| Table of Contents | ||||
|---|---|---|---|---|
|
...
Get Approval identifier from the URL
Check it exists in DB
Return 404 ('not found') in case of error
Check approval is not expired (expires_at > now() )
Return 409 ('Approval can be cancelled only if it is not expired
has new or active status') in case of error
Validate User
Extract user_id from token.
Check user has an active declaration with a patient from URL (can cancel all approvals) or approval is granted to user (can cancel own approval: granted_to OR created_by):
Return 403 ('No active declaration with patient found or declaration is not from the same MSP') in case the employee doesn't have an active declaration with the patient
...
Get approval by patient_id and approval id from approvals collection (MongoDB)
Update for approvals:
status(update alsoupdated_at, updated_by, expired_at = now()If patient's authentication method is OTP or third_person.OTP, send SMS to that patient with info about cancelling.
Render a response according to specification.
...