Purpose

This web service is designed to add/update contract request assignee by nhs employee. Employee can add himself as an assigner or any other employee. Contract Request must be in status 'NEW'.

Specification

Request

• assignee_id

Validation

Validate token

• Verify the validity of access token
  • Return 401 in case validation fails
• Check if token is not expired
  • in case error return 401 - "Token is expired"

Validate user

extract user_id from token

extract client_id from token

• Check if user is active
  • in case error return 403 - (user is not active)
• check nhs_legal_entity is active
  • in case error return 403 - (Client is not active)
• Check user role = "NHS ADMIN SIGNER"
  • in case error return 403 "User is not allowed to perform this action"

Validate scopes

• Check user scopes in order to perform this action (scope = 'contract_request:update')
  • Return 403 in case invalid scope(s) "Your scope does not allow to access this resource. Missing allowances: contract_requests:update"

Validate contract request id and status

• Validate contract request ID exist
  • in case of error return 404 - not found
• Check contract_request.status in('NEW', 'IN_PROCESS')
  • in case error return 422 - "Incorrect status of contract_request to modify it"

Validate request

1. Fetch prm.employees by  $employee_id. Validate
   1. employees.legal_entity_id=$client_id
      1. in case of error return 422 error ('Invalid legal entity id') 
   2. employees.status=APPROVED
      1. in case of error return 409 error ('Invalid employee status')
   3. check employee.party→ party_users→ users_roles→ roles exist role with name = 'NHS ADMIN SIGNER'
      1. in case of error return 403 error ('Employee doesn't have required role')

Response

mapping

After status was changed (status = IN_PROCESS) - add new status to event_manager