(GraphQL) Approve declaration

Purpose

This WS allows to approve pending declaration from Admin panel.

Key points

This is a graphQl method used in Administration panel only.
Only authenticated and authorized NHS employee with appropriate scope can approve pending declaration.
Only pending declaration (in status ‘pending_verification’) can be approved.

Specification

approveDeclaration

"Approves a single `Declaration` using its globally unique ID."
approveDeclaration(input: ApproveDeclarationInput!): ApproveDeclarationPayload

"""
Input for `approveDeclaration` mutation.
"""
input ApproveDeclarationInput {
  "Reads a single `Declaration` using its globally unique ID."
  id: ID!
}

"""
Return type for `approveDeclaration` mutation.
"""
type ApproveDeclarationPayload {
  "Payload for `declaration`."
  declaration: Declaration!
}

"""
Declaration combines data about Patient, Employee, LegalEntity and Division.
In order to obtain details user must have a scope `declaration:read`.
"""
type Declaration implements Node {
  "The ID of an object"
  id: ID!
  "Primary key identifier from the database"
  databaseId: UUID!
  "unique human redable number of declaration"
  declarationNumber: String!
  "The date when declaration takes effect"
  startDate: Date!
  "The date wher declaration ends."
  endDate: Date!
  "The date when declaration is signed by doctor."
  signedAt: DateTime!
  "Status ah yhe declaration, is set automatically."
  status: DeclarationStatus!
  "type of declaration, as for now it's only one type =`family_doctor`"
  scope: String
  "The reason of declining the declaration, is set automatically on declining declaration."
  reason: String
  "Free text for declining declaration, is filled by the person who declined declaration."
  reasonDescription: String
  "Legal entity information, where declaration was signed."
  legalEntity: LegalEntity!
  "Patient information."
  person: Person!
  "Division in legal entity where medical services are provided."
  division: Division!
  "Doctor information, who signed declaration."
  employee: Employee!
  "Documents which were attahced to declarations."
  declarationAttachedDocuments: [DeclarationAttachedDocument]
}

"""
List of declaration statuses.
"""
enum DeclarationStatus {
  "Status `Active` for declaration."
  ACTIVE
  "Status `CLOSED` for declaration."
  CLOSED
  "Status `PENDING_VERIFICATION` for declaration."
  PENDING_VERIFICATION
  "Status `REJECTED` for declaration."
  REJECTED
  "Status `TERMINATED` for declaration."
  TERMINATED
}

"""
Structure of documents attached to the declaration.
"""
type DeclarationAttachedDocument {
  "The type of document."
  type: String!
  "Link for uploading scan copies of the documnet, is generated by e-Health."
  url: String!
}

Authorization

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'declaration:approve')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:approve”) in case of invalid scope(s)

Validate legal entity

Extract client_id from token.
Check client scopes in order to perform this action (scope = 'declaration:approve')
- in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration:approve”)
Check client type (type = NHS)
- In case of error - return 403 ('You don't have permission to access this resource')

Validate request

Check declaration_id submitted
- in case not submitted - return 422 ('required property declaration_id was not present')
- in case does not exist in OPS db - return 404 ('Declaration not found')
- in case exists in OPS db but is not active - return 409

Service logic

Update data:
1. declarations table by declaration_id
  1. set status = ‘active’
  2. set updated_at, updated_by