BUG: Sealed Case information displays in the consolidated-cases JSON when the case is part of a consolidated group

[ttlenard]

Describe the Bug
A clear and concise description of what the bug is.
If one or more cases in a consolidated group are sealed, but other cases in the group are not, when a party to a case that is NOT sealed opens the console when viewing their case and clicks on the "consolidated-cases" JSON, then they have access to the sealed case information. This was found while testing #9596 and #9600. After the devs reviewed the code, this is actually an issue that has been present, and was not introduced with #9596 or #9600.

Notes:

• Public non-logged in users are NOT seeing sealed case info when viewing one of the cases in the consolidated group that is not sealed! YAY!
• Petitioner: Add Consolidated Card to Case Information Screen #9596 and Practitioner: Add Consolidated Card to Case Information Screen #9600 are blocked from being deployed to production until this bug is fixed and we have time to do some regression testing with Sealed Cases
• Question - If you are a party to a sealed case, would the case information display for you via the JSON still?

Tasks

• Format Case as Public Case for non-party view of member (consolidated) cases
• Investigate how Case entites are (un)/sealing itself, specifically the necessity of having both isSealed and sealedDate representing the seal state of a case. Possibly create devex task

Business Impact/Reason for Severity
High

In which environment did you see this bug?
Test, Staging

Who were you logged in as?
Private Practitioner, IRS, Petitioner

What were you doing when you discovered this bug? (Using the application, demoing, smoke tests, testing other functionality, etc.) Testing other functionality

To Reproduce
Steps to reproduce the behavior:

Preconditions - Petitioner, Private Practitioner, or IRS Practitioner is party to a non-sealed case that is part of a consolidated group. As a docket clerk, be sure to seal at least ONE different case that is part of the consolidated group.

1. Log in as Petitioner, Private Practitioner, or IRS practitioner
2. Open up the console app, and be on the network tab
3. From the My Cases page, click on the docket number link of the case you are a party to
4. In the console, click on the "consolidated-cases" JSON.
5. Notice that all the case info about the Sealed case in the group in showing.

Expected Behavior
A clear and concise description of what you expected to happen.

Sealed case information should not be displayed to other parties, even if the case is part of a consolidated group.

Actual Behavior
A clear and concise description of what actually happened.
Sealed case info is displayed for parties not associated with the case in the console

Screenshots
If applicable, add screenshots to help explain your problem.

Here is where you can see all the sealed case info:

This is what this SHOULD look like when viewing the case JSON. We display very little for sealed cases:

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Cause of Bug, If Known

Process for Logging a Bug:

• Complete the above information
• Add a severity tag (Critical, High Severity, Medium Severity or Low Severity). See below for priority definition.

Severity Definition:

• Critical Defect
  Blocks entire system's or module’s functionality
  No workarounds available
  Testing cannot proceed further without bug being fixed.

• High-severity Defect
  Affects key functionality of an application
  There's a workaround, but not obvious or easy
  App behaves in a way that is strongly different from the one stated in the requirements

• Medium-severity Defect
  A minor function does not behave in a way stated in the requirements.
  Workaround is available and easy

• Low-severity Defect
  Mostly related to an application’s UI
  Doesn't need a workaround, because it doesn't impact functionality

Definition of Ready for Bugs(Created 10-4-21)

Definition used: A failure or flaw in the system which produces an incorrect or undesired result that deviates from the expected result or behavior. (Note: Expected results are use cases that have been documented in past user stories as acceptance criteria and test cases, and do not include strange behavior unrelated to use cases.)

The following criteria must be met in order for the development team to begin work on the bug.

The bug must:

• Be focused on solving a user problem
• Contain data for all fields in the bug template, so the team can pick it up and begin working immediately

Process: If the unexpected results are new use cases that have been identified, but not yet built, new acceptance criteria and test cases should be captured in a new user story and prioritized by the product owner.

If the Court is not able to reproduce the bug, add the “Unable to reproduce” tag. This will provide visibility into the type of support that may be needed by the Court. In the event that the Court cannot reproduce the bug, the Court will work with Flexion to communicate what type of troubleshooting help may be needed.

Definition of Done (Updated 4-14-21)

Product Owner

• Bug fix has been validated in the Court's test environment

Engineering

• Automated test scripts have been written
• Field level and page level validation errors (front-end and server-side) integrated and functioning
• Verify that language for docket record for internal users and external users is identical
• New screens have been added to pa11y scripts
• All new functionality verified to work with keyboard and macOS voiceover https://www.apple.com/voiceover/info/guide/_1124.html
• READMEs, other appropriate docs, JSDocs and swagger/APIs fully updated
• UI should be touch optimized and responsive for external only (functions on supported mobile devices and optimized for screen sizes as required)
• Interactors should validate entities before calling persistence methods
• Code refactored for clarity and to remove any known technical debt
• Deployed to the Court's test environment if prod-like data is required. Otherwise, deployed to any experimental environment for review.

[ujahio]

PR 2699 fixes and explains the solution for this bug.

[ujahio]

The expected behavior for this bug, orginally, was to limit the information for unassociated parties to sealed cases in a consolidated group. Upon conversation with @cholly75 , we are limiting case information for unassociated parties to any case in a consolidated group irrespective of the case being sealed.

[cholly75]

Need to regression test this with IRS recon report/service agent