Versions Compared

Old Version 7

changes.mady.by.user Aleksandr Virny (Unlicensed)

Saved on

compared with

New Version 8

changes.mady.by.user Aleksandr Virny (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

  1. Use service request

Validations

Authorization

  • Verify the validity of access token
    • Return (401, 'unauthorized') in case of validation fails
  • Verify that token is not expired
    • in case of error - return (401, 'unauthorized')
  • Check user scopes in order to perform this action (scope = 'service_request:writeuse')
    1. Return (403, 'invalid scopes') in case of invalid scope(s)

...

  1. Get service request by ID
  2. Service request must be active
    1. $.status  == "active"
      1. in case of error return 409 "Invalid service request status"
  3. Service request must be unused
    1. $.status  == "active"
      1. in case of error return 409 "Service request is already used"

Validate employee

Employee to whom service request is assigned must belong to the same legal entity as the requestor

  1. Get token metadata
    1. Extract user_id, client_id, client_type
  2. Ensure that employee belongs to client
    1. $.used_by.identifier.type.coding[*].system == "eHealth/resources"
    2. $.used_by.identifier.type.coding[*].code == "employee"
    3. $.used_by.identifier.value must belong to client_id (prm.employees.legal_entity_id == :client_id)
      1. in case of error return 409 "You can assign service request only to employee within your legal entity"

Service logic

  1. Update service request attributes
    1. Set Medical Events DB: service_requests[<id>].used_by = Request: $.used_by