Private. Block Medication request

1 Purpose
2 Key points
3 Specification
4 Authorization
5 Validations
- 5.1 Validate request
- 5.2 Validate Medication request
- 5.3 Validation transition
6 Service logic

Purpose

This WS is designed to block previously created Medication request with indicating block_reason_code and block_reason by NHS employee with appropriate scope.

Key points

Only authenticated and authorized NHS admin-panel user with appropriate scope can block Medication request.
In the response of these endpoint person_id is returned in hashed form.
Medication request can be blocked only from ‘ACTIVE' status.

Specification

 "Block a `MedicationRequest` using its unique ID."
  blockMedicationRequest(
    input: BlockMedicationRequestInput!
  ): BlockMedicationRequestPayload

"""
Input for `blockMedicationRequest` mutation.
User must have a scope **medication_request_admin:block**
"""
input BlockMedicationRequestInput {
  "Unique ID of the medication request which should be blocked."
  id: ID!
}

"""
Return type for `blockMedicationRequest` mutation.
"""
type BlockMedicationRequestPayload {
  "Medication request block reason"
  blockReason: String!
  "Medication request block reason code from `MEDICATION_REQUEST_BLOCK_REASON` dictionary"
  blockReasonCode: BlockReasonCode!
}

"""
List of block reason codes. According to `MEDICATION_REQUEST_BLOCK_REASON` dictionary
"""
enum BlockReasonCode { 
"Reason code `WRONG_QTY_DRUG` to block medication request"
WRONG_QTY_DRUG
}

Authorization

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'medication_request_admin:block')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: medication_request_admin:block”) in case of invalid scope(s)

Validations

Validate request

Validate request using JSON schema
- in case of error - return 422

Validate Medication request

Get Medication request identifier from the URL. Check Medication request exists in OPS DB
- in case of error - return 404

Validation transition

Get Medication request by $.id in OPS DB. Check that Medication request status = ‘ACTIVE’
- in case of error - return 409 ("Medication request must be in active status")
Get Medication request by $.id in OPS DB. Check that Medication request is not blocked, i.e. is_blocked = false
- in case of error - return 409 ("Medication request is already blocked")

Service logic

Update Medication request in OPS DB:
1. set is_blocked = true
2. set block_reason_code = $.block_reason_code
3. set block_reason = $.block_reason
4. set updated_by = user_id
5. set updated_at = now()
6. set block_legal_entity_id = legal entity id out of token
Send SMS for person
1. If Medication request has program with medical program setting medication_request_notification_disabled = true, then don't send SMS.
  Else:
  1. Get authentication_method of person from MPI
  2. If authentication_method == OTP, then send SMS to a person from Medication request:
    1. Generate SMS text
      1. get template from block_template_sms_nhs parameter
      2. enrich template with data from Medication request
    2. Send SMS to a person
Return Medication request data with hashed person_id