ЕСОЗ - публічна документація

Private. Assign Contract Request by NHS Employee

Owned by Dmytro Kulibaba (Unlicensed)
Last updated: Apr 25, 2023 by Oleksandr Zhuk (SoE eHealth)
3 min read

Purpose

This WS is designed to appoints an executor (employee), who should Update Contract Request from NHS side.

 

Specification

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-contracts/contract-request/private.-assign-contract-request-by-nhs-employee

Посилання на Apiary або Swagger

Resource

/graphql

Посилання на ресурс, наприклад: /api/persons/create

Scope

contract_request:update

Scope для доступу

Components

Contracts

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not found

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

GraphQL

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

POST

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

API paragraph not found

Метод є синхронним чи асинхронним?

Public/Private/Internal

Private

Потрібно зазначити тип методу за ступенем доступності

Preconditions

Before this the contract request should be created from MSP/PHARAMCY side

Logic

This WS is designed for NHS employees. Before rewieving contract request it must be assign to NHS employee who will be responsible for this request. To assign employee contract it must be in status NEW, IN_PROCESS. After assigner was updated, contract request status will be changed to IN_PROCESS.
This query is also use to update existing assigner in Contract request.

Input parameters

Input parameter

Values

Type

Description

Example

Input parameter

Values

Type

Description

Example

id

 

String

Contract request identifier. Required

d290f1ee-6c54-4b01-90e6-d701748f0851

employeeId

 

String

Employee identifier. Required

d9f328e1-23c4-40b0-ad12-9b7730e6e627

Request structure

Example:

{ "query": "mutation AssignContractRequestMutation($input: AssignContractRequestInput!) {contractRequest: assignContractRequest(input: $input) {contractRequest {id __typename}__typename}}", "variables": { "input": { "employeeId": "RW1wbG95ZWU6NTE4YmEwYmEtNGYyMC00YjU0LWJhMDYtZTQzYmMxZjM3OWNl", "id": "Q2FwaXRhdGlvbkNvbnRyYWN0UmVxdWVzdDo4ODIxYzdhYi04ODg3LTRmYjItOGRiZC02ZThmZmQxOGJlYzU=" } } }

 

Authorize 

  1. Verify the validity of access token

    1. in case of error return 401 error “Access denied”

  2. Check user scope contract_request:update in order to perform this action

    1. in case of error generate 403 error “Your scope does not allow to access this resource. Missing allowances: contract_requests:update”

Headers

Наприклад:

Content-Type:application/json

Authorization:Bearer c2778f3064753ea70de870a53795f5c9

Request data validation

Validate user

extract user_id from token

extract client_id from token

  1. Check if user is active

    1. in case error return “User is not active”

  2. check nhs_legal_entity is active

    1. in case error return “Client is not active”

  3. Check user role = "NHS ADMIN SIGNER"

    1. in case error return "You don't have permission to access this resource"

Validate contract request id and status

  1. Validate contract request ID exist

    1. in case of error return “Contract Request not found”

  2. Check contract_request.status in ('NEW', 'IN_PROCESS')

    1. in case error return “Incorrect status of contract_request to modify it"

Validate request

  1. Fetch prm.employees by $employee_id. Validate:

    1. employees.legal_entity_id=$client_id

      1. in case of error return “Invalid legal entity id”

    2. employees.status=APPROVED

      1. in case of error return “Invalid employee status”

    3. check employee.party→ party_users→ users_roles→ roles exist role with name = 'NHS ADMIN SIGNER'

      1. in case of error return “Employee doesn't have required role”

Processing

  1. Update contract_requests.assignee_id (IL) - set $employee_id from request

  2. Update contract_requests.status to ‘IN_PROCESS’

  3. Update updated_at = now()

  4. Update updated_by = $user_id

Response structure

Examples:

{ "data": { "contractRequest": { "__typename": "AssignContractRequestPayload", "contractRequest": { "__typename": "CapitationContractRequest", "id": "Q2FwaXRhdGlvbkNvbnRyYWN0UmVxdWVzdDo4ODIxYzdhYi04ODg3LTRmYjItOGRiZC02ZThmZmQxOGJlYzU" } } }, "extensions": { "requestId": "80032d98-3441-4169-b245-acbd35eb5335#13" } }
{ "data": { "contractRequest": null }, "errors": [ { "extensions": { "code": "FORBIDDEN" }, "locations": [ { "column": 78, "line": 1 } ], "message": "Employee doesn't have required role", "path": [ "contractRequest" ] } ], "extensions": { "requestId": "931c0790-ddfe-45e5-960a-eb6ba9f24e19#41" } }

Post-processing processes

Add status to event manager

After status was changed (status = IN_PROCESS) - add new record to event_manager

field

value

field

value

event_type

StatusChangeEvent

entity_type

ReimbursementContractRequest

CapitationContractRequest

entity_id

$.id

properties.status.new_value

$.status

event_time

$.updated_at

changed_by

$.updated_by

HTTP status codes

HTTP status code

Message

What caused the error

HTTP status code

Message

What caused the error

 200

 Response

 

401

Access denied

Invalid token

403

Your scope does not allow to access this resource. Missing allowances: {{scope}}

Scope is missing

ЕСОЗ - публічна документація