Open wesrowe opened 7 months ago
Carlo's reverted PR placed a call in the app/services/users/profile.rb
, adding a scaffold.demographics
to the fetch_and_serialize_profile
function. It lacked a policy check, and policies are typically called in controllers' before_action
callbacks, e.g. before_action { authorize :demographics, :access? }
in preferred_names_controller.rb.
app/controllers/v0/users_controller.rb
is brief and makes use of app/services/users/profile.rb
, and that in turn relies on functions in app/models/user.rb
which relies on other files for fetching data from cache or API call. For example, the veteran status originating in VA Profile data uses app/models/va_profile_redis/veteran_status.rb
to fetch data from Redis or from the lib/va_profile/veteran_status/service.rb
, where API calls are made.
app/services/users/profile.rb
- where user data is fetched/pre-serializedapp/controllers/v0/users_controller.rb
- runs the user.pre_serialize fn
Description
User story
As a Cartography team member, I want to implement rules that will reduce the likelihood of a 401 error.
Notes
Quick summary of policies that cause 401 errors (make sure to check referenced docs above):
demographics_policy
checks that the user has an idme_uuid or a logingov_uuid.mpi_policy
ensures that the user either has an ICN or all of the following before making the call: first_name, last_name, birth_date, ssn, and gender.Possible tasks:
Acceptance criteria