Versions Compared

Old Version 12

changes.mady.by.user Гліб Ущенко (Unlicensed)

Saved on

compared with

New Version 13

changes.mady.by.user Гліб Ущенко (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Table of Contents

...

Specification

  1. Get Service Requests list

  2. Get Service Request details

Validations

Authorization

  • Verify the validity of access token

    • Return (401, 'unauthorized') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'unauthorized')

  • Check user scopes in order to perform this action (scope = 'service_request:read')

    1. Return (403, 'invalid scopes') in case of invalid scope(s)

Validate data consistency

  • Ensure that requested episode of care relates to requested patient

    1. Return (404, 'not found') in case of error

Check user privileges

If ANY of this rules is met - user has privileges to access this data

Otherwise - access to this data is denied. Return (403, 'forbidden')

Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data

If ANY employee related to this user in this legal entity has active declaration with this patient - it has the privileges to access this data

1. Get token metadata

  • Extract 

    Extract user_id, client_id, client_type

2. Determine the the party_id associated  associated with this this user_id


Code Block
languagesql
SELECT pu.party_id
FROM party_users pu
WHERE pu.user_id = :user_id;


3.

...

Determine employees

...

 related to

...

this party_id

...

 in current MSP

Code Block
languagesql
SELECT e.id
FROM employees e
WHERE e.party_id = :party_id
AND e.legal_entity_id = :client_id;

4. Find

...

patient declarations

...

 in this MSP


Code Block
languagesql
SELECT d.id
FROM declarations d
WHERE d.legal_entity_id = :client_id
AND d.employee_id IN (:employees)
AND d.status IN ('active', 'pending_verification')
AND d.person_id = :patient_id;


Rule 2: User with active approval to this episode can view episode details episode details and its child entities

TBD

Service logic

  1. Return all service requests related to specified episode of care

    1. Find all encounters related to specified episode of care (Medical Events DB: $.encounters[*].episode.identifier.value == :episode_id)

    2. Find all service requests related to received encounters (Medical Events DB: $.service_requests[*].context.identifier.value IN :encounters)