Skip to content

DTR-1170: Wiring in LP-2 #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

DTR-1170: Wiring in LP-2 #28

wants to merge 8 commits into from

Conversation

@yanshengzhangHMRC
Copy link
Contributor

@yanshengzhangHMRC yanshengzhangHMRC commented Nov 26, 2025

No description provided.

jassalrichy
jassalrichy reviewed Nov 26, 2025
View reviewed changes
app/services/ManageService.scala
updatedUa <- Future.fromTry(ua.set(AgentClientsPage, updatedList))
_ <- sessionRepository.set(updatedUa)
} yield AgentLandingViewModel(
clientName = updatedClient.schemeName.getOrElse(""),
Copy link
Contributor

@jassalrichy jassalrichy Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just want to check, should the clientName be the schemeName?

Copy link
Contributor Author

@yanshengzhangHMRC yanshengzhangHMRC Nov 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

I think so as per confirmation from Laiba before, link for above pic is F6

jassalrichy
jassalrichy reviewed Nov 26, 2025
View reviewed changes
conf/app.routes
GET /agent/no-client-list controllers.agent.FailedToRetrieveClientController.onPageLoad()
GET /agent/no-authorised-clients controllers.agent.NoAuthorisedClientsController.onPageLoad()
GET /agent/authorised-client-manage-CIS-returns controllers.agent.AgentLandingController.onPageLoad()
GET /agent/cis-return-dashboard/:uniqueId controllers.agent.AgentLandingController.onPageLoad(uniqueId: String)
Copy link
Contributor

@jassalrichy jassalrichy Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our we ok to expose the uniqueId in the url ?

Copy link
Contributor Author

@yanshengzhangHMRC yanshengzhangHMRC Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding uniqueId as we need something that distinguish different agent clients. If we don't want uniqueId exposed in url, we can refactor the code to use index as we have all agent clients persisted in Mongo.

From the security side, I assume this should be fine. If the agent changes the uniqueId in the url from "123" (authorised) to "456"(unauthorised), we still have the guard in BE to ensure that only client authorised agent can view the landing page for a certain client. So agent would not see client's landing page whose uniqueId is "456".

Also uniqueId is not itself PII like utr or NINO or other sensitive info like tax office no. & ref that are actually exposed in the url in the as-is java service.

jassalrichy
jassalrichy previously approved these changes Nov 26, 2025
View reviewed changes
jassalrichy
jassalrichy reviewed Nov 26, 2025
View reviewed changes
app/views/agent/AgentLandingView.scala.html
Copy link
Contributor

@jassalrichy jassalrichy Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we create a component simial to:
https://github.com/hmrc/customs-financials-secure-messaging-frontend/blob/main/app/views/GovukWrapper.scala.html#L66

Copy link
Contributor

@jassalrichy jassalrichy Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/hmrc/customs-financials-secure-messaging-frontend/blob/main/app/views/components/browserBackLink.scala.html

Copy link
Contributor Author

@yanshengzhangHMRC yanshengzhangHMRC Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Richy, updated now

@platops-pr-bot
Copy link

platops-pr-bot commented Nov 27, 2025

jamalosman
jamalosman approved these changes Nov 27, 2025
View reviewed changes
Copy link
Contributor

@jamalosman jamalosman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jassalrichy jassalrichy jassalrichy left review comments

@jamalosman jamalosman jamalosman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@yanshengzhangHMRC @platops-pr-bot @jamalosman @jassalrichy