ЕСОЗ - публічна документація
RC_CSI-2483_Resend Medication request
Purpose
This WS is designed to resend SMS to person with Medication request info.
Key points
Only authenticated and authorized user with appropriate scope can resend Medication request info.
Medication request info can be resend only to person with verification_type = OTP.
Medication request info can be resend only for medication requests with intent order.
Medication request info can be resend only from ‘ACTIVE' status.
Specification
Authorization
Verify the validity of access token
in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'medication_request:resend')
return 403 (“Your scope does not allow to access this resource. Missing allowances: medication_request:resend”) in case of invalid scope(s)
Validations
Validate Medication request
Get Medication request identifier from the URL. Check Medication request exists in OPS DB
in case of error - return 404 ('Not found')
Validate intent
Get Medication request by $.id in OPS DB. Check that Medication request intent = ‘order’
if invalid - return 409 ("For medication request plan information cannot be resent")
Validate status
Get Medication request by $.id in OPS DB. Check that Medication request status = ‘ACTIVE’
if invalid - return 409 ("Invalid status Medication request for resend action!")
Validate medical program
Get Medication request by $.id in OPS DB. If medical program exists in the medication request:
Get medical program settings by $.medical_program.id
Check request_notification_disabled = false or null/absent
if true - return 409 ("Notifications are not allowed for the medical program!")
Validate verification code
Get Medication request by $.id in OPS DB. Check that Medication request verification code is not null
if invalid - return 403 ("Can't resend Medication request without verification code!")
Validate person
If
authorize_with
exists in medication request and is not empty, check:Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)
Get value of
THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK
config parameter, if it is set totrue
- for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from medication request – exists active and approved confidant person relationship between person from request and confidant_person_id from authentication method value (using following logic: https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17667883028 withperson_id
= person from request andconfidant_person_id
= value from auth method) - expected:ok, :approved
response)in case any validation failed - return 409 ('Authentication method doesn't exist or is inactive')
else - get authentication_method of person from
authorize_with
If
authorize_with
does not exist in medication request or is empty - get authentication_method of person from MPI DBCheck that persons authentication_method == ‘OTP’ or ‘THIRD_PERSON’ with authentication_method == ‘OTP’
if invalid - return 409 ("Person or third person has no OTP auth method")
Service logic
Call SMS timeout procedure to check if resending is allowed using:
- MR_MAX_ATTEMPTS_COUNT as MAX_ATTEMPTS_COUNT
- MR_SEND_TIMEOUT as SEND_TIMEOUT
- "medication_request" as entity_name
- medication_request_id as entity_idin case of error - return 429 ("Sending SMS timeout. Try later. Next attempt will be available at <attempts.oldest.value + SEND_TIMEOUT>")
Generate SMS text
get template from sign_template_sms parameter
enrich template with data from Medication request
Send SMS to a person
ЕСОЗ - публічна документація