Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply POA rules like Caseflow #1218

Closed
3 tasks done
pkarman opened this issue May 4, 2020 · 1 comment
Closed
3 tasks done

Apply POA rules like Caseflow #1218

pkarman opened this issue May 4, 2020 · 1 comment
Assignees
@pkarman
Labels
Product: caseflow-eFolder-Express

Comments

@pkarman
Copy link
Contributor

pkarman commented May 4, 2020
edited

EE currently applies a simple POA check that relies on BGS error message to disqualify viewing of VBMS efolder documents.

VBMS itself uses the same BGS POA participant id API calls that Caseflow does, so switch over to those.

See context in https://dsva.slack.com/archives/C3EAF3Q15/p1588359644063900

VBMS POA rules:

Screen Shot 2020-05-05 at 10 31 58 AM

Some POA rules in this older ticket too: #410 (comment)

Testing
@pkarman pkarman self-assigned this May 4, 2020
@pkarman pkarman mentioned this issue May 4, 2020
Merged
pkarman added a commit that referenced this issue May 5, 2020
@pkarman
Power of Attorney rules (part 1) (#1219)
7061bde 
connects #1218

Add BGS service endpoints for PID and Person services. This will allow us to begin implementing POA rules based on the same endpoints that Caseflow uses.
Add participant_id to the User model so we can look up POA matches more easily for the current_user.
Start re-orienting the authorization model to check permissions at the boundaries for BGS calls.
This was referenced May 6, 2020
Merged
Merged
pkarman added a commit that referenced this issue May 6, 2020
@pkarman
POA rules (part 2) (#1221)
49bc787 
connects #1218 

* use latest bgs gem
* add support for user CSS record on demand
* use BGS claimants service for POA by file number
* adds `deceased` boolean flag to veteran info
* BGS service tests
pkarman added a commit that referenced this issue May 8, 2020
@pkarman
POA rules (part 3) (#1223)
5d784ce 
connects #1218 

* adds `UserAuthorizer` class to implement POA rules
* adds `user_authorizer` feature toggle to enable new rules

Previously the POA check was a simple error string match with yes/no.

Now we check explicitly for POA record on the claimant and veteran, independently, and also whether the Veteran is deceased (in which case the claimant's POA has precedence).
This was referenced May 8, 2020
Closed
Closed
@pkarman
Copy link
Contributor Author

pkarman commented May 15, 2020

tested as of #1229 and working.

This was referenced May 26, 2020
Merged
Merged
@pkarman pkarman closed this as completed Jun 4, 2020
va-bot pushed a commit to department-of-veterans-affairs/caseflow that referenced this issue Jun 12, 2020
@pkarman
Add BGS POA endpoint with use_poa_claimants feature (#14384)
2088cd7 
connects #10431 

### Description

In the process of developing [POA features for eFolder Express](department-of-veterans-affairs/caseflow-efolder#1218) we discovered some new BGS endpoints for determining POA.

This PR is the first step at porting those back to Caseflow. The feature toggle `use_poa_claimants` can control whether the new or existing POA service endpoints are used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pkarman pkarman

Labels
Product: caseflow-eFolder-Express
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pkarman