Versions Compared

Version Old Version 45 New Version 46
Changes made by

Serhii Boldin (SoE eHealth)

Serhii Boldin (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Version published after converting to the new editor

Table of Contents

...

json schema

Validation

Validate token

  • Verify the validity of access token
    • Return 401 in case validation fails
  • Check if token is not expired
    • in case error return 401 - "Token is expired"

...

  • Check if user is active
    • in case error return 403 - (user is not active)
  • check nhs_legal_entity is active
    • in case error return 403 - (Client is not active)
  • Check user role = "NHS ADMIN SIGNER"
    • in case error return 403 "User is not allowed to perform this action"

Validate scopes

  • Check user scopes in order to perform this action (scope = 'contract_requests:update')
    • Return 403 in case invalid scope(s) "Your scope does not allow to access this resource. Missing allowances: contract_requests:update"

Digital signature

Decode content that is encrypted in an electronic digital signature.
Use Digital signature WS. Method checks digital signature and returns result.

Validate EDRPOU

  1. Check that EDRPOU in Certificate details exists and not empty
    1. in case of error return 422 error ('Invalid EDRPOU in DS')
  2. Check that EDRPOU in Certificate details is equal to EDPOU in legal entity
    1. Get client_id from token.
    2. Find prm.legal_entities id by client_id
    3. Compare EDRPOU in Certificate with legal_entities.edrpou
    4. In case validation fails - generate 422 error
  3. Check that SURNAME in Certificate details is equal to LAST_NAME in Party
    1. Get user_id → user_parties.party_id → parties.last_name and compare to surname from DS
      1. Convert prm.parties.LAST_NAME and Certificate details.SURNAME to uppercase
      2. Compare prm.parties.LAST_NAME and Certificate details.SURNAME as Cyrillic letters
      3. In case validation fails - generate 422 error

...

  1. Check that all fields are present in signed content
    1. "id"
    2. "contractor_legal_entity":
      1. "id"
      2. "name"
      3. "edrpou"
    3. next_status
    4.  "text"
  2. Check next_status
    1. for contract type CAPITATION='APPROVED'. In case error return 422 "Incorrect next_status"
    2. for contract type REIMBURSEMENT='PENDING_NHS_SIGN'. In case error return 422 "Incorrect next_status"
  3. Validate contract request id
    1. Check contract request with contract_request.id = $.id exists
      1. in case of error return 404 ("not_found")
    2. Check contract_requests.id = $.id
      1. in case of error return 422 ("Signed content does not match the previously created content")
  4. Validate contract_request.status=IN_PROCESS
    1. in case error return 409 - "Incorrect status of contract request to modify it"
  5. Validate nhs side fields are not empty - in case error return 422 "Field $ could not be empty"
    1. nhs_signer_id
    2. nhs_legal_entity_id 
    3. nhs_signer_base
    4. nhs_contract_price - for capitation only
    5. nhs_payment_method 
    6. issue_city
    7. medical_program_id - for reimbursement only
  6. Validate contractor_legal_entity_id
    1. Legal_entities.id = $.contractor_legal_entity_id and Legal_entities.status='ACTIVE' and is_active=true,
      1. in case error return 422 ('Legal entity is not active')
    2. $contractor_legal_entity.edrpou in request=prm.legal_entities.edrpou
    3. $contractor_legal_entity.name in request=prm.legal_entities.name
  7. Validate contractor_owner_id
    1. Employee is_active=true and status='APPROVED' and employees.legal_entity_id=contractor_legal_entity_id
      1. in case error return 422, $contractor_owner_id ('Contractor owner must be active within current legal entity in contract request')
  8. Validate contractor_divisions
    1. Check divisions belongs to legal_entity and divisions.status='active'
      1. in case of error return 422  error view $divisions ('Division must be active and within current legal_entity')
  9. Capitation only: Validate contractor_employee_divisions
    1. Check contractor_employee_divisions is not null
      1. in case of error return 422  error ('contractor_employee_divisions can not be  empty')
    2. Employees from employee_divisions has employee_type='DOCTOR', status='APPROVED'
      1. in case of error return 422  error view $employee ('Employee must be an active DOCTOR')
    3. Check contractor_employee_divisions.division_id is present in contractor_divisions.id
      1. in case of error return 422 error $divisions ('The division is not belong to contractor_divisions')
  10. Validate start_date
    1. start_date > now()
      1. in case error return 422 $start_date ("Contract request start date should be in future")
  11. Reimbursement only: Validate medical_program_id  is an ID of an ACTIVE medical program

...

Response

Save response data to DB

After response is generated response.data should be saved to DB contract_requests.data 

Validate status

  • if contract_request.type=CAPITATION - set status=APPROVED
  • if contract_request.type=REIMBURSEMENT - set status=PENDING_NHS_SIGN

Mapping

fieldvalue
nhs_signer_id $.user_id
nhs_legal_entity_id $.client_id
updated_by $.user_id
updated_at now()
status APPROVED, PENDING_NHS_SIGN
data$.data


Save signed contract request to media storage

  1. Get url for contract request upload.


    Parameter
    Source
    action'GET'
    bucket'CONTRACT_REQUEST'
    resource_id: CONTRACT_REQUEST_ID
    resource_name: CONTRACT_REQUEST_APPROVED
    timestamp:TIMESTAMP


  2. Upload signed declaration to media storage

Add to event manager

...

fieldvalue
event_typeStatusChangeEvent
entity_typeContract_request
entity_id$.id
properties.status.new_value$.status
event_time$.update_at
changed_by$.user_id
inserted_atnow()
updated_atnow()

...