Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

...

This WS allows to verify person using Admin panel.

...

Key points

  1. This is a graphQl method used in Administration panel only

  2. Only authenticated and authorized NHS employee with appropriate scope can verify persons.

  3. If person becomes not verified, then it’s declaration should be terminated immediately. And after a while, person should also become inactive.

  4. When a person becomes not verified, there should be a comment from NHS why

Specification

Page Properties
idAPI_Specification

Link

Посилання на Apiary або Swagger

Resource

Посилання на ресурс, наприклад: /api/persons/create

Scope

person:verify

Scope для доступу

Components

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Метод є синхронним чи асинхронним?

Public/Private/Internal

Потрібно зазначити тип методу за ступенем доступності

Expand
titleindex.graphql
Code Block
languagegraphql
  "Updates verification status for a single `Person` by NHS using its globally unique ID."
  updatePersonVerificationStatus(
    input: UpdatePersonVerificationStatusInput!
  ): UpdatePersonVerificationStatusPayload

Expand
titleUpdatePersonVerificationStatusMutation
Code Block
"""
Input for `updatePersonVerificationStatus` mutation.
"""
input UpdatePersonVerificationStatusInput {
  "Person unique identifier."
  personId: ID!
  "Person verification status"
  verificationStatus: PersonVerificationStatus!
  "Description about person verification status"
  verificationComment: String
}

"""
Return type for `updatePersonVerificationStatus` mutation.
In order to verify person user must have a scope `person:verify`.
"""
type UpdatePersonVerificationStatusPayload {
  "Payload for person."
  person: Person!
}

...

Logic

  1. Set fields in persons table (mpi database):

    1. verification_status = $.verification_status

    2. verification_comment = $.verification_comment, in case of NOT_VERIFIED. And verification_comment = NULL, in case of VERIFIED

    3. verification_reason = MANUAL

    4. updated_by = user_id (from token)

    5. updated_at = current timestamp

  2. Create StateChangeEvent in event manager with verification_status

  3. Add record to audit_log with changed fields

Request structure*

See on Apiary

Authorize

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'person:verify')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: person:verify”) in case of invalid scope(s)

Headers

Request data validation

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'person:verify')

    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: person:verify”)

  • Check legal entity status (status = ACTIVE)

    • In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate request

Field personId, required

Check $.personId is ID from MPI.person.id

  • validate $.personId is UUID and UUID is version 4

    • in case of error, return 422

  • search person $.personId in MPI.person.(id = $.personId) and MPI.person.(id = $.personId).is_active = true then ok

    • in case of error, return 404, "Such person doesn't exist"

  • validate that person is active MPI.person.(id = $.personId).status = ‘active’

    • in case of error, return 409, "Such person isn't active"

Field verificationStatus, required

Field verificationComment , required at specific case

  • if verification_status = NOT_VERIFIED

    • in case of error - return 409 ('verification status comment is required')

Service logic

...

Set fields in persons table (mpi database):

  1. verification_status = $.verification_status

  2. verification_comment = $.verification_comment, in case of NOT_VERIFIED. And verification_comment = NULL, in case of VERIFIED

  3. verification_reason = MANUAL

  4. updated_by = user_id (from token)

  5. updated_at = current timestamp

...

Create StateChangeEvent in event manager with verification_status

...

Processing

Response structure

See on Apiary

Post-processing processes

HTTP status codes