Merge branch 'master' into dbex/80718-TE-transform-2

department-of-veterans-affairs · Apr 23, 2024 · e7ce01b · e7ce01b
2 parents 3f380ec + 4995a8a
commit e7ce01b
Show file tree

Hide file tree

Showing 47 changed files with 1,196 additions and 215 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -186,6 +186,8 @@ app/mailers/views/veteran_readiness_employment_cmp.html.erb @department-of-veter
 app/mailers/views/veteran_readiness_employment.html.erb @department-of-veterans-affairs/Benefits-Team-1 @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 app/models/account_login_stat.rb @department-of-veterans-affairs/octo-identity
 app/models/account.rb @department-of-veterans-affairs/octo-identity
+app/models/accredited_individual.rb @department-of-veterans-affairs/accredited-representation-management @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-accredited-rep-facing
+app/models/accredited_organization.rb @department-of-veterans-affairs/accredited-representation-management @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-accredited-rep-facing
 app/models/adapters/payment_history_adapter.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/va-api-engineers
 app/models/appeal_submission.rb @department-of-veterans-affairs/Benefits-Team-1 @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 app/models/appeal_submission_upload.rb @department-of-veterans-affairs/Benefits-Team-1 @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
@@ -786,6 +788,7 @@ docs/setup/codespaces.md @department-of-veterans-affairs/backend-review-group @d
 docs/setup/va_forms.md @department-of-veterans-affairs/platform-va-product-forms @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/va-api-engineers
 docs/setup/virtual_machine_access.md @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/va-api-engineers
 .github @department-of-veterans-affairs/backend-review-group
+lib/accredited_representation/constants.rb @department-of-veterans-affairs/accredited-representation-management @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-accredited-rep-facing
 lib/aes_256_cbc_encryptor.rb @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 lib/apps @department-of-veterans-affairs/vfs-facilities-frontend @department-of-veterans-affairs/lighthouse-pivot
 lib/bb @department-of-veterans-affairs/vfs-vaos @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
@@ -1068,6 +1071,8 @@ spec/factories/686c/form_686c_674.rb @department-of-veterans-affairs/benefits-de
 spec/factories/686c/spouse.rb @department-of-veterans-affairs/benefits-dependents-management @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/factories/686c/step_child_lives_with_veteran.rb @department-of-veterans-affairs/benefits-dependents-management @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/factories/accounts.rb @department-of-veterans-affairs/octo-identity
+spec/factories/accredited_individuals.rb @department-of-veterans-affairs/accredited-representation-management @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-accredited-rep-facing
+spec/factories/accredited_organizations.rb @department-of-veterans-affairs/accredited-representation-management @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-accredited-rep-facing
 spec/factories/appeal_submissions.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/factories/appeal_submission_uploads.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/factories/ask.rb @department-of-veterans-affairs/Benefits-Team-1 @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
@@ -1430,6 +1435,8 @@ spec/mailers/transactional_email_mailer_spec.rb @department-of-veterans-affairs/
 spec/mailers/veteran_readiness_employment_mailer_spec.rb @department-of-veterans-affairs/Benefits-Team-1 @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/middleware @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/models/account_spec.rb @department-of-veterans-affairs/octo-identity
+spec/models/accredited_individual_spec.rb @department-of-veterans-affairs/accredited-representation-management @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-accredited-rep-facing
+spec/models/accredited_organization_spec.rb @department-of-veterans-affairs/accredited-representation-management @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-accredited-rep-facing
 spec/models/async_transaction/base_spec.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/models/async_transaction/va_profile @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/models/async_transaction/vet360 @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -317,7 +317,7 @@ GEM
     content_disposition (1.0.0)
     cork (0.3.0)
       colored2 (~> 3.1)
-    coverband (6.1.0)
+    coverband (6.1.1)
       redis (>= 3.0)
     crack (1.0.0)
       bigdecimal
@@ -890,7 +890,7 @@ GEM
     rswag-ui (2.13.0)
       actionpack (>= 3.1, < 7.2)
       railties (>= 3.1, < 7.2)
-    rubocop (1.63.2)
+    rubocop (1.63.3)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)

diff --git a/app/controllers/v0/terms_of_use_agreements_controller.rb b/app/controllers/v0/terms_of_use_agreements_controller.rb
@@ -17,19 +17,17 @@ def latest
 
     def accept
       terms_of_use_agreement = acceptor.perform!
-
-      recache_user
+      recache_user unless terms_code_temporary_auth?
       render_success(action: 'accept', body: { terms_of_use_agreement: }, status: :created)
     rescue TermsOfUse::Errors::AcceptorError => e
       render_error(action: 'accept', message: e.message)
     end
 
     def accept_and_provision
       terms_of_use_agreement = acceptor(async: false).perform!
-
       if terms_of_use_agreement.accepted? && provisioner.perform
         create_cerner_cookie
-        recache_user
+        recache_user unless terms_code_temporary_auth?
         render_success(action: 'accept_and_provision', body: { terms_of_use_agreement:, provisioned: true },
                        status: :created)
       else
@@ -41,8 +39,7 @@ def accept_and_provision
 
     def decline
       terms_of_use_agreement = decliner.perform!
-
-      recache_user
+      recache_user unless terms_code_temporary_auth?
       render_success(action: 'decline', body: { terms_of_use_agreement: }, status: :created)
     rescue TermsOfUse::Errors::DeclinerError => e
       render_error(action: 'decline', message: e.message)
@@ -63,27 +60,27 @@ def update_provisioning
 
     def acceptor(async: true)
       TermsOfUse::Acceptor.new(
-        user_account: current_user.user_account,
-        common_name: current_user.common_name,
+        user_account: @user_account,
+        common_name:,
         version: params[:version],
         async:
       )
     end
 
     def decliner
       TermsOfUse::Decliner.new(
-        user_account: current_user.user_account,
-        common_name: current_user.common_name,
+        user_account: @user_account,
+        common_name:,
         version: params[:version]
       )
     end
 
     def provisioner
       TermsOfUse::Provisioner.new(
-        icn: current_user.icn,
-        first_name: current_user.first_name,
-        last_name: current_user.last_name,
-        mpi_gcids: current_user.mpi_gcids
+        icn: @user_account.icn,
+        first_name: mpi_profile.given_names.first,
+        last_name: mpi_profile.family_name,
+        mpi_gcids: mpi_profile.full_mvi_ids
       )
     end
 
@@ -102,29 +99,51 @@ def create_cerner_cookie
     end
 
     def find_latest_agreement_by_version(version)
-      current_user.user_account.terms_of_use_agreements.where(agreement_version: version).last
+      @user_account.terms_of_use_agreements.where(agreement_version: version).last
     end
 
     def authenticate_one_time_terms_code
       terms_code_container = SignIn::TermsCodeContainer.find(params[:terms_code])
-      @current_user = User.find(terms_code_container.user_uuid)
+      return unless terms_code_container
+
+      @user_account = UserAccount.find(terms_code_container.user_account_uuid)
     ensure
       terms_code_container&.destroy
     end
 
+    def authenticate_current_user
+      load_user(skip_terms_check: true)
+      return unless current_user
+
+      @user_account = current_user.user_account
+    end
+
+    def terms_code_temporary_auth?
+      params[:terms_code].present?
+    end
+
     def terms_authenticate
-      params[:terms_code].present? ? authenticate_one_time_terms_code : load_user(skip_terms_check: true)
+      terms_code_temporary_auth? ? authenticate_one_time_terms_code : authenticate_current_user
+
+      raise Common::Exceptions::Unauthorized unless @user_account
+    end
+
+    def mpi_profile
+      @mpi_profile ||= MPI::Service.new.find_profile_by_identifier(identifier: @user_account.icn,
+                                                                   identifier_type: MPI::Constants::ICN)&.profile
+    end
 
-      raise Common::Exceptions::Unauthorized unless @current_user
+    def common_name
+      "#{mpi_profile.given_names.first} #{mpi_profile.family_name}"
     end
 
     def render_success(action:, body:, status: :ok)
-      Rails.logger.info("[TermsOfUseAgreementsController] #{action} success", { icn: current_user.icn })
+      Rails.logger.info("[TermsOfUseAgreementsController] #{action} success", { icn: @user_account.icn })
       render json: body, status:
     end
 
     def render_error(action:, message:, status: :unprocessable_entity)
-      Rails.logger.error("[TermsOfUseAgreementsController] #{action} error: #{message}", { icn: current_user.icn })
+      Rails.logger.error("[TermsOfUseAgreementsController] #{action} error: #{message}", { icn: @user_account.icn })
       render json: { error: message }, status:
     end
   end

diff --git a/app/models/accredited_individual.rb b/app/models/accredited_individual.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'accredited_representation/constants'
+
+class AccreditedIndividual < ApplicationRecord
+  # rubocop:disable Rails/HasAndBelongsToMany
+  has_and_belongs_to_many :accredited_organizations,
+                          class: 'AccreditedOrganization',
+                          join_table: 'accredited_individuals_accredited_organizations'
+
+  # rubocop:enable Rails/HasAndBelongsToMany
+
+  validates :ogc_id, :registration_number, :individual_type, presence: true
+  validates :poa_code, length: { is: 3 }, allow_blank: true
+  validates :individual_type, uniqueness: { scope: :registration_number }
+
+  enum individual_type: {
+    'attorney' => 'attorney',
+    'claims_agent' => 'claims_agent',
+    'representative' => 'representative'
+  }
+
+  # Find all [AccreditedIndividuals] that are located within a distance of a specific location
+  # @param long [Float] longitude of the location of interest
+  # @param lat [Float] latitude of the location of interest
+  # @param max_distance [Float] the maximum search distance in meters
+  #
+  # @return [AccreditedIndividual::ActiveRecord_Relation] an ActiveRecord_Relation of
+  #   all individuals matching the search criteria
+  def self.find_within_max_distance(long, lat, max_distance = AccreditedRepresentation::Constants::DEFAULT_MAX_DISTANCE)
+    query = 'ST_DWithin(ST_SetSRID(ST_MakePoint(:long, :lat), 4326)::geography, location, :max_distance)'
+    params = { long:, lat:, max_distance: }
+
+    where(query, params)
+  end
+
+  # return all poa_codes associated with the individual
+  #
+  # @return [Array<String>]
+  def poa_codes
+    ([poa_code] + accredited_organizations.pluck(:poa_code)).compact
+  end
+end
diff --git a/app/models/accredited_organization.rb b/app/models/accredited_organization.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'accredited_representation/constants'
+
+class AccreditedOrganization < ApplicationRecord
+  # rubocop:disable Rails/HasAndBelongsToMany
+  has_and_belongs_to_many :accredited_individuals,
+                          class: 'AccreditedIndividual',
+                          join_table: 'accredited_individuals_accredited_organizations'
+  # rubocop:enable Rails/HasAndBelongsToMany
+
+  validates :ogc_id, :poa_code, presence: true
+  validates :poa_code, length: { is: 3 }
+  validates :poa_code, uniqueness: true
+
+  #
+  # Find all [AccreditedOrganizations] that are located within a distance of a specific location
+  # @param long [Float] longitude of the location of interest
+  # @param lat [Float] latitude of the location of interest
+  # @param max_distance [Float] the maximum search distance in meters
+  #
+  # @return [AccreditedOrganization::ActiveRecord_Relation] an ActiveRecord_Relation of
+  #   all organizations matching the search criteria
+  def self.find_within_max_distance(long, lat, max_distance = AccreditedRepresentation::Constants::DEFAULT_MAX_DISTANCE)
+    query = 'ST_DWithin(ST_SetSRID(ST_MakePoint(:long, :lat), 4326)::geography, location, :max_distance)'
+    params = { long:, lat:, max_distance: }
+
+    where(query, params)
+  end
+
+  # return all registration_numbers associated with the individual
+  #
+  # @return [Array<String>]
+  def registration_numbers
+    accredited_individuals.pluck(:registration_number)
+  end
+end
diff --git a/app/models/sign_in/terms_code_container.rb b/app/models/sign_in/terms_code_container.rb
@@ -7,8 +7,8 @@ class TermsCodeContainer < Common::RedisStore
     redis_key :code
 
     attribute :code, String
-    attribute :user_uuid, String
+    attribute :user_account_uuid, String
 
-    validates(:code, :user_uuid, presence: true)
+    validates(:code, :user_account_uuid, presence: true)
   end
 end
diff --git a/app/services/sign_in/user_code_map_creator.rb b/app/services/sign_in/user_code_map_creator.rb
@@ -42,11 +42,11 @@ def create_credential_email
     end
 
     def create_user_acceptable_verified_credential
-      Login::UserAcceptableVerifiedCredentialUpdater.new(user_account: user_verification.user_account).perform
+      Login::UserAcceptableVerifiedCredentialUpdater.new(user_account:).perform
     end
 
     def create_terms_code_container
-      TermsCodeContainer.new(code: terms_code, user_uuid:).save!
+      TermsCodeContainer.new(code: terms_code, user_account_uuid: user_account.id).save!
     end
 
     def create_code_container
@@ -79,6 +79,10 @@ def user_verification
       @user_verification ||= Login::UserVerifier.new(user_verifier_object).perform
     end
 
+    def user_account
+      @user_account ||= user_verification.user_account
+    end
+
     def sign_in
       @sign_in ||= {
         service_name: state_payload.type,
@@ -98,7 +102,7 @@ def access_token_attributes
     end
 
     def needs_accepted_terms_of_use?
-      client_config.va_terms_enforced? && user_verification.user_account.needs_accepted_terms_of_use?
+      client_config.va_terms_enforced? && user_account.needs_accepted_terms_of_use?
     end
 
     def client_config

diff --git a/app/sidekiq/education_form/templates/1995.erb b/app/sidekiq/education_form/templates/1995.erb
@@ -139,6 +139,8 @@ Middle name of Parent, Guardian or Custodian: <%= @applicant.minorQuestions.guar
 
 Last name of Parent, Guardian or Custodian: <%= @applicant.minorQuestions.guardianLastName %>
 
+Suffix of Parent, Guardian or Custodian: <%= @applicant.minorQuestions.guardianSuffix %>
+
 Address of Parent, Guardian or Custodian:
   Country: <%= @applicant.minorQuestions.guardianAddress.country %>
   Street: <%= @applicant.minorQuestions.guardianAddress.street %>

diff --git a/lib/accredited_representation/constants.rb b/lib/accredited_representation/constants.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module AccreditedRepresentation
+  module Constants
+    METERS_PER_MILE = 1609.344
+    DEFAULT_MAX_MILES = 50
+    DEFAULT_MAX_DISTANCE = DEFAULT_MAX_MILES * METERS_PER_MILE
+  end
+end
diff --git a/lib/lighthouse/benefits_claims/configuration.rb b/lib/lighthouse/benefits_claims/configuration.rb
@@ -13,7 +13,7 @@ module BenefitsClaims
   class Configuration < Common::Client::Configuration::REST
     self.read_timeout = Settings.lighthouse.benefits_claims.timeout || 20
 
-    API_SCOPES = %w[system/claim.read system/claim.write].freeze
+    API_SCOPES = %w[system/claim.read system/claim.write system/526-pdf.override].freeze
     CLAIMS_PATH = 'services/claims/v2/veterans'
     TOKEN_PATH = 'oauth2/claims/system/v1/token'