Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API - Prevent BCOL Helpdesk from completing Transactions in PROD #19203

Closed
mstanton1 opened this issue Jan 10, 2024 · 5 comments
Closed

API - Prevent BCOL Helpdesk from completing Transactions in PROD #19203

mstanton1 opened this issue Jan 10, 2024 · 5 comments
Assignees
Labels

Comments

@mstanton1
Copy link
Collaborator

mstanton1 commented Jan 10, 2024

MHR API Verify that on the BCOL Helpdesk account all transactions trigger an API failure except search, which BCOL Helpdesk staff should be able to execute. This testing is required in the modernized system (TEST or DEV).

BCOL Logon for TEST/DEV
image.png

*Note: If we are able to complete transactions other than search an API ticket will be required for Doug to prevent transactions on the backend

Developer Note:
Verify create registration will generate an API error if the user token has the mhr_helpdesk role for all registration types.
Verify MHR search succeeds if the user token has the mhr_helpdesk role.
In DEV/TEST use the IDIR BRTEST3 account.

Allow POST /mhr/api/v1/searches and /mhr/api/v1/search-results/{search_id} requests:
Prevent as an unauthorized error:
POST /mhr/api/v1/registrations
POST /mhr/api/v1/transfers/{mhr_number}
POST /mhr/api/v1/permits/{mhr_number}
POST /mhr/api/v1/exemptions/{mhr_number}
POST /mhr/api/v1/notes/{mhr_number}
POST /mhr/api/v1/admin-registrations/{mhr_number}

Example of an unauthorized response message:
Response headers:
HTTP/1.0 401 UNAUTHORIZED
Content-Type: application/json
{
"message": "002: BCOL helpdesk users are not authorized to create transport permit registrations."
}

@doug-lovett
Copy link
Collaborator

@mstanton1 when a helpdesk user adds a home from another account, and that home has modernized registrations, can the helpdesk user download the report (behave like registries staff)?

@mstanton1
Copy link
Collaborator Author

@doug-lovett great question. I don't see an answer in our requirements documentation but think the most logical path forward is to be consistent with PPR. Do you recall offhand whether the outputs were available for PPR? If not, I can complete a quick test:)

@doug-lovett
Copy link
Collaborator

@mstanton1 thanks, PPR allows helpdesk registration downloads, I'll do the same with MHR.

@mstanton1
Copy link
Collaborator Author

Thanks @doug-lovett. I'm thinking I should assign a ticket to you specifically for that so we have better tracking - rather than it being buried in this verify. I will create that in a moment and assign it to you so you see it.

cc @arlentees

@mstanton1 mstanton1 changed the title Verify - BCOL Helpdesk can only complete search API - Prevent BCOL Helpdesk from completing Transactions in PROD Jan 23, 2024
@chdivyareddy
Copy link
Collaborator

Verified in DEV for BRTEST3 account.

Searches:
image.png

Registration: /mhr/api/v1/registrations

image.png

Transfers: POST /mhr/api/v1/transfers/{mhr_number}
image.png

Permit: POST /mhr/api/v1/permits/{mhr_number}
image.png

Exemption: POST /mhr/api/v1/exemptions/{mhr_number}
image.png

Notes: POST /mhr/api/v1/notes/{mhr_number}
image.png

POST /mhr/api/v1/admin-registrations/{mhr_number}
image.png

@PCC199 PCC199 closed this as completed Jan 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants