(GraphQL) Approve declaration

• Purpose

• Key points

• Specification

• Authorization

• Validate legal entity

• Validate request

• Service logic

Purpose

This WS allows to approve pending declaration from Admin panel.

Key points

1. This is a graphQl method used in Administration panel only.

2. Only authenticated and authorized NHS employee with appropriate scope can approve pending declaration.

3. Only pending declaration (in status ‘pending_verification’) can be approved.

Specification

Authorization

• Verify the validity of access token

  • in case of error - return 401 (“Invalid access token”) in case of validation fails

• Verify that token is not expired

  • in case of error - return 401 (“Invalid access token”)

• Check user scopes in order to perform this action (scope = 'declaration:approve')

  • return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:approve”) in case of invalid scope(s)

Validate legal entity

• Extract client_id from token.

• Check client scopes in order to perform this action (scope = 'declaration:approve')

  • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:approve”)

• Check client type (type = NHS)

  • In case of error - return 403 ('You don't have permission to access this resource')

Validate request

• Check declaration_id submitted

  • in case not submitted - return 422 ('required property declaration_id was not present')

  • in case does not exist in OPS db - return 404 ('Declaration not found')

  • in case exists in OPS db but is not active - return 409

Service logic

1. Update data:

   1. declarations table by declaration_id

      1. set status = ‘active’

      2. set updated_at, updated_by