Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Purpose

This Methods allows to add items, such as code or service/service_group, to the forbidden group from Admin panel.

Key points

  1. This is a graphQl method used in Administration panel only

  2. Only authenticated and authorized NHS employee with appropriate scope can add item to Forbidden group.

  3. The following kind of items could be added: services, service groups, dictionary codes.

  4. Item should be added using DS.

  5. Added item should be unique within all active items in Forbidden groups.

  6. One or more items can be added at once.

Specification

Page Properties
idAPI_Specification
Link

Document status

PROD

Resource

/graphql

Посилання на Apiary або Swagger

ResourceLink

API paragraph not found

Посилання на ресурс, наприклад: /api/persons/create

Scope

forbidden_group:write

Scope для доступу

Components

API paragraph not found

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not found

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

API paragraph not found

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

API paragraph not found

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

API paragraph not found

Метод є синхронним чи асинхронним?

Public/Private/Internal

API paragraph not found

Потрібно зазначити тип методу за ступенем доступності

Expand
Code Block
"""
Input for `createForbiddenGroupItems` mutation.
User must have a scope **forbidden_group:write**
"""
input CreateForbiddenGroupItemsInput{
    "Forbidden group identifier."
    forbiddenGroupId: ID!
    "List of service identifiers."
    serviceIds: [ID!]
    "List of service group identifiers."
    serviceGroupIds: [ID!]
    "List of dictionary codes."
    codes:[CreateForbiddenGroupCodeInput!]
}

"""
Input for `codes` in `createForbiddenGroupItems` mutation.
"""
input CreateForbiddenGroupCodeInput {
    "The name of the dictionary. Allowed names: eHealth/ICD10AM/condition_codes, eHealth/ICPC2/actions, eHealth/ICPC2/condition_codes, eHealth/ICPC2/reasons."
    system: String!
    "The value from dictionary. It should be present in the dictionary specified in `system` property"
    code: String!
}

"""
Return type for `createForbiddenGroupItems` mutation.
"""
type CreateForbiddenGroupItemsPayload {
  "Updaed `ForbiddenGroup`."
  forbiddenGroup: ForbiddenGroup
}

Logic

Following logic used in the CreateForbiddenGroupItemsMutation mutation

  1. Save signed content to media storage

  2. For each element in the service_group_ids array save data to forbidden_group_services table (PRM DB):

    1. set forbidden_group_id = $.forbidden_group_id

    2. set service_id = null

    3. set service_group_id = $.service_group_id

    4. set creation_reason = $.creation_reason

  3. For each element in the service_ids array save data to forbidden_group_services table:

    1. set forbidden_group_id = $.forbidden_group_id

    2. set service_id = $.service_id

    3. set service_group_id = null

    4. set creation_reason = $.creation_reason

  4. For each element in the codes array save data to forbidden_group_codes table (PRM DB):

    1. set forbidden_group_id = $.forbidden_group_id

    2. set system = $.system

    3. set code = $.code

    4. set creation_reason = $.creation_reason

  5. Set another fields according to https://e-health-ua.atlassian.net/wiki/spaces/FORBIDDEN/pages/2087190529

  6. Clear cache

Request structure

API paragraph not found

Authorize

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'forbidden_group:write')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”) in case of invalid scope(s)

Headers

API paragraph not found

Request data validation

Validations

Following validations used in the CreateForbiddenGroupItemsMutation mutation.

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'forbidden_group:write')

    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”)

  • Check legal entity status (status = ACTIVE)

    • In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate Digital Sign

  • Validate request is signed

    • in case of error - return 422 (“document must be signed by 1 signer but contains 0 signatures”)

  • Check DS is valid and not expired

  • Validate that DS belongs to the user

    • Check that DRFO from DS and party.tax_id matches

      • in case of error - return 409 (“Signer DRFO doesn't match with requester tax_id“)

Validate request

  1. Check forbidden_group_id submitted in the request

...

  • in case of error - return 422 ('required property creation_reason was not present')

Processing

  API paragraph not found

Response structure

  API paragraph not found

Post-processing processes

  API paragraph not found

HTTP status codes

API paragraph not found