Ihre Meinung macht den Unterschied
Jetzt Feedback zum gematik Fachportal geben!
Unterstützen Sie uns dabei, das gematik Fachportal weiter zu verbessern.
Was funktioniert gut? Wo sehen Sie Optimierungsbedarf? Nehmen Sie sich einen Moment Zeit und bringen Sie Ihre Perspektive ein.
C_12623_Anlage_V1.0.0
Prereleases:
C_12623_Anlage
Änderung in IG ePA Basisfunktionlitäten - Audit Event Service - Belegung der Protokolldaten
Ergänzung der Anforderung:IG-EPA27775LWU - Constraint Management - Protokolleinträge für Zugriffe auf das Constraint Management
folgendes wurde nach Abstimmung noch:
In der Spalte "Erläuterung" der Zeile "AuditEvent.entity.detail" wird folgender Text eingefügt:
"Bei gleichzeitiger Verarbeitung von mehr als einem Eintrag (Batch-Operation), ist pro Eintrag ein "detail"-Element anzulegen"
durch folgendes ersetzt:
Es wird eine neue Zeile zwischen .action und .entity.name eingefügt
| AuditEvent.entity | Pro geändertem Eintrag der General Deny Policy ist ein entity-Element anzulegen, bei gleichzeitiger Verarbeitung von mehr als einem Eintrag (Batch-Operation) sind entsprechend mehrere entity-Einträge zu verwenden. Die Befüllung für entity.name und entity.description muss bei Verwendung von mehreren entity-Elementen gleich sein.
|
zusätzlich die lila markierten Stellen weiter unten
Änderung in I_Constraint_Management_Insurant.yaml
Ergänzung der Operationen batchSetDenyPolicyAssignment und batchDeleteDenyPolicyAssignment
// Operationen
/epa/xds-document/api/v1/constraints/batch-set:
post:
tags:
- ConstraintManagement
operationId: batchSetDenyPolicyAssignment
summary: (batchSetDenyPolicyAssignment) set one or more new deny policy assignment
description: |
Set one or more new assignment for the general deny policy.</br>
This operation is limited to entitled users of role oid_versicherter.
**Client**:</br>
A client shall set assignments for existing resources only.</br>
A client shall set assignments _folder_ for dynamic folders only (static
folders are assigned via _category_ only).</br>
A client shall not set assignments _document_ for a restricted category/folder.
A client shall set assignments for content of the XDS document service only.
A client shall not set assignments _document_ for staticfolder "technical".
A client may set assignments for several resources in a single request, e.g. to add
a document and its appendencies or to add a list of categories.
**Provider**:</br>
Each new assignment shall be:</br>
- a _category_ entry addressed by a technical identifier string (e.g. 'vaccination'), or</br>
- a _folder_ entry addressed by folder.EntryUUID (urn-encoded uuid), or</br>
- a _document_ entry addressed by an identifier 'uniqueID^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId' as
used in documentEntry.referenceIdList of the document.
The category "emp" shall not be hidden, neither shall single documents of this category be hidden.
The static folder (or category) "technical" shall not be hidden, neither shall single documents of this folder be hidden.
Assignment requests for these categories/folders or documents of such category/folder shall be rejected.
Each new valid assigment shall be extended by a uuid (assignmentId) for identification
by the server. This uuid shall be unique in context of deny policies for the health record.
A request may contain several assignments of the same or of different types at a time. A successful operation
result requires all contained assignments to be valid. At least one invalid assignment provided leads to abortion
of the operation with no assignment provided applied to the general deny policy at all.
The operation response shall be:
- status code '201' and a list of all requested assignments in case of success
- status code '422' and a list of the failed requested assignments including an error code (not listed
but requested assignments are rated as valid but are not added to the general deny policy).
- a status code other than '201' or '422' and an indicating error code if the whole request is rejected in general
| Conditions for http status code| Status code | Error code | Remarks |
|--------------------------------|-------------|------------|---------|
| Successful operation | 201 |||
| Request does not match schema | 400 | malformedRequest ||
| Requestor not authorized | 403 | invalAuth | no user session with valid ID-Token available |
| Requestor has no valid entitlement | 403 | notEntitled ||
| Requestor role is not _oid_versicherter_ | 403 | invalidOid ||
| Device registration does not exist | 403 | unregisteredDevice ||
| Health record does not exist (UNKNOWN) or is in state INITIALIZED | 404 | noHealthRecord | |
| Health record is in state SUSPENDED or INACCESSIBLE| 409 | statusMismatch | (see 'Retry interval') |
| Unsuccessful operation with partial errors| 422 | partialFail | see _Conditions for response_ table below |
| Any other error | 500 | internalError | (see 'Retry interval') |
<br/>
| Conditions for response error code | Error code | Remarks |
|------------------------------------|------------|---------|
| An addressed _document_ is part of category "emp" or "technical"| invalidResource ||
| An addressed _document_, _category_ or _folder_ does not exist | noResource | for _category_: any category not enumerated |
| An addressed _folder_ is not of type _dynamic_ | requestMismatch ||
| An addressed _document_ is part of a restricted category or folder | requestMismatch ||
</br>
| Postconditions | Remarks |
|---------------------------------------|---------|
| The policy assignments are extended with an assignmentId and stored in SecureDataStorage ||
| A log-entry for the operation exists | all operation results |
| The raw-data of the operation is collected and associated to _useragent_ | for any operation result according to gemSpec_Perf UC_B4.x |
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/DenyPolicyAssignmentType'
minItems: 1
maxItems: 25
examples:
AssignmentsOk1:
$ref: '#/components/examples/Add_three_documents'
AssignmentsOk2:
$ref: '#/components/examples/Add_two_categories_and_one_folder'
AssignmentsFail1:
$ref: '#/components/examples/Failed_add_three_documents'
AssignmentsFail2:
$ref: '#/components/examples/Failed_add_two_categories_with_unsupported_id_and_document_in_technical_folder'
responses:
'201':
description: Created
headers:
X-Request-ID:
$ref: '#/components/headers/requestid'
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
allOf:
- $ref: '#/components/schemas/DenyPolicyAssignmentResponseType'
minItems: 1
examples:
ResponseAssignmentsOk1:
$ref: '#/components/examples/Response_add_three_documents'
ResponseAssignmentsOk2:
$ref: '#/components/examples/Response_add_two_categories_and_one_folder'
'400':
$ref: '#/components/responses/Error400BadRequest'
'403':
$ref: '#/components/responses/Error403Forbidden'
'404':
$ref: '#/components/responses/Error404NotFound'
'409':
$ref: '#/components/responses/Error409Conflict'
'422':
description: Unprocessable Entity with error details about the failed requested assignments
headers:
X-Request-ID:
$ref: '#/components/headers/requestid'
content:
application/json:
schema:
type: object
properties:
data:
type: object
properties:
data:
type: array
items:
allOf:
- $ref: '#/components/schemas/DenyPolicyAssignmentResponseTypeFail'
minItems: 1
examples:
ResponseAssignmentsFail1:
$ref: '#/components/examples/Failed_response_add_three_documents'
ResponseAssignmentsFail2:
$ref: '#/components/examples/Failed_response_add_two_categories_with_unsupported_id_and_document_in_technical_folder'
'500':
$ref: '#/components/responses/Error500InternalError'
/epa/xds-document/api/v1/constraints/batch-delete:
parameters:
- $ref: '#/components/parameters/insurantid'
- $ref: '#/components/parameters/useragent'
- $ref: '#/components/parameters/requestid'
post:
tags:
- ConstraintManagement
operationId: batchDeleteDenyPolicyAssignment
summary: (batchDeleteDenyPolicyAssignment) delete one or more deny policy assignment
description: |
Delete one or more existing assignment of the general deny policy.</br>
This operation is limited to entitled users of role oid_versicherter.
**Client**:</br>
no recommendations.
**Provider**:</br>
All addressed assignments shall be removed from the general deny policy.
A successful operation result requires all provided assignments to be valid (i.e. assignmentid exists).
At least one invalid assignment provided leads to abortion of the operation with non of the assignments deleted.
The operation response is:
- Status code '204' if all addressed assignments are deleted
- Status code '422' and a list of the failed requested assignments including an error code (not listed
but requested assignments are acceptable for deletion but not yet deleted)
- Status code other than '204' or '422' and an indicating error code if the whole request is rejected in general.
| Conditions | Status code | Error code | Remarks |
|------------|-------------|------------|---------|
| Successful operation | 204 |||
| Request does not match schema | 400 | malformedRequest ||
| Requestor not authorized | 403 | invalAuth | no user session with valid ID-Token available |
| Requestor has no valid entitlement | 403 | notEntitled ||
| Device registration does not exist | 403 | unregisteredDevice ||
| Requestor role is not _oid_versicherter_ | 403 | invalidOid ||
| Health record does not exist (UNKNOWN) or is in state INITIALIZED | 404 | noHealthRecord | |
| Health record is in state SUSPENDED or INACCESSIBLE| 409 | statusMismatch | (see 'Retry interval') |
| Unsuccessful operation with partial errors| 422 | partialFail | see _Conditions for response_ table below |
| Any other error | 500 | internalError | (see 'Retry interval') |
<br/>
| Conditions for response error code | Error code | Remarks |
|------------------------------------|------------|---------|
| Assignment (_assignmentid_) does not exist | noResource ||
</br>
| Postconditions | Remarks |
|---------------------------------------|---------|
| The addressed assignments are removed from the general deny policy | successful operation only |
| A log-entry for the operation exists | all operation results |
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/DenyPolicyAssignmentDeleteType'
minItems: 1
maxItems: 25
examples:
DeleteOk1:
$ref: '#/components/examples/Delete_three_documents'
responses:
'422':
description: Unprocessable Entity with error details about the failed requested deletions
headers:
X-Request-ID:
$ref: '#/components/headers/requestid'
content:
application/json:
schema:
type: object
properties:
data:
type: object
properties:
data:
type: array
items:
allOf:
- $ref: '#/components/schemas/DenyPolicyAssignmentDeleteResponseTypeFail'
minItems: 1
examples:
DeleteFail1:
$ref: '#/components/examples/Failed_response_delete_three_documents'
'204':
description: OK. Assignment deleted
'400':
$ref: '#/components/responses/Error400BadRequest'
'403':
$ref: '#/components/responses/Error403Forbidden'
'404':
$ref: '#/components/responses/Error404NotFound'
'409':
$ref: '#/components/responses/Error409Conflict'
'500':
$ref: '#/components/responses/Error500InternalError'
// Schema
DenyPolicyAssignmentDeleteType:
description: Basic type for deny policy assignment deletion.
type: object
properties:
assignmentId:
allOf:
- $ref: '#/components/schemas/AssignmentIdType'
description: unique identifier of a particular deny policy assignment
DenyPolicyAssignmentDeleteResponseTypeFail:
description: Basic type for a deny policy assignment deletion error response.
allOf:
- type: object
properties:
errorCode:
allOf:
- $ref: '#/components/schemas/ErrorResponseType'
- type: object
properties:
assignmentId:
allOf:
- $ref: '#/components/schemas/AssignmentIdType'
DenyPolicyAssignmentResponseTypeFail:
description: Basic type for a deny policy assignment error response.
allOf:
- type: object
properties:
errorCode:
allOf:
- $ref: '#/components/schemas/ErrorResponseType'
- $ref: '#/components/schemas/DenyPolicyAssignmentType'
// Beispiele
Delete_three_documents:
summary: Delete three different assignments
value:
data:
- assignmentId: fa1d1e42-4e6f-4640-9ffd-c2409924ddc7
- assignmentId: e4bf557f-03fc-4c85-a9c3-3a33b1a144f0
- assignmentId: 5496c3bd-712f-457b-ba14-c05dfbf3755e
Failed_response_delete_three_documents:
summary: Response for attempt to delete several assignments with two assignments not existing
value:
data:
- errorCode: noResource
assignmentId: e4bf557f-03fc-4c85-a9c3-3a33b1a144f0
- errorCode: noResource
assignmentId: e4bf557f-03fc-4c85-a9c3-c05dfbf3755e
Add_three_documents:
summary: Assign three different documents
value:
data:
- for: document
parameters:
rootDocumentId: urn:uuid:0f70653d-d5f4-46f0-99e1-b6af92eea2b6^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
- for: document
parameters:
rootDocumentId: urn:uuid:b8e83cb1-0c92-4289-af78-241d57455116^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
- for: document
parameters:
rootDocumentId: urn:uuid:1c3dc2c9-0433-4e35-88c4-1cb78e2128cd^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
Response_add_three_documents:
summary: Response for assignment of three different documents
value:
data:
- assignmentId: fa1d1e42-4e6f-4640-9ffd-c2409924ddc7
for: document
parameters:
rootDocumentId: urn:uuid:0f70653d-d5f4-46f0-99e1-b6af92eea2b6^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
- assignmentId: e4bf557f-03fc-4c85-a9c3-3a33b1a144f0
for: document
parameters:
rootDocumentId: urn:uuid:b8e83cb1-0c92-4289-af78-241d57455116^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
- assignmentId: 5496c3bd-712f-457b-ba14-c05dfbf3755e
for: document
parameters:
rootDocumentId: urn:uuid:1c3dc2c9-0433-4e35-88c4-1cb78e2128cd^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
Add_two_categories_and_one_folder:
summary: Assign two categories and a folder (e.g. a particular diga folder)
value:
data:
- for: category
parameters:
categoryId: vaccination
- for: category
parameters:
categoryId: eau
- for: folder
parameters:
folderUUID: urn:uuid:09cf5b85-51e3-4d33-bd54-fa3046122746
Response_add_two_categories_and_one_folder:
summary: Response for assignment of two categories and a folder (e.g. a particular diga folder)
value:
data:
- assignmentId: 9186b3a8-ac19-4fd5-b4b5-8e3481e07c72
for: category
parameters:
categoryId: vaccination
- assignmentId: 21d1a52a-d54c-4eda-b1fa-20ffd851841a
for: category
parameters:
categoryId: eau
- assignmentId: 58cf093e-2cc2-4c38-80e8-c4ef83d9ea08
for: folder
parameters:
folderUUID: urn:uuid:09cf5b85-51e3-4d33-bd54-fa3046122746
Failed_add_three_documents:
summary: Attempt to assign three different documents with document no.2 not existing
value:
data:
- for: document
parameters:
rootDocumentId: urn:uuid:0f70653d-d5f4-46f0-99e1-b6af92eea2b6^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
- for: document
parameters:
rootDocumentId: urn:uuid:d3e61237-942a-4956-b8fd-95880030e90b^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
- for: document
parameters:
rootDocumentId: urn:uuid:1c3dc2c9-0433-4e35-88c4-1cb78e2128cd^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
Failed_response_add_three_documents:
summary: Response for attempt to assign three different documents with document no.2 not existing
value:
data:
- errorCode: noResource
for: document
parameters:
rootDocumentId: urn:uuid:d3e61237-942a-4956-b8fd-95880030e90b^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
Failed_add_two_categories_with_unsupported_id_and_document_in_technical_folder:
summary: Attempt to assign two categories providing an unsupported id and a document located in technical folder
value:
data:
- for: category
parameters:
categoryId: technical
- for: document
parameters:
rootDocumentId: urn:uuid:a3b3b6b4-9b24-44c1-850a-82ab0f118849^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId
- for: category
parameters:
category: an-invalid-category-id
Failed_response_add_two_categories_with_unsupported_id_and_document_in_technical_folder:
summary: Response for attempt to assign two categories providing an unsupported id and a document located in technical folder
value:
data:
- errorCode: noResource
for: category
parameters:
categoryId: technical
- errorCode: noResource
for: category
parameters:
categoryId: an-invalid-category-id
- errorCode: invalidResource
for: document
parameters:
rootDocumentId: urn:uuid:a3b3b6b4-9b24-44c1-850a-82ab0f118849^^^^urn:gematik:iti:xds:2023:rootDocumentUniqueId