...

Request to process the request using a token in the headers

Headers

Наприклад:

Content-Type:application/json
Authorization:Bearer {{access_token}}
API-key:{{mis_client_secret}}

...

Validate Patient

• Get Patient identifier from the URL

• Check it exists in DB

  • Return 404 ('not found') in case of error

Validate Care plan

• Get Care plan identifier from the URL

• Check it exists in DB

  • Return 404 ('not found') in case of error

Validate User

• Extract user_id from token.

• Check user has an active and approved employee from legal entity (token) for which one of the conditions is TRUE:

  • has an active Approval granted by the Patient on write or read the Care plan resource (care plan id from URL)

    • Return 403 ('Access denied') in case employee has no Approval on read or write

  • has an active declaration with the patient

    • Return 403 ('Access denied') in case there no active declaration with patient and none of other conditions is true

  • user belongs to the legal entity where the care_plans were created

    Return 403 ('Access denied') in case employee belongs to another legal_entity and none of conditions above is true

Processing

Service logic

Service returns all Care plans related to the patient filtered by submitted parameters:

...