Versions Compared

Old Version 16

changes.mady.by.user Petro Lymych

Saved on

compared with

New Version 17

changes.mady.by.user Olena Yermolenko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

  1. Verify the validity of access token
    1. in case of error return 401 ('Access denied')
  2. Check user scope activity_type:write in order to perform this action
    1. in case of error generate 403 response ('Invalid scopes')

Request validation

Note: All IDs, submitted as PK, should be unique for eHealth when creating new record

...

  1. Validate signature 
  2. Extract signer Certificate details

Validate encoded signed content according to JSON Schema

  1. Return 422 with list of validation errors in case validation fails

Validate Legal Entity

  1. Check that legal_entities.is_active = true and legal_entities.status = active for current legal entity
    1. in case of error return 409 - "legal entity is not active"
  2. token.Client_id must match current legal entity
    1. in case of error return 422 
  3. EDRPOU for token.client_id must match EDRPOU $.legal_entity.edrpou
    1. in case of error return 422 

Validate Tax ID

  1. Check that EDRPOU in Certificate details exists and not empty
    1. Check that EDRPOU in Certificate details is valid according to ^[0-9]{8,10}$
    2. Check that EDRPOU in Certificate details is equal to $.legal_entity.edrpou  
      1. In case validation fails - generate 422 error
  2. If EDRPOU in Certificate details is empty check that DRFO exists and not empty
    1. Check that DRFO in Certificate details is valid according to ^[0-9]{9,10}$
    2. Check that DRFO in Certificate details is equal to $.legal_entity.edrpou 
      1. In case validation fails - generate 422 error
  3. In case EDRPOU and DRFO is empty return error 422, msg "EDRPOU and DRFO is empty in digital sign"

...

  1. Apply current validations which depends on license data license type
  2. Check that legal entity has at least one kved which corresponds to license type according to the following table


    LICENSE_TYPE
    Rule
    MSPat least one KVED from KVEDS_ALLOWED_MSP
    PHARMACYat least one KVED from KVEDS_ALLOWED_PHARMACY


  3. Search for current legal entity license in prm.licenses.id = $.license.id
    1. If record is found then check that:
      1. prm.licenses.type = $.license.type 
        1. in case validation fails - generate 409 - "License type update is not allowed"
      2. prm.licenses.is_active = true
        1. in case validation fails - generate 409 - "Inactive license update is not allowed"
      3. prm.licenses.expiry_date is empty or more than today
        1. in case validation fails - generate 409 - "Activity type can not be linked to expired license"

...

  1. Search for current legal entity license in prm.licenses where id = $.license.id
    1. if record is found update it 
      1. Note: type is not update
    2. if record is not found create new record
    3. set nhs_verified = false
  2. Search for current legal entity activity type in prm.activity_types where id = $.activity_type.id
    1. If record is found update it
      1. Note: type is not updated
      2. if prm.activity_types.status <> active then set prm.activity_types.status = active, write to audit_log
    2. if record is not found create new record with status = active
    3. set nhs_verified = false
  3. Find contracts by contractor_legal_entity_id for current legal entity where status='VERIFIED' AND ops.contracts.type corresponding to activity_type (use ops.contracts.type to activity_type mapping described in https://zube.io/edenlabllc/e-health/c/5969capitation_activity_types: PRIMARY_CARE, reimbursement_activity_types: PHARMACY)
    1. set ops.contracts.is_suspended=true
  4. Save signed_content to Media Storage
    1. every version should be saved
  5. Save data to corresponding collections in DBs
  6. Save link to the signed content to the activity type

...