Purpose
This WS is designed to allow NHS employees with appropriate scopes to get Party details.
Key points
This is a graphQl query method used in Administration panel only.
Only authenticated and authorized employee with appropriate scope can get Party details data.
User can filter list by search params
Authorize
Verify the validity of access token
Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'party:read')
Return (403, 'Your scope does not allow to access this resource. Missing allowances: 'party:read') in case of invalid scope(s)
Validate legal entity
Extract client_id from token.
Check client scopes in order to perform this action (scope = 'party:read')
in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: party:read”)
Check client type (type = NHS)
In case of error - return 403 ('You don't have permission to access this resource')
Check that
party
exists in prm databasein case of error - return 404 ('Party not found')
Service logic
Get party by id from parties table
Render a response according to specification.