...

• nhs_signer_id
• nhs_signer_base
• nhs_contract_price
• nhs_payment_method
• issue_city
• Miscellaneous

Validation

Validate token

• Verify the validity of access token
  • Return 401 in case validation fails
• Check if token is not expired
  • in case error return 401 - "Token is expired"

...

• Check if user is active
  • in case error return 403 - (user is not active)
• check nhs_legal_entity is active
  • in case error return 403 - (Client is not active)
• Check user role = "NHS ADMIN SIGNER"
  • in case error return 403 "User is not allowed to perform this action"

Validate scopes

• Check user scopes in order to perform this action (scope = 'contract_request:update')
  • Return 403 in case invalid scope(s) "Your scope does not allow to access this resource. Missing allowances: contract_request:update"

Validate contract request status

...

1. Validate contract request id exists in DB
   1. in case error return 404 ("Contract request with id=$id doesn't exist")
2. Validate request according to json schema
   1. in case error return 422 ("validation failed")
3. Validate OPS.contract_request.contract_type == $.contract_type
   1. in case of error return 409 ("Contract_type does not correspond to previously created content")
4. validate nhs_contract_price 
   1. in case contract_type =` REIMBURSEMENT` nhs_contract_price  shouldn`t be submitted
      1. in case of error return 409 - "nhs_contract_price is unavailable for reimbursement contract requests`
   2. nhs_contract_price should be >= 0
      1. in case error return 422 ("Contract price could not be negative")
5. Validate $nhs_signer_id: fetch prm.employees.id=$nhs_signer_id 
   1. check client_id=prm.employees.legal_entity_id
      1. in case of error return 422 Error (Employee doesn't belong to legal_entity)
   2. check status='APPROVED' and is_active=true
      1. in case of error return 422 Error (Employee must be active)

Response

set 

contract_request_update_response.json_schema

...