1 Purpose
2 Specification
3 Logic
4 Request structure
5 Authorize
6 Headers
7 Request data validation
- 7.1 Validate legal entity
- 7.2 Validate request
- 7.3 Validate division
- 7.4 Validate type
- 7.5 Validate external identifier
8 Processing
- 8.1 Save object to DB
  - 8.1.1 1. equipments table
  - 8.1.2 2. equipment_status_hstr table
9 Response structure
10 HTTP status codes

Purpose

This WS is designed for registration equipment in divisions of legal entities

Specification

Link	https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/equipment/create-equipment	Посилання на Apiary або Swagger
Resource	/api/equipment	Посилання на ресурс, наприклад: /api/persons/create
Scope	equipment:write	Scope для доступу
Components	Devices and equipment	Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription
Microservices	API paragraph not found	Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC
Protocol type	REST	Тип протоколу, який використовується запитом, наприклад: SOAP \| REST
Request type	POST	Тип запиту API, наприклад: GET, POST, PATCH…
Sync/Async	Sync	Метод є синхронним чи асинхронним?
Public/Private/Internal	Public	Потрібно зазначити тип методу за ступенем доступності

Logic

Only authenticated and authorized HR, ADMIN, OWNER employees can register equipments.
Equipments can be registered in MSP, OUTPATIENT, PRIMARY_CARE and EMERGENCY legal entities.
Equipment has to be linked to division. One division can have many equipments.
Legal entity can register equipments for its own divisions only.

Request structure

Example:

{
  "division_id": "8be63914-a278-470b-b868-1af5b9087332",
  "type": "23143534",
  "external_id": "123-ASD-#1",
  "udi": [
    {
      "value": "IMEI 49015420323751",
      "type": "default",
      "assigner_name": "Ukrainian center of the certification"
    }
  ],
  "lot_number": "RZ12345678",
  "manufacturer": "GlobalMed, Inc",
  "manufacture_date": "1999-01-01",
  "expiration_date": "2020-01-01",
  "model_number": "NSPX30",
  "part_number": "#e30-SD",
  "version": "v1.0.1",
  "name": "Рентген апарат флюрографічній",
  "serial_number": "S/N234554",
  "note": "Технічний огляд раз на рік"
}

Authorize

Verify the validity of access token
1. Return 401 in case validation fails
Check user scopes in order to perform this action (scope = 'equipment:write')
1. Return 403 in case invalid scope(s)

Headers

Наприклад:

Content-Type:application/json

Authorization:Bearer c2778f3064753ea70de870a53795f5c9

API-key:uXhEczJ56adsfh3Ri9SUkc4en

Request data validation

Validate legal entity

Check that legal entity is active (status = ACTIVE, SUSPENDED)

Extract client_id from token (token.client_id == legal_entity_id)
Check legal entity status (status = ACTIVE, SUSPENDED)
1. In case of error - return 409 (Legal entity must be ACTIVE or SUSPENDED)

Validate request

Validate request using schema

Validate division

A division_id should be passed in request body:

Validate division_id in request body - division exists and is_active = true
1. Return 422 in case validation fails
Check division_id belongs to the same legal_entity_id (from token) as the user
1. Return 422 with message "Division is not within current legal entity" in case validation fails.
Check division status =ACTIVE.
1. Return 422 with message "Division is not active" in case validation fails.

Validate type

Validate that an equipments type value exists in dictionary "EQUIPMENT_TYPE"
1. in case of error "Submitted code is not allowed for this field"

Validate external identifier

Check an external_id field is not empty
1. Return 422 (required property external_id was not present) in case of error

Processing

Save object to DB

1. equipments table

Parameter	Source	Description

Parameter	Source	Description
id	UUID	Autogenerated
type	Request: type	Get from request body
external_id	Request: external_id	Get from request body
division_id	Request: division_id	Get from request body
udi	Request: udi	Get from request body
lot_number	Request: lot_number	Get from request body
manufacturer	Request: manufacturer	Get from request body
manufacture_date	Request: manufacture_date	Get from request body
expiration_date	Request: expiration_date	Get from request body
model_number	Request: model_number	Get from request body
part_number	Request: part_number	Get from request body
version	Request: version	Get from request body
name	Request: name	Get from request body
serial_number	Request: serial_number	Get from request body
note	Request: note	Get from request body
legal_entity_id	Token: client_id	Extract client from token
status	Const: ACTIVE	By default ACTIVE for new records
is_active	Const: TRUE	Always TRUE for new records
inserted_at	Timestamp: now()	Get current date-time
inserted_by	Token: user_id	Extract user from token
updated_at	Timestamp: now()	Get current date-time
updated_by	Token: user_id	Extract user from token

2. equipment_status_hstr table

Parameter	Source	Description

Parameter	Source	Description
id	UUID	Autogenerated
equipment_id	UUID	Reference to equipments.id
status	Const: ACTIVE	By default ACTIVE for new records
inserted_by	Token: user_id	Extract user from token
inserted_at	Timestamp: now()	Get current date-time

Response structure