Purpose

This service is designed to obtain list of contract_requests by NHS employee.

Overview

1. only nhs employee with scope "contract_requests:read" can get list of contract_requests
2. list of contract_request could be filtered

UI Design

Filters:

•  id - id of contract request
• contractor_legal_entity_id
• edrpou
• contract_number
• contractor_owner_id
• status

Grid:

• id - ID запиту на контракт
• contract_number - номер контракту
• contractor_legal_entity_id 
• contractor_legal_entity: edrpou +  name
• status
• start_date
• end_date
• details

TBD

Specification

• Apiary
• json schema
• websequensediagram

Request

List of contract requests could be filtered by

• id 
• contractor_legal_entity_id
• contractor_owner_id 
• edrpou
• status
• contract_number
• nhs_signer_id
• issue_city (%LIKE%)
• page
• page_size

Validation

Validate token

• Verify the validity of access token
  • Return 401 in case validation fails
• token is not expired
  • in case error return 401 

Validate scopes

• Check user scopes in order to perform this action (scope = 'contract_requests:read')
  1. Return 403 in case invalid scope(s) -"Your scope does not allow to access this resource. Missing allowances: contract_requests:read"

Validate employee

extract user_id from token

extract client_id from token

• Check if user is active
  • in case error return 403 - "user is not active"
• Check nhs_legal_entity is active
  • in case error return 403 - "Client is not active"

Validate context

Return response to user limited by context from user's token

• if TOKENS_TYPES_PERSONAL
  • return response limited by contractor_legal_entity_id
• if TOKENS_TYPES_NHS
  • return non limitted response