From 9df9a7fdea1f36c110654884f59470e307f8eb4f Mon Sep 17 00:00:00 2001 From: mchristiansonVA <95487885+mchristiansonVA@users.noreply.github.com> Date: Tue, 30 Apr 2024 11:02:13 -0400 Subject: [PATCH] Api 35596 poa code validation (#16485) * Add POA code validation for 2122a, update example json, update tests * Add generated dev swagger * Add test for invalid POA code * Update POA code validation to check if it belongs to an organization * Run both POA representative and org checks before returning * Rubocop fixes --- .../individual_controller.rb | 3 ++- .../swagger/claims_api/v2/dev/swagger.json | 18 ++++++------- .../power_of_attorney/2122a/valid.json | 2 +- .../power_of_attorney_ind_request_spec.rb | 25 +++++++++++++++++-- .../veterans/rswag_power_of_attorney_spec.rb | 4 +-- 5 files changed, 37 insertions(+), 15 deletions(-) diff --git a/modules/claims_api/app/controllers/claims_api/v2/veterans/power_of_attorney/individual_controller.rb b/modules/claims_api/app/controllers/claims_api/v2/veterans/power_of_attorney/individual_controller.rb index 4777793346e..9b80e0aca3d 100644 --- a/modules/claims_api/app/controllers/claims_api/v2/veterans/power_of_attorney/individual_controller.rb +++ b/modules/claims_api/app/controllers/claims_api/v2/veterans/power_of_attorney/individual_controller.rb @@ -30,7 +30,8 @@ def validate private def validate_individual_poa_code!(poa_code) - return if ::Veteran::Service::Representative.where('? = ANY(poa_codes)', poa_code).any? + return if ::Veteran::Service::Representative.where('? = ANY(poa_codes)', poa_code).any? && + ::Veteran::Service::Organization.find_by(poa: poa_code).blank? raise ::ClaimsApi::Common::Exceptions::Lighthouse::ResourceNotFound.new( detail: "Could not find an Accredited Representative with code: #{poa_code}" diff --git a/modules/claims_api/app/swagger/claims_api/v2/dev/swagger.json b/modules/claims_api/app/swagger/claims_api/v2/dev/swagger.json index bc5b78f3b26..c3b8baed9ee 100644 --- a/modules/claims_api/app/swagger/claims_api/v2/dev/swagger.json +++ b/modules/claims_api/app/swagger/claims_api/v2/dev/swagger.json @@ -6072,7 +6072,7 @@ "application/json": { "example": { "data": { - "id": "6be9b240-267c-4c9c-b8d5-af1cd4068308", + "id": "fe256259-ac70-4caf-a91e-0f217a5aff2a", "type": "forms/526", "attributes": { "veteran": { @@ -8975,10 +8975,10 @@ "application/json": { "example": { "data": { - "id": "867b7baa-8dbe-4053-823f-788218fa6984", + "id": "14195f7f-91be-4b80-a4a2-bccba1118f27", "type": "individual", "attributes": { - "code": "083", + "code": "067", "name": "Firstname Lastname", "phoneNumber": "555-555-5555" } @@ -9175,7 +9175,7 @@ { "title": "Resource not found", "status": "404", - "detail": "Could not find an Accredited Representative with registration number: 999999999999 and poa code: 083", + "detail": "Could not find an Accredited Representative with registration number: 999999999999 and poa code: 067", "source": { "pointer": "/modules/claims_api/app/controllers/claims_api/v2/veterans/power_of_attorney/base_controller.rb:70:in `validate_registration_number!'" } @@ -9602,7 +9602,7 @@ } }, "representative": { - "poaCode": "083", + "poaCode": "067", "registrationNumber": "999999999999", "type": "ATTORNEY", "address": { @@ -9671,7 +9671,7 @@ "application/json": { "example": { "data": { - "id": "c54cfb3e-8ec8-48ce-bb19-52847bdd9bde", + "id": "a7979800-15b2-425f-b12f-3dcc369af6ed", "type": "organization", "attributes": { "code": "083", @@ -10498,7 +10498,7 @@ { "title": "Resource not found", "status": "404", - "detail": "Could not find an Accredited Representative with registration number: 999999999999 and poa code: 083", + "detail": "Could not find an Accredited Representative with registration number: 999999999999 and poa code: 067", "source": { "pointer": "/modules/claims_api/app/controllers/claims_api/v2/veterans/power_of_attorney/base_controller.rb:70:in `validate_registration_number!'" } @@ -10925,7 +10925,7 @@ } }, "representative": { - "poaCode": "083", + "poaCode": "067", "registrationNumber": "999999999999", "type": "ATTORNEY", "address": { @@ -11631,7 +11631,7 @@ "application/json": { "example": { "data": { - "id": "af367b07-5484-4eb7-8a2b-3d4bf1ba447c", + "id": "49e19027-f055-4acd-853b-d9ca573eba1b", "type": "claimsApiPowerOfAttorneys", "attributes": { "status": "submitted", diff --git a/modules/claims_api/spec/fixtures/v2/veterans/power_of_attorney/2122a/valid.json b/modules/claims_api/spec/fixtures/v2/veterans/power_of_attorney/2122a/valid.json index ed6315f06bc..83e23b15a67 100644 --- a/modules/claims_api/spec/fixtures/v2/veterans/power_of_attorney/2122a/valid.json +++ b/modules/claims_api/spec/fixtures/v2/veterans/power_of_attorney/2122a/valid.json @@ -13,7 +13,7 @@ } }, "representative": { - "poaCode": "083", + "poaCode": "067", "registrationNumber": "999999999999", "type": "ATTORNEY", "address": { diff --git a/modules/claims_api/spec/requests/v2/veterans/power_of_attorney_ind_request_spec.rb b/modules/claims_api/spec/requests/v2/veterans/power_of_attorney_ind_request_spec.rb index 92689e629e2..b69247c118c 100644 --- a/modules/claims_api/spec/requests/v2/veterans/power_of_attorney_ind_request_spec.rb +++ b/modules/claims_api/spec/requests/v2/veterans/power_of_attorney_ind_request_spec.rb @@ -10,8 +10,8 @@ let(:appoint_individual_path) { "/services/claims/v2/veterans/#{veteran_id}/2122a" } let(:validate2122a_path) { "/services/claims/v2/veterans/#{veteran_id}/2122a/validate" } let(:scopes) { %w[system/claim.write system/claim.read] } - let(:individual_poa_code) { 'A1H' } - let(:organization_poa_code) { '083' } + let(:individual_poa_code) { '072' } + let(:organization_poa_code) { '067' } let(:bgs_poa) { { person_org_name: "#{individual_poa_code} name-here" } } let(:local_bgs) { ClaimsApi::LocalBGS } @@ -379,6 +379,27 @@ end end + context 'when the provided POA code is not a valid 2122a individual code' do + let(:request_body) do + Rails.root.join('modules', 'claims_api', 'spec', 'fixtures', 'v2', 'veterans', + 'power_of_attorney', '2122a', 'invalid_poa.json').read + end + + it 'returns a meaningful 404' do + mock_ccg(%w[claim.write claim.read]) do |auth_header| + detail = 'Could not find an Accredited Representative with registration number: 999999999999 and poa code: aaa' # rubocop:disable Layout/LineLength + + post validate2122a_path, params: request_body, headers: auth_header + response_body = JSON.parse(response.body)['errors'][0] + + expect(response).to have_http_status(:not_found) + expect(response_body['title']).to eq('Resource not found') + expect(response_body['status']).to eq('404') + expect(response_body['detail']).to eq(detail) + end + end + end + context 'when no claimantId is provided and other claimant data is present' do let(:request_body) do Rails.root.join('modules', 'claims_api', 'spec', 'fixtures', 'v2', 'veterans', diff --git a/modules/claims_api/spec/requests/v2/veterans/rswag_power_of_attorney_spec.rb b/modules/claims_api/spec/requests/v2/veterans/rswag_power_of_attorney_spec.rb index 7158c3a3e56..a2e30e05d3e 100644 --- a/modules/claims_api/spec/requests/v2/veterans/rswag_power_of_attorney_spec.rb +++ b/modules/claims_api/spec/requests/v2/veterans/rswag_power_of_attorney_spec.rb @@ -165,7 +165,7 @@ parameter SwaggerSharedComponents::V2.body_examples[:power_of_attorney_2122a] description 'Updates current Power of Attorney for Veteran.' let(:scopes) { %w[system/claim.read system/system/claim.write] } - let(:poa_code) { '083' } + let(:poa_code) { '067' } let(:bgs_poa) { { person_org_name: "#{poa_code} name-here" } } describe 'Getting a successful response' do @@ -498,7 +498,7 @@ describe 'Getting a successful response' do response '200', 'Valid request response' do - let(:poa_code) { '083' } + let(:poa_code) { '067' } schema JSON.parse(Rails.root.join('spec', 'support', 'schemas', 'claims_api', 'v2', 'veterans', 'power_of_attorney', '2122a', 'validate.json').read)