ЕСОЗ - публічна документація
[DRAFT] Add employee role [API-005-007-004-0124]
- Kateryna Yakovleva
- Anastasiia Prokhorova (SoE eHealth)
- Anzhela Kovalenko (SoE eHealth)
- Oksana Demchenko
Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.
https://e-health-ua.atlassian.net/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)
- 1 Properties of a REST API method document
- 2 Purpose
- 3 Logic
- 4 Configuration parameters
- 5 Dictionaries
- 6 Input parameters
- 7 Request structure
- 8 Headers
- 9 Request data validation
- 10 Processing
- 10.1 Save object to DB
- 11 Response structure examples
- 12 HTTP status codes
- 13 Post-processing processes
- 14 Technical modules where the method is used
Properties of a REST API method document
Document type | Метод REST API |
|---|---|
Document title | [Document status] REST API [Назва методу] [ID методу] |
Guideline ID | GUI-0011 |
Author | @ |
Document version | 1 |
Document status | DRAFT |
Date of creation | ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD) |
Date of update | ХХ.ХХ.ХХХХ (дата зміни версії) |
Method API ID | API-005-007-004-0124 |
Microservices (namespace) | IL |
Component | Employees |
Component ID | COM-005-007 |
Link на API-специфікацію | |
Resource | {{host}}/api/employee_roles |
Scope | employee_role:write |
Protocol type | REST |
Request type | POST |
Sync/Async | Sync |
Public/Private | Public |
Purpose
This method allows to add a role to an employee according to the type of medical service for which the role is being added.
Logic
Only authenticated and authorized user can use this service
Employee role must be valid and consistent, i.e. all "foreign keys" must be valid
It can be only one active employee_role for the single employee and healthcare service
Configuration parameters
Description of the configuration parameters that are used when processing a request in the system
Dictionaries
Provides a list of links to dictionaries that are available in Confluence
Input parameters
Input parameter | Mandatory | Type | Description | Example | |
|---|---|---|---|---|---|
| 1 |
|
|
|
|
|
| 2 |
|
|
|
|
|
Request structure
See on API-specification
Headers
Key | Value | Mandatory | Description | Example | |
|---|---|---|---|---|---|
| 1 | Content-Type | application/json | M | Тип контенту | Content-Type:application/json |
| 2 | Authorization | Bearer c2778f3064753ea70de870a53795f5c9 | M | Перевірка користувача | Authorization:Bearer c2778f3064753ea70de870a53795f5c9 |
| 3 | api-key | uXhEczJ56adsfh3Ri9SUkc4en |
|
| api-key:uXhEczJ56adsfh3Ri9SUkc4en |
Request data validation
Authorize
Verify the validity of access token
return 401 in case validation fails
Check scopes in order to perform this action (scope = 'employee_role:write')
return 403 in case invalid scope(s)
If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
in case not match - return 403 ("Access denied. Party is not verified")
Validate request
Validate request using JSON schema
Validate legal entity
Check that legal entity is active (status = ACTIVE, SUSPENDED)
Extract client_id from token (token.client_id == legal_entity_id)
Check legal entity status (status = ACTIVE, SUSPENDED)
In case of error - return 409 (Legal entity must be ACTIVE or SUSPENDED)
Validate FK
Validate healthcare_service_id - healthcare service exists and is_active = true
Return 422 in case validation fails
Validate employee_id - employee exists and is_active = true
Return 422 in case validation fails
Validate constraint
It can be only one active employee_role for the single employee and healthcare service
Check that there is no another active record (status = ACTIVE) with the same employee and healthcare service
Return 409 (Duplicated employee role for this employee and healthcare service) in case such pair exists
Validate healthcare service
Check that healthcare service belongs to the same legal entity as the user and healthcare service is active
Extract client_id from token (token.client_id == legal_entity_id)
Validate legal entity on healthcare service
Check healthcare service status (status = ACTIVE)
Validate employee and its specialization
Check that employee belongs to the same legal entity as the user, employee is active and has the same specializations as the healthcare service
Extract client_id from token (token.client_id == legal_entity_id)
Validate legal entity on employee service
Check employee status (status = APPROVED)
Validate specialization on employee (where specialities.speciality_officio = true) and healthcare service
Processing
Save object to DB
Parameter | Source | Description |
|---|---|---|
id | UUID | Autogenerated |
start_date | Timestamp: now() | Get current date-time |
status | Const: ACTIVE | By default ACTIVE for new records |
is_active | Const: TRUE | Always TRUE for new records |
inserted_at | Timestamp: now() | Get current date-time |
inserted_by | Token: user_id | Extract user from token |
updated_at | Timestamp: now() | Get current date-time |
updated_by | Token: user_id | Extract user from token |
Response structure examples
See on API-specification
HTTP status codes
Response code | HTTP Status code | Message | Internal name | Description | |
|---|---|---|---|---|---|
| 1 | Базові | ||||
| 2 |
| 201 | Response |
|
|
| 3 |
| 401 | Invalid access token |
|
|
| 4 |
| 403 | Access denied. Party is not verified |
|
|
| 5 |
| 403 | Invalid scope(s) |
|
|
| 6 |
| 409 | Legal entity must be ACTIVE or SUSPENDED |
|
|
| 7 |
| 409 | Validation failed |
|
|
| 8 |
| 422 | Validation failed |
|
|
| 9 | Специфічні | ||||
| 10 |
|
|
|
|
|
Post-processing processes
Description of actions performed on data after processing
Technical modules where the method is used
List of pages describing technical modules where the method is used
ЕСОЗ - публічна документація