Purpose

This Methods allows to add items, such as code or service/service_group, to the forbidden group from Admin panel.

Key points

1. This is a graphQl method used in Administration panel only

2. Only authenticated and authorized NHS employee with appropriate scope can add item to Forbidden group.

3. The following kind of items could be added: services, service groups, dictionary codes.

4. Item should be added using DS.

5. Added item should be unique within all active items in Forbidden groups.

6. One or more items can be added at once.

Specification

...

"""
Input for `createForbiddenGroupItems` mutation.
User must have a scope **forbidden_group:write**
"""
input CreateForbiddenGroupItemsInput{
    "Forbidden group identifier."
    forbiddenGroupId: ID!
    "List of service identifiers."
    serviceIds: [ID!]
    "List of service group identifiers."
    serviceGroupIds: [ID!]
    "List of dictionary codes."
    codes:[CreateForbiddenGroupCodeInput!]
}

"""
Input for `codes` in `createForbiddenGroupItems` mutation.
"""
input CreateForbiddenGroupCodeInput {
    "The name of the dictionary. Allowed names: eHealth/ICD10AM/condition_codes, eHealth/ICPC2/actions, eHealth/ICPC2/condition_codes, eHealth/ICPC2/reasons."
    system: String!
    "The value from dictionary. It should be present in the dictionary specified in `system` property"
    code: String!
}

"""
Return type for `createForbiddenGroupItems` mutation.
"""
type CreateForbiddenGroupItemsPayload {
  "Updaed `ForbiddenGroup`."
  forbiddenGroup: ForbiddenGroup
}

...

Logic

Following validations logic used in the CreateForbiddenGroupItemsMutation mutation

1. Save signed content to media storage

2. For each element in the service_group_ids array save data to forbidden_group_services table (PRM DB):

   1. set forbidden_group_id = $.forbidden_group_id

   2. set service_id = null

   3. set service_group_id = $.service_group_id

   4. set creation_reason = $.creation_reason

3. For each element in the service_ids array save data to forbidden_group_services table:

   1. set forbidden_group_id = $.forbidden_group_id

   2. set service_id = $.service_id

   3. set service_group_id = null

   4. set creation_reason = $.creation_reason

4. For each element in the codes array save data to forbidden_group_codes table (PRM DB):

   1. set forbidden_group_id = $.forbidden_group_id

   2. set system = $.system

   3. set code = $.

...

1. 1. code

   2. set creation_reason = $.creation_reason

2. Set another fields according to https://e-health-ua.atlassian.net/wiki/spaces/FORBIDDEN/pages/2087190529

3. Clear cache

Request structure

Authorize

• Verify the validity of access token

  • in case of error - return 401 (“Invalid access token”) in case of validation fails

• Verify that token is not expired

  • in case of error - return 401 (“Invalid access token”)

• Check user scopes in order to perform this action (scope = 'forbidden_group:write')

  • return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”) in case of invalid scope(s)

Headers

Request data validation

Validations

Following validations used in the CreateForbiddenGroupItemsMutation mutation.

Validate legal entity

• Extract client_id from token.

• Check client scopes in order to perform this action (scope = 'forbidden_group:write')

  • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”)

• Check legal entity status (status = ACTIVE)

  • In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate Digital Sign

• Validate request is signed

  • in case of error - return 422 (“document must be signed by 1 signer but contains 0 signatures”)

• Check DS is valid and not expired

• Validate that DS belongs to the user

  • Check that DRFO from DS and party.tax_id matches

    • in case of error - return 409 (“Signer DRFO doesn't match with requester tax_id“)

Validate request

1. Check forbidden_group_id submitted in the request

• in case not submitted - return 422 ('required property forbidden_group_id was not present')

• in case not exist or is not active - return 404 ('not found')

...

• in case of error - return 422 ('required property creation_reason was not present')

Service logic

Following logic used in the CreateForbiddenGroupItemsMutation mutation

...

Save signed content to media storage

...

For each element in the service_group_ids array save data to forbidden_group_services table (PRM DB):

1. set forbidden_group_id = $.forbidden_group_id

2. set service_id = null

3. set service_group_id = $.service_group_id

4. set creation_reason = $.creation_reason

...

For each element in the service_ids array save data to forbidden_group_services table:

1. set forbidden_group_id = $.forbidden_group_id

2. set service_id = $.service_id

3. set service_group_id = null

4. set creation_reason = $.creation_reason

...

For each element in the codes array save data to forbidden_group_codes table (PRM DB):

1. set forbidden_group_id = $.forbidden_group_id

2. set system = $.system

3. set code = $.code

4. set creation_reason = $.creation_reason

...

Set another fields according to /wiki/spaces/FORBIDDEN/pages/2087190529

...

Processing

Response structure

Post-processing processes

HTTP status codes