Skip to content

Commit 2caf29a

Browse files
sandyforresternhssandyforresternhs
committed
NRL-1949 Address pr comments
1 parent 2762827 commit 2caf29a

2 files changed

Lines changed: 76 additions & 7 deletions

File tree

scripts/get_s3_permissions.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,8 @@ def add_feature_test_files(local_path):
7474
(
7575
"z00z-y11y-x22x",
7676
"RX898",
77-
[PointerTypes.MENTAL_HEALTH_PLAN.value],
78-
), # http://snomed.info/sct|736253002
77+
[PointerTypes.EOL_CARE_PLAN.value],
78+
), # http://snomed.info/sct|736373009
7979
],
8080
}
8181
[

tests/features/producer/v2-permissions-by-pointer-type.feature

Lines changed: 74 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ Feature: Producer v2 permissions by pointer type - Success and Failure Scenarios
1212
| property | value |
1313
| subject | 9278693472 |
1414
| status | current |
15-
| type | 736253002 |
15+
| type | 736373009 |
1616
| category | 734163000 |
1717
| custodian | RX898 |
1818
| author | HAR1 |
@@ -40,6 +40,18 @@ Feature: Producer v2 permissions by pointer type - Success and Failure Scenarios
4040
And the response has a Location header
4141
And the Location header starts with '/DocumentReference/RX898-'
4242
And the resource in the Location header exists with values:
43+
| property | value |
44+
| subject | 9278693472 |
45+
| status | current |
46+
| type | 736373009 |
47+
| category | 734163000 |
48+
| custodian | RX898 |
49+
| author | HAR1 |
50+
| url | https://example.org/my-doc.pdf |
51+
| practiceSetting | 788002001 |
52+
53+
Scenario: V2 Permissions with no access for pointer type - createDocumentReference
54+
When producer v2 'RX898' creates a DocumentReference with values:
4355
| property | value |
4456
| subject | 9278693472 |
4557
| status | current |
@@ -49,14 +61,36 @@ Feature: Producer v2 permissions by pointer type - Success and Failure Scenarios
4961
| author | HAR1 |
5062
| url | https://example.org/my-doc.pdf |
5163
| practiceSetting | 788002001 |
64+
Then the response status code is 403
65+
And the response is an OperationOutcome with 1 issue
66+
And the OperationOutcome contains the issue:
67+
"""
68+
{
69+
"severity": "error",
70+
"code": "forbidden",
71+
"details": {
72+
"coding": [
73+
{
74+
"system": "https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode",
75+
"code": "AUTHOR_CREDENTIALS_ERROR",
76+
"display": "Author credentials error"
77+
}
78+
]
79+
},
80+
"diagnostics": "The type of the provided DocumentReference is not in the list of allowed types for this organisation",
81+
"expression": [
82+
"type.coding[0].code"
83+
]
84+
}
85+
"""
5286

5387
Scenario: V2 Permissions with access for pointer type - deleteDocumentReference
5488
Given a DocumentReference resource exists with values
5589
| property | value |
5690
| id | RX898-111-DeleteDocRefTest1 |
5791
| subject | 9278693472 |
5892
| status | current |
59-
| type | 736253002 |
93+
| type | 736373009 |
6094
| category | 734163000 |
6195
| contentType | application/pdf |
6296
| url | https://example.org/my-doc.pdf |
@@ -82,15 +116,15 @@ Feature: Producer v2 permissions by pointer type - Success and Failure Scenarios
82116
"diagnostics": "The requested DocumentReference has been deleted"
83117
}
84118
"""
85-
And the resource with id 'DK94-111-DeleteDocRefTest1' does not exist
119+
And the resource with id 'RX898-111-DeleteDocRefTest1' does not exist
86120

87121
Scenario: V2 Permissions with no access for pointer type - searchDocumentReference
88122
Given a DocumentReference resource exists with values:
89123
| property | value |
90124
| id | RX898-1111111111-SearchNHSDocRefTest1 |
91125
| subject | 9999999999 |
92126
| status | current |
93-
| type | 736253002 |
127+
| type | 736373009 |
94128
| category | 734163000 |
95129
| contentType | application/pdf |
96130
| url | https://example.org/my-doc.pdf |
@@ -119,10 +153,45 @@ Feature: Producer v2 permissions by pointer type - Success and Failure Scenarios
119153
| id | RX898-1111111111-SearchNHSDocRefTest1 |
120154
| subject | 9999999999 |
121155
| status | current |
122-
| type | 736253002 |
156+
| type | 736373009 |
123157
| category | 734163000 |
124158
| contentType | application/pdf |
125159
| url | https://example.org/my-doc.pdf |
126160
| custodian | RX898 |
127161
| author | X26 |
128162
And the Bundle does not contain a DocumentReference with ID 'SG4-1111111111-SearchNHSDocRefTest3'
163+
164+
Scenario: V2 Permissions with no access for org - searchDocumentReference
165+
Given a DocumentReference resource exists with values:
166+
| property | value |
167+
| id | RX898-1111111111-SearchNHSDocRefTest1 |
168+
| subject | 9999999999 |
169+
| status | current |
170+
| type | 736373009 |
171+
| category | 734163000 |
172+
| contentType | application/pdf |
173+
| url | https://example.org/my-doc.pdf |
174+
| custodian | RX898 |
175+
| author | X26 |
176+
When producer v2 'N00RG1' searches for DocumentReferences with parameters:
177+
| parameter | value |
178+
| subject | 9999999999 |
179+
Then the response status code is 403
180+
And the response is an OperationOutcome with 1 issue
181+
And the OperationOutcome contains the issue:
182+
"""
183+
{
184+
"severity": "error",
185+
"code": "forbidden",
186+
"details": {
187+
"coding": [
188+
{
189+
"system": "https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode",
190+
"code": "ACCESS DENIED",
191+
"display": "Access has been denied to process this request"
192+
}
193+
]
194+
},
195+
"diagnostics": "Your organisation 'N00RG1' does not have permission to access this resource. Contact the onboarding team."
196+
}
197+
"""

0 commit comments

Comments
 (0)