RC_REHAB_Get Care plan activities by search params+

Purpose

This WS intended to get all the activities related to the specified Care plan.

Specification

Apiary

Authorization

• Verify the validity of access token

  • Return (401, 'Invalid access token') in case of validation fails

• Verify that token is not expired

  • in case of error - return (401, 'Invalid access token')

• Check user scopes in order to perform this action (scope = 'care_plan:read')

  • Return (403, 'Your scope does not allow to access this resource. Missing allowances: care_plan:read') in case of invalid scope(s)

Validate Patient

• Get Patient identifier from the URL

• Check it exists in DB

  • Return 404 ('not found') in case of error

Validate Care plan

• Get Care plan identifier from the URL

• Check it exists in DB

  • Return 404 ('not found') in case of error

Validate User

• Extract user_id from token.

• Check user has an active and approved employee from legal entity (token) for which one of the conditions is TRUE:

  • has an active Approval granted by the Patient on write or read the Care plan resource (care plan id from URL)

    • Return 403 ('Access denied') in case employee has no Approval on read or write

  • has an active declaration with the patient

    • Return 403 ('Access denied') in case there no active declaration with patient and none of other conditions is true

  • user belongs to the legal entity where the care_plans were created

    • Return 403 ('Access denied') in case employee belongs to another legal_entity and none of conditions above is true

Service logic

Service returns activity list within specified Care plan related to the patient:

• Get activity list by Care plan identifier from care_plan_activities collection (MongoDB)

• Validate data consistency:

  • Ensure that each requested activity in the list relates to requested Patient and Care Plan (from URL)

    • Return 404 ('not found') in case of error

• Render a response according to specification