| Table of Contents |
|---|
...
- NHS employee with scopes 'contract_requests:update' can change contract request
- Contract request only in status 'NEW' could be changed.
- NHS employee can change only several field of the contract request but not all of them
Design
TBD
Specification
- apiary
- json_schema
Request
fields for request
- nhs_signer_base
- nhs_contract_price
- nhs_payment_method
Validation
Validate token
- Verify the validity of access token
- Return 401 in case validation fails
- Check if token is not expired
- in case error return 401 - "Token is expired"
...
- Check if user is active
- in case error return 403 - (user is not active)
- check nhs_legal_entity is active
- in case error return 403 - (Client is not active)
- Check user role = "NHS ADMIN SIGNER"
- in case error return 403 "User is not allowed to perform this action"
Validate scopes
- Check user scopes in order to perform this action (scope = 'contract_requests:update')
- Return 403 in case invalid scope(s) "Your scope does not allow to access this resource. Missing allowances: contract_requests:update"
Validate contract request status
...
- Validate request according to json schema
- in case error return 422 ("validation failed")
- validate nhs_contract_price
- nhs_contract_price should be > 0
- in case error return 422 ("Contract price could not be negative")
- nhs_contract_price should be > 0
Response
set
| field | value | contidions |
|---|---|---|
| contract_requests.nhs_signer_id | $.user_id | consumer_id |
| contract_requests.nhs_signer_base | $.nhs_signer_base | |
| contract_requests.issue_city | $.nhs_le_id.addresses.city | type=REGISTRATION |
| contract_requests.nhs_contract_price | $.nhs_contract_price | |
| contract_requests.nhs_payment_method | $.nhs_payment_method | |
| contract_requests.updated_by | $.user_id | |
| contract_requests.updated_at | now() |
contract_request_update_response.json_schema
...