser();
     RightDto right = authenticationHelper.getRight(rightName);
     ResultDto<Boolean> result = userReferenceDataService.hasRight(

diff --git a/src/test/java/org/openlmis/requisition/service/PermissionServiceTest.java b/src/test/java/org/openlmis/requisition/service/PermissionServiceTest.java
@@ -147,7 +147,9 @@ public void setUp() {
     when(requisition.getProgramId()).thenReturn(programId);
     when(requisition.getFacilityId()).thenReturn(facilityId);
     when(requisition.getSupplyingFacilityId()).thenReturn(facilityId);
+    when(requisition.getStatus()).thenReturn(RequisitionStatus.SUBMITTED);
 
+    when(securityContext.getAuthentication()).thenReturn(userClient);
     when(authenticationHelper.getCurrentUser()).thenReturn(user);
 
     when(authenticationHelper.getRight(REQUISITION_CREATE)).thenReturn(requisitionCreateRight);
@@ -348,7 +350,6 @@ public void cannotConvertToOrder() throws Exception {
 
   @Test
   public void canManageRequisitionTemplate() throws Exception {
-    when(securityContext.getAuthentication()).thenReturn(userClient);
     hasRight(manageRequisitionTemplateRightId, true);
 
     permissionService.canManageRequisitionTemplate();
@@ -359,16 +360,29 @@ public void canManageRequisitionTemplate() throws Exception {
 
   @Test
   public void cannotManageRequisitionTemplate() throws Exception {
-    when(securityContext.getAuthentication()).thenReturn(userClient);
     expectException(REQUISITION_TEMPLATES_MANAGE);
 
     permissionService.canManageRequisitionTemplate();
   }
 
   @Test
-  public void shouldAllowTrustedClientsManageRequisitionTemplate() {
+  public void serviceLevelTokensShouldHaveAllThePermissions() {
     when(securityContext.getAuthentication()).thenReturn(trustedClient);
 
+    // Requisition permissions
+    permissionService.canViewRequisition(requisitionId);
+    permissionService.canInitOrAuthorizeRequisition(programId, facilityId);
+    permissionService.canInitRequisition(programId, facilityId);
+    permissionService.canApproveRequisition(requisitionId);
+    permissionService.canAuthorizeRequisition(requisitionId);
+    permissionService.canDeleteRequisition(requisitionId);
+    permissionService.canSubmitRequisition(requisitionId);
+    permissionService.canUpdateRequisition(requisitionId);
+    permissionService.canConvertToOrder(convertToOrderDtos);
+
+    // Report permissions
+    permissionService.canViewReports();
+    permissionService.canEditReportTemplates();
     permissionService.canManageRequisitionTemplate();
   }