Versions Compared

Old Version 4

changes.mady.by.user Serhii Boldin (SoE eHealth)

Saved on

compared with

New Version Current

changes.mady.by.user Serhii Boldin (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Purpose

This WS allows to find groups in Admin panel using search params. Groups can be found by group params and/or by item params

Key points

  1. This is a graphQl query method used in Administration panel only

  2. Only authenticated and authorized NHS employee with appropriate scope can search Forbidden groups.

Specification

Page Properties
idAPI_Specification

Document status

PROD

Link

API paragraph not found

Посилання на Apiary або Swagger

Resource

/graphql

Посилання на ресурс, наприклад: /api/persons/create

Scope

forbidden_group:details

Scope для доступу

Components

API paragraph not found

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not found

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

API paragraph not found

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

API paragraph not found

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

API paragraph not found

Метод є синхронним чи асинхронним?

Public/Private/Internal

API paragraph not found

Потрібно зазначити тип методу за ступенем доступності

Expand
Code Block
"""
Fields to filter forbidden groups in the system.
"""
input ForbiddenGroupFilter {
  "Checks for equality with the object’s `databaseId` field."
  databaseId: UUID
  "Checks for matching with the object’s `name` field."
  name: String
  "Checks for equality with the object’s `isActive` field."
  isActive: Boolean
  "Forbidden group service filter"
  forbiddenGroupService: ForbiddenGroupServiceFilter
  "Forbidden group code filter"
  forbiddenGroupCode: ForbiddenGroupCodeFilter
}

"""
Methods to use when ordering `ForbiddenGroup`.
"""
enum ForbiddenGroupOrderBy {
  "Orders by the object’s `insertedAt` field in the ascending order."
  INSERTED_AT_ASC
  "Orders by the object’s `insertedAt` field in the descending order."
  INSERTED_AT_DESC
  "Orders by the object’s `name` field in the ascending order."
  NAME_ASC
  "Orders by the object’s `name` field in the descending order."
  NAME_DESC
}

"""
A connection to a list of `ForbiddenGroup` items.
"""
type ForbiddenGroupConnection {
  "Information to aid in pagination."
  pageInfo: PageInfo!
  "A list of nodes."
  nodes: [ForbiddenGroup]
  "A list of edges."
  edges: [ForbiddenGroupEdge]
}

"""
An edge in a connection of `ForbiddenGroup`.
"""
type ForbiddenGroupEdge {
  "The item at the end of the edge."
  node: ForbiddenGroup!
  "A cursor for use in pagination."
  cursor: String!
}

"""
ForbiddenGroup contains details about restricted codes, services and service groups included in medical events.
In order to obtain details user must have a scope **forbidden_group:details**
"""
type ForbiddenGroup implements Node {
  "The ID of an object."
  id: ID!
  "Primary key identifier from the database."
  databaseId: UUID!
  "The name of the `ForbiddenGroup`."
  name: String!
  "The reason the `ForbiddenGroup` was created."
  creationReason: String!
  "The reason the `ForbiddenGroup` was deactivated."
  deactivationReason: String
  "Whether the `ForbiddenGroup` is active or not?"
  isActive: Boolean!
  "Date and time when record was inserted."
  insertedAt: DateTime!
  "Date and time when record was updated."
  updatedAt: DateTime!

  "Services and Service groups wich belong to ForbiddenGroup."
  forbiddenGroupServices(
    "A condition to be used in determining which values should be returned by the collection."
    filter: ForbiddenGroupServiceFilter
    "The method to use when ordering collection items."
    orderBy: ForbiddenGroupServiceOrderBy
    "Read all values in the set after (below) this cursor."
    after: String
    "Read all values in the set before (above) this cursor."
    before: String
    "Only read the first _n_ values of the set."
    first: Int
    "Only read the last _n_ values of the set."
    last: Int
  ): ForbiddenGroupServiceConnection!

  "Codes wich belong to ForbiddenGroup."
  forbiddenGroupCodes(
    "A condition to be used in determining which values should be returned by the collection."
    filter: ForbiddenGroupCodeFilter
    "The method to use when ordering collection items."
    orderBy: ForbiddenGroupCodeOrderBy
    "Read all values in the set after (below) this cursor."
    after: String
    "Read all values in the set before (above) this cursor."
    before: String
    "Only read the first _n_ values of the set."
    first: Int
    "Only read the last _n_ values of the set."
    last: Int
  ): ForbiddenGroupCodeConnection!
}

Logic

Render a forbidden_groups array with nested arrays of forbidden_group_codes and forbidden_group_services that match the search params

Request structure

API paragraph not found

Authorize

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'forbidden_group:details')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:details”) in case of invalid scope(s)

Headers

API paragraph not found

Request data validation

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'forbidden_group:details')

    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:details”)

  • Check legal entity status (status = ACTIVE)

    • In case of error - return 409 ('client_id refers to legal entity that is not active')

Processing

 Search with a few params performs according to the logical AND rule.

  1. id. Search by forbidden_groups.id (used to get group details)

  2. name. Search by forbidden_groups.name 

  3. is_active. Search by forbidden_groups.is_active

  4. item_code. Searches by:

    • services.code (forbidden_group_services join services)

    • service_groups.code (forbidden_group_services join service_groups)

    • forbidden_group_codes.code (for dictionaries)

  5. item_name. Searches by:

    • services.name (forbidden_group_services join services)

    • service_groups.name (forbidden_group_services join service_groups)

    • code description for dictionaries (forbidden_group_codes fc join dictionaries d on fc.system = d.name and fc.code = d.values.code)

  6. item_type (string). Limits the search to the following items:

    • service - search within service items

    • service_group - search within service_group items 

    • <system> - search within specified dictionary. Where <system> is eHealth/ICD10_AM/condition_codeseHealth/ICPC2/actionseHealth/ICPC2/condition_codes or eHealth/ICPC2/reasons dictionary name

  7. item_is_active. Searches by:

    • forbidden_group_services.is_active - for service/service_group

    • forbidden_group_codes.is_active - for dictionaries

Response structure

  API paragraph not found

Post-processing processes

  API paragraph not found

HTTP status code

API paragraph not found