department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
283 stars 203 forks source link

Implement policy rules on PreferredName / demographics call #79924

Open wesrowe opened 7 months ago

wesrowe commented 7 months ago

Description

User story

As a Cartography team member, I want to implement rules that will reduce the likelihood of a 401 error.

Notes

Quick summary of policies that cause 401 errors (make sure to check referenced docs above):

Possible tasks:

Acceptance criteria

dcloud commented 2 weeks ago

Notes

Carlo's reverted PR placed a call in the app/services/users/profile.rb, adding a scaffold.demographics to the fetch_and_serialize_profile function. It lacked a policy check, and policies are typically called in controllers' before_action callbacks, e.g. before_action { authorize :demographics, :access? } in preferred_names_controller.rb.

app/controllers/v0/users_controller.rb is brief and makes use of app/services/users/profile.rb, and that in turn relies on functions in app/models/user.rb which relies on other files for fetching data from cache or API call. For example, the veteran status originating in VA Profile data uses app/models/va_profile_redis/veteran_status.rb to fetch data from Redis or from the lib/va_profile/veteran_status/service.rb, where API calls are made.

Files of interest:

dcloud commented 2 weeks ago

http://localhost:3001/sign-in/mocked-auth

dcloud commented 2 weeks ago