Table of Contents

Purpose

This WS is designed to revoke previously created Device request.

...

Page Properties

id	API_Specification

Link	https://ehealthmedicaleventsapi.docs.apiary.io/#reference/device-requests/revoke-device-request/revoke-device-request	Посилання на Apiary або Swagger
Resource	/api/patients/{{patient_id}}/device_requests/{{device_request_id}}/actions/revoke	Посилання на ресурс, наприклад: /api/persons/create
Scope	`device_request:revoke`	Scope для доступу
Components	Devices	Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription
Microservices		Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC
Protocol type	REST	Тип протоколу, який використовується запитом, наприклад: SOAP \| REST
Request type	POST	Тип запиту API, наприклад: GET, POST, PATCH…
Sync/Async	Async	Метод є синхронним чи асинхронним?
Public/Private/Internal	Public	Потрібно зазначити тип методу за ступенем доступності

Logic

Save signed content to media storage
Update device request status to revoked (update also updated_at, updated_by)
~~Get person's authentication_method of MPI~~
~~If authentication_method == OTP:~~
1. ~~Generate text SMS with template~~ TEMPLATE_SMS_FOR_REVOKE_DEVICE_REQUEST.
Get person's authentication_method of MPI
1. If authentication_method == OTP or THIRD_PERSON (with OTP) :
  1. Check if sms notifications are enabled:
    1. if device_request has a program specified
      1. check that the specified program has setting request_notification_disabled set in false or the setting is absent, else
        return an error 409 "Action is not allowed for the specified medical program"
    2. if device_request has no program specified
      1. check config parameter DEVICE_REQUESTS_SMS_ENABLED is set in true
        else return an error 409 “Action is disabled by the configuration”
    3. Generate text SMS with template REVOKE_DEVICE_REQUEST_SMS_TEMPLATE.
Send SMS
Save internal information to corresponding DB.
Send StatusChangeEvent to Event Manager

...

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'device_request:revoke')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: device_request:revoke”) in case of invalid scope(s)
If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at > current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
- in case not match - return 403 ("Access denied. Party is not verified")
If BLOCK_DECEASED_PARTY_USERS is true, check that party is not deceased (party_verification record does not equal to: dracs_death_verification_status = VERIFIED and dracs_death_verification_reason = MANUAL_CONFIRMED):
- in case of error - return 403 ("Access denied. Party is deceased")

...

Validate request is signed
1. in case of error - return 400 (“Invalid signed content”)
Check DS is valid and not expired
Validate that DS belongs to the user
1. Check that DRFO from DS and party.tax_id matches
  1. in case of error - return 422 (“Does not match the signer drfo“)

~~Revoking a Device Request is allowed for a user if he has one of the following active and approved~~ ~~employee~~ ~~that:~~

~~is an~~~~author~~ ~~of the Device Request (requester)~~
is~~Med_Admin~~ ~~from legal entity where Device Request is created~~
- ~~in case of error - return 409 ("Employee is not an author of device request or doesn't have required employee type")~~

Revoking a Device Request is allowed for a user if he has one of the following active and approved employee that:

is an Employee from legal entity where Device Request is created
- in case of error - return 409 ("Only an employee from legal entity where device request is created can revoke device request")

Only active device request can be revoked

...