Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview

...

Apiary

Validation

Validate token

  • Verify the validity of access token

    • Return 401 in case validation fails

  • Verify token is not expired

    • in case of error return 401 

  • Verify that user’s employees from care_manager belongs to one of the user_id from token.

    • in case of error - return 422 ('User is not allowed to perform this action')

Validate scopes

  • Check user scopes in order to perform this action (scope = 'episode:write')

    1. Return 403 in case invalid scope(s)

...

  1. ME.episode.status == "active"

    1. in case of error "Episode in status {episode_status} can not be updated"

  2. Validate care_manager

    1. $.care_manager.identifier.type.coding.[0].code = "employee"

      1. in case of error return 422 "Submitted code is not allowed for this field"

    2. $.care_manager.identifier.type.coding.[0].system = "eHealth/resources"

      1. in case of error return 422 "Submitted system is not allowed for this field"

    3. $.care_manager.identifier.value must meet the following requirements

      1. PRM.employee.type = "DOCTOR" or "SPECIALIST" OR "ASSISTANT"

        1. in case of error return 409 "Employee submitted as a care_manager is not a not a doctor in the list of allowed employee types"

      2. PRM.employee.status= "active"

        1. in case of error return 409 "Doctor Employee submitted as a care_manager is not active "

      3. PRM.employee.legal_entity = token.client_id=ME.episode.care_manager.identifier.value

        1. in case of error return 409 "User doesn`t have permitions to set the employee as a care_manager of the episode" 

...