Specification
Service logic
- Only authenticated and authorized user can use this service
- Only NEW patient request can be activated
- The request can be activated only by the employee who works in the same legal entity in which the request was made.
Validate request
- Validate request using JSON schema
- In case validation failed - generate 422 error
Authorize user
- Verify the validity of access token
- Return 401 in case validation fails
- Check scopes in order to perform this action (scope = 'patient_request:write')
- Return 403 in case invalid scope(s)
Get patient request details
Get patient request from IL_DB.patient_request
Determine authorization method
Get authorization_method from IL_DB.patient_request
SELECT IL_DB.patient_request.authentication_method FROM IL_DB.patient_request WHERE IL_DB.patient_request.id = :id
If authentication_method is NULL - return Error
If authentication_method == OFFLINE - check uploaded documents
If authentication_method = OTP - verify SMS code, check uploaded documents for patient request form and add phone to db.verification.verified_phones
If authentication_method = THIRD_PERSON and confidant has auth.method = OTP - verify SMS code, check uploaded documents for patient request form and the document which confirms the guardianship.
If authentication_method = THIRD_PERSON and confidant has auth.method = OFFLINE - check uploaded documents for patient request form,a person's document, the confidant person's document and the document which confirms the guardianship.
Verify code
Invoke verification module to verify OTP
Check uploaded documents
Invoke Media Content Storage to check documents exist
Generate printout form
Invoke MAN to render print form.
Request mapping:
Parameter | Source |
---|---|
id | PATIENT REQUEST |
curl --request POST \ --header 'Accept: text/html' \ --header 'Content-Type: application/json' \ {:host}/templates/{:patient_request_printout_id}/actions/render
Set IL.patient_request.printout_content:
MANResponse.$.data
Change patient request
- Change entity status in IL_DB.patient_request to APPROVED
Set updated_at - now() (Get current date-time)
Set updated_by - user_id (Extract user from token)