ЕСОЗ - публічна документація

(GraphQL) Reject declaration

Purpose

This WS allows to reject pending declaration from Admin panel.

 

Key points

  1. This is a graphQl method used in Administration panel only.

  2. Only authenticated and authorized NHS employee with appropriate scope can reject pending declaration.

  3. Only pending declaration (in status ‘pending_verification’) can be rejected.

 

Specification

Link

API paragraph not found

Посилання на Apiary або Swagger

Resource

API paragraph not found

Посилання на ресурс, наприклад: /api/persons/create

Scope

declaration:reject

Scope для доступу

Components

 

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not found

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

 

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

 

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

 

Метод є синхронним чи асинхронним?

Public/Private/Internal

Internal

Потрібно зазначити тип методу за ступенем доступності

 

"Rejects a single `Declaration` using its globally unique ID." rejectDeclaration(input: RejectDeclarationInput!): RejectDeclarationPayload
""" Declaration combines data about Patient, Employee, LegalEntity and Division. In order to obtain details user must have a scope `declaration:read`. """ type Declaration implements Node { "The ID of an object" id: ID! "Primary key identifier from the database" databaseId: UUID! "unique human redable number of declaration" declarationNumber: String! "The date when declaration takes effect" startDate: Date! "The date wher declaration ends." endDate: Date! "The date when declaration is signed by doctor." signedAt: DateTime! "Status ah yhe declaration, is set automatically." status: DeclarationStatus! "type of declaration, as for now it's only one type =`family_doctor`" scope: String "The reason of declining the declaration, is set automatically on declining declaration." reason: String "Free text for declining declaration, is filled by the person who declined declaration." reasonDescription: String "Legal entity information, where declaration was signed." legalEntity: LegalEntity! "Patient information." person: Person! "Division in legal entity where medical services are provided." division: Division! "Doctor information, who signed declaration." employee: Employee! "Documents which were attahced to declarations." declarationAttachedDocuments: [DeclarationAttachedDocument] } """ List of declaration statuses. """ enum DeclarationStatus { "Status `Active` for declaration." ACTIVE "Status `CLOSED` for declaration." CLOSED "Status `PENDING_VERIFICATION` for declaration." PENDING_VERIFICATION "Status `REJECTED` for declaration." REJECTED "Status `TERMINATED` for declaration." TERMINATED } """ Structure of documents attached to the declaration. """ type DeclarationAttachedDocument { "The type of document." type: String! "Link for uploading scan copies of the documnet, is generated by e-Health." url: String! }

 

Logic

  1. Update data:

    1. declarations table by declaration_id

      1. set status = ‘rejected’

      2. set updated_at, updated_by

 

Authorize

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'declaration:reject')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:reject”) in case of invalid scope(s)

 

Request data validation

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'declaration:reject')

    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:reject”)

  • Check client type (type = NHS)

    • In case of error - return 403 ('You don't have permission to access this resource')

Validate request

  • Check declaration_id submitted

    • in case not submitted - return 422 ('required property declaration_id was not present')

    • in case does not exist in OPS db - return 404 ('Declaration not found')

    • in case exists in OPS db but is not active - return 409

 

Processing

API paraagraph not found

 

Response structure

API paraagraph not found

 

Post-processing processes

API paraagraph not found

 

HTTP status codes

API paraagraph not found

 

ЕСОЗ - публічна документація