ЕСОЗ - публічна документація

RC_Recall Service Request (RMDN-356)

Owned by Oleksandr Zhuk (SoE eHealth)
Nov 11, 2024
2 min read

Source link - Recall Service Request | Validate permission to recall , RC_(CSI-2483,CR-441)_Recall Service Request

Authorization

  1. Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  2. Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  3. Check user scopes in order to perform this action (scope = 'service_request:recall')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: service_request:recall”) in case of invalid scope(s)

  4. If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at > current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):

    • in case not match - return 403 ("Access denied. Party is not verified")

  5. If BLOCK_DECEASED_PARTY_USERS is true, check that party is not deceased (party_verification record does not equal to: dracs_death_verification_status = VERIFIED and dracs_death_verification_reason = MANUAL_CONFIRMED):

    • in case of error - return 403 ("Access denied. Party is deceased")

Validate digital signature

  1. Validate request is signed

    1. in case of error - return 400 (“document must be signed by 1 signer but contains 0 signatures”)

  2. Check DS is valid and not expired

  3. Validate that DS belongs to the user

    1. Check that DRFO from DS and party.tax_id matches

      1. in case of error - return 422 (“Does not match the signer drfo“)

  4. Ensure that $.requester.identifier.value matches with user employees

    1. Check if service request based on Care plan if not match:

      1. Determine at least one of the user employees has an active approval on write this Care plan 

        1. in case of error - return 409 ('Employees related to this party_id not in current MSP')

Validate user

Recalling a Service Request is allowed for user if he has one of the following active and approved employee that:

  • is an Employee from legal entity where Service Request is created

    • in case of error - return 409 ("Only an employee from legal entity where service request is created can recall service request")

Validate transition

Only active service request can be recalled

  1. Get current service request status

    1. Check that status in ('active')

      1. in case of error - return 409 error ('Service request in status %status% cannot be recalled')

ЕСОЗ - публічна документація