ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Key items

user PATCH /api/patients/{id}/approvals/{id} with the verification code received from the patient

Specification

Verify approval

Validate request

Authorize

  1. Verify the validity of access token

  2. Check user scope approval:create in order to perform this action

Validate confidant person relationship

Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK config parameter, if it is set to true:

  • If authorize_with in approval exists, not empty and contains auth method with type = THIRD_PERSON - validate that person from value is an approved confidant for a person from request – exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: Check confidant person relationship with person_id = person from approval and confidant_person_id = value from auth method - expected :ok, :approved response)

    • in case of error - return 422 ('Cannot be verified by method with not approved confidant person relationship')

Logic

  1. If approval has resource != (care_plan & terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization):

    1. If authentication_method_current.type = OTP

      1. system checks verification code via otp_verification service PATCH /verifications/:phone_number/actions/complete

      2. if verification code matches - change is_verified to true

      3. If not - return error

      4. if resource from granted_to = employee AND access_level=read:

        1. Check if there are items Medical Events filtration by Forbidden groups#Medical-events-to-filter for entities from granted_resource and\or from reason included to the forbidden groups

          1. if there are active items from forbidden group

            1. create approval on each forbidden_group block whose elements appear entities from granted_resource and\or from reason

            2. set is_verified = true

            3. set reason = id of the approval which was verified

            4. set created_by - the same user as for approval, which is verified

            5. set granted_to - the same employee as for approval, which is verified

            6. set granted_by - the same patient as for approval, which is verified

  2. If there are some some values in approval.forbidden_groups - create approval for each forbidden group mentioned in the list

    1. set is_verified = true

    2. set reason = id of the approval which was verified

    3. set created_by - the same user as for approval, which is verified

    4. set granted_to - the same employee as for approval, which is verified

    5. set granted_by - the same patient as for approval, which is verified

  3. If authentication_method_current.type = offline or null OR approval with resource = care_plan where terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization::

    1. change is_verified to true

  4. Search if there exists not expired approvals with current patient_id, for the same granted_resources, granted_to and access_level as in request:

    • If found - set for existing approvals:

      • updated_at = now()

      • updated_by = current user

      • expired_at = now()

  • No labels

ЕСОЗ - публічна документація