Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Purpose

...

  1. only  users with scope "merge_request:read" can get list of merge_request

Specification

...

Code Block
languagejs
title

...

GraphQL schema
collapsetrue
"""
Methods to use when ordering `Merge Request`.
"""
enum MergeRequestOrderBy {
  "Sort Person by inserted at in ascending order."
  INSERTED_AT_ASC
  "Sort Person by inserted at in descending order."
  INSERTED_AT_DESC
  "Sort Person by birth date in ascending order."
  STATUS_ASC
  "Sort Person by birth date in descending order."
  STATUS_DESC
}

"""
A connection to a list of `MergeRequest` values.
"""
type MergeRequestConnection {
  "Information to aid in pagination."
  pageInfo: PageInfo!
  "Flag which shows whether NEW merge candidate can be assigned to the User"
  canAssignNew: Boolean!
  "A list of nodes."
  nodes: [MergeRequest]
  "A list of edges."
  edges: [MergeRequestEdge]
}

"""
Reads and enables pagination through a set of `MergeRequest`.
"""
type MergeRequestEdge {
  "The item at the end of the edge."
  node: MergeRequest!
  "A cursor for use in pagination."
  cursor: String!
}

"""
Return type for `assignMergeCandidate` mutation.
"""
type AssignMergeCandidatePayload {
  "Information of pair of persons which can be same."
  mergeRequest: MergeRequest!
}

"""
Input for `updateMergeRequest` mutation.
In order to update status user must have a scope `merge_request:write`
"""
input UpdateMergeRequestInput {
  "Primary key identifier from the database"
  id: ID!
  "next status of merge request"
  status: MergeRequestStatus!
  "comment which user can leave"
  comment: String
}

"""
Return type for `updateMergeRequest` mutation.
"""
type UpdateMergeRequestPayload {
  "Information of pair of persons which can be same."
  mergeRequest: MergeRequest!
}

"""
This is Merge Request details. In order to obtain details user must have a scope **merge_request:read**
"""
type MergeRequest implements Node {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "The pair of persons which is considerated to be the same person"
  manualMergeCandidate: ManualMergeCandidate!
  "status of merge request"
  status: MergeRequestStatus!
  "comment which user can leave"
  comment: String
  "Technical information when the patient was inserted into the DB."
  insertedAt: DateTime!
  "Technical information when the patient was updated in the DB."
  updatedAt: DateTime!
}

"""
List of MergeRequest statuses.
"""
enum MergeRequestStatus {
  "Status `MERGE` for a merge request"
  MERGE
  "Status `NEW` for a merge request"
  NEW
  "Status `POSTPONE` for a merge request"
  POSTPONE
  "Status `SPLIT` for a merge request"
  SPLIT
  "Status `TRASH` for a merge request"
  TRASH
}

"""
Information about Manual Merge Candidate.
"""
type ManualMergeCandidate {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "The pair of persons which is considerated to be the same person"
  mergeCandidate: MergeCandidate!
  "status of merge candidate"
  status: ManualMergeCandidateStatus
  "Technical information when the patient was inserted into the DB."
  insertedAt: DateTime!
  "Technical information when the patient was updated in the DB."
  updatedAt: DateTime!
}

"""
Information about Merge Candidate.
"""
type MergeCandidate {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "The person wich will be deactivated"
  person: Person!
  "The person wich will remain"
  masterPerson: Person!
}

"""
List of Merge candidate statuses
"""
enum ManualMergeCandidateStatus {
  "Status `NEW` for a merge request"
  NEW
  "Status `PROCESSED` for a merge request"
  PROCESSED
}


Validation

Validate token

  • Verify the validity of access token
    • Return 401 in case validation fails
  • token is not expired
    • in case error return 401 

Validate scopes

  • Check user scopes in order to perform this action (scope = 'merge_request:read')
    1. Return forbidden in case invalid scope(s) -"Your scope does not allow to access this resource. Missing allowances: merge_request:read"

Verify user and role

Extract from token:

...

  1. Return response to user limited by context from user's token
    1. return limited response by manual_merge_requests.assignee_id=$user_id and manual_merge_requests.status in ('NEW', 'POSTPONE')
      1. in case of error return forbidden ('You are not allowed to view this merge request)
  2. Validate merge_request id. Check merge_requests.id = $.id
    1. in case error return 404 ("Merge request with id=$id doesn't exist")

...