ЕСОЗ - публічна документація
ARCHIVE_Add employee role_EN (DRACS, DRFO)
- Yuliia Mazur (UA SoE eHealth)
Specification
Link | Посилання на Apiary або Swagger | |
Resource | /api/employee_roles | Посилання на ресурс, наприклад: /api/persons/create |
Scope | employee_role:write | Scope для доступу |
Components | Scopes model | Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription |
Microservices | API paragraph not found | Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC |
Protocol type | REST | Тип протоколу, який використовується запитом, наприклад: SOAP | REST |
Request type | POST | Тип запиту API, наприклад: GET, POST, PATCH… |
Sync/Async | Sync | Метод є синхронним чи асинхронним? |
Public/Private/Internal | Public | Потрібно зазначити тип методу за ступенем доступності |
Logic
Only authenticated and authorized user can use this service
Employee role must be valid and consistent, i.e. all "foreign keys" must be valid
It can be only one active employee_role for the single employee and healthcare service
Request structure
See on Apiary
Example:
Authorize
Verify the validity of access token
Return 401 in case validation fails
Check scopes in order to perform this action (scope = 'employee_role:write')
Return 403 in case invalid scope(s)
If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
in case not match - return 403 ("Access denied. Party is not verified")
Headers
Наприклад:
Content-Type:application/json
Authorization:Bearer c2778f3064753ea70de870a53795f5c9
api-key:uXhEczJ56adsfh3Ri9SUkc4en
Request data validation
Validate request
Validate request using JSON schema
Validate legal entity
Check that legal entity is active (status = ACTIVE, SUSPENDED)
Extract client_id from token (token.client_id == legal_entity_id)
Check legal entity status (status = ACTIVE, SUSPENDED)
In case of error - return 409 (Legal entity must be ACTIVE or SUSPENDED)
Validate FK
Validate healthcare_service_id - healthcare service exists and is_active = true
Return 422 in case validation fails
Validate employee_id - employee exists and is_active = true
Return 422 in case validation fails
Validate constraint
It can be only one active employee_role for the single employee and healthcare service
Check that there is no another active record (status = ACTIVE) with the same employee and healthcare service
Return 409 (Duplicated employee role for this employee and healthcare service) in case such pair exists
Validate healthcare service
Check that healthcare service belongs to the same legal entity as the user and healthcare service is active
Extract client_id from token (token.client_id == legal_entity_id)
Validate legal entity on healthcare service
Check healthcare service status (status = ACTIVE)
Validate employee and its specialization
Check that employee belongs to the same legal entity as the user, employee is active and has the same specializations as the healthcare service
Extract client_id from token (token.client_id == legal_entity_id)
Validate legal entity on employee service
Check employee status (status = APPROVED)
Validate specialization on employee (where specialities.speciality_officio = true) and healthcare service
Processing
Save object to DB
Parameter | Source | Description |
|---|---|---|
id | UUID | Autogenerated |
start_date | Timestamp: now() | Get current date-time |
status | Const: ACTIVE | By default ACTIVE for new records |
is_active | Const: TRUE | Always TRUE for new records |
inserted_at | Timestamp: now() | Get current date-time |
inserted_by | Token: user_id | Extract user from token |
updated_at | Timestamp: now() | Get current date-time |
updated_by | Token: user_id | Extract user from token |
ЕСОЗ - публічна документація