-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API - Prevent BCOL Helpdesk from completing Transactions in PROD #19203
Comments
@mstanton1 when a helpdesk user adds a home from another account, and that home has modernized registrations, can the helpdesk user download the report (behave like registries staff)? |
@doug-lovett great question. I don't see an answer in our requirements documentation but think the most logical path forward is to be consistent with PPR. Do you recall offhand whether the outputs were available for PPR? If not, I can complete a quick test:) |
@mstanton1 thanks, PPR allows helpdesk registration downloads, I'll do the same with MHR. |
Thanks @doug-lovett. I'm thinking I should assign a ticket to you specifically for that so we have better tracking - rather than it being buried in this verify. I will create that in a moment and assign it to you so you see it. cc @arlentees |
MHR API Verify that on the BCOL Helpdesk account all transactions trigger an API failure except search, which BCOL Helpdesk staff should be able to execute. This testing is required in the modernized system (TEST or DEV).
BCOL Logon for TEST/DEV
*Note: If we are able to complete transactions other than search an API ticket will be required for Doug to prevent transactions on the backend
Developer Note:
Verify create registration will generate an API error if the user token has the mhr_helpdesk role for all registration types.
Verify MHR search succeeds if the user token has the mhr_helpdesk role.
In DEV/TEST use the IDIR BRTEST3 account.
Allow POST /mhr/api/v1/searches and /mhr/api/v1/search-results/{search_id} requests:
Prevent as an unauthorized error:
POST /mhr/api/v1/registrations
POST /mhr/api/v1/transfers/{mhr_number}
POST /mhr/api/v1/permits/{mhr_number}
POST /mhr/api/v1/exemptions/{mhr_number}
POST /mhr/api/v1/notes/{mhr_number}
POST /mhr/api/v1/admin-registrations/{mhr_number}
Example of an unauthorized response message:
Response headers:
HTTP/1.0 401 UNAUTHORIZED
Content-Type: application/json
{
"message": "002: BCOL helpdesk users are not authorized to create transport permit registrations."
}
The text was updated successfully, but these errors were encountered: