PIS. Reject Declaration request

1 Purpose
2 Key points
3 Specification
4 Authorization
5 Validation
6 Service logic

Purpose

This WS is designed to reject previously created Declaration Request by patient

Key points

Only authenticated and authorized user with appropriate scope can reject Declaration Request.
Declaration Request can be rejected only from ‘NEW' or ‘APPROVED’ status.

Specification

Apiary

Authorization

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'declaration_request:reject_pis')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: declaration_request:reject_pis”) in case of invalid scope(s)

Validation

Validate Person

Get person_id from token (x-person-id header)
Validate patient status is active (status = ‘active' & is_active = 'true’)
- in case of error - return 404 ('not found')
Validate verification status of person not NOT_VERIFIED
- in case of error - return return 403 ("Access denied. Person is not verified")

Validate confidant person and relationship (optional)

If person is not legally capable - system must ensure that declaration request is rejected by confidant person and there is registered and verified their relationship

Get applicant_person_id from token, compare it to person_id from token:

If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:
- persons age < no_self_registration_age global parameter;
- persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;
- persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process Check confidant person relationship with person_id = person from request - expected :ok, :approved response)
  - In case of error - return 409 (‘Request must be authorized by confidant person’)
If not equal - validate relationship with following steps:
- Check that there is registered relationship between person_id and applicant_person_id(MPI.confidant_person_relationships)
- Check that relationship is VERIFIED
  - In case of error - return 409 (‘Can’t confirm relationship’)
- Check that applicant_person_id exists (status = 'active' & is_active = 'true') and has verification_status any but NOT_VERIFIED
  - In case of error - return 409 (‘Confidant person not found or is not verified’)

Validate Declaration request

Check that declaration request:
- exists in il DB
- belongs to patient
  - in case of error - return 404 ('not found')
Check that declaration request status = NEW and channel PIS or APPROVED
- in case of error - return 403 (' Only declaration request with NEW or APPROVED statuses can be rejected')

Service logic

Update declaration request in il.declaration_requests table:
1. set status = 'REJECTED'
2. set status_reason patient_reject (value of DECLARATION_REQUEST_STATUS_REASON) according to status model (where the channel of action PIS and status REJECTED)
3. updated_at: current date time
4. updated_by: user from token
Add new status to event manager

field	value

field	value
`event_type`	`StatusChangeEvent`
`entity_type`	`DeclarationRequest`
`entity_id`	$.id
`properties.status.new_value`	$.status
`event_time`	$.update_at
`changed_by`	$.changed_by