Overview
This web service is designed to return only diagnostic reports that were allowed to read by patient's approval to the current user.
Specification
Authorization
Validate token
- Verify the validity of access token
- Return 401 in case validation fails
- Verify token is not expired
- in case error return 401
Validate scopes
- Check user scopes in order to perform this action (scope = 'diagnostic_report:read')
- Return 403 in case invalid scope(s)
Logic
- Select all diagnostic reports(approvals.granted_resources.identifier.value) from patients approvals that meet the requirements:
- patient_id= hashed patient_id from URL
- status= 'active'
- granted_to contains one of user's employees' id
- granted_resources.identifier.type.coding[].code="diagnostic_report"
- Select this diagnostic reports from ME.patients.diagnostic_reports
- Add filters requested by the user (search params)