Table of Contents

Validation

Validate token

Verify the validity of access token
- Return 401 in case validation fails
Verify token is not expired
- in case of error return 401
Verify that user’s employees from care_manager belongs to one of the user_id from token.
- in case of error - return 422 ('User is not allowed to perform this action')

Check user scopes in order to perform this action (scope = 'episode:write')
1. Return 403 in case invalid scope(s)

...

ME.episode.status == "active"
1. in case of error "Episode in status {episode_status} can not be updated"
Validate care_manager
1. $.care_manager.identifier.type.coding.[0].code = "employee"
  1. in case of error return 422 "Submitted code is not allowed for this field"
2. $.care_manager.identifier.type.coding.[0].system = "eHealth/resources"
  1. in case of error return 422 "Submitted system is not allowed for this field"
3. $.care_manager.identifier.value must meet the following requirements
  1. PRM.employee.type = "DOCTOR" or "SPECIALIST" OR "ASSISTANT"
    1. in case of error return 409 "Employee submitted as a care_manager is not a not ~~a doctor~~ in the list of allowed employee types"
  2. PRM.employee.status= "active"
    1. in case of error return 409 "~~Doctor~~ Employee submitted as a care_manager is not active "
  3. PRM.employee.legal_entity = token.client_id=ME.episode.care_manager.identifier.value
    1. in case of error return 409 "User doesn`t have permitions to set the employee as a care_manager of the episode"

...