Use New BGS Gem Sensitivity Check Methods

Gemfile

@@ -12,7 +12,7 @@ gem "acts_as_tree"
 gem "amoeba"
 # BGS
 
-gem "bgs", git: "https://github.com/department-of-veterans-affairs/ruby-bgs.git", ref: "5f47e7b2656ef347d314ef43c93d38a9f20816ec"
+gem "bgs", git: "https://github.com/department-of-veterans-affairs/ruby-bgs.git", branch: "caseflow/add-new-security-endpoint"
 # Bootsnap speeds up app boot (and started to be a default gem in 5.2).
 gem "bootsnap", require: false
 gem "browser"

Gemfile.lock

@@ -57,10 +57,10 @@ GIT
 
 GIT
   remote: https://github.com/department-of-veterans-affairs/ruby-bgs.git
-  revision: 5f47e7b2656ef347d314ef43c93d38a9f20816ec
-  ref: 5f47e7b2656ef347d314ef43c93d38a9f20816ec
+  revision: ebb9d8add944ce2125d1fb226494edabbc8adf1c
+  branch: caseflow/add-new-security-endpoint
   specs:
-    bgs (0.3)
+    bgs (0.3.1)
       httpclient
       nokogiri (>= 1.11.0.rc4)
       savon (~> 2.12)

app/services/auto_assignable_user_finder.rb

@@ -18,28 +18,21 @@ def assignable_users_exist?
   end
 
   def get_first_assignable_user(correspondence:)
-    vbms_id = correspondence.veteran.file_number
-
-    run_auto_assign_algorithm(correspondence, vbms_id)
+    run_auto_assign_algorithm(correspondence)
   end
 
   private
 
   attr_accessor :current_user
 
-  def run_auto_assign_algorithm(correspondence, vbms_id)
+  def run_auto_assign_algorithm(correspondence)
     assignable_users.each do |user|
       next if correspondence.nod && !user.nod?
 
-      begin
-        if sensitivity_checker.can_access?(vbms_id)
-          return user.user_obj
-        end
-      rescue StandardError => error
-        error_uuid = SecureRandom.uuid
-        Raven.capture_exception(error, extra: { error_uuid: error_uuid })
+      user_obj = user.user_obj
 
-        next
+      if sensitivity_levels_compatible?(user: user_obj, veteran: correspondence.veteran)
+        return user_obj
       end
     end
 
@@ -119,6 +112,18 @@ def find_users
       .references(:tasks, :organizations, :organization_user_permissions)
   end
 
+  def sensitivity_levels_compatible?(user:, veteran:)
+    begin
+      sensitivity_checker.sensitivity_level_for_user(user) >=
+        sensitivity_checker.sensitivity_level_for_veteran(veteran)
+    rescue StandardError => error
+      error_uuid = SecureRandom.uuid
+      Raven.capture_exception(error, extra: { error_uuid: error_uuid })
+
+      false
+    end
+  end
+
   def sensitivity_checker
     return @sensitivity_checker if @sensitivity_checker.present?
 

app/services/external_api/bgs_service.rb

@@ -24,6 +24,50 @@ def initialize(client: init_client)
     @people_by_ssn = {}
   end
 
+  def sensitivity_level_for_user(user)
+    fail "Invalid user" if !user.instance_of?(User)
+
+    participant_id = get_participant_id_for_user(user)
+
+    Rails.cache.fetch("sensitivity_level_for_user_id_#{user.id}", expires_in: 1.hour) do
+      DBService.release_db_connections
+
+      MetricsService.record(
+        "BGS: sensitivity level for user #{user.id}",
+        service: :bgs,
+        name: "security.find_person_scrty_log_by_ptcpnt_id"
+      ) do
+        response = client.security.find_person_scrty_log_by_ptcpnt_id(participant_id)
+
+        response.key?(:scrty_level_type_cd) ? Integer(response[:scrty_level_type_cd]) : 0
+      rescue BGS::ShareError
+        0
+      end
+    end
+  end
+
+  def sensitivity_level_for_veteran(veteran)
+    fail "Invalid veteran" if !veteran.instance_of?(Veteran)
+
+    participant_id = veteran.participant_id
+
+    Rails.cache.fetch("sensitivity_level_for_veteran_id_#{veteran.id}", expires_in: 1.hour) do
+      DBService.release_db_connections
+
+      MetricsService.record(
+        "BGS: sensitivity level for veteran #{veteran.id}",
+        service: :bgs,
+        name: "security.find_sensitivity_level_by_participant_id"
+      ) do
+        response = client.security.find_sensitivity_level_by_participant_id(participant_id)
+
+        response.key?(:scrty_level_type_cd) ? Integer(response[:scrty_level_type_cd]) : 0
+      rescue BGS::ShareError
+        0
+      end
+    end
+  end
+
   # :nocov:
 
   def get_end_products(vbms_id)

lib/fakes/bgs_service.rb

@@ -120,6 +120,18 @@ def edit_veteran_record(file_number, attr, new_value)
     end
   end
 
+  def sensitivity_level_for_user(user)
+    fail "Invalid user" if !user.instance_of?(User)
+
+    Random.new.rand(4..9)
+  end
+
+  def sensitivity_level_for_veteran(veteran)
+    fail "Invalid veteran" if !veteran.instance_of?(Veteran)
+
+    Random.new.rand(1..4)
+  end
+
   def get_end_products(file_number)
     store = self.class.end_product_store
     records = store.fetch_and_inflate(file_number) || store.fetch_and_inflate(:default) || {}

spec/services/auto_assignable_user_finder_spec.rb

@@ -12,6 +12,14 @@
   before do
     allow(BGSService).to receive(:new).and_return(mock_sensitivity_checker)
 
+    allow(mock_sensitivity_checker).to receive(:sensitivity_level_for_user) do |user|
+      bgs.sensitivity_level_for_user(user)
+    end
+
+    allow(mock_sensitivity_checker).to receive(:sensitivity_level_for_veteran) do |vet|
+      bgs.sensitivity_level_for_veteran(vet)
+    end
+
     allow(mock_sensitivity_checker).to receive(:fetch_person_info) do |vbms_id|
       bgs.fetch_person_info(vbms_id)
     end
@@ -188,13 +196,21 @@ def generate_assigned_review_package_tasks(amount:, user:)
     end
 
     context "with sensitivity level check" do
+      let(:high_sensitivity_level) { 9 }
+      let(:low_sensitivity_level) { 1 }
+
       let!(:correspondence) { create(:correspondence, veteran_id: veteran.id) }
       let!(:user_1) { create(:correspondence_auto_assignable_user) }
       let!(:user_2) { create(:correspondence_auto_assignable_user) }
 
       context "with no BGSService errors" do
         before do
-          expect(mock_sensitivity_checker).to receive(:can_access?).twice.and_return(false)
+          expect(mock_sensitivity_checker).to receive(:sensitivity_level_for_user)
+            .with(user_1).and_return(low_sensitivity_level)
+          expect(mock_sensitivity_checker).to receive(:sensitivity_level_for_user)
+            .with(user_2).and_return(low_sensitivity_level)
+          expect(mock_sensitivity_checker).to receive(:sensitivity_level_for_veteran)
+            .with(correspondence.veteran).twice.and_return(high_sensitivity_level)
           expect(BGSService).to receive(:new).and_return(mock_sensitivity_checker)
         end
 
@@ -205,8 +221,12 @@ def generate_assigned_review_package_tasks(amount:, user:)
 
       context "when the BGSService raises an error" do
         before do
-          expect(mock_sensitivity_checker).to receive(:can_access?).once.and_raise("Test BGS error")
-          expect(mock_sensitivity_checker).to receive(:can_access?).once.and_return(true)
+          expect(mock_sensitivity_checker).to receive(:sensitivity_level_for_user)
+            .with(user_1).and_raise("Test BGS error")
+          expect(mock_sensitivity_checker).to receive(:sensitivity_level_for_user)
+            .with(user_2).and_return(high_sensitivity_level)
+          expect(mock_sensitivity_checker).to receive(:sensitivity_level_for_veteran)
+            .with(correspondence.veteran).and_return(high_sensitivity_level)
           expect(BGSService).to receive(:new).and_return(mock_sensitivity_checker)
         end
 

spec/services/external_api/bgs_service_spec.rb

@@ -25,6 +25,46 @@
     bgs.bust_fetch_veteran_info_cache(vbms_id)
   end
 
+  describe "#sensitivity_level_for_user" do
+    it "validates the user param" do
+      expect { bgs.sensitivity_level_for_user(nil) }.to raise_error(RuntimeError, "Invalid user")
+    end
+
+    it "calls the security service and caches the result" do
+      participant_id = "1234"
+      sensitivity_level = Random.new.rand(1..9)
+
+      expect(bgs).to receive(:get_participant_id_for_user).with(user).and_return(participant_id)
+      expect(bgs_client).to receive(:security).and_return(bgs_security_service)
+      expect(bgs_security_service).to receive(:find_person_scrty_log_by_ptcpnt_id)
+        .with(participant_id).and_return({ scrty_level_type_cd: "#{sensitivity_level}" })
+
+      expect(bgs.sensitivity_level_for_user(user)).to eq(sensitivity_level)
+
+      expect(Rails.cache.exist?("sensitivity_level_for_user_id_#{user.id}")).to be true
+    end
+  end
+
+  describe "#sensitivity_level_for_veteran" do
+    let(:veteran) { create(:veteran) }
+
+    it "validates the veteran param" do
+      expect { bgs.sensitivity_level_for_veteran(nil) }.to raise_error(RuntimeError, "Invalid veteran")
+    end
+
+    it "calls the security service and caches the result" do
+      sensitivity_level = Random.new.rand(1..9)
+
+      expect(bgs_client).to receive(:security).and_return(bgs_security_service)
+      expect(bgs_security_service).to receive(:find_sensitivity_level_by_participant_id)
+        .with(veteran.participant_id).and_return({ scrty_level_type_cd: "#{sensitivity_level}" })
+
+      expect(bgs.sensitivity_level_for_veteran(veteran)).to eq(sensitivity_level)
+
+      expect(Rails.cache.exist?("sensitivity_level_for_veteran_id_#{veteran.id}")).to be true
+    end
+  end
+
   describe "#fetch_poa_by_file_number" do
     let(:participant_id) { "1234" }
     let(:poa_participant_id) { "person-pid" }