Table of Contents |
---|
...
Validations
Authorization
- Verify the validity of access token
- Return (401, 'unauthorized') in case of validation fails
- Verify that token is not expired
- in case of error - return (401, 'unauthorized')
- Check user scopes in order to perform this action (scope = 'service_request:read')
- Return (403, 'invalid scopes') in case of invalid scope(s)
...
Otherwise - access to this data is denied. Return (403, 'forbidden')
Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data
1. Get token metadata
- Extract user_id, client_id, client_type
...
Code Block | ||
---|---|---|
| ||
SELECT d.id FROM declarations d WHERE d.legal_entity_id = :client_id AND d.employee_id IN (:employees) AND d.status IN ('active', 'pending_verification') AND d.person_id = :patient_id; |
Rule 2: User with active approval to this episode can view episode details and its child entities
TBD
Service logic
- Return all service requests related to specified episode of care
- Find all encounters related to specified episode of care (Medical Events DB: $.encounters[*].episode.identifier.value == :episode_id)
- Find all service requests related to received encounters (Medical Events DB: $.service_requests[*].context.identifier.value IN :encounters)