| Table of Contents | ||||
|---|---|---|---|---|
|
...
Request to process the request using a token in the headers
Headers*
Наприклад:
Content-Type:application/json
Authorization:Bearer mF_9.B5f-4.1JqM
api-key:aFBLVTZ6Z2dON1V
...
Extract user_id and client_id from token
Get list of APPROVED employees with this user_id in current Legal Entity
Check that for user one of the conditions is TRUE:
user has an employee that specified as author of the procedure ($.procedure.recorded_by.identifier.value is in the list of APPROVED employees)
OR check that user has an employee which has approval granted by the patient with access_level:write for this procedure resource ($.approvals.granted_resources.identifier.value==$.procedure._id AND $.approvals.granted_to.identifier.value==PRM.employees.id AND $.approvals.access_level='write')
OR user has an employee which has MED_ADMIN employee type
otherwise, return error 409 "Employee is not performer of procedure, don't has approval or required employee type"
...
Validate digital signature
ds.drfo == PRM.parties.tax_id where (PRM.parties.id==PRM.employees.party_id
where (PRM.employees.id==$.performer.identifier.value))in case of error - return 409 ("Signer DRFO doesn't match with requester tax_id")
Compare signed_content to previously created content
select procedure, select * from procedures context.identifier.value=procedure_id and compare to signed_content (do not include status, status_reason and explanatory_letter )
in case of inconsistencies return "Submitted signed content does not correspond to previously created content"
Validate status_reason is in dictionary eHealth/procedure_status_reasons
in case error return 422, "status_reason not in a dictionary eHealth/procedure_status_reasons"
Validate user performs action with procedure that belong to his legal entity
ME.patient{patinet_id}.procedures{procedure_id}.managing_organization==token.client_id
in case of error return 422 "Managing_organization in the procedure does not correspond to user`s legal_entity"
...