ЕСОЗ - публічна документація

(GraphQL) Add Item to the Forbidden group

Owned by Nickolay Kolotov (SoE eHealth)
Last updated: Jul 27, 2024 by Serhii Boldin (SoE eHealth)
4 min read

Purpose

This Methods allows to add items, such as code or service/service_group, to the forbidden group from Admin panel.

Key points

  1. This is a graphQl method used in Administration panel only

  2. Only authenticated and authorized NHS employee with appropriate scope can add item to Forbidden group.

  3. The following kind of items could be added: services, service groups, dictionary codes.

  4. Item should be added using DS.

  5. Added item should be unique within all active items in Forbidden groups.

  6. One or more items can be added at once.

 

Specification

Document status

PROD

 

Resource

/graphql

Посилання на Apiary або Swagger

Link

API paragraph not found

Посилання на ресурс, наприклад: /api/persons/create

Scope

forbidden_group:write

Scope для доступу

Components

API paragraph not found

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not found

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

API paragraph not found

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

API paragraph not found

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

API paragraph not found

Метод є синхронним чи асинхронним?

Public/Private/Internal

API paragraph not found

Потрібно зазначити тип методу за ступенем доступності

""" Input for `createForbiddenGroupItems` mutation. User must have a scope **forbidden_group:write** """ input CreateForbiddenGroupItemsInput{ "Forbidden group identifier." forbiddenGroupId: ID! "List of service identifiers." serviceIds: [ID!] "List of service group identifiers." serviceGroupIds: [ID!] "List of dictionary codes." codes:[CreateForbiddenGroupCodeInput!] } """ Input for `codes` in `createForbiddenGroupItems` mutation. """ input CreateForbiddenGroupCodeInput { "The name of the dictionary. Allowed names: eHealth/ICD10AM/condition_codes, eHealth/ICPC2/actions, eHealth/ICPC2/condition_codes, eHealth/ICPC2/reasons." system: String! "The value from dictionary. It should be present in the dictionary specified in `system` property" code: String! } """ Return type for `createForbiddenGroupItems` mutation. """ type CreateForbiddenGroupItemsPayload { "Updaed `ForbiddenGroup`." forbiddenGroup: ForbiddenGroup }

 

Logic

Following logic used in the CreateForbiddenGroupItemsMutation mutation

  1. Save signed content to media storage

  2. For each element in the service_group_ids array save data to forbidden_group_services table (PRM DB):

    1. set forbidden_group_id = $.forbidden_group_id

    2. set service_id = null

    3. set service_group_id = $.service_group_id

    4. set creation_reason = $.creation_reason

  3. For each element in the service_ids array save data to forbidden_group_services table:

    1. set forbidden_group_id = $.forbidden_group_id

    2. set service_id = $.service_id

    3. set service_group_id = null

    4. set creation_reason = $.creation_reason

  4. For each element in the codes array save data to forbidden_group_codes table (PRM DB):

    1. set forbidden_group_id = $.forbidden_group_id

    2. set system = $.system

    3. set code = $.code

    4. set creation_reason = $.creation_reason

  5. Set another fields according to https://e-health-ua.atlassian.net/wiki/spaces/FORBIDDEN/pages/2087190529

  6. Clear cache

 

Request structure

API paragraph not found

 

Authorize

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'forbidden_group:write')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”) in case of invalid scope(s)

 

Headers

API paragraph not found

 

Request data validation

Validations

Following validations used in the CreateForbiddenGroupItemsMutation mutation.

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'forbidden_group:write')

    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: forbidden_group:write”)

  • Check legal entity status (status = ACTIVE)

    • In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate Digital Sign

  • Validate request is signed

    • in case of error - return 422 (“document must be signed by 1 signer but contains 0 signatures”)

  • Check DS is valid and not expired

  • Validate that DS belongs to the user

    • Check that DRFO from DS and party.tax_id matches

      • in case of error - return 409 (“Signer DRFO doesn't match with requester tax_id“)

Validate request

  1. Check forbidden_group_id submitted in the request

  • in case not submitted - return 422 ('required property forbidden_group_id was not present')

  • in case not exist or is not active - return 404 ('not found')

2. Check at least one of the array fields submitted: service_group_ids, service_ids, codes

  • in case of error - return 422 ('One of the required property should be present: service_groups, services, codes')

3. if service_group_ids submitted, for each service_group_id in the array:

  • Check it is exists and active:

    • in case of error - return 422 ('not found')

  • Check it is unique within request

    • in case of error - return 422 ('Service group with id <id> is duplicated in the request')

  • Check it is unique within existing active forbidden group items (prm.forbidden_group_services)

    • in case of error - return 422 ('Service group already present in forbidden group')

4. if service_ids submitted, for each service_id in the array:

  • Check it is exists and active:

    • in case of error - return 422 ('not found')

  • Check it is unique within request

    • in case of error - return 422 ('Service with id <id> is duplicated in the request')

  • Check it is unique within existing active forbidden group items (prm.forbidden_group_services)

    • in case of error - return 422 ('Service already present in forbidden group')

5. if codes submitted, for each object in the array:

  • Check system submitted

    • in case of error - return 422 ('required property system was not present')

  • Check system value is following dictionary name: eHealth/ICD10_AM/condition_codes, eHealth/ICPC2/actions, eHealth/ICPC2/condition_codes, eHealth/ICPC2/reasons

    • in case of error - return 422 ('not allowed in enum')

  • Check code submitted

    • in case not submitted - return 422 ('required property code was not present')

  • Check code value within dictionary specified in system property

    • in case of error - return 422 ('value is not allowed in enum')

  • Check code is unique within system in the request

    • in case of error - return 422 ('Code <code> of <system> dictionary is duplicated in the request')

  • Check code and system is unique within existing active forbidden group items (prm.forbidden_group_codes)

    • in case of error - return 422 ('Code <code> of <system> dictionary already present in forbidden groups')

6. Check creation_reason submitted

  • in case of error - return 422 ('required property creation_reason was not present')

 

Processing

 API paragraph not found

Response structure

 API paragraph not found

Post-processing processes

 API paragraph not found

HTTP status codes

API paragraph not found

 

ЕСОЗ - публічна документація