ЕСОЗ - публічна документація

RC_CSI-2328_(GraphQl) Create Confidant Person relationships request

Owned by Dmytro Omelchenko (SoE eHealth)
Dec 11, 2024
4 min read

Purpose

This WS is designed to create new Confidant Person relationship record for an existing person using Admin panel by authorized NHS employee.

Key points 

  1. This graphQl method is used in Administration panel only

  2. Only authenticated and authorized NHS employee with appropriate scope can create new confidant person relationships record.

  3. Mutation has similarities to actions in Create Confidant Person relationship request process, but there are some main differences:

    1. Confidant_person_relationship_request (IL) record is created in BE directly in status = NEW with authentication_method_current = null, channel = 'NHS' based on JSON from FE. Without generating OTPs.

    2. Scope is used: confidant_person_relationship_admin:write

    3. no OTPs are generated

Authorize

  1. Verify the validity of access token

    1. In case of error return 401 ('Access denied')

  2. Check user scope confidant_person_relationship_admin:write in order to perform this action

    1. in case of error generate 403 response ('You don’t have permission to access this resource: confidant_person_relationship_admin:write')

Validate legal entity

  1. Extract client_id from token.

  2. Check client has scope confidant_person_relationship_admin:write

    1. in case of error - return 403 (“You don’t have permission to access this resource: confidant_person_relationship_admin:write”)

  3. Check legal entity type = NHS

    1. In case of error - return 403 ('You don’t have permission to access this resource')

Schema

Validate request

  1. Validate person by personId:

    1. person status is active (status = ‘active' & is_active = 'true’)

    2. in case of error - return 422 ('Person is not active')

Validate person confidants limit

  1. Count relationships from MPI | confidant_person_relationships table where person_id is equal to $.personId AND is_active=true AND active_to > now() or null

  2. Check if count from previous step is less than person_with_third_person_limit config parameter

    • in case of error - return 422 ('Limit of confidant persons with this person is exhausted')

Validate confidant person

  1. Check if confidantPerson UUID is not equal to personId

    1. in case of error - return 422 ('Persons can not be submited as confidants for themselves')

  2. Check if confidantPerson UUID exists in persons table (MPI DB) with status = active and is_active = true

    1. in case of error - return 404 ('Confidant person is not found')

  3. Check if confidant person does not already exist as confidant for person using following process Check confidant person relationship with person_id = personId from request and confidant_person_id = confidantPerson from request - expected :error, :not_found response

    1. in case of error - return 422 ('Confidant person relationship already exists')

  4. Check if confidant person itself shouldn’t be authorized by confidant - so it doesn’t correspond to following rules:

    1. confidant persons age < no_self_registration_age global parameter;

    2. confidant persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;

    3. confidant persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process Check confidant person relationship with person_id = confidantPerson from request - expected :ok, :approved response)

      1. in case of error - return 422 ('This person can not be submitted as a confidant')

  5. Check if confidant person cumulative verification status is not in NOT_ALLOWED_CONFIDANT_PERSON_VERIFICATION_STATUSES config parameter

    1. in case of error - return 422 ('Person with cumulative verification status <person.verification_status> can not be submitted as confidant')

  6. Check if confidant person has active authentication method with type = OTP where ended_at is equal to or greater than today`s date

    1. in case of error - return 422 ('Confidant person must have active authentication method with type 'OTP' where ended_at is equal to or greater than current date.')

Validate documents relationship

  1. Validate documents issuedAt date

    1. Check that issuedAt <= now()

      1. in case of error - return 422 ('Document issued date should be in the past')

    2. Check that issuedAt => person.birth_date

      1. in case of error - return 422 ('Document issued date should greater than person.birth_date')

  2. Validate document activeTo date

    1. Check that activeTo > now()

      1. in case error - return 422 ('Document active_to date should be in future')

  3. Validate document documentType according to DOCUMENT_RELATIONSHIP_TYPE dictionary

    1. in case of error - return 422 ('value is not allowed in enum')

  4. Check that there are no duplicated document documentType values in request

    1. in case of error - return 422 ('Values are not unique by 'type'.')

  5. Validate documentNumber according to regexp

    1. BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

      1. In case of error - return 422 error ('string does not match pattern') with the corresponding regexp

  6. Check that documentNumber length < 255

    1. in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')

Service logic

Search active confidant person relationship requests

To prevent overlimit and duplication of requests, search for active requests in IL | confidant_person_relationship_requests table with person_id = personId from request and status = NEW.

If found - cancel them, set values:

  • status = CANCELLED

  • updated_at = now()

  • updated_by = user_id (from token)

Generate upload URL

Depending on the payload system generates list of signed urls for document scan-copies upload.

Signed URLs to be expired after some period of time (according to SECRETS_TTL config parameter). If it has been expired - new confidant person relationship request should be created.

Each link is generated for one one-page document in jpeg format. Document should be no more than 10MB.

  • Generate URLs for each document from $.documents_relationship with following parameters:

    • action: PUT

    • bucket: MEDIA_STORAGE_CONFIDANT_PERSON_RELATIONSHIP_REQUEST_BUCKET

    • resource_id: confidant_person_relationship_request_id

    • resource_name: confidant_person_relationship_request_#{type}.jpeg

Create new relationship request

Create new record to IL | confidant_person_relationship_requests table, set values:

  • id = autogenerate uuid

  • person_id = personId from request

  • confidant_person_id = confidantPerson Id

  • confidant_person_relationship = methods request

  • status = NEW

  • action = INSERT

  • channel = NHS

  • authentication_method_current = null

  • inserted_by = user_id (from token)

  • inserted_at = now()

  • updated_by = user_id (from token)

  • updated_at = now()

  • documents_relationship = generated links for documents upload (if needed)

ЕСОЗ - публічна документація