feat: add Ivanti Queue redirect for completed items
This commit is contained in:
jramos
72
.kiro/specs/ivanti-queue-redirect/requirements.md
Normal file
72
.kiro/specs/ivanti-queue-redirect/requirements.md
Normal file
@@ -0,0 +1,72 @@
|
||||
# Requirements Document
|
||||
|
||||
## Introduction
|
||||
|
||||
The Ivanti Queue Redirect feature gives users the option to redirect any completed queue item to a different workflow type. Not every completed item needs a redirect — many items are fully resolved once their workflow completes. However, some findings require further action under a different workflow. The primary use case is CARD items where the inventory fix is done but the finding still needs an FP or Archer workflow. It also supports correcting items that were assigned to the wrong team by redirecting them after a CARD fix. Redirecting is always a user-initiated, optional action that creates a new pending queue item with the target workflow type, preserving the original finding data.
|
||||
|
||||
## Glossary
|
||||
|
||||
- **Queue_Panel**: The slide-out panel in the frontend that displays the user's Ivanti todo queue items grouped by vendor, with CARD items in a separate top section.
|
||||
- **Queue_Item**: A row in the `ivanti_todo_queue` table representing a finding assigned to a workflow type (FP, Archer, or CARD) with a status of pending or complete.
|
||||
- **Redirect**: The action of creating a new pending Queue_Item from an existing completed Queue_Item, changing the workflow type and optionally setting a vendor.
|
||||
- **Workflow_Type**: One of three processing tracks for a finding: FP (False Positive), Archer (risk acceptance), or CARD (inventory correction).
|
||||
- **Vendor**: The vendor string associated with a Queue_Item. Required for FP and Archer workflow types, optional for CARD.
|
||||
- **Redirect_API**: The backend endpoint `POST /api/ivanti/todo-queue/:id/redirect` that performs the redirect operation.
|
||||
- **Redirect_Modal**: The frontend dialog that collects the target workflow type and vendor from the user before executing a redirect.
|
||||
|
||||
## Requirements
|
||||
|
||||
### Requirement 1: Redirect a Completed Queue Item via API
|
||||
|
||||
**User Story:** As an editor or admin, I want to redirect a completed queue item to a different workflow type, so that I can continue processing a finding under the correct workflow after initial work is done.
|
||||
|
||||
#### Acceptance Criteria
|
||||
|
||||
1. WHEN a user submits a redirect request for a completed Queue_Item, THE Redirect_API SHALL create a new Queue_Item with status "pending", the specified target Workflow_Type, and the same finding_id, finding_title, cves_json, ip_address, and hostname as the original Queue_Item.
|
||||
2. WHEN a user submits a redirect request with a target Workflow_Type of "FP" or "Archer", THE Redirect_API SHALL require a non-empty vendor string of 200 characters or fewer.
|
||||
3. WHEN a user submits a redirect request with a target Workflow_Type of "CARD", THE Redirect_API SHALL accept the request without requiring a vendor.
|
||||
4. IF a user submits a redirect request for a Queue_Item that is not in "complete" status, THEN THE Redirect_API SHALL return a 400 error with a descriptive message.
|
||||
5. IF a user submits a redirect request for a Queue_Item that belongs to a different user, THEN THE Redirect_API SHALL return a 404 error.
|
||||
6. IF a user submits a redirect request with an invalid Workflow_Type, THEN THE Redirect_API SHALL return a 400 error indicating valid options are FP, Archer, or CARD.
|
||||
7. WHEN a redirect is successfully completed, THE Redirect_API SHALL return the newly created Queue_Item with a 201 status code.
|
||||
|
||||
### Requirement 2: Audit Logging for Redirects
|
||||
|
||||
**User Story:** As an admin, I want redirect actions to be recorded in the audit log, so that I can track workflow changes for compliance and accountability.
|
||||
|
||||
#### Acceptance Criteria
|
||||
|
||||
1. WHEN a redirect is successfully completed, THE Redirect_API SHALL log an audit entry with action "queue_item_redirected", the user's ID and username, the original Queue_Item ID as entityId, and details including the original Workflow_Type, the target Workflow_Type, the new Queue_Item ID, and the vendor.
|
||||
2. THE Redirect_API SHALL use entityType "ivanti_todo_queue" for all redirect audit entries.
|
||||
|
||||
### Requirement 3: Redirect UI in the Queue Panel
|
||||
|
||||
**User Story:** As a user, I want a redirect button on completed queue items, so that I can easily initiate a redirect without leaving the Queue_Panel.
|
||||
|
||||
#### Acceptance Criteria
|
||||
|
||||
1. WHILE a Queue_Item has status "complete", THE Queue_Panel SHALL display a redirect button on that item.
|
||||
2. WHILE a Queue_Item has status "pending", THE Queue_Panel SHALL hide the redirect button on that item.
|
||||
3. WHEN the user clicks the redirect button on a completed Queue_Item, THE Queue_Panel SHALL open the Redirect_Modal pre-populated with the finding details from the selected item.
|
||||
|
||||
### Requirement 4: Redirect Modal Workflow
|
||||
|
||||
**User Story:** As a user, I want a modal dialog to select the target workflow type and vendor when redirecting, so that I can confirm the redirect details before submitting.
|
||||
|
||||
#### Acceptance Criteria
|
||||
|
||||
1. THE Redirect_Modal SHALL display a workflow type selector with options FP, Archer, and CARD.
|
||||
2. WHEN the user selects FP or Archer as the target Workflow_Type, THE Redirect_Modal SHALL display a required vendor input field.
|
||||
3. WHEN the user selects CARD as the target Workflow_Type, THE Redirect_Modal SHALL hide the vendor input field.
|
||||
4. THE Redirect_Modal SHALL display the finding title, finding ID, and current Workflow_Type of the item being redirected as read-only context.
|
||||
5. WHEN the user confirms the redirect in the Redirect_Modal, THE Queue_Panel SHALL call the Redirect_API and add the newly created Queue_Item to the displayed list without requiring a full page refresh.
|
||||
6. IF the Redirect_API returns an error, THEN THE Redirect_Modal SHALL display the error message to the user and remain open.
|
||||
7. WHEN the redirect succeeds, THE Redirect_Modal SHALL close and THE Queue_Panel SHALL display a success notification.
|
||||
|
||||
### Requirement 5: Fix PUT Endpoint Validation Message
|
||||
|
||||
**User Story:** As a developer, I want the PUT endpoint validation message to accurately list all valid workflow types, so that API consumers receive correct error guidance.
|
||||
|
||||
#### Acceptance Criteria
|
||||
|
||||
1. WHEN a user submits an invalid workflow_type to the PUT /api/ivanti/todo-queue/:id endpoint, THE Redirect_API SHALL return an error message stating "workflow_type must be FP, Archer, or CARD".
|
||||
Reference in New Issue
Block a user