Versions Compared

Old Version 8

changes.mady.by.user Гліб Ущенко

Saved on

compared with

New Version 9

changes.mady.by.user Vyacheslav Syrskyy (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

This WS allows to cancel procedure in case they were entered in error.

...

Authorization

Validate token

  • Verify the validity of access token

    • Return 401 in case validation fails

  • Verify token is not expired

    • in case error return 401 

Validate scopes

  • Check user scopes in order to perform this action (scope = 'procedure:write')

    1. Return 403 in case invalid scope(s)

...

  • Validate procedure belongs to the legal entity where the current user works

    • ME.procedure.managing_organization==token.client_id

      • in case of error return 403 "User is not allowed to perform this action 409 "Managing_organization in the procedure does not correspond to user`s legal_entity"

Validate patient

  • Validate patient is active

    •  ME.patient.status=="active" and is_active=true

      • in case of error return "Patient is not active"

Validate User

  • Extract user_id and client_id from token

  • Get list of APPROVED employees with this user_id in current Legal Entity

  • Check that for user one of the conditions is TRUE:

    • user has an employee that specified as author of the procedure ($.procedure.recorded_by.identifier.value is in the list of APPROVED employees)

    • OR check that user has an employee which has approval granted by the patient with access_level:write for this procedure resource ($.approvals.granted_resources.identifier.value==$.procedure._id AND $.approvals.granted_to.identifier.value==PRM.employees.id AND $.approvals.access_level='write')

    • OR user has an employee which has MED_ADMIN employee type

    • otherwise, return error 409  "Employee is not performer of procedure, don't has approval or required employee type"

Request validation

  1. Validate digital signature

    1. ds.drfo == PRM.parties.tax_id where (PRM.parties.id==PRM.employees.party_id where (PRM.employees.id==$.performer.identifier.value))

      1. in case of error - return 409 ("Signer DRFO doesn't match with requester tax_id")

  2. Compare signed_content to previously created content

    1. select procedure, select * from procedures context.identifier.value=procedure_id and compare to signed_content (do not include status, status_reason and explanatory_letter )

      1. in case of inconsistencies return "Submitted signed content does not correspond to previously created content"

  3. Validate status_reason is in dictionary eHealth/procedure_status_reasons

    1. in case error return 422, "status_reason not in a dictionary eHealth/procedure_status_reasons"

  4. Validate user performs action with procedure that belong to his legal entity

    1. ME.patient{patinet_id}.procedures{procedure_id}.managing_organization==token.client_id

      1. in case of error return 422 "Managing_organization in the procedure does not correspond to user`s legal_entity"

...