Al/appeals 45664

[pamatyatake2]

Resolves APPEALS-45664

Description

Please explain the changes you made here.

1. Added new saved_searches_controller.rb and its actions. index, show, delete and create.
2. Added test for the controller -> saved_searches_controller_spec.rb
3. Added Serializer for saved_search
4. Added two scopes in model to get the data from the backend.
5. added a method to validate if its a VHA_ADMIN
6. Added template files for index and show.

Acceptance Criteria

• Code compiles correctly
• Handle saving of new saved search 
• Handle deletion of saved search 
• Validation to ensure user can only delete their own Saved Search, not other users'
• Make index to return all Saved Searches 
• Make action to return saved searches for a specific user 
• Need validation to ensure User is a VHA admin

Testing Plan

In Ruby Console:

FactoryBot.create_list(:saved_search, 10)

user = User.find_by_css_id("VHAADMIN")
# use VHAADMIN as a user when getting the set-cookie from the browser or 
# change VHAADMIN to any VHA admin that you use
FactoryBot.create_list(:saved_search, 5, user: user)

1. Go to Jira Issue/Test Plan Link or list them below
2. You can use postman to test the functionality.
3. login to postman, copy set-cookie from the browser and paste it in POSTMAN.
4. access -> GET: localhost:3000/saved_searches.json -> this should return all the saved search for all user.
5. GET: localhost:3000/saved_searches/:id -> this should only return single saved search based on the id.
6. POST: localhost:3000/saved_searches/ -> this should create a new saved search
7. DELETE: localhost:3000/saved_searches/:id. > Thi should delete a saved search for that user.

Tester can use Postman using this link with pre-saved URL endpoint criteria to ease help with testing.

In order to make an API call tester needs to capture _caseflow_session from the Chrome browser after logging in through the frontend with the type of user they want to test the endpoint with e.g vha admin

• For feature branches merging into main: Was this deployed to UAT?

Frontend

User Facing Changes

• Screenshots of UI changes added to PR & Original Issue

BEFORE	AFTER

Storybook Story

For Frontend (Presentation) Components

• Add a Storybook file alongside the component file (e.g. create MyComponent.stories.js alongside MyComponent.jsx)
• Give it a title that reflects the component's location within the overall Caseflow hierarchy
• Write a separate story (within the same file) for each discrete variation of the component

Backend

Database Changes

Only for Schema Changes

• Add typical timestamps (created_at, updated_at) for new tables
• Update column comments; include a "PII" prefix to indicate definite or potential PII data content
• Have your migration classes inherit from Caseflow::Migration, especially when adding indexes (use add_safe_index) (see Writing DB migrations)
• Verify that migrate:rollback works as desired (change supported functions)
• Perform query profiling (eyeball Rails log, check bullet and fasterer output)
• For queries using raw sql was an explain plan run by System Team
• Add appropriate indexes (especially for foreign keys, polymorphic columns, unique constraints, and Rails scopes)
• Run make check-fks; add any missing foreign keys or add to config/initializers/immigrant.rb (see Record associations and Foreign Keys)
• Add belongs_to for associations to enable the schema diagrams to be automatically updated
• Document any non-obvious semantics or logic useful for interpreting database data at Caseflow Data Model and Dictionary

Integrations: Adding endpoints for external APIs

• Check that Caseflow's external API code for the endpoint matches the code in the relevant integration repo
  • Request: Service name, method name, input field names
  • Response: Check expected data structure
  • Check that calls are wrapped in MetricService record block
• Check that all configuration is coming from ENV variables
  • Listed all new ENV variables in description
  • Worked with or notified System Team that new ENV variables need to be set
• Update Fakes
• For feature branches: Was this tested in Caseflow UAT

Best practices

Code Documentation Updates

• Add or update code comments at the top of the class, module, and/or component.

Tests

Test Coverage

Did you include any test coverage for your code? Check below:

• RSpec
• Jest
• Other

Code Climate

Your code does not add any new code climate offenses? If so why?

• No new code climate issues added

Monitoring, Logging, Auditing, Error, and Exception Handling Checklist

Monitoring

• Are performance metrics (e.g., response time, throughput) being tracked?
• Are key application components monitored (e.g., database, cache, queues)?
• Is there a system in place for setting up alerts based on performance thresholds?

Logging

• Are logs being produced at appropriate log levels (debug, info, warn, error, fatal)?
• Are logs structured (e.g., using log tags) for easier querying and analysis?
• Are sensitive data (e.g., passwords, tokens) redacted or omitted from logs?
• Is log retention and rotation configured correctly?
• Are logs being forwarded to a centralized logging system if needed?

Auditing

• Are user actions being logged for audit purposes?
• Are changes to critical data being tracked ?
• Are logs being securely stored and protected from tampering or exposing protected data?

Error Handling

• Are errors being caught and handled gracefully?
• Are appropriate error messages being displayed to users?
• Are critical errors being reported to an error tracking system (e.g., Sentry, ELK)?
• Are unhandled exceptions being caught at the application level ?

Exception Handling

• Are custom exceptions defined and used where appropriate?
• Is exception handling consistent throughout the codebase?
• Are exceptions logged with relevant context and stack trace information?
• Are exceptions being grouped and categorized for easier analysis and resolution?

[codeclimate]

Code Climate has analyzed commit 010e3c8 and detected 0 issues on this pull request.

View more on Code Climate.

[TylerBroyles]

Looks good. I left a lot of comments around around naming conventions and small things like that so if you have any questions let me know.

[TylerBroyles]

I wouldn't bother doing any minor tweaks to the javascript files in this PR that really only affect mocked data. Let's just keep it all backend.

[almorbah]

@pamatyatake2 let revert this change here

[TylerBroyles]

Active record is smart enough to realize that user_id is a foreign key and automatically transform user -> user.id, but I think it's probably better to make it more explicit in the scope. You can also chain scopes and if you keep the other scope you should chain it here instead of repeating .order(created_at: :desc). This is also why I don't think the name makes much sense when you look at it written out like this.

Suggested change

	scope :my_saved_searches, ->(user) { where(user_id: user).order(created_at: :desc) }
	scope :my_saved_searches, ->(user) { where(user: user).all_saved_searches }

[TylerBroyles]

Looks good overall. I noticed a couple of small things around the index/show html methods and some cleanup that we might want to address.

[TylerBroyles]

Suggested change

# Ex:- scope :active, -> {where(:active => true)}

[TylerBroyles]

These will error if there is no user. I would group them up as a user attribute. It would be similar to how the task serializer handles it's assigned to relationship. It's just an example so that the frontend redux store will be able to look for user attributes like this savedSearch.user.cssId

  # Example assigned_to from task serializer
  attribute :assigned_to do |object|
    assignee = object.try(:unscoped_assigned_to)

    {
      css_id: assignee.try(:css_id),
      full_name: assignee.try(:full_name),
      is_organization: assignee.is_a?(Organization),
      name: assignee.is_a?(Organization) ? assignee.name : assignee.css_id,
      status: assignee.try(:status),
      type: assignee.class.name,
      id: assignee.id
    }
  end

[TylerBroyles]

The decision_review_business_line_slug is not included in any of your routes so it's not going to know what this :decision_review_business_line_slug param is. It would have to be using the :business_line_slug param from the routes.
Something like this might work

@organization ||= Organization.find_by(url: params[:business_line_slug] || params[:organization_slug])

[TylerBroyles]

I think the :vha_admin_user trait already creates adds the user to the VhaBusienssLine so you probably don't have to add it later non_comp_org.add_user(user)

[TylerBroyles]

vha_business_line and non_comp_org can probably be combined into one variable since they are doing the same thing.

[TylerBroyles]

Suggested change

	context "VHA user creating saved search" do
	context "VHA admin user creating saved search" do

[TylerBroyles]

Suggested change

	context "VHA user saved search not exists" do
	context "VHA admin user saved search not exists" do

[TylerBroyles]

This still does not match the current SavedSearches page url which is /decision_reviews/business_line_slug/report/searches. This route would match /decision_reviews/business_line_slug/searches. Is that the intention?

[TylerBroyles]

I noticed one last thing, but that should be it.

[TylerBroyles]

We probably also need to serialize the id since that will be what we are sending back to the backend when we are deleting a saved search.