ЕСОЗ - публічна документація

RC_(GraphQL) Create Employee request (DMS)

Owned by Anna Popelysheva (SoE eHealth)
Oct 01, 2024
4 min read

Purpose

This WS is designed to allow NHS employee with appropriate scopes to create employee request.

Key points

  1. This is a graphQl query method used in Administration panel only.

  2. Only authenticated and authorized employee with appropriate scope can create employee request.

  3. Employee request content should be signed with DS.

Specification

""" Input for `createEmployeeRequest` mutation. """ input CreateEmployeeRequestInput { "Signed data to create employee request" signedContent: SignedContent! } """ Return type for `createEmployeeRequest` mutation. """ type CreateEmployeeRequestPayload { "Payload for a CreateEmployeeRequest." employeeRequest: EmployeeRequest }

Authorization

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'employee_request:write')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: employee_request:write”) in case of invalid scope(s)

Validations

Validate legal entity

  • Extract client_id from token.

  • Check legal entity status (status = ACTIVE)

    • In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate Digital Sign

  • Validate request is signed

    • in case of error - return 422 (“document must be signed by 1 signer but contains 0 signatures”)

  • Check DS is valid and not expired

  • Validate that DS belongs to the user

    • Check that DRFO from DS and party.tax_id matches

      • in case of error - return 409 (“Signer DRFO doesn't match with requester tax_id“)

Validate request

  1. Check if employee type is allowed for legal_entity type

Validate request using schemata

In case validation fails - generate 422 error

defp schema_definitions do %{ phone: object( %{ type: dictionary("PHONE_TYPE"), number: regex("^\\+38[0-9]{10}$") }, required: [ :type, :number ] ), document: object( %{ type: dictionary("DOCUMENT_TYPE"), number: string(minLength: 1), issued_by: string(minLength: 1), issued_at: date() }, required: [:type, :number] ), party: object( %{ first_name: ref("person_name"), last_name: ref("person_name"), second_name: regex("^(?!.*[ЫЪЭЁыъэё@%&$^#])[А-ЯҐЇІЄа-яґїіє\\'\\- ]+$", null: true), birth_date: date(), gender: ref("gender"), tax_id: regex("^([0-9]{9,10}|[А-ЯЁЇIЄҐ]{2}\\d{6})$"), no_tax_id: boolean(), email: email(), documents: array(ref("document")), phones: array(ref("phone")) }, required: [ :first_name, :last_name, :birth_date, :gender, :tax_id, :email, :documents, :phones ] ) } end
defp common_properties do %{ legal_entity_id: ref("uuid"), division_id: ref("uuid"), employee_id: ref("uuid"), position: dictionary("POSITION"), start_date: ref("date"), end_date: ref("date"), status: enum(["NEW"]), employee_type: dictionary("EMPLOYEE_TYPE"), party: ref("party") } end defp common_required do ~w( legal_entity_id position start_date status employee_type party )a end

 

  1. Validate party

    1. first_name, last_name, second_name have the same validation pattern - `^(?!.*[ЫЪЭЁыъэё@%&$^#])[А-ЯҐЇІЄа-яґїіє’\\'\\- ]+$` 

    2. validate birth_date

      1. birth_date > 1900-01-01 and birth_date < current date

      2. birth_date has validation pattern - `^(\\d{4}(?!\\d{2}\\b))((-?)((0[1-9]|1[0-2])(\\3([12]\\d|0[1-9]|3[01]))?|W([0-4]\\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\\d|[12]\\d{2}|3([0-5]\\d|6[1-6])))?)?$`

    3. gender has one of the following values - "FEMALE", "MALE"

    4. validate tax_id

      1. tax_id has validation pattern - `^([0-9]{9,10}|[А-ЯЁЇIЄҐ]{2}\\d{6})$`

    5. email has validation pattern - `^[\\w!#$%&'*+/=?`{|}~^-]+(?:\\.[\\w!#$%&'*+/=?`{|}~^-]+)*@(?:[A-Z0-9-]+\\.)+[A-Z]{2,6}$`

    6. validate documents

      1. documents.type has one of the DOCUMENT_TYPE dictionary values

      2. documents.number according to regexp:

        1. PASSPORT - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

        2. NATIONAL_ID - ^[0-9]{9}$

        3. COMPLEMENTARY_PROTECTION_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

        4. REFUGEE_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

        5. TEMPORARY_CERTIFICATE - ^(((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{4,6}|[0-9]{9}|((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{5}\\/[0-9]{5})$

        6. TEMPORARY_PASSPORT - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

          • in case of error - return 422 ('string does not match pattern') with the corresponding regexp

      3. documents.type exists in IDENTITY_DOCUMENT_TYPES EMPLOYEE_IDENTITY_DOCUMENT_TYPES config parameter

      4. validate documents.issued_at 

        1. documents.issued_at has validation pattern - `^(\\d{4}(?!\\d{2}\\b))((-?)((0[1-9]|1[0-2])(\\3([12]\\d|0[1-9]|3[01]))?|W([0-4]\\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\\d|[12]\\d{2}|3([0-5]\\d|6[1-6])))?)?$`

      5. documents.type has only one of NATIONAL_ID and PASSPORT document types

        • in case of error - return 422 ('Employee can have only one of following document types [\"PASSPORT\", \"NATIONAL_ID\"]')

    7. validate phones

      1. phones.type has one of the PHONE_TYPE dictionary values

      2. phones.number has validation pattern - `^\\+38[0-9]{10}$`

Service Logic

Create employee request in IL DB table - employee_request.

  1. generate GUID and write in id column

  2. write JSON object with employee request details

Send activation link on email

  1. Generate invitation link, which contains Employee request GUID

  2. Send invitation URL on user email

ЕСОЗ - публічна документація