Purpose

This WS is designed to get list of persons that require a decision about its verification by NHS.

Statements 

1. This is a graphQl query method used in Administration panel only.

2. Only authenticated and authorized NHS employee with appropriate scope can search for unverified persons.

3. User can filter list by search params

...

Authorize

Verify the validity of access token

1. in case of error return 401 ('Access denied')

2. Check user scope person:read in order to perform this action

   1. in case of error generate 403 response ('You don’t have permission to access this resource: person:read')

Validate legal entity

• Extract client_id from token.

• Check client has scope person:read

  • in case of error - return 403 (“You don’t have permission to access this resource: person:read”)

• Check legal entity type = NHS

  • In case of error - return 403 ('You don’t have permission to access this resource')

...

Specification

  "Reads and enables pagination through a set of unverified `Person`."
   unverifiedPersons(
     "A condition to be used in determining which values should be returned by the collection."
     filter: UnverifiedPersonFilter
     "The method to use when ordering collection items."
     orderBy: PersonOrderBy
     "Read all values in the set after (below) this cursor."
     after: String
     "Read all values in the set before (above) this cursor."
     before: String
     "Only read the first _n_ values of the set."
     first: Int
     "Only read the last _n_ values of the set."
     last: Int
   ): PersonConnection!
"""
 Fields to filter unverified Persons
 """
 input UnverifiedPersonFilter {
   "Values to show whether person is unverified"
   verificationStatus: UnverifiedPersonStatus
 }
 
 """
 List of values of `PersonVerificationStatus` that represent persons who has no decision about verification yet.
 """
 enum UnverifiedPersonStatus {
   "Status `VERIFICATION_NEEDED` for an unverified person."
   VERIFICATION_NEEDED
   "Status `IN_REVIEW` for an unverified person."
   IN_REVIEW
 }

Search params

Logic

1. Get list of records from persons table (mpi db):

   1. with verification status VERIFICATION_NEEDED (with reason RULES_TRIGGERED) or IN_REVIEW , additionally filtered by search params and

   2. which have is_active = true and

   3. status = active

2. Render list with Person data according to schema.

Request structure

See on Apiary

Authorize

Verify the validity of access token

1. in case of error return 401 ('Access denied')

2. Check user scope person:read in order to perform this action

   1. in case of error generate 403 response ('You don’t have permission to access this resource: person:read')

Headers

Request data validation

• Extract client_id from token.

• Check client has scope person:read

  • in case of error - return 403 (“You don’t have permission to access this resource: person:read”)

• Check legal entity type = NHS

  • In case of error - return 403 ('You don’t have permission to access this resource')

Processing

There is following search parameters allowed:

...

Comment: for optimal code selection is conducted on wider clause, such as VERIFICATION_NEEDED, IN_REVIEW with any of these two reasons: RULES_TRIGGERED, MANUAL.

Service logic

...

Get list of records from persons table (mpi db):

1. with verification status VERIFICATION_NEEDED (with reason RULES_TRIGGERED) or IN_REVIEW , additionally filtered by search params and

2. which have is_active = true and

3. status = active

...

Response structure

See on Apiary

Post-processing processes

HTTP status codes