Table of Contents | ||||
---|---|---|---|---|
|
...
Verify the validity of access token
Return (401, 'unauthorized') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'unauthorized')
Check user scopes in order to perform this action (scope = 'service_request:cancel')
Return (403, 'invalid scopes') in case of invalid scope(s)
Request to process the request using a token in the headers
Headers
Наприклад:
Content-Type:application/json
Authorization:Bearer: {{access_token}}
api-key: {{secret}}
Request data validation
Validate legal entity
Check legal entity type: it has to be in me_allowed_If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at > current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
in case not match - return 403 ("Access denied. Party is not verified")
If BLOCK_DECEASED_PARTY_USERS is true, check that party is not deceased (party_verification record does not equal to: dracs_death_verification_status = VERIFIED and dracs_death_verification_reason = MANUAL_CONFIRMED):
in case of error - return 403 ("Access denied. Party is deceased")
Request to process the request using a token in the headers
Headers
Наприклад:
Content-Type:application/json
Authorization:Bearer: {{access_token}}
api-key: {{secret}}
Request data validation
Validate legal entity
Check legal entity type: it has to be in me_allowed_transactions_le_types config parameter, has status = active and nhs_verified = true
in case of error return 409 "Action is not allowed for the legal entity"
...
Code Block |
---|
SELECT e.id FROM employees e WHERE e.party_id = :party_id AND e.legal_entity_id = :client_id; |
2.4 Ensure that $.requester.identifier.value matches with user employees
Validate that DS belongs to the requester of encounter
...
Return 422 with the list of validation errors in case validation fails
Validate permission to cancel
Only doctor who signed this service request is able to cancel this service request
...
to cancel
Only doctor who signed this service request is able to cancel this service request
Implemented by DS validation (see Validate digital signature p.2)
Validate user
Canceling a Service Request is allowed for user if he has one of the following active and approved employee that:
is an Employee from legal entity where Service Request is created
in case of error - return 409 ("Only an employee from legal entity where service request is created can cancel service request")
Validate transition
Only active service request can be canceled
Get current service request status
Check that status in ('active', 'completed')', 'completed')
in case of error - return 409 error ('Service request in status %status% cannot be canceled')
Validate cancelation reason
Validate $.status_reason.code is a value from eHealth/service_request_cancel_reasons dictionary
in case of error - return
409 error ('Service request in status %status% cannot be canceled'422 ("value is not allowed in enum")
Validate
...
Validate content
Signed content must match with service request in DB in order to be canceled
...
Save signed content to media storage
Update service request status to entered_in_error (update also updated_at, updated_by)
Write record to status history
Send SMS to patient (if authentication_method_current == SMS, do NOT send sms in case performer is present in SR)
Template - TBD
Async! Revoke all approvals made by this service request
if the service request is based on the activity with quantity:
Recalculate and set remaining_quantity for the activity as described at PreQualify Service Request | Validate service request
Response structure
See on Apiary
...