diff --git a/karate-tests/src/test/java/mocks/sandbox/patch-patient.js b/karate-tests/src/test/java/mocks/sandbox/patch-patient.js index d7ba69454..9b41f37d1 100644 --- a/karate-tests/src/test/java/mocks/sandbox/patch-patient.js +++ b/karate-tests/src/test/java/mocks/sandbox/patch-patient.js @@ -141,6 +141,16 @@ function patchPatient (originalPatient, request) { updatedPatient.name.splice(1, 1) } } + + if (patch.op === 'remove' && patch.path === '/name/0') { + if (patch.value.use === 'usual') { + forbiddenUpdate = 'Forbidden update with error - not permitted to remove usual name' + } + } + + if (patch.op === 'remove' && patch.path === '/birthDate') { + forbiddenUpdate = 'Forbidden update with error - source not permitted to remove \'birthDate\'' + } // these specific error scenarios for update errors should be reviewed in SPINEDEM-2695 if (patch.op === 'replace' && patch.path === '/address/0/line/0' && patch.value === '2 Whitehall Quay') { updateErrors.push('Invalid update with error - no id or url found for path with root /address/0') diff --git a/karate-tests/src/test/java/mocks/sandbox/stubs.js b/karate-tests/src/test/java/mocks/sandbox/stubs.js index 7d6315c23..3c1740a62 100644 --- a/karate-tests/src/test/java/mocks/sandbox/stubs.js +++ b/karate-tests/src/test/java/mocks/sandbox/stubs.js @@ -41,5 +41,6 @@ session.patients = session.patients || { 9000000009: context.read('classpath:mocks/stubs/patientResponses/patient_9000000009.json'), 9000000025: context.read('classpath:mocks/stubs/patientResponses/patient_9000000025.json'), 9000000033: context.read('classpath:mocks/stubs/patientResponses/patient_9000000033.json'), - 9693632109: context.read('classpath:mocks/stubs/patientResponses/patient_9693632109.json') + 9693632109: context.read('classpath:mocks/stubs/patientResponses/patient_9693632109.json'), + 9733162043: context.read('classpath:mocks/stubs/patientResponses/patient_9733162043.json') } diff --git a/karate-tests/src/test/java/mocks/stubs/patientResponses/patient_9733162043.json b/karate-tests/src/test/java/mocks/stubs/patientResponses/patient_9733162043.json new file mode 100644 index 000000000..9c234087c --- /dev/null +++ b/karate-tests/src/test/java/mocks/stubs/patientResponses/patient_9733162043.json @@ -0,0 +1,85 @@ +{ + "address": [ + { + "id": "oVBjQ", + "line": [ + "2 GRANGE LANE NURSERY", + "SCUNTHORPE", + "S HUMBERSIDE" + ], + "period": { + "start": "2010-11-23" + }, + "postalCode": "DN16 3BA", + "use": "home" + } + ], + "birthDate": "1955-05-27", + "gender": "male", + "generalPractitioner": [ + { + "id": "DiHBk", + "identifier": { + "period": { + "start": "1957-06-13" + }, + "system": "https://fhir.nhs.uk/Id/ods-organization-code", + "value": "A20047" + }, + "type": "Organization" + } + ], + "id": "9733162043", + "identifier": [ + { + "extension": [ + { + "url": "https://fhir.hl7.org.uk/StructureDefinition/Extension-UKCore-NHSNumberVerificationStatus", + "valueCodeableConcept": { + "coding": [ + { + "code": "01", + "display": "Number present and verified", + "system": "https://fhir.hl7.org.uk/CodeSystem/UKCore-NHSNumberVerificationStatus", + "version": "1.0.0" + } + ] + } + } + ], + "system": "https://fhir.nhs.uk/Id/nhs-number", + "value": "9733162043" + } + ], + "meta": { + "security": [ + { + "code": "U", + "display": "unrestricted", + "system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality" + } + ], + "versionId": "2" + }, + "name": [ + { + "family": "KILLEN", + "given": [ + "Dean", + "Roger" + ], + "id": "WzHTW", + "period": { + "start": "1985-01-22" + }, + "prefix": [ + "MR" + ], + "suffix": [ + "PhD" + ], + "use": "usual" + } + ], + "resourceType": "Patient" +} \ No newline at end of file diff --git a/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientByNHSNumber.feature b/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientByNHSNumber.feature index bbb967c0b..d7e3a62b4 100644 --- a/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientByNHSNumber.feature +++ b/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientByNHSNumber.feature @@ -59,3 +59,11 @@ Scenario: Get a "restricted" (sensitive) patient "system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality" } """ + + Scenario: Get an "invalid" patient + * def nhsNumber = '9000000000' + * def expectedBody = read('classpath:mocks/stubs/errorResponses/INVALID_RESOURCE_ID.json') + * path 'Patient', nhsNumber + * method get + * status 400 + * match response == expectedBody diff --git a/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientRelatedPerson.feature b/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientRelatedPerson.feature index f81d2eac1..9721fe426 100644 --- a/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientRelatedPerson.feature +++ b/karate-tests/src/test/java/patients/healthcareWorker/getPatientDetails/getPatientRelatedPerson.feature @@ -38,10 +38,8 @@ Scenario: Patient has one related person (INT smoke test) * match response == RelatedPersonSearchBundle * match response.total == 1 - -@sandbox-only Scenario: Patient has more than one related person - * def nhsNumber = '9000000009' + * def nhsNumber = karate.env == 'mock' ? '9000000009' : '9733162264' * path 'Patient', nhsNumber, 'RelatedPerson' * method get * status 200 diff --git a/karate-tests/src/test/java/patients/healthcareWorker/updatePatientDetails/replace.feature b/karate-tests/src/test/java/patients/healthcareWorker/updatePatientDetails/replace.feature index 9dd1db895..4e5836bfc 100644 --- a/karate-tests/src/test/java/patients/healthcareWorker/updatePatientDetails/replace.feature +++ b/karate-tests/src/test/java/patients/healthcareWorker/updatePatientDetails/replace.feature @@ -226,4 +226,72 @@ Feature: Patch patient - Replace data * status 400 * def display = 'Patient cannot perform this action' * def diagnostics = "Invalid update with error - interpreterRequired cannot be removed" - * match response == read('classpath:mocks/stubs/errorResponses/INVALID_UPDATE.json') \ No newline at end of file + * match response == read('classpath:mocks/stubs/errorResponses/INVALID_UPDATE.json') + +Scenario: Healthcare worker can't remove usual name and DOB + * def expectedResponse = read('classpath:mocks/stubs/errorResponses/FORBIDDEN_UPDATE.json') + * def nhsNumber = '9733162043' + * configure headers = call read('classpath:auth/auth-headers.js') + * path 'Patient', nhsNumber + * method get + * status 200 + * def originalVersion = parseInt(response.meta.versionId) + * def usualNameIndex = response.name.findIndex(x => x.use == 'usual') + * def pathToUsualName = "/name/"+ usualNameIndex + * def usualNameDetails = response.name.find(x => x.use == 'usual') + * def birthDateValue = response.birthDate + * def etag = karate.response.header('etag') + # remove usual name + * def diagnostics = "Forbidden update with error - not permitted to remove usual name" + * configure headers = call read('classpath:auth/auth-headers.js') + * header Content-Type = "application/json-patch+json" + * header If-Match = etag + * path 'Patient', nhsNumber + + * def patchRequest = + """ + { + "patches": [ + { + "op": "test", + "path": "#(pathToUsualName)", + "value":"#(usualNameDetails)" + }, + { + "op": "remove", + "path": "#(pathToUsualName)" + } + ] + } + """ + * request patchRequest + * method patch + * status 403 + * match response == expectedResponse + # remove date of birth + * def diagnostics = "Forbidden update with error - source not permitted to remove 'birthDate'" + * configure headers = call read('classpath:auth/auth-headers.js') + * header Content-Type = "application/json-patch+json" + * header If-Match = etag + * path 'Patient', nhsNumber + + * def patchRequest = + """ + { + "patches": [ + { + "op": "test", + "path": "/birthDate", + "value":"#(birthDateValue)" + }, + { + "op": "remove", + "path": "/birthDate" + } + ] + } + """ + * request patchRequest + * method patch + * status 403 + * match response == expectedResponse \ No newline at end of file