ЕСОЗ - публічна документація

RC_CSI-2483_Get Device request details

Purpose

This WS is designed to return Device request details by identifier.

Specification

Apiary

Authorization

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'device_request:read')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: device_request:read') in case of invalid scope(s)

Access to the resource is also managed by https://e-health-ua.atlassian.net/wiki/spaces/RMDN/pages/17671028956.

Service logic

Service returns specified Device requests related to the patient:

  1. Get Device requests from device_request collection (MongoDB)

  2. Validate data consistency:

    1. Ensure that requested Device requests relates to requested Patient (from URL)

      1. Return 403 ('Access denied') in case of error

  3. Fill in urgent block with current authentication method and verification_code field:

    1. Get program from request and (if provided) get program setting request_notification_disabled

    2. Get person authentication method according to logic:

      1. If authorize_with exists in device request and is not empty, check:

        1. Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)

        2. Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK config parameter, if it is set to true - for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from device request – exists active and approved confidant person relationship between person from request and confidant_person_id from authentication method value (using following logic: https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17667883028 with person_id = person from request and confidant_person_id = value from auth method - expected :ok, :approved response)

          1. in case any validation failed - set verification_code and phone_number=null

          2. else - get persons authentication method from authorize_with

      2. if authorize_with does not exist in device request or is empty - get default authentication method of person from MPI using https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17613029453

    3. If person has OTP or THIRD_PERSON (with OTP) authentication method and request_notification_disabled = false/null (or absent), then set phone_number and verification_code=null

    4. if person has OTP or THIRD_PERSON (with OTP) authentication method and request_notification_disabled = true, then set verification_code and phone_number

  4. Render a response according to the specification

    1. Calculate remaining quantity:

      1. Select all Device dispenses in status completed related to the Device request

      2. Sum quantity in the filtered Device dispenses as dispensed_qty

      3. Calculate remaining_quantity = requested_quantity- dispensed_quantity

    2. Return remaining_quantity in the response

ЕСОЗ - публічна документація