Overview

This web service is designed to return only diagnostic reports that were allowed to read by patient's approval to the current user.

Ендпоїнт допускає повернення даних тільки тих діагностичних звітів, на які було видано Approval.

Specification

Apiary

Authorization

Validate token

• Verify the validity of access token

  • Return 401 in case validation fails

• Verify token is not expired

  • in case error return 401 

Validate scopes

• Check user scopes in order to perform this action (scope = 'diagnostic_report:read')

  1. Return 403 in case invalid scope(s)

Logic

1. Select all diagnostic reports(approvals.granted_resources.identifier.value) from patients approvals that meet the requirements:

   1. patient_id= hashed patient_id from URL

   2. status= 'active'

   3. granted_to contains one of user's employees' id

   4. granted_resources.identifier.type.coding[].code="diagnostic_report"

2. Select this diagnostic reports from ME.patients.diagnostic_reports

3. Add filters requested by the user (search params)