Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

  1. Verify the validity of access token
    1. in case of error return 401 ('Access denied')
  2. Check user scope activity_type:write in order to perform this action
    1. in case of error generate 403 response ('Invalid scopes')

Request validation

Note: All IDs, submitted as PK, should be unique for eHealth when creating new record

...

  1. Validate signature 
  2. Extract signer Certificate details

Validate encoded signed content according to JSON Schema

  1. Return 422 with list of validation errors in case validation fails

Validate Legal Entity

  1. Check that legal_entities.is_active = true and legal_entities.status = active for current legal entity
    1. in case of error return 409 - "legal entity is not active"
  2. token.Client_id must match current legal entity
    1. in case of error return 422 
  3. EDRPOU for token.client_id must match EDRPOU $.legal_entity.edrpou
    1. in case of error return 422 

Validate Tax ID

  1. Check that EDRPOU in Certificate details exists and not empty
    1. Check that EDRPOU in Certificate details is valid according to ^[0-9]{8,10}$
    2. Check that EDRPOU in Certificate details is equal to $.legal_entity.edrpou  
      1. In case validation fails - generate 422 error
  2. If EDRPOU in Certificate details is empty check that DRFO exists and not empty
    1. Check that DRFO in Certificate details is valid according to ^[0-9]{9,10}$
    2. Check that DRFO in Certificate details is equal to $.legal_entity.edrpou 
      1. In case validation fails - generate 422 error
  3. In case EDRPOU and DRFO is empty return error 422, msg "EDRPOU and DRFO is empty in digital sign"

...

  1. Search for current legal entity license in prm.licenses where is_active = true and id = $.license.id
    1. if record is found update it 
      1. Note: type is not updatedupdate
    2. if record is not found create new record
    3. set nhs_verified = false
  2. Search for current legal entity activity type in prm.activity_types where is_active = true and id = $.activity_type.id
    1. If record is found update it
      1. Note: type is not updated
      2. If activity type status is changed then write to audit_log
    2. if record is not found create new record
    3. set nhs_verified = false
  3. Find contracts by contractor_legal_entity_id for current legal entity where status='VERIFIED' AND ops.contracts.type corresponding to activity_type (use ops.contracts.type to activity_type mapping described in https://zube.io/edenlabllc/e-health/c/5969capitation_activity_types: PRIMARY_CARE, reimbursement_activity_types: PHARMACY)
    1. set ops.contracts.is_suspended=true
  4. Save signed_content to Media Storage
  5. Save data to corresponding collections in DBs
  6. Save link to the signed content to the activity type

...