ЕСОЗ - публічна документація
RC_CSI-2483_Reject Medication request by Pharmacy User
Purpose
This WS is designed to Reject Medication Request by Pharmacy users.
Key points
Only authenticated and authorized user with appropriate scope can reject Medication Request.
In request in signed content the Medication Request data should be used the same as in response of Get Medication Request by Pharmacy User.
In the response of this endpoint legal entity, division and employee details are trimmed, according to business requirements (limitations) for Pharmacy.
Medication Request can be rejected only from ‘ACTIVE' status.
Specification
Authorization
Verify the validity of access token
in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'medication_request:reject_pharm')
return 403 (“Your scope does not allow to access this resource. Missing allowances: medication_request:reject_pharm”) in case of invalid scope(s)
Validations
Validate Digital Sign
Validate request is signed
in case of error - return 400 (“document must be signed by 1 signer but contains 0 signatures”)
Check DS is valid and not expired
Validate that DS belongs to the user
Check that DRFO from DS and party.tax_id matches
in case of error - return 422 (“Does not match the signer drfo“)
Validate Medication request
Get Medication request identifier from the URL. Check Medication request exists in OPS DB
in case of error - return 404 (“Medication request does not exist")
Validate user
Medication Request rejection is allowed for user if he has active and approved employee
in case of error - return 409 ("Only active and approved employee can reject medication request")
Validate content
Validate request using JSON schema
in case of error - return 422 with appropriate validation error
Check that signed content contains all required fields and is equal to stored object
Decode signed content
Render requested medication request using [Transferred] Get Medication request by ID by Pharmacy User
Check that rendered and decoded data matches (except for reject_reason_code and reject_reason fields)
in case of error - return 422 ("Signed content does not match the previously created content")
Validation transition
Get status of Medication request by $.id in OPS DB. Check that Medication request is in status ‘ACTIVE’
if invalid - return 409 ("Invalid status Medication request for reject transition!")
For more information look at [Transferred] Medication request status model
Validate reject reason code
Validate $.reject_reason_code is a value from MEDICATION_REQUEST_REJECT_REASON dictionary
in case of error - return 422 ("value is not allowed in enum")
Service logic
Save signed content to media storage.
Update Medication request in OPS DB:
set status = 'REJECTED'
set reject_reason_code = $.reject_reason_code
set reject_reason = $.reject_reason
set updated_by = user_id
set updated_at = now()
set rejected_by = user_id
set rejected_at = now()
Send SMS for person
If Medication request has program with medical program setting request_notification_disabled = true, then don't send SMS.
Else:
If
authorize_with
exists in medication request and is not empty, check:Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)
Get value of
THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK
config parameter, if it is set totrue
- for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from medication request – exists active and approved confidant person relationship between person from request and confidant_person_id from authentication method value (using following logic: https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17667883028 withperson_id
= person from request andconfidant_person_id
= value from auth method - expected:ok, :approved
response)in case any validation failed - do not send SMS to person
else - get authentication_method from
authorize_with
If
authorize_with
does not exist in medication request or is empty - get authentication_method of person from MPIIf authentication_method == OTP, then send SMS to a person from Medication request:
Generate SMS text
get template from reject_template_sms parameter
enrich template with data from Medication request
Send SMS to a person
Render response according to specification
Add new record to Event manager
field | value |
---|---|
|
|
|
|
| $.id |
| $.status |
| $.update_at |
| $.changed_by |
If the medication request is based on activity with quantity:
recalculate and set remaining_quantity for the activity as described at PreQualify Medication Request: 6. Check Care Plan and Activity (p. 2. d. 1) and do not include current MR but include all MD which related to current MR
ЕСОЗ - публічна документація