Versions Compared

Old Version 2

changes.mady.by.user Kateryna Haleta (SoE eHealth)

Saved on

compared with

New Version Current

changes.mady.by.user Kateryna Haleta (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

...

  1. Verify the validity of access token

    1. in case of error - return 401 (“Invalid access token”) in case of validation fails

  2. Verify that token is not expired

    1. in case of error - return 401 (“Invalid access token”)

  3. Check user scopes in order to perform this action (scope = 'composition:resend_sms')

    1. return 403 (“Your scope does not allow to access this resource. Missing allowances: composition:resend_sms”) in case of invalid scope(s)

...

  1. Call SMS timeout procedure to check if resending is allowed using:

    • COMPOSITION_MAX_ATTEMPTS_COUNT as MAX_ATTEMPTS_COUNT

    • COMPOSITION_SEND_TIMEOUT as SEND_TIMEOUT

    • "composition" as entity_name

    • composition_id as entity_id

    in case of error - return 429 ("Sending SMS timeout. Try later. Next attempt will be available at <attempts.oldest.value + SEND_TIMEOUT>")

  2. Get person's authentication_method according to logic:

    1. If authorize_withinform_with exists in Composition and is not empty, check:

      1. Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)

      2. Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK config parameter

        1. if it is set to true - for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from Composition:

          1. exists active and approved confidant person relationship between patient from the Composition and confidant_person_id from authentication method value (using following logic: Check confidant person relationship with person_id = person from request and confidant_person_id = value from auth method - expected :ok, :approved response)

        2. in case any validation failed - return 409 ('Authentication method doesn't exist or is inactive')

        3. else - get authentication_method from authorize_withinform_with

    2. If authentication_method == OTP or THIRD_PERSON (with OTP) 

      1. Generate text SMS with template CREATE_{{COMPOSITION_TYPE}}_COMPOSITION_SMS_TEMPLATE.

      2. Send SMS

      3. else, if authentication_method is not OTP or THIRD_PERSON (with OTP) return an error

        1. return 409 ('Authentication method doesn't exist or is inactive')