@@ -66,11 +66,223 @@ Feature: Producer - createDocumentReference - Failure Scenarios
6666 # Then the response status code is 400
6767 Then the response is an OperationOutcome with 1 issue
6868
69+ # And the OperationOutcome contains the issue:
70+ # """
71+ # {
72+ # "severity": "error",
73+ # "code": "informational",
74+ # "details": {
75+ # "coding": [
76+ # {
77+ # "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
78+ # "code": "BAD_REQUEST",
79+ # "display": "Bad request"
80+ # }
81+ # ]
82+ # },
83+ # "diagnostics": "Invalid NHS number"
84+ # }
85+ # """
86+ Scenario : Invalid NHS number (valid number but wrong system)
87+ Given the application 'DataShare' (ID 'z00z-y11y-x22x' ) is registered to access the API
88+ And the organisation 'TSTCUS' is authorised to access pointer types:
89+ | system | value |
90+ | http ://snomed .info /sct | 736253002 |
91+ When producer 'TSTCUS' requests creation of a DocumentReference with default test values except 'subject' is:
92+ """
93+ "subject": {
94+ "identifier": {
95+ "system": "https://fhir.nhs.uk/Id/not-nhs-number",
96+ "value": "9999999999"
97+ }
98+ }
99+ """
100+ Then the response status code is 400
101+ And the response is an OperationOutcome with 1 issue
102+ And the OperationOutcome contains the issue:
103+ """
104+ {
105+ "severity": "error",
106+ "code": "invalid",
107+ "details": {
108+ "coding": [
109+ {
110+ "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
111+ "code": "INVALID_IDENTIFIER_SYSTEM",
112+ "display": "Invalid identifier system"
113+ }
114+ ]
115+ },
116+ "diagnostics": "Provided subject identifier system is not the NHS number system (expected 'https://fhir.nhs.uk/Id/nhs-number')",
117+ "expression": [
118+ "subject.identifier.system"
119+ ]
120+ }
121+ """
122+
123+ # Invalid document reference - invalid custodian ID
124+ # Invalid document reference - invalid relatesTo target
125+ # Invalid document reference - invalid producer ID in relatesTo target
126+ Scenario : Unauthorised supersede - target belongs to a different custodian
127+ Given the application 'DataShare' (ID 'z00z-y11y-x22x' ) is registered to access the API
128+ And the organisation 'ANGY1' is authorised to access pointer types:
129+ | system | value |
130+ | http ://snomed .info /sct | 736253002 |
131+ And a DocumentReference resource exists with values:
132+ | property | value |
133+ | id | N0TANGY -111 -UnauthSupersedeTest |
134+ | subject | 9278693472 |
135+ | status | current |
136+ | type | 736253002 |
137+ | category | 734163000 |
138+ | contentType | application /pdf |
139+ | url | https ://example .org /my -doc .pdf |
140+ | custodian | N0TANGY |
141+ When producer 'ANGY1' creates a DocumentReference with values:
142+ | property | value |
143+ | subject | 9278693472 |
144+ | status | current |
145+ | type | 736253002 |
146+ | category | 734163000 |
147+ | custodian | ANGY1 |
148+ | author | HAR1 |
149+ | url | https ://example .org /newdoc .pdf |
150+ | supercedes | N0TANGY -111 -UnauthSupersedeTest |
151+ Then the response status code is 400
152+ And the response is an OperationOutcome with 1 issue
153+ And the OperationOutcome contains the issue:
154+ """
155+ {
156+ "severity": "error",
157+ "code": "invalid",
158+ "details": {
159+ "coding": [
160+ {
161+ "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
162+ "code": "BAD_REQUEST",
163+ "display": "Bad request"
164+ }
165+ ]
166+ },
167+ "diagnostics": "The relatesTo target identifier value does not include the expected ODS code for this organisation",
168+ "expression": [
169+ "relatesTo[0].target.identifier.value"
170+ ]
171+ }
172+ """
173+ And the Document Reference 'N0TANGY-111-UnauthSupersedeTest' exists with values:
174+ | property | value |
175+ | id | N0TANGY -111 -UnauthSupersedeTest |
176+ | subject | 9278693472 |
177+ | status | current |
178+ | type | 736253002 |
179+ | category | 734163000 |
180+ | contentType | application /pdf |
181+ | url | https ://example .org /my -doc .pdf |
182+ | custodian | N0TANGY |
183+
184+ # Invalid document reference - superseded document reference not found
185+ # Invalid document reference - superseded document reference NHS number mismatch
186+ # Invalid document reference - superseded document reference pointer type mismatch
187+ # Credentials - no pointer types allowed
188+ Scenario : Producer lacks permissions to create any pointer types
189+ Given the application 'DataShare' (ID 'z00z-y11y-x22x' ) is registered to access the API
190+ And the organisation 'ANGY1' is authorised to access pointer types:
191+ | system | value |
192+ When producer 'ANGY1' creates a DocumentReference with values:
193+ | property | value |
194+ | subject | 9999999999 |
195+ | status | current |
196+ | type | 736253002 |
197+ | category | 734163000 |
198+ | custodian | ANGY1 |
199+ | author | HAR1 |
200+ | url | https ://example .org /my -doc .pdf |
201+ Then the response status code is 403
202+ And the response is an OperationOutcome with 1 issue
203+ And the OperationOutcome contains the issue:
204+ """
205+ {
206+ "severity": "error",
207+ "code": "forbidden",
208+ "details": {
209+ "coding": [
210+ {
211+ "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
212+ "code": "ACCESS DENIED",
213+ "display": "Access has been denied to process this request"
214+ }
215+ ]
216+ },
217+ "diagnostics": "Your organisation 'ANGY1' does not have permission to access this resource. Contact the onboarding team."
218+ }
219+ """
220+
221+ # Credentials - missing pointer type for create
222+ Scenario : Producer lacks the permission for the pointer type requested
223+ Given the application 'DataShare' (ID 'z00z-y11y-x22x' ) is registered to access the API
224+ And the organisation 'ANGY1' is authorised to access pointer types:
225+ | system | value |
226+ | http ://snomed .info /sct | 736253002 |
227+ When producer 'ANGY1' creates a DocumentReference with values:
228+ | property | value |
229+ | subject | 9999999999 |
230+ | status | current |
231+ | type | 1363501000000100 |
232+ | category | 734163000 |
233+ | custodian | ANGY1 |
234+ | author | HAR1 |
235+ | url | https ://example .org /my -doc .pdf |
236+ Then the response status code is 403
237+ And the response is an OperationOutcome with 1 issue
238+ And the OperationOutcome contains the issue:
239+ """
240+ {
241+ "severity": "error",
242+ "code": "forbidden",
243+ "details": {
244+ "coding": [
245+ {
246+ "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
247+ "code": "AUTHOR_CREDENTIALS_ERROR",
248+ "display": "Author credentials error"
249+ }
250+ ]
251+ },
252+ "diagnostics": "The type of the provided DocumentReference is not in the list of allowed types for this organisation",
253+ "expression": [
254+ "type.coding[0].code"
255+ ]
256+ }
257+ """
258+
259+ # Invalid document reference - invalid Type
260+ # NRL-769 Known issue: Type display is not validated
261+ # Scenario: Invalid type (valid code but wrong display value)
262+ # Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
263+ # And the organisation 'TSTCUS' is authorised to access pointer types:
264+ # | system | value |
265+ # | http://snomed.info/sct | 1363501000000100 |
266+ # | http://snomed.info/sct | 736253002 |
267+ # When producer 'TSTCUS' requests creation of a DocumentReference with default test values except 'type' is:
268+ # """
269+ # "type": {
270+ # "coding": [
271+ # {
272+ # "system": "http://snomed.info/sct",
273+ # "code": "736253002",
274+ # "display": "Emergency Healthcare Plan"
275+ # }
276+ # ]
277+ # }
278+ # """
279+ # Then the response status code is 400
280+ # And the response is an OperationOutcome with 1 issue
69281# And the OperationOutcome contains the issue:
70282# """
71283# {
72284# "severity": "error",
73- # "code": "informational ",
285+ # "code": "invalid ",
74286# "details": {
75287# "coding": [
76288# {
@@ -80,23 +292,58 @@ Feature: Producer - createDocumentReference - Failure Scenarios
80292# }
81293# ]
82294# },
83- # "diagnostics": "Invalid NHS number"
295+ # "diagnostics": "The display does not match the expected value for this type",
296+ # "expression": [
297+ # "type.coding.display"
298+ # ]
84299# }
85300# """
86- # Invalid document reference - invalid producer ID
87- # Invalid document reference - invalid custodian ID
88- # Invalid document reference - invalid relatesTo target
89- # Invalid document reference - invalid producer ID in relatesTo target
90- # Invalid document reference - superseded document reference not found
91- # Invalid document reference - superseded document reference NHS number mismatch
92- # Invalid document reference - superseded document reference pointer type mismatch
93- # Credentials - no pointer types allowed
94- # Credentials - missing pointer type for create
95- # Invalid document reference - missing type.coding
96301# Invalid document reference - empty content[0].attachment.url
97302# Invalid document reference - create another producers document
98- # Duplicate Document Reference - returns 409
99303# Invalid document reference - bad JSON
304+ # Invalid document reference - invalid status (NRL-476 to ensure only 'current' is accepted)
305+ # Scenario: Invalid document reference - invalid status
306+ # Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
307+ # And the organisation 'ANGY1' is authorised to access pointer types:
308+ # | system | value |
309+ # | http://snomed.info/sct | 736253002 |
310+ # When producer 'ANGY1' creates a DocumentReference with values:
311+ # | property | value |
312+ # | subject | 9999999999 |
313+ # | status | notarealStatus |
314+ # | type | 736253002 |
315+ # | category | 734163000 |
316+ # | custodian | ANGY1 |
317+ # | author | HAR1 |
318+ # | url | https://example.org/my-doc.pdf |
319+ # Then the response status code is 400
320+ # And the response is an OperationOutcome with 1 issue
321+ # And the OperationOutcome contains the issue:
322+ # """
323+ # {
324+ # "severity": "error",
325+ # "code": "forbidden",
326+ # "details": {
327+ # "coding": [
328+ # {
329+ # "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
330+ # "code": "AUTHOR_CREDENTIALS_ERROR",
331+ # "display": "Author credentials error"
332+ # }
333+ # ]
334+ # },
335+ # "diagnostics": "The type of the provided DocumentReference is not in the list of allowed types for this organisation",
336+ # "expression": [
337+ # "type.coding[0].code"
338+ # ]
339+ # }
340+ # """
341+ # Invalid document reference - invalid author (NRL-474)
342+ # Invalid document reference - invalid content (NRL-518)
343+ # Invalid document reference - invalid context.related for an SSP url
344+ # Invalid document reference - missing context.related for an SSP url
345+ # Invalid document reference - invalid context.practiceSetting (NRL-519)
346+ # Invalid document reference - invalid docStatus (NRL-477)
100347# Invalid document reference - duplicate keys
101348# Invalid document reference - duplicate relatesTo targets in URL
102349# Invalid document reference - supersede with duplicate error
0 commit comments