RC_Update Program medication (Admin CDB)

1 Purpose
2 Key points
3 Specification
4 Authorization
5 Validate legal entity
6 Validate medication
7 Validate request
8 Service logic

Purpose

This WS allows to update existing medication program participant

Key points

This is a graphQl method used in Administration panel only
Only authenticated and authorized NHS employee with appropriate scope can update a Program medication.

Specification

  "Updates a single `ProgramMedication` using its globally unique ID and a patch."
  updateProgramMedication(
    input: UpdateProgramMedicationInput!
  ): UpdateProgramMedicationPayload
"""
Input for `updateProgramMedication` mutation.

User must have a scope **program_medication:write**
"""
input UpdateProgramMedicationInput {
  "The ID of an object."
  id: ID!
  "Whether `ProgramMedication` is active or not?"
  isActive: Boolean
  "Whether requesting medications allowed for the `ProgramMedication` or not?"
  medicationRequestAllowed: Boolean
  "Reimbursement information."
  reimbursement: UpdateReimbursementInput
  "Start date of action for this entry"
  startDate: Date
  "End date for this entry"
  endDate: Date
  "General registry identifier"
  registryNumber: String
  "Reimbursement daily dosage"
  reimbursementDailyDosage: Float
  "Consumer price"
  consumerPrice: Float
  "Wholesale price"
  wholesalePrice: Float
  "Estimated payment amount"
  estimatedPaymentAmount: Float
}
"""
Input for `Reimbursement` of `updateProgramMedication` mutation.
"""
input UpdateReimbursementInput {
  "Amount to reimburse for medication package by `MedicalProgram`."
  reimbursementAmount: Float
  "Percentage to reimburse for medication package by `MedicalProgram`."
  percentageDiscount: Float
}

"""
Return type for `updateProgramMedication` mutation.
"""
type UpdateProgramMedicationPayload {
  "Updated `ProgramMedication`."
  programMedication: ProgramMedication
}
"""
Program Medication linkes medication and medical program.
In order to obtain details user must have a scope **program_medication:read**
"""
type ProgramMedication implements Node {
  "The ID of an object."
  id: ID!
  "Primary key identifier from the database."
  databaseId: UUID!
  "MedicalProgram."
  medicalProgram: MedicalProgram!
  "Medication"
  medication: Medication!
  "Reimbursement information."
  reimbursement: Reimbursement!
  "Factory gate price for package of medications"
  wholesalePrice: Float
  "Consumer price for package of medications"
  consumerPrice: Float
  "Reimbuersement amount for recommended daily dosage of medication"
  reimbursementDailyDosage: Float
  "The estimatied amount which patient should pay for package of medications after reimbursement"
  estimatedPaymentAmount: Float
  "Start date of action for this entry"
  startDate: Date
  "End date for this entry"
  endDate: Date
  "General registry identifier"
  registryNumber: String
  "Whether `ProgramMedication` is active or not?"
  isActive: Boolean!
  "Whether requesting medications allowed for the `ProgramMedication` or not?"
  medicationRequestAllowed: Boolean!
  "Date and time when record was inserted"
  insertedAt: DateTime!
  "Date and time when record was updated"
  updatedAt: DateTime!
}

"""
Reimbursement information for current program medication.
"""
type Reimbursement {
  "Type of reimbursement"
  type: ReimbursementType!
  "Amount to reimburse for medication package by `MedicalProgram`."
  reimbursementAmount: Float
  "Percentage to reimburse for medication package by `MedicalProgram`."
  percentageDiscount: Float
}

Authorization

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'program_medication:write')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: program_medication:read”) in case of invalid scope(s)

Validate legal entity

Extract client_id from token.
Check client scopes in order to perform this action (scope = 'program_medication:write')
- in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: program_medication:write”)
Check legal entity type (type = NHS)
- In case of error - return 403 ('You don’t have permission to access this resource')

Validate medication

Get medication by program_medications.medication_id
Check medication is_active = true
1. in case of error - return 409 ('Medication is not active')

Validate request

Check program medication id exists in DB
1. in case of error - return 404 ('not_found')
If medicationRequestAllowed submitted, than check program medication is_active = true
1. in case of error - return 409 ('To allow medication request firstly enable program medication')
If is_active submitted as false to deactivate program medication, than check medication_request_allowed = false
1. in case of error - return 409 ('To deactivate medication brand within the program firstly disable medical_request_allowed')
if reimbursement structure submitted, than check program medication is_active = true
1. in case of error - return 409 ('To update reimbursement firstly enable program medication')

Service logic

Update params submitted on input in the program medication entity. Also, set:
1. updated_by = current user (from token)
2. updated_at = current date and time