- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2019 07:33 AM
I'm trying to work with ATF to automate some catalog testing for my organization, and one of the things I test for frequently is making sure permissions and entitlements are functioning correctly.
For example, I need to test and make sure Jane Doe in the Catalog Admin group can open up the Catalog Admin Request item, but that Joe Employee, a simple end user, can't.
Now, I know that I can have it so Joe Employee is impersonated, and then attempts to open the catalog item, but that causes the test to fail out entirely. I want to be able to keep the test going, similarly to how you can check to see if a catalog item fails to be added to the cart. Is there a simple OOB way of doing that?
Solved! Go to Solution.
- Labels:
-
Service Catalog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2019 08:59 AM
Interesting question. There isn't a way to do this OOB with the "Open Catalog Item" test step, but you may be able to get the answer you're looking for with a server side script after impersonating Joe Employee. This is untested, but you should be able to define and/or build the URL for the catalog item on the fly, then use a GlideHTTPRequest to make the call to the URL. If the user doesn't have access, they should get a 403 Response code, which you can assert is a "good" response. If they do have access they should get a 200 Response Code, which you can call "bad"
Again, this is untested, but it's how I would attempt to do what you're asking.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2019 08:59 AM
Interesting question. There isn't a way to do this OOB with the "Open Catalog Item" test step, but you may be able to get the answer you're looking for with a server side script after impersonating Joe Employee. This is untested, but you should be able to define and/or build the URL for the catalog item on the fly, then use a GlideHTTPRequest to make the call to the URL. If the user doesn't have access, they should get a 403 Response code, which you can assert is a "good" response. If they do have access they should get a 200 Response Code, which you can call "bad"
Again, this is untested, but it's how I would attempt to do what you're asking.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2019 10:18 AM
I tried my method above, and it doesn't look like it will work because there is no Forbidden response code 😞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2019 05:45 PM
Try this instead - perform a search for the cat item which should fail.
The Server test step allows you to assert that the impersonated user cannot search for the catalog item.
Hence security is enforced, and the test will not fail
