| Table of Contents |
|---|
Purpose
This WS is designed to revoke previously created Device request.
Specification
Authorization
Verify the validity of access token
in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'device_request:revoke')
return 403 (“Your scope does not allow to access this resource. Missing allowances: device_request:revoke”) in case of invalid scope(s)
Validations
Validate request
Return 422 with the list of validation errors in case validation fails
Validate legal entity
Check legal entity type: it has to be in me_allowed_transactions_le_types config parameter, has status = active and nhs_verified = true
in case of error return 409 "Action is not allowed for the legal entity"
Validate digital signature
Validate request is signed
in case of error - return 400 (“Invalid signed content”)
Check DS is valid and not expired
Validate that DS belongs to the user
Check that DRFO from DS and party.tax_id matches
in case of error - return 422 (“Does not match the signer drfo“)
Validate transition
Only active device request can be revoked
...
For more information look at https://e-health-ua.atlassian.net/wiki/spaces/RMDN/pages/17670799503.
Validate status reason
Validate $.status_reason.code is a value from device_request_revoke_reasons dictionary
in case of error - return 422 ("value is not allowed in enum")
Validate status
The target status value must be submitted in the order of display in the signed content (media storage)
Validate $.status is revoked
in case of error - return 422 ("value is not allowed in enum")
Validate content
Signed content must match with device request in DB in order to be revoked
Render device request from DB
Exclude $status, $.status_reason from signed content
Compare rendered device request and signed content
In case both object doesn't match - return 422 ('Signed content doesn't match with previously created device request')
Service logic
Save signed content to media storage
Update device request status to revoked (update also updated_at, updated_by)
Get person's authentication_method according to logic:
If authorize_with exists in device request and is not empty, check:
Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)
Get value of
THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECKconfig parameter, if it is set totrue- for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from device request – exists active and approved confidant person relationship between person from request and confidant_person_id from authentication method value (using following logic /wiki/spaces/CSI/pages/17667883028 withperson_id= person from request andconfidant_person_id= value from auth method - expected:ok, :approvedresponse)in case any validation failed - do not send SMS to person
else - get authentication_method from authorize_with
If authorize_with does not exist in device request or is empty - get default authentication_method of person from MPI using logic https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17613029453
If authentication_method == OTP or THIRD_PERSON (with OTP) :
Check if sms notifications are enabled:
if device_request has a program specified
check that the specified program has setting
request_notification_disabledset in false or the setting is absent, elsereturn an error 409 "Action is not allowed for the specified medical program"
if device_request has no program specified
check config parameter
DEVICE_REQUESTS_SMS_ENABLEDis set in trueelse return an error 409 “Action is disabled by the configuration”
Generate text SMS with template
REVOKE_DEVICE_REQUEST_SMS_TEMPLATE.Send SMS
Save internal information to corresponding DB
Send
StatusChangeEventto the Event Manager