Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

https://e-health-ua.atlassian.net/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Properties of a REST API method document

Document type	Метод REST API
Document title	[DRAFT] REST API Cancel approval [API-001-001-001-0006]
Guideline ID	GUI-0011
Author	@
Document version	1
Document status	DRAFT
Date of creation	ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)
Date of update	ХХ.ХХ.ХХХХ (дата зміни версії)
Method API ID	API-001-001-001-0006
Microservices (namespace)	ABAC
Component	Approvals/ABAC
Component ID	COM-001-001
Link на API-специфікацію	https://medicaleventsmisapi.docs.apiary.io/#reference/approvals/cancel-approval/cancel-approval
Resource	{{host}}/api/patients/{{patiend_id}}/approvals/{{id}}/actions/cancel
Scope	approval:cancel
Protocol type	REST
Request type	PATCH
Sync/Async	Async(def)/Sync
Public/Private	Public

Purpose

Allows to cancel approval by it's identifier in patient context.

Logic

Allows to cancel approval by it's identifier in patient context. It is allowed only for the doctor who has an active declaration with a patient from url (can cancel all approvals) or approval is granted to user (can cancel own approval).

Service logic

Service allow to cancel of the patient approval:

Get approval by patient_id and approval id from approvals collection (MongoDB)
Update for approvals: status (update also updated_at, updated_by, expired_at = now()
If patient's authentication method is OTP or third_person.OTP, send SMS to that patient with info about cancelling.
Render a response according to specification.

Add status to event manager

After status was changed (status = CANCELLED) - add new status to event_manager

field	value

field	value
`event_type`	`StatusChangeEvent`
`entity_type`	Approval
`entity_id`	$.id
`properties.status.new_value`	$.status
`event_time`	$.update_at
`changed_by`	$.`changed_by`

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

	Input parameter	Mandatory	Type	Description	Example

	Input parameter	Mandatory	Type	Description	Example
1	patiend_id		String	identifier of the patient	`aff00bf6-68bf-4b49-b66d-f031d48922b3`
2	id		String	identifier of the approval	`aff00bf6-68bf-4b49-b66d-f031d48922b3`

Request structure

See on API-specification

Headers

Request data validation

Authorization

Verify the validity of access token
- Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
- in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'approval:cancel')
- Return (403, 'Your scope does not allow to access this resource. Missing allowances: approval:cancel') in case of invalid scope(s)

Validate Patient

Get Patient identifier from the URL
Check it exists in DB
- Return 404 ('Person is not found') in case of error

Validate Approval

Get Approval identifier from the URL
Check it exists in DB
- Return 404 ('not found') in case of error
Check approval is not expired (expires_at > now() )
- Return 409 ('Approval can be cancelled only if it is not expiredhas new or active status') in case of error

Validate User

Extract user_id from token.
Check user has an active declaration with a patient from URL (can cancel all approvals) or approval is granted to user (can cancel own approval: granted_to OR created_by):
- Return 403 ('No active declaration with patient found or declaration is not from the same MSP') in case the employee doesn't have an active declaration with the patient

Processing

N/A

Response structure examples