Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Table of Contents

Purpose

This service is designed to obtain list of merge requests by NHS user.

Overview

  1. only  users with scope "merge_request:read" can get list of merge_request

Specification

Page Properties
idAPI_Specification

Link

Посилання на Apiary або Swagger

Resource

Посилання на ресурс, наприклад: /api/persons/create

Scope

Scope для доступу

Components

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Метод є синхронним чи асинхронним?

Public/Private/Internal

Потрібно зазначити тип методу за ступенем доступності

GraphQL schema

...

Expand
titleRequest example
Code Block
"""
Methods to use when ordering `Merge Request`.
"""
enum MergeRequestOrderBy {
  "Sort Person by inserted at in ascending order."
  INSERTED_AT_ASC
  "Sort Person by inserted at in descending order."
  INSERTED_AT_DESC
  "Sort Person by birth date in ascending order."
  STATUS_ASC
  "Sort Person by birth date in descending order."
  STATUS_DESC
}

"""
A connection to a list of `MergeRequest` values.
"""
type MergeRequestConnection {
  "Information to aid in pagination."
  pageInfo: PageInfo!
  "Flag which shows whether NEW merge candidate can be assigned to the User"
  canAssignNew: Boolean!
  "A list of nodes."
  nodes: [MergeRequest]
  "A list of edges."
  edges: [MergeRequestEdge]
}

"""
Reads and enables pagination through a set of `MergeRequest`.
"""
type MergeRequestEdge {
  "The item at the end of the edge."
  node: MergeRequest!
  "A cursor for use in pagination."
  cursor: String!
}

"""
Return type for `assignMergeCandidate` mutation.
"""
type AssignMergeCandidatePayload {
  "Information of pair of persons which can be same."
  mergeRequest: MergeRequest!
}

"""
Input for `updateMergeRequest` mutation.
In order to update status user must have a scope `merge_request:write`
"""
input UpdateMergeRequestInput {
  "Primary key identifier from the database"
  id: ID!
  "next status of merge request"
  status: MergeRequestStatus!
  "comment which user can leave"
  comment: String
}

"""
Return type for `updateMergeRequest` mutation.
"""
type UpdateMergeRequestPayload {
  "Information of pair of persons which can be same."
  mergeRequest: MergeRequest!
}

"""
This is Merge Request details. In order to obtain details user must have a scope **merge_request:read**
"""
type MergeRequest implements Node {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "The pair of persons which is considerated to be the same person"
  manualMergeCandidate: ManualMergeCandidate!
  "status of merge request"
  status: MergeRequestStatus!
  "comment which user can leave"
  comment: String
  "Technical information when the patient was inserted into the DB."
  insertedAt: DateTime!
  "Technical information when the patient was updated in the DB."
  updatedAt: DateTime!
}

"""
List of MergeRequest statuses.
"""
enum MergeRequestStatus {
  "Status `MERGE` for a merge request"
  MERGE
  "Status `NEW` for a merge request"
  NEW
  "Status `POSTPONE` for a merge request"
  POSTPONE
  "Status `SPLIT` for a merge request"
  SPLIT
  "Status `TRASH` for a merge request"
  TRASH
}

"""
Information about Manual Merge Candidate.
"""
type ManualMergeCandidate {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "The pair of persons which is considerated to be the same person"
  mergeCandidate: MergeCandidate!
  "status of merge candidate"
  status: ManualMergeCandidateStatus
  "Technical information when the patient was inserted into the DB."
  insertedAt: DateTime!
  "Technical information when the patient was updated in the DB."
  updatedAt: DateTime!
}

"""
Information about Merge Candidate.
"""
type MergeCandidate {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "The person wich will be deactivated"
  person: Person!
  "The person wich will remain"
  masterPerson: Person!
}

"""
List of Merge candidate statuses
"""
enum ManualMergeCandidateStatus {
  "Status `NEW` for a merge request"
  NEW
  "Status `PROCESSED` for a merge request"
  PROCESSED
}

Logic

 API paragraph not found

Request structure

API paragraph not found

 

Authorize

API paragraph not found

Headers

API paragraph not found

Request data validation

Validate token

  • Verify the validity of access token

    • Return 401 in case validation fails

  • token is not expired

    • in case error return 401 

Validate scopes

  • Check user scopes in order to perform this action (scope = 'merge_request:read')

    1. Return forbidden in case invalid scope(s) -"Your scope does not allow to access this resource. Missing allowances: merge_request:read"

Verify user and role

Extract from token:

  1. Validate client_id (is_blocked=false)

    1. in case of error return 403 Error ('Client is blocked')

  2. Check user_roles by client_id 

    1. check whether exist role NHS_REVIEWER 

      1. in case of error return 403 Error ('User doesn't have required role')

  3. Validate client_id is NHS

    1. check client type is NHS

      1. in case of error rerun forbidden error (Client is not allowed to the action')

Validate context

  1. Return response to user limited by context from user's token

    1. return limited response by manual_merge_requests.assignee_id=$user_id

...

    1. and manual_merge_requests.status in ('NEW', 'POSTPONE')

      1. in case of error return forbidden ('You are not allowed to view this merge request)

  1. Validate merge_request id. Check merge_requests.id = $.id

    1. in case error return 404 ("Merge request with id=$id doesn't exist")

Processing

API paragraph not found

Response structure

API paragraph not found

Post-processing processes

API paragraph not found

HTTP status codes

API paragraph not found