Versions Compared

Old Version 6

changes.mady.by.user Yuliia Mazur (UA SoE eHealth)

Saved on

compared with

New Version 7

changes.mady.by.user Yuliia Mazur (UA SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

Purpose

This WS allows to verify person set verification status for persons' records using Admin panel.

...

NHS verification statuses for coded rules:

...

Key points

  1. This is a graphQl method used in Administration panel only

  2. Only authenticated and authorized NHS employee with appropriate scope can verify persons.

  3. If person becomes not verified, then it’s declaration should be terminated immediately. And after a while, person should also become inactive.When a person becomes not verified, there should be a comment from NHS whywas marked as NOT VERIFIED by NHS employee - there will be some limitations for such record. It is not possible to create new declaration and some medical events until appropriate changes conducted and documents provided.

  4. NHS employee is obliged to provide comment if he is setting NOT VERIFIED verification status.

Specification

Page Properties
idAPI_Specification

Link

API paragraph not found-

Посилання на Apiary або Swagger

Resource

API paragraph not found/graphql

Посилання на ресурс, наприклад: /api/persons/create

Scope

person:verify

Scope для доступу

Components

API paragraph not foundPatient registry

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not foundmpi/api

il/api (rpc)

fe/admin-web

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

API paragraph not foundGraphQL

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

API paragraph not foundPOST

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

API paragraph not foundSync

Метод є синхронним чи асинхронним?

Public/Private/Internal

Private

Потрібно зазначити тип методу за ступенем доступності

Expand
titleindex.graphql
Code Block
languagegraphql
  "Updates manual rules verification status for a single `Person` by NHS using its globally unique ID."
  updatePersonVerificationStatusupdatePersonManualRulesVerificationStatus(
    input: UpdatePersonVerificationStatusInputUpdatePersonManualRulesVerificationStatusInput!
  ): UpdatePersonVerificationStatusPayloadUpdatePersonManualRulesVerificationStatusPayload

Expand
titleUpdatePersonVerificationStatusMutation
Code Block
"""
Input for `updatePersonVerificationStatus``updatePersonManualRulesVerificationStatus` mutation.
"""
input UpdatePersonVerificationStatusInputUpdatePersonManualRulesVerificationStatusInput {
  "Person unique identifier."
  personId: ID!
  "Person verification status according to manual rules"
  verificationStatusmanualRulesVerificationStatus: PersonVerificationStatus!
  "Description about person verification status"
  verificationComment: String
}

"""
Return type for `updatePersonVerificationStatus``updatePersonManualRulesVerificationStatus` mutation.
In order to verify person user must have a scope `person:verify`.
"""
type UpdatePersonVerificationStatusPayloadUpdatePersonManualRulesVerificationStatusPayload {
  "Payload for person."
  person: Person!
}

Logic

Set fields in persons table (mpi database):

...

...
verification_comment = $.verification_comment, in case of NOT_VERIFIED. And verification_comment = NULL, in case of VERIFIED
...
verification_reason = MANUAL
...
updated_by = user_id (from token)
...
updated_at = current timestamp
...
Create StateChangeEvent in event manager with verification_status
...
Add record to audit_log with changed fields
Request structure
API paragraph not found
Authorize
  • Verify the validity of access token
    • in case of error - return 401 (“Invalid access token”) in case of validation fails
  • Verify that token is not expired
    • in case of error - return 401 (“Invalid access token”)
  • Check user scopes in order to perform this action (scope = 'person:verify')
    • return 403 (“Your scope does not allow to access this resource. Missing allowances: person:verify”) in case of invalid scope(s)
Request structure
-
Headers
API paragraph not found-
Request data validation
Validate legal entity
  • Extract client_id from token.
  • Check client scopes in order to perform this action (scope = 'person:verify')
    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: person:verify”)
  • Check legal entity status (status = ACTIVE)
    • In case of error - return 409 ('client_id refers to legal entity that is not active')
Validate request
Field personId, required. Check if it is present.
  • in case of error, return "Argument "input" has invalid value $input. In field "personId": Expected type "ID!", found null."
Check $.personId is ID from MPI.person.id
  • validate $.personId is UUID and UUID is version 4
    • in case of error, return 422
  • search person $.personId in MPI.person.(id = $.personId) and MPI.person.(id = $.personId).is_active = true then ok
    • in case of error, return 404, "Such person doesn't exist"
  • validate that person is active MPI.person.(id = $.personId).status = ‘active’
    • in case of error, return 409, "Such person isn't active"
Field verificationStatus, required
  • Check it is submitted 
    • in case of error - return 422 ('required property <name/creation_reason> was not present')
  • Check value is allowed according to https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/16755458061/Person + verification + status + model+_EN.
    • in case of error - return 422 ('value is not allowed in enum')
  • Check status transition allowed according to https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/16755458061/Person + verification + status + model+_EN. For transition VERIFICATION_NEEDED to IN_REVIEW it is required to have verification reason = RULES_TRIGGERED, if there are other reasons - an error should be returned.
    • If transition is allowed then
      • (if (initial verificationStatus = VERIFICATION_NEEDED and ( verificationReason = RULES_PASSED or verificationReason = INITIAL)) then
        • return error, 409 ('Such person can't be transferred into manual verification process')
      • else Ok)
    • else show error
      • return 409 ('Can\'t update verification status from <old status value> to <new status value>')
Field verificationComment , required at specific case
  • if verification_status = NOT_VERIFIED
    • in case of error - return 409 ('verification status comment is required')
Service logic
  1. Set fields person_verifications table (mpi database):
    1. nhs_verification_status = $.verification_status
    2. nhs_verification_comment = $.verification_comment
    3. nhs_verification_reason = MANUAL
    4. updated_by = user_id (from token)
    5. updated_at = current timestamp
  2. Calculate cumulative verification status based on persons verification status in each stream:
    Manual NHS verification, DRFO registry verification, DRACS death acts registry verification according to logic described at https://e-health-ua.atlassian.net/wiki/spaces/DRACS/pages/17250582534/Person+verification+status+model_EN#Cumulative-verification-status:
    • Set calculated status to persons.verification_status field
    • Create StatusChangeEvent in event manager with new verification status if it was changed
  3. Create StatusChangeEvent in event manager with verification_status
Processing
API paragraph not found
Response structure
API paragraph not found
Post-processing processes
API paragraph not found
HTTP status codes
API paragraph not found