| Table of Contents |
|---|
...
- GraphQL schema
- Features
Validation
Validate token
- Verify the validity of access token
- Return 401 in case validation fails
- token is not expired
- in case error return 401
check client type is NHSin case of error rerun forbidden error (Client is not allowed to the action')
Validate scopes
- Check user scopes in order to perform this action (scope = 'merge_request:read')
- Return forbidden in case invalid scope(s) -"Your scope does not allow to access this resource. Missing allowances: merge_request:read"
Verify user and role
Extract from token:
- Validate client_id (is_blocked=false)
- in case of error return 403 Error ('Client is blocked')
- Check user_roles by client_id
- check whether exist role NHS_REVIEWER
- in case of error return 403 Error ('User doesn't have required role')
- check whether exist role NHS_REVIEWER
- Validate client_id is NHS
- check client type is NHS
- in case of error rerun forbidden error (Client is not allowed to the action')
- check client type is NHS
...
- Return response to user limited by context from user's token
- return limited response by manual_merge_requests.assignee_id=$user_id and manual_merge_requests.status in ('NEW', 'POSTPONED')
- in case of error return forbidden ('You are not allowed to view this merge request)
- return limited response by manual_merge_requests.assignee_id=$user_id and manual_merge_requests.status in ('NEW', 'POSTPONED')
- Validate merge_request id. Check merge_requests.id = $.id
- in case error return 404 ("Merge request with id=$id doesn't exist")
...