Table of Contents |
---|
...
Validations
Authorization
- Verify the validity of access token
- Return (401, 'unauthorized') in case of validation fails
- Verify that token is not expired
- in case of error - return (401, 'unauthorized')
- Check user scopes in order to perform this action (scope = 'service_request:use')
- Return (403, 'invalid scopes') in case of invalid scope(s)
...
Return 422 with the list of validation errors in case validation fails
Validate legal entity
- Check legal entity type: it has to be in me_allowed_transactions_le_types config parameter, has status = active
- in case of error return 409 "Action is not allowed for the legal entity"
Validate transition
Only active and unused (released) service request with a specified medical program can be used
- Get service request by ID
- Service request contains medical program
- $.program is NOT NULL
- in case of error return 409 "Service request without a program can not be used"
- $.program is NOT NULL
- Service request must be active
- $.status == "active"
- in case of error return 409 "Invalid service request status"
- $.status == "active"
- Service request must be unused
- $.used_by_legal_enity is empty object
- in case of error return 409 "Service request is already used"
- $.used_by_legal_enity is empty object
Validate program
- Validate program according to Pre-Qualify rules.
- it is an existing service program (type=service)
- in case not found or is_active==false return 422 "Program not found"
- in case type!= service return 422 "Invalid program type"
- service(or service_group) is an active member of the program
- Select request_allowed, is_active from PRM.program_services where service_id(or group_id) == $.signed_content.code.identifier.value and program_id=$.program.identifier.value
- if not found or is_active==false return 422 "Service is not included in the program"
- if request_allowed==false return 422 "Service request is not allowed for this service(service_group) in this program"
- Select request_allowed, is_active from PRM.program_services where service_id(or group_id) == $.signed_content.code.identifier.value and program_id=$.program.identifier.value
- it is an existing service program (type=service)
Validate request
- Get token metadata
- Extract user_id, client_id, client_type
- Ensure that employee belongs to client
- $.used_by.identifier.type.coding[*].system == "eHealth/resources"
- $.used_by.identifier.type.coding[*].code == "employee"
- $.used_by.identifier.value must belong to client_id (prm.employees.legal_entity_id == :client_id)
- in case of error return 422 "You can assign service request only to employee within your legal entity"
- Check employee_type - only DOCTOR can use service request
- employee_type == DOCTOR
- in case of error, return 422 "Invalid employee type. Only doctor can use service request"
- employee_type == DOCTOR
- Validate used_by_legal_entity is a current legal_entity
- $.used_by_legal_entity.identifier.value==token.client_id
- in case of error return 409 "You can assign service request only to your legal entity"
- $.used_by_legal_entity.identifier.value==token.client_id
Service logic
- Update service request attributes
- Change program_processing_status to `in_queue`