Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
minLevel1
maxLevel7

Purpose

This WS allows to approve pending declaration from Admin panel.

Key points

  1. This is a graphQl method used in Administration panel only.

  2. Only authenticated and authorized NHS employee with appropriate scope can approve pending declaration.

  3. Only pending declaration (in status ‘pending_verification’) can be approved.

Specification

Page Properties
idAPI_Specification

Link

Посилання на Apiary або Swagger

Resource

Посилання на ресурс, наприклад: /api/persons/create

Scope

declaration:approve

Scope для доступу

Components

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Метод є синхронним чи асинхронним?

Public/Private/Internal

Internal

Потрібно зазначити тип методу за ступенем доступності

Expand
titleapproveDeclaration
Code Block
languagegraphql
"Approves a single `Declaration` using its globally unique ID."
approveDeclaration(input: ApproveDeclarationInput!): ApproveDeclarationPayload
Code Block
languagegraphql
"""
Input for `approveDeclaration` mutation.
"""
input ApproveDeclarationInput {
  "Reads a single `Declaration` using its globally unique ID."
  id: ID!
}

"""
Return type for `approveDeclaration` mutation.
"""
type ApproveDeclarationPayload {
  "Payload for `declaration`."
  declaration: Declaration!
}

"""
Declaration combines data about Patient, Employee, LegalEntity and Division.
In order to obtain details user must have a scope `declaration:read`.
"""
type Declaration implements Node {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "unique human redable number of declaration"
  declarationNumber: String!
  "The date when declaration takes effect"
  startDate: Date!
  "The date wher declaration ends."
  endDate: Date!
  "The date when declaration is signed by doctor."
  signedAt: DateTime!
  "Status ah yhe declaration, is set automatically."
  status: DeclarationStatus!
  "type of declaration, as for now it's only one type =`family_doctor`"
  scope: String
  "The reason of declining the declaration, is set automatically on declining declaration."
  reason: String
  "Free text for declining declaration, is filled by the person who declined declaration."
  reasonDescription: String
  "Legal entity information, where declaration was signed."
  legalEntity: LegalEntity!
  "Patient information."
  person: Person!
  "Division in legal entity where medical services are provided."
  division: Division!
  "Doctor information, who signed declaration."
  employee: Employee!
  "Documents which were attahced to declarations."
  declarationAttachedDocuments: [DeclarationAttachedDocument]
}

"""
List of declaration statuses.
"""
enum DeclarationStatus {
  "Status `Active` for declaration."
  ACTIVE
  "Status `CLOSED` for declaration."
  CLOSED
  "Status `PENDING_VERIFICATION` for declaration."
  PENDING_VERIFICATION
  "Status `REJECTED` for declaration."
  REJECTED
  "Status `TERMINATED` for declaration."
  TERMINATED
}

"""
Structure of documents attached to the declaration.
"""
type DeclarationAttachedDocument {
  "The type of document."
  type: String!
  "Link for uploading scan copies of the documnet, is generated by e-Health."
  url: String!
}

...

Logic

  1. Update data:

    1. declarations table by declaration_id

      1. set status = ‘active’

      2. set updated_at, updated_by

Authorize

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'declaration:approve')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:approve”) in case of invalid scope(s)

Request data validation

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'declaration:approve')

    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:approve”)

  • Check client type (type = NHS)

    • In case of error - return 403 ('You don't have permission to access this resource')

...

  • Check declaration_id submitted

    • in case not submitted - return 422 ('required property declaration_id was not present')

    • in case does not exist in OPS db - return 404 ('Declaration not found')

    • in case exists in OPS db but is not active - return 409

Service logic

Update data:

declarations table by declaration_id

...

set status = ‘active’

...

Processing

API paraagraph not found

Response structure

API paraagraph not found

Post-processing processes

API paraagraph not found

HTTP status codes

API paraagraph not found