Table of Contents | ||
---|---|---|
|
Key items
user PATCH /api/patients/{id}/approvals/{id} with the verification code received from the patient
Specification
Validate request
Authorize
Verify the validity of access token
Check user scope approval:create in order to perform this action
Validate confidant person relationship
Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK
config parameter, if it is set to true
:
If
authorize_with
in approval exists, not empty and contains auth method with type = THIRD_PERSON - validate that person from value is an approved confidant for a person from request – exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: Check confidant person relationship withperson_id
= person from approval andconfidant_person_id
= value from auth method - expected:ok, :approved
response)in case of error - return 422 ('Cannot be verified by method with not approved confidant person relationship')
Logic
If approval has resource != (care_plan & terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization):
If authentication_method_current.type = OTP
system checks verification code via otp_verification service PATCH /verifications/:phone_number/actions/complete
if verification code matches - change is_verified to true
If not - return error
if resource from granted_to = employee AND access_level=read:Check if there are itemsMedical Events filtration by Forbidden groups#Medical-events-to-filterfor entities from granted_resource and\or from reason included to the forbidden groupsif there are active items from forbidden groupcreate approval on each forbidden_group block whose elements appear entities from granted_resource and\or from reasonset is_verified = trueset reason = id of the approval which was verifiedset created_by - the same user as for approval, which is verifiedset granted_to - the same employee as for approval, which is verifiedset granted_by - the same patient as for approval, which is verified
If there are some some values in approval.forbidden_groups - create approval for each forbidden group mentioned in the list
set is_verified = true
set reason = id of the approval which was verified
set created_by - the same user as for approval, which is verified
set granted_to - the same employee as for approval, which is verified
set granted_by - the same patient as for approval, which is verified
If authentication_method_current.type = offline or null OR approval with resource = care_plan where terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization::
change is_verified to true
Search if there exists not expired approvals with current patient_id, for the same granted_resources, granted_to and access_level as in request:
If found - set for existing approvals:
updated_at = now()
updated_by = current user
expired_at = now()