Purpose

This WS allows to deactivate forbidden group from Admin panel. The group will be deactivated with the all included items.

Key points

This is a graphQl method used in Administration panel only
Only authenticated and authorized NHS employee with appropriate scope can deactivate a Forbidden group.
Forbidden group should be deactivated with DS.
Only active groups can be deactivated.
If deactivate a group than all included items deactivates too

Specification

Link		Посилання на Apiary або Swagger
Resource		Посилання на ресурс, наприклад: /api/persons/create
Scope	forbidden_group:write	Scope для доступу
Components		Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription
Microservices		Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC
Protocol type		Тип протоколу, який використовується запитом, наприклад: SOAP \| REST
Request type		Тип запиту API, наприклад: GET, POST, PATCH…
Sync/Async		Метод є синхронним чи асинхронним?
Public/Private/Internal		Потрібно зазначити тип методу за ступенем доступності

"""
Input for `deactivateForbiddenGroup` mutation.
User must have a scope **forbidden_group:write**
"""
input DeactivateForbiddenGroupInput {
  "The ID of a `ForbiddenGroup` to deactivate."
  id: ID!
  "Reason for deactivating the `ForbiddenGroup`."
  deactivationReason: String!
}

"""
Return type for `deactivateForbiddenGroup` mutation.
"""
type DeactivateForbiddenGroupPayload {
  "Deactivated `ForbiddenGroup`."
  forbiddenGroup: ForbiddenGroup
}

Logic

Save signed content to media storage
Update data:
1. forbidden_groups table
  1. set is_active = false
  2. set deactivation_reason = $.deactivation_reason
  3. set updated_at, updated_by
2. Deactivate each active item in the group. Set item deactivation_reason = group deactivation_reason

Request structure

Authorize

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'forbidden_group:write')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”) in case of invalid scope(s)

Headers

Request data validation

Validate legal entity

Extract client_id from token.
Check client scopes in order to perform this action (scope = 'forbidden_group:write')
- in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”)
Check legal entity status (status = ACTIVE)
- In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate Digital Sign

Validate request is signed
- in case of error - return 422 (“document must be signed by 1 signer but contains 0 signatures”)
Check DS is valid and not expired
Validate that DS belongs to the user
- Check that DRFO from DS and party.tax_id matches
  - in case of error - return 409 (“Signer DRFO doesn't match with requester tax_id“)

Validate request

Check forbidden_group_id submitted
- in case not submitted - return 422 ('required property forbidden_group_id was not present')
- in case not exist or not active - return 404 ('not found')
Check deactivation_reason submitted
- in case of error - return 422 ('required property deactivation_reason was not present')

Purpose

Key points

Specification

Logic

Request structure

Authorize

Headers

Request data validation

Validate legal entity

Validate Digital Sign

Validate request

Processing

Response structure

Post-processing processes

HTTP status codes