NPA-4511: Sandbox for POST Consent (#147)

* NPA-4511: Updated Makefile to check consent endpoint schemas
* NPA-4511: Added sandbox data for post consent
* NPA-4511: Added post consent to validate workflow
* NPA-4511: Corrected paths in schema

Author: kamran-iqbal4-NHSD

.github/workflows/openapi-validate.yml

@@ -29,7 +29,33 @@ jobs:
 
       - name: Run Python script for all files
         run: |
-          make schema-consent
+          make schema-get-consent
+
+  POST_Consent:
+    name: POST Consent test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+
+      - name: Install Poetry
+        shell: bash
+        run: |
+          pipx install poetry==1.8.5
+
+      - name: Install Script Packages with Poetry
+        shell: bash
+        run: |
+          poetry install --all-extras
+
+      - name: Run Python script for all files
+        run: |
+          make schema-post-consent
 
   GET_RelatedPerson:
     name: GET Related Person test
@@ -83,7 +109,6 @@ jobs:
         run: |
           make schema-questionnaire
 
-
   Errors:
     name: Error schema test
     runs-on: ubuntu-latest

Makefile

@@ -22,7 +22,7 @@ lint:
 	find . -name '*.py' -not -path '**/.venv/*' | xargs poetry run flake8
 
 format:
-	find . -name '*.py' -not -path '**/.venv/*' -not -path './sandbox/api/constants.py' | xargs poetry run black --check
+	find . -name '*.py' -not -path '**/.venv/*' | xargs poetry run black --check --line-length 120
 
 #Removes build/ + dist/ directories
 clean:
@@ -91,18 +91,34 @@ RESET  := \033[0m
 
 
 schema-all:
-	make schema-consent \
+	make schema-get-consent \
+	schema-post-consent \
+	schema-patch-consent \
 	schema-related-person \
 	schema-questionnaire \
 	schema-errors
 
-schema-consent:
+schema-get-consent:
 	@for file in specification/examples/responses/GET_Consent/*.yaml; do \
 		echo "Processing $$file"; \
 		poetry run python scripts/validate_schema.py consent "$$(realpath $$file)"; \
 		echo -e "$(GREEN)Success!$(RESET)"; \
 	done
 
+schema-post-consent:
+	@for file in specification/examples/responses/POST_Consent/*.yaml; do \
+		echo "Processing $$file"; \
+		poetry run python scripts/validate_schema.py operationoutcome "$$(realpath $$file)"; \
+		echo -e "$(GREEN)Success!$(RESET)"; \
+	done
+
+schema-patch-consent:
+	@for file in specification/examples/responses/PATCH_Consent/*.yaml; do \
+		echo "Processing $$file"; \
+		poetry run python scripts/validate_schema.py operationoutcome "$$(realpath $$file)"; \
+		echo -e "$(GREEN)Success!$(RESET)"; \
+	done
+
 schema-related-person:
 	@for file in specification/examples/responses/GET_RelatedPerson/*.yaml; do \
 		echo "Processing $$file"; \

sandbox/Makefile

@@ -14,7 +14,7 @@ load-examples: # Load the examples from the specification (for local development
 	cp -r ../specification/examples/responses/ ./api/examples
 
 format: # Formats the code using black
-	poetry run black . --exclude ./api/constants.py
+	poetry run black . --line-length 120
 
 start: load-examples # Starts the Flask app (Don't use this in production)
 	poetry run flask --app api.app:app run -p 9000

sandbox/api/app.py

@@ -1,6 +1,5 @@
 from logging import INFO, basicConfig, getLogger
 from typing import Union
-
 from flask import Flask, request
 
 from .constants import (
@@ -13,18 +12,24 @@
     RELATED__VERIFY_RELATIONSHIP_25,
     RELATED__VERIFY_RELATIONSHIP_09_WITH_INCLUDE,
     RELATED__VERIFY_RELATIONSHIP_25_WITH_INCLUDE,
-    CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP,
-    CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP_INCLUDE_BOTH,
-    CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP,
-    CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP_INCLUDE_BOTH,
-    CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_BOTH,
-    CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PERFORMER,
-    CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PATIENT,
-    CONSENT__MULTIPLE_RELATIONSHIPS,
-    CONSENT__NO_RELATIONSHIPS,
-    CONSENT__FILTERED_RELATIONSHIPS_STATUS_ACTIVE,
-    CONSENT__FILTERED_RELATIONSHIPS_STATUS_INACTIVE,
-    CONSENT__FILTERED_RELATIONSHIPS_STATUS_PROPOSED_ACTIVE,
+    GET_CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP,
+    GET_CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP_INCLUDE_BOTH,
+    GET_CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP,
+    GET_CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP_INCLUDE_BOTH,
+    GET_CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_BOTH,
+    GET_CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PERFORMER,
+    GET_CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PATIENT,
+    GET_CONSENT__MULTIPLE_RELATIONSHIPS,
+    GET_CONSENT__NO_RELATIONSHIPS,
+    GET_CONSENT__FILTERED_RELATIONSHIPS_STATUS_ACTIVE,
+    GET_CONSENT__FILTERED_RELATIONSHIPS_STATUS_INACTIVE,
+    GET_CONSENT__FILTERED_RELATIONSHIPS_STATUS_PROPOSED_ACTIVE,
+    POST_CONSENT__SUCCESS,
+    POST_CONSENT__DUPLICATE_RELATIONSHIP_ERROR,
+    POST_CONSENT__INVALID_ACCESS_LEVEL_ERROR,
+    POST_CONSENT__INVALID_EVIDENCE_ERROR,
+    POST_CONSENT__INVALID_PATIENT_AGE_ERROR,
+    POST_CONSENT__PERFORMER_IDENTIFIER_ERROR,
 )
 from .utils import (
     check_for_empty,
@@ -41,6 +46,7 @@
 app = Flask(__name__)
 basicConfig(level=INFO, format="%(asctime)s - %(message)s")
 logger = getLogger(__name__)
+APP_BASE_PATH = "https://sandbox.api.service.nhs.uk/validated-relationships/FHIR/R4/Consent"
 COMMON_PATH = "FHIR/R4"
 
 
@@ -107,8 +113,8 @@ def get_related_persons() -> Union[dict, tuple]:
 
         raise ValueError("Invalid request")
 
-    except Exception as e:
-        logger.error(e)
+    except Exception:
+        logger.exception("GET related person failed")
         return generate_response_from_example(INTERNAL_SERVER_ERROR_EXAMPLE, 500)
 
 
@@ -122,8 +128,8 @@ def post_questionnaire_response() -> Union[dict, tuple]:
 
     try:
         return generate_response_from_example(QUESTIONNAIRE_RESPONSE__SUCCESS, 200)
-    except Exception as e:
-        logger.error(e)
+    except Exception:
+        logger.exception("POST questionnaire response failed")
         return generate_response_from_example(INTERNAL_SERVER_ERROR_EXAMPLE, 500)
 
 
@@ -147,40 +153,92 @@ def get_consent() -> Union[dict, tuple]:
         if performer_identifier == "9000000010":
             return check_for_consent_include_params(
                 _include,
-                CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP,
-                CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP_INCLUDE_BOTH,
+                GET_CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP,
+                GET_CONSENT__SINGLE_CONSENTING_ADULT_RELATIONSHIP_INCLUDE_BOTH,
             )
         # Single mother child relationship
         elif performer_identifier == "9000000019":
             return check_for_consent_include_params(
                 _include,
-                CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP,
-                CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP_INCLUDE_BOTH,
+                GET_CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP,
+                GET_CONSENT__SINGLE_MOTHER_CHILD_RELATIONSHIP_INCLUDE_BOTH,
             )
         # Filtering
         elif performer_identifier == "9000000017":
             return check_for_consent_filtering(
                 status,
                 _include,
-                CONSENT__FILTERED_RELATIONSHIPS_STATUS_ACTIVE,
-                CONSENT__FILTERED_RELATIONSHIPS_STATUS_INACTIVE,
-                CONSENT__FILTERED_RELATIONSHIPS_STATUS_PROPOSED_ACTIVE,
+                GET_CONSENT__FILTERED_RELATIONSHIPS_STATUS_ACTIVE,
+                GET_CONSENT__FILTERED_RELATIONSHIPS_STATUS_INACTIVE,
+                GET_CONSENT__FILTERED_RELATIONSHIPS_STATUS_PROPOSED_ACTIVE,
             )
         elif performer_identifier == "9000000022":
             return check_for_consent_include_params(
                 _include,
-                CONSENT__MULTIPLE_RELATIONSHIPS,
-                CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_BOTH,
-                CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PATIENT,
-                CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PERFORMER,
+                GET_CONSENT__MULTIPLE_RELATIONSHIPS,
+                GET_CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_BOTH,
+                GET_CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PATIENT,
+                GET_CONSENT__MULTIPLE_RELATIONSHIPS_INCLUDE_PERFORMER,
             )
         # No relationships
         elif performer_identifier == "9000000025":
-            return generate_response_from_example(CONSENT__NO_RELATIONSHIPS, 200)
+            return generate_response_from_example(GET_CONSENT__NO_RELATIONSHIPS, 200)
         else:
             logger.error("Performer identifier does not match examples")
             return generate_response_from_example(INVALIDATED_RESOURCE, 404)
 
-    except Exception as e:
-        logger.error(e)
+    except Exception:
+        logger.exception("GET Consent failed")
+        return generate_response_from_example(INTERNAL_SERVER_ERROR_EXAMPLE, 500)
+
+
+@app.route(f"/{COMMON_PATH}/Consent", methods=["POST"])
+def post_consent() -> Union[dict, tuple]:
+    """Sandbox API for POST /Consent
+
+    Returns:
+        Union[dict, tuple]: Response for POST /Consent
+    """
+    try:
+        logger.debug("Received request to POST consent")
+        # Validate body - beyond the scope of sandbox - assume body is valid for scenario
+        json = request.get_json()
+        patient_identifier = json["performer"][0]["identifier"]["value"]
+        response = None
+
+        # Successful parent-child proxy creation
+        # Successful adult-adult proxy creation
+        if patient_identifier == "9000000009" or patient_identifier == "9000000017":
+            header = {"location": f"{APP_BASE_PATH}/{patient_identifier}"}
+            response = generate_response_from_example(POST_CONSENT__SUCCESS, 201, headers=header)
+
+        # Invalid access level
+        elif patient_identifier == "9000000025":
+            response = generate_response_from_example(POST_CONSENT__INVALID_ACCESS_LEVEL_ERROR, 400)
+
+        # Missing required evidence
+        elif patient_identifier == "9000000033":
+            response = generate_response_from_example(POST_CONSENT__INVALID_EVIDENCE_ERROR, 422)
+
+        # Patient age validation failure
+        elif patient_identifier == "9000000041":
+            response = generate_response_from_example(POST_CONSENT__INVALID_PATIENT_AGE_ERROR, 422)
+
+        # Duplicate relationship
+        elif patient_identifier == "9000000049":
+            response = generate_response_from_example(POST_CONSENT__DUPLICATE_RELATIONSHIP_ERROR, 409)
+
+        # Invalid performer NHS number
+        elif patient_identifier == "9000000000":
+            response = generate_response_from_example(POST_CONSENT__PERFORMER_IDENTIFIER_ERROR, 400)
+
+        else:
+            # Out of scope errors
+            raise ValueError("Invalid Request")
+
+        return response
+
+    except Exception:
+        # Handle any general error
+        logger.exception("POST Consent failed")
         return generate_response_from_example(INTERNAL_SERVER_ERROR_EXAMPLE, 500)