Table of Contents |
---|
Requirements
Specification
Validations
Authorization
- Verify the validity of access token
- Return (401, 'unauthorized') in case of validation fails
- Verify that token is not expired
- in case of error - return (401, 'unauthorized')
- Check user scopes in order to perform this action (scope = 'service_request:use')
- Return (403, 'invalid scopes') in case of invalid scope(s)
Validate request using JSON Schema
Return 422 with the list of validation errors in case validation fails
...
Validate service request
Only active and unused (released) service request can be used
- Get service request by ID
- Service request must be active
- $.status == "active"
- in case of error return 409 "Invalid service request status"
- $.status == "active"
- Service request must be unused
- $.used_by is empty object
- in case of error return 409 "Service request is already used"
- $.used_by is empty object
...
Validate used_by_employee
Employee to whom service request is assigned must belong to the same legal entity as the requestor
- Get token metadata
- Extract user_id, client_id, client_type
- Ensure that employee belongs to client
- $.used_by.identifier.type.coding[*].system == "eHealth/resources"
- $.used_by.identifier.type.coding[*].code == "employee"
- $.used_by.identifier.value must belong to client_id (prm.employees.legal_entity_id == :client_id)
- in case of error return 409 422 "You can assign service request only to employee within your legal entity"
- Check employee_type - only DOCTOR can use service request
- employee_type == DOCTOR
- in case of error, return 409 422 "Invalid employee type. Only doctor can use service request"
- employee_type == DOCTOR
Validate used_by_legal_entity
Validate program
- validate by json schema
- validate id is real medical program in prm and type='SERVICE'
- in case error return 422, "Medical program with id $id is not found"
- validate medical program is_active=true
- in case error return 422, "Medical program with id $id is not active"
Validate used_by_division
- if SR.category = hospitalization
- validate used_by_division is sent, in case error return 422, "Division is mandatory for $category category"
- validate used_by_division.legal_entity_id = used_by_legal_entity_id
- Is SR.category = transfer_of_care
- validate used_by_division is sent, in case error return 422, "Division is mandatory for $category category"
- Validate $division.legal_entity_id = SR.Performer, in case error return 422, "Patient is transferred to another legal entity"
Qualify service request
- if medical program exists in request
- invoke qualify for medical program in in use request
- if not exists
- invoke qualify in SR, if it is in SR
Service logic
- Update service request attributes
- Set Medical Events DB: service_requests[<id>].used_by_legal_entity = Request: $.used_by_legal_entity
- if medical program exists in request
- Set Medical Events DB: service_requests[<id>].medical_program = Request: $.medical_program.identifier.value