Purpose
This WS designed to reject person requests previously created by patient.
Key points
Only authenticated and authorized user with appropriate scope can reject Person Request.
Specification
Authorization
Verify the validity of access token
Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'person_request:reject_pis')
Return (403, 'Your scope does not allow to access this resource. Missing allowances: person_request:reject_pis') in case of invalid scope(s)
Check that token contains person_id
in case of error - return (401, 'Invalid access token')
Validate person
Get person_id from token (x-person-id header)
Validate patient status is active (status = ‘active' & is_active = 'true’)
in case of error - return 404 ('not found')
Validate confidant person and relationship (optional)
If person is not legally capable - system must ensure that person request is rejected by confidant person and there is registered and verified their relationship
Get applicant_person_id
from token, compare it to person_id
from token:
If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:
persons age < no_self_registration_age global parameter;
persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;
persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/PCAB/pages/17415995422 with person_id = person from request - expected
:ok, :approved
response)In case of error - return 409 (‘Request must be authorized by confidant person’)
If not equal - validate relationship with following steps:
Check that there is registered relationship between
person_id
andapplicant_person_id
(MPI.confidant_person_relationships)Check that relationship is VERIFIED
In case of error - return 409 (‘Can’t confirm relationship’)
Check that
applicant_person_id
exists (status = 'active' & is_active = 'true') and has verification_status any butNOT_VERIFIED
In case of error - return 409 (‘Confidant person not found or is not verified’)
Validate Person request
Check that person request:
exists in il DB
belongs to patient
in case of error - return 404 ('not found')
Check that person request status = NEW, APPROVED
in case of error - return 403 (' Only person request with NEW or APPROVED statuses can be rejected')
Service logic
Update person request in il.person_requests table:
set status = 'REJECTED'
Add new status to event manager
field | value |
---|---|
|
|
|
|
| $.id |
| $.status |
| $.updated_at |
| $.changed_by |