ЕСОЗ - публічна документація

RC_(CSI-1323)_Approve person request v2

Owned by Viacheslav Tybin (SoE eHealth)
Jun 10, 2024
4 min read

Purpose

This WS is used to approve previously created Person request (as part of Person creation w/o declaration process).

Specification

Apiary

Key points

  1. Person request can be approved using one of the following flow, based on requests authentication method current: if OTP - submit verification code that was sent to person or confidant person, if OFFLINE - upload persons documents to media content storage before approving.

  2. As a result - printout form is formed for patient to sign and data is formed for user to sign with digital signature.

Main differences from V1

  1. Confidant_person is an object, not an array, so response from this method works for Sign person request v2.

  2. Printout form is generated with differences: the System gets information about confidant from MPI | persons by confidant_person_relationships.confidant_person_id

Authorization

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'person_request:write')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: person_request:write') in case of invalid scope(s)

Validations

Validate request

Validate request according to JSON Schema

  • Check absence of extra parameters

    • In case of error - return 422 ('schema does not allow additional properties')

  • Check presence of required parameters

    • In case of error - return 422 ('required property %{property} was not present')

{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "verification_code": { "type": "string" } }, "required": [ "verification_code" ], "additionalProperties": false }

  • Check that person request from URL exists in IL database, person_requests table

    • in case of error - return 404 ('Person request not found.')

Validate backwards compatability

This WS can approve only person requests that were created by Create/Update person request v2

  • Check that person_request.version field is equal to 2

    • in case of error - return 422 ('Person request cannot be processed by the version 2 of the service, use version 1 instead')

  • Check that channel equals to MIS

    • in case of error - return 422 ('Only person request with MIS channel can be approved.')

Validate status transition

Only person request in NEW status can be approved.

  • Check that person request for URL has status = NEW

    • in case of error - return 409 ('Invalid transition')

Validate client

The request can be approved only by the employee who works in the same legal entity in which the request was made.

  • Check that client_id from token equals to legal_entity_id of person request from URL

    • in case of error - return 403 ('Client is not allowed to approve person_request')

  • Check that user from token has active employee in legal entity (by client_id from token)

    • in case of error - return 403 ('User is not allowed to perform this action')

Validate confidant person relationship

If authorize_with of person request is not empty and contains auth method with type = THIRD_PERSON - validate that person from value is an approved confidant for a person from request (stored in person_data_id field) - exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: Check confidant person relationship with person_id = person_data_id from request and confidant_person_id = value from auth method - expected :ok, :approved response)

  • in case of error - return 422 ('Cannot be confirmed by method with not approved confidant person relationship')

Determine authentication method current for request

Based on value of authentication_method_current.type of person request:

  • if type = OTP - invoke OTP Verification module to verify OTP that is submitted in $.verification_code field

    • in case of error - return 403 ('Invalid verification code')

  • if type = OFFLINE - skip OTP verification for request

Check uploaded documents

Get list of document types that must be uploaded to media content storage in documents field of person request.

  • If list is empty - skip validation

  • If list is not empty - check that documents were uploaded, using Media Content Storage

    • in case of error - return 409 ('Documents <<document_types_to_upload>> is not uploaded') with types of documents that must be uploaded to media content storage

Service logic

Update otp

  1. If OTP Verification was invoked, update record for otp and phone number in verifications table in verification database, set:

    1. status = ‘verified’

  2. If otp verification was invoked, check existance of record for phone number in verified_phones table in verification database, if not exists - create record, set:

    1. id = autogenerate uuid

    2. phone_number = number of verified phone from request

    3. updated_at = now()

Generate printout form

Prepare data for person request printout form

  1. Define printout form template based on authorize_with field and person_data.confidant_person field of person request:

    1. If authorize_with is not empty and contains auth method with type = THIRD_PERSON or person_data.confidant_person is not empty - select printout form with confidant person (stored in PERSON_REQUEST_PRINTOUT_FORM_INCAPACITY_TEMPLATE_ID config param)

    2. else - select printout form w/o confidant person (stored in PERSON_REQUEST_PRINTOUT_FORM_TEMPLATE_ID config param)

  2. Call MAN service to render printout form

  3. Prepare printout content based on person request data

    1. for printout form with confidant person - additionally preload confidant person data based on confidant person

      1. If authorize_with is not empty and contains auth method with type = THIRD_PERSON - preload confidant person object from MPI DB using auth method value:

        • get confidant person details from persons table (with persons.id = auth method value)

        • get confidant person documents from person_documents table (with person_documents.person_id = auth method value)

        • get relation documents from confidant_person_relationship_documents table (with confidant_person_relationship_id = id of relationship between person and confidant person)

      2. if person_data.confidant_person is not empty - get confidant person data from this field

  4. Render printout form and save to person request

Update person request

Update person request, set values:

  • status = APPROVED

  • printout_form = rendered printout form

  • updated_by = user_id from token

  • updated_at = now()

ЕСОЗ - публічна документація