Closed JessicaMarine closed 5 years ago
turnipsparkle
commented
5 years ago Preview Document on Filing Review Page
When reviewing a "File a Document" submission, the user shall be able to preview the selected documents to ensure the file they selected is the right one and the contents is as expected.
turnipsparkle
commented
5 years ago Select comments from review: BRAINSTORMING
From CS to Everyone: (09:46 AM) we can have separate s3 buckets an unvalidated bucket and validated bucket Probably have a TTL on the unvalidated bucket to delete them after a couple of hours as well
From MH to Everyone: (09:48 AM) I feel like the link should be session based in some way . So it can only be used by that user
From WJ to Everyone: (09:53 AM) I think the risk is that an executable is given a “.pdf” extension, and then some privilege-escalation exploit allows it to be executed. When we allow people to upload PDFs, we’re allowing arbitrary payloads to be stored on our server, until such time as we examine the payload to see if it’s malicious. So we really need to treat all PDFs, pre-scan, as if they’re rootkits. Since Lambdas don’t restart fresh on each use, every subsequent user of the Lambda could be infected by that poisoned upload.
From JS to Everyone: (09:55 AM) We can stream files remotely through Lambda to a ClamAV daemon to EC2 in that case. It’d be faster, too, lol.
From WJ to Everyone: (09:58 AM) What I like about using a quarantine bucket is that the total number of exposed files is reduced, and if they’re infected by a malicious upload, they’re infected prior to a flattening and a scan, which reduces the risk that they spread further.
From JS to Everyone: (10:00 AM) Two buckets isn’t a bad idear, because you’re treating all files as “guilty” until they’re proven innocent through an extrapolated database of virus signatures. Then, and only then, they can be moved to a “clean” bucket.
From WJ to Everyone: (10:01 AM) I’d be surprised if the CISO didn’t insist on that approach.
mariahkannenberg
commented
5 years ago Petitioner Views Uploaded Document Before Submitting Case (File a Petition Form) (out of scope - #1402)
Petitioner logs in Petitioner selects File a Petition Petitioner selects “Got it, Let’s Start My Case” Petitioner uploads all documents Petitioner fills out all metadata associated with the case Petitioner selects “Review and Sign” checkbox Petitioner sees document name is a link Petitioner selects document link and document opens in a new page Petitioner selects “Submit to US Tax Court” Petitioner logs out
Practitioner Views Uploaded Document Before Submitting Case (File a Petition Form) (out of scope - #1402)
Practitioner logs in Practitioner selects File a Petition Practitioner selects “Got it, Let’s Start My Case” Practitioner uploads all documents Practitioner fills out all metadata associated with the case Practitioner selects “Review and Sign” checkbox Practitioner selects “Submit to US Tax Court” Practitioner logs out IRS Attorney Uploads Document To Existing Case IRS Attorney logs in Practitioner selects File a Petition Practitioner selects “Got it, Let’s Start My Case” Practitioner uploads all documents Practitioner fills out all metadata associated with the case Practitioner selects “Review and Sign” checkbox Practitioner sees document name is a link Practitioner selects document link and document opens in a new page Practitioner selects “Submit to US Tax Court” Practitioner logs out
IRS Attorney Uploads First/Subsequent Document To Existing Case (File a Document Form) IRS Attorney logs in IRS Attorney navigates to case IRS Attorney selects File a Document IRS Attorney selects "Okay, I'm Ready to File" IRS Attorney selects Document Category from dropdown IRS Attorney selects Document Type from dropdown IRS Attorney selects Select Petitioner selects Continue Practitioner uploads file IRS Attorney completes form IRS Attorney selects Review Filing IRS Attorney sees that document name is a link IRS Attorney selects document link and document opens in a new page IRS Attorney selects Submit Your Filing IRS Attorney logs out
IRS Attorney Requests Access to a Case (Request Access Form) IRS Attorney logs in
Practitioner Requests Access to Case (Request Access Form)
Petitioner Uploads Document To Existing Case (File a Document) Petitioner logs in Petitioner navigates to case Petitioner selects File a Document Petitioner selects "Okay, I'm Ready to File" Petitioner selects Document Category from dropdown Petitioner selects Document Type from dropdown Petitioner selects Select Petitioner selects Continue Practitioner uploads file Petitioner completes form Petitioner selects Review Filing Petitioner sees that document name is a link Petitioner selects document link and document opens in a new page Petitioner selects Submit Your Filing Petitioner logs out
Practitioner Uploads Document To Existing Case (File a Document) Practitioner logs in Practitioner navigates to case Practitioner selects File a Document Practitioner selects "Okay, I'm Ready to File" Practitioner selects Document Category from dropdown Practitioner selects Document Type from dropdown Practitioner selects Select Practitioner selects Continue Practitioner uploads File Practitioner completes form Practitioner selects Review Filing Practitioner sees that document name is a link Practitioner selects document link and document opens in a new page Practitioner selects Submit Your Filing Practitioner logs out
As an external user (Petitioner, Practitioner, IRS attorney), in order to make sure the correct document is being uploaded, I need to the ability to view documents before they are associated with a case/docket entry.
There are several instances where an external user needs the ability to view documents before they are associated with a case/docket entry:
Pre-Conditions:
Acceptance Criteria:
Notes
Tasks
Definition of Done (Updated 7-10-19)
Product Owner
UX
Team
Engineering