Table of Contents |
---|
Overview
...
Validation
Validate token
Verify the validity of access token
Return 401 in case validation fails
Verify token is not expired
in case of error return 401
Verify that user’s employees from care_manager belongs to one of the user_id from token.
in case of error - return 422 ('User is not allowed to perform this action')
Validate scopes
Check user scopes in order to perform this action (scope = 'episode:write')
Return 403 in case invalid scope(s)
...
ME.episode.status == "active"
in case of error "Episode in status {episode_status} can not be updated"
Validate care_manager
$.care_manager.identifier.type.coding.[0].code = "employee"
in case of error return 422 "Submitted code is not allowed for this field"
$.care_manager.identifier.type.coding.[0].system = "eHealth/resources"
in case of error return 422 "Submitted system is not allowed for this field"
$.care_manager.identifier.value must meet the following requirements
PRM.employee.type = "DOCTOR" or "SPECIALIST" OR "ASSISTANT"
in case of error return 409 "Employee submitted as a care_manager is not a not
a doctorin the list of allowed employee types"
PRM.employee.status= "active"
in case of error return 409 "
DoctorEmployee submitted as a care_manager is not active "
PRM.employee.legal_entity = token.client_id=ME.episode.care_manager.identifier.value
in case of error return 409 "User doesn`t have permitions to set the employee as a care_manager of the episode"
...