-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds a mechanisim for admins to upload a csv of know risky trns and ninos that will cause claims with these attributes to be flagged in the admin ui. Flagged values can be removed by uploading a CSV without those values. According to the govuk guidance we can't show multiple notification banners on a page and should combine their content. We may want to use a different method to display fraud prevention warnings to admins.
- Loading branch information
Showing
18 changed files
with
437 additions
and
6 deletions.
There are no files selected for viewing
25 changes: 25 additions & 0 deletions
25
app/controllers/admin/fraud_risk_csv_downloads_controller.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
module Admin | ||
class FraudRiskCsvDownloadsController < BaseAdminController | ||
before_action :ensure_service_operator | ||
|
||
def show | ||
respond_to do |format| | ||
format.csv do | ||
send_data(csv, filename: "fraud_risk.csv") | ||
end | ||
end | ||
end | ||
|
||
private | ||
|
||
def csv | ||
CSV.generate do |csv| | ||
csv << %w[field value] | ||
|
||
RiskIndicator.order(created_at: :asc).pluck(:field, :value).each do |row| | ||
csv << row | ||
end | ||
end | ||
end | ||
end | ||
end |
28 changes: 28 additions & 0 deletions
28
app/controllers/admin/fraud_risk_csv_uploads_controller.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
module Admin | ||
class FraudRiskCsvUploadsController < BaseAdminController | ||
before_action :ensure_service_operator | ||
|
||
def new | ||
@form = FraudRiskCsvUploadForm.new | ||
end | ||
|
||
def create | ||
@form = FraudRiskCsvUploadForm.new(fraud_risk_csv_upload_params) | ||
|
||
if @form.save | ||
redirect_to( | ||
new_admin_fraud_risk_csv_upload_path, | ||
notice: "Fraud prevention list uploaded successfully." | ||
) | ||
else | ||
render :new | ||
end | ||
end | ||
|
||
private | ||
|
||
def fraud_risk_csv_upload_params | ||
params.require(:admin_fraud_risk_csv_upload_form).permit(:file) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
module Admin | ||
class FraudRiskCsvUploadForm | ||
include ActiveModel::Model | ||
|
||
attr_accessor :file | ||
|
||
validates :file, presence: true | ||
|
||
validate :all_records_are_valid, if: -> { file.present? } | ||
|
||
def initialize(params = {}) | ||
super | ||
end | ||
|
||
def save | ||
return false unless valid? | ||
|
||
ApplicationRecord.transaction do | ||
RiskIndicator.where.not(id: records.map(&:id)).destroy_all | ||
|
||
records.each(&:save!) | ||
end | ||
|
||
true | ||
end | ||
|
||
private | ||
|
||
def csv | ||
@csv ||= CSV.parse(file.read, headers: true, skip_blanks: true) | ||
end | ||
|
||
def records | ||
@records ||= csv.map do |row| | ||
RiskIndicator.find_or_initialize_by(row.to_h) | ||
end.uniq { |record| record.attributes.slice("field", "value") } | ||
end | ||
|
||
def all_records_are_valid | ||
records.select(&:invalid?).each do |record| | ||
errors.add(:base, record.errors.map(&:message).join(", ")) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
class RiskIndicator < ApplicationRecord | ||
SUPPORTED_FIELDS = %w[ | ||
teacher_reference_number | ||
national_insurance_number | ||
].freeze | ||
|
||
validates :field, presence: { | ||
message: "'field' can't be blank" | ||
} | ||
|
||
validates :value, presence: { | ||
message: "'value' can't be blank" | ||
} | ||
|
||
validates :value, uniqueness: {scope: :field} | ||
|
||
validates :field, | ||
inclusion: { | ||
in: SUPPORTED_FIELDS, | ||
message: "'%{value}' is not a valid attribute - must be one of #{SUPPORTED_FIELDS.join(", ")}" | ||
} | ||
|
||
def self.flagged_attributes(claim) | ||
where( | ||
"field = 'national_insurance_number' AND LOWER(value) = :value", | ||
value: claim.national_insurance_number&.downcase | ||
).or( | ||
where( | ||
field: "teacher_reference_number", | ||
value: claim.eligibility.try(:teacher_reference_number) | ||
) | ||
).pluck(:field).compact | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
<div class="govuk-grid-row"> | ||
<div class="govuk-grid-column-two-thirds"> | ||
<h1 class="govuk-heading-xl"> | ||
Fraud risk CSV upload | ||
</h1> | ||
|
||
<%= form_with( | ||
url: admin_fraud_risk_csv_uploads_path, | ||
model: @form, | ||
builder: GOVUKDesignSystemFormBuilder::FormBuilder | ||
) do |f| %> | ||
<%= f.govuk_error_summary %> | ||
|
||
<%= f.govuk_file_field( | ||
:file, | ||
label: { text: "Upload fraud risk CSV file" }, | ||
hint: { | ||
text: "Currently supported attributes are #{RiskIndicator::SUPPORTED_FIELDS.join(", ")}." | ||
} | ||
) %> | ||
|
||
<%= f.govuk_submit "Upload CSV" %> | ||
<% end %> | ||
|
||
<%= govuk_link_to( | ||
"Download CSV", | ||
admin_fraud_risk_csv_download_path(format: :csv), | ||
class: "govuk-button" | ||
) %> | ||
</div> | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -131,3 +131,9 @@ | |
- verification | ||
:journeys_sessions: | ||
- answers | ||
:risk_indicators: | ||
- id | ||
- field | ||
- value | ||
- created_at | ||
- updated_at |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
class CreateRiskIndicators < ActiveRecord::Migration[7.0] | ||
def change | ||
create_table :risk_indicators, id: :uuid do |t| | ||
t.string :field, null: false | ||
t.string :value, null: false | ||
|
||
t.index %i[field value], unique: true | ||
|
||
t.timestamps | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
FactoryBot.define do | ||
factory :risk_indicator do | ||
field { "teacher_reference_number" } | ||
value { "1234567" } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
require "rails_helper" | ||
|
||
RSpec.feature "Admin fraud prevention" do | ||
let(:fraud_risk_csv) do | ||
File.open(Rails.root.join("spec", "fixtures", "files", "fraud_risk.csv")) | ||
end | ||
|
||
before do | ||
sign_in_as_service_operator | ||
end | ||
|
||
context "when updating the list of flagged attributes" do | ||
it "flags any matching claims" do | ||
flagged_claim_trn = create( | ||
:claim, | ||
:submitted, | ||
eligibility_attributes: { | ||
teacher_reference_number: "1234567" | ||
} | ||
) | ||
|
||
flagged_claim_nino = create( | ||
:claim, | ||
:submitted, | ||
national_insurance_number: "QQ123456C" | ||
) | ||
|
||
flagged_claim_trn_and_nino = create( | ||
:claim, | ||
:submitted, | ||
eligibility_attributes: { | ||
teacher_reference_number: "1234567" | ||
}, | ||
national_insurance_number: "QQ123456C" | ||
) | ||
|
||
visit new_admin_fraud_risk_csv_upload_path | ||
attach_file "Upload fraud risk CSV file", fraud_risk_csv.path | ||
click_on "Upload" | ||
|
||
expect(page).to have_content( | ||
"Fraud prevention list uploaded successfully." | ||
) | ||
|
||
visit admin_claim_tasks_path(flagged_claim_trn) | ||
|
||
expect(page).to have_content( | ||
"This claim has been flagged for fraud prevention as it has a " \ | ||
"teacher reference number that is present in the fraud risk CSV." | ||
) | ||
|
||
visit admin_claim_tasks_path(flagged_claim_nino) | ||
|
||
expect(page).to have_content( | ||
"This claim has been flagged for fraud prevention as it has a " \ | ||
"national insurance number that is present in the fraud risk CSV." | ||
) | ||
|
||
visit admin_claim_tasks_path(flagged_claim_trn_and_nino) | ||
|
||
expect(page).to have_content( | ||
"This claim has been flagged for fraud prevention as it has a " \ | ||
"national insurance number and teacher reference number that is " \ | ||
"present in the fraud risk CSV." | ||
) | ||
end | ||
end | ||
|
||
it "allows for downloading the csv" do | ||
visit new_admin_fraud_risk_csv_upload_path | ||
attach_file "Upload fraud risk CSV file", fraud_risk_csv.path | ||
click_on "Upload" | ||
|
||
click_on "Download" | ||
expect(page.body).to eq(fraud_risk_csv.read.chomp) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
field,value | ||
national_insurance_number,qq123456c | ||
teacher_reference_number,1234567 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
field,value | ||
national_insurance_number,qq123456c | ||
teacher_reference_number,1234567 | ||
teacher_reference_number, | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
field,value | ||
national_insurance_number,qq123456c | ||
teacher_reference_number,1234567 | ||
test,1234567 | ||
rest,1234567 |
Oops, something went wrong.