Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

  • GraphQL schema
  • Features

Validation

Validate token

  • Verify the validity of access token
    • Return 401 in case validation fails
  • token is not expired
    • in case error return 401 
  • Validate client_id is NHS
    1. check client type is NHS
      1. in case of error rerun forbidden error (Client is not allowed to the action')

Validate scopes

  • Check user scopes in order to perform this action (scope = 'merge_request:read')
    1. Return forbidden in case invalid scope(s) -"Your scope does not allow to access this resource. Missing allowances: merge_request:read"

Verify user and role

Extract from token:

  1. Validate client_id (is_blocked=false)
    1. in case of error return 403 Error ('Client is blocked')
  2. Check user_roles by client_id 
    1. check whether exist role NHS_REVIEWER 
      1. in case of error return 403 Error ('User doesn't have required role')
  3. Validate client_id is NHS
    1. check client type is NHS
      1. in case of error rerun forbidden error (Client is not allowed to the action')

Validate context

Return response to user limited by context from user's token

...