RC_(CSI-2483,CR-441)_Resend Medication request

Purpose

This WS is designed to resend SMS to person with Medication request info.

Only authenticated and authorized user with appropriate scope can resend Medication request info.
Medication request info can be resend only to person with verification_type = OTP.
Medication request info can be resend only for medication requests with intent order.
Medication request info can be resend only from ‘ACTIVE' status.

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'medication_request:resend')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: medication_request:resend”) in case of invalid scope(s)

Get Medication request identifier from the URL. Check Medication request exists in OPS DB
- in case of error - return 404 ('Not found')

Get Medication request by $.id in OPS DB. Check that Medication request intent = ‘order’
- if invalid - return 409 ("For medication request plan information cannot be resent")

Get Medication request by $.id in OPS DB. Check that Medication request status = ‘ACTIVE’
- if invalid - return 409 ("Invalid status Medication request for resend action!")

Get Medication request by $.id in OPS DB. If medical program exists in the medication request:

Get medical program settings by $.medical_program.id
Check request_notification_disabled = false or null/absent
- if true - return 409 ("Notifications are not allowed for the medical program!")

Get Medication request by $.id in OPS DB. Check that Medication request verification code is not null
- if invalid - return 403 ("Can't resend Medication request without verification code!")

If authorize_with exists in medication request and is not empty, check:
- Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)
- Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK config parameter, if it is set to true - for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from medication request – exists active and approved confidant person relationship between person from request and confidant_person_id from authentication method value (using following logic: https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17667883028 with person_id = person from request and confidant_person_id = value from auth method) - expected :ok, :approved response)
  - in case any validation failed - return 409 ('Authentication method doesn't exist or is inactive')
  - else - get authentication_method of person from authorize_with
If authorize_with does not exist in medication request or is empty - get authentication_method of person from MPI DB
Check that persons authentication_method == ‘OTP’ or ‘THIRD_PERSON’ with authentication_method == ‘OTP’
- if invalid - return 409 ("Person or third person has no OTP auth method")

Call SMS timeout procedure to check if resending is allowed using:
- MR_MAX_ATTEMPTS_COUNT as MAX_ATTEMPTS_COUNT
- MR_SEND_TIMEOUT as SEND_TIMEOUT
- "medication_request" as entity_name
- medication_request_id as entity_id
in case of error - return 429 ("Sending SMS timeout. Try later. Next attempt will be available at <attempts.oldest.value + SEND_TIMEOUT>")
Generate SMS text
1. get template from sign_template_sms parameter
2. enrich template with data from Medication request
Send SMS to a person