ЕСОЗ - публічна документація

(RC-1 MRIN) Create approval

Owned by Гліб Ущенко (Unlicensed)
Apr 02, 2021
2 min read

Specification

  1. API Create Approval

Validate request

Validate request using JSON schema

Authorize

  1. Verify the validity of access token

  2. Check user scope approval:create in order to perform this action

Logic

  1. Approvals are processed in the async way

  2. User can create approval only for employee from his legal entity

    1. client_id from token should be linked with employee_id from granted_to object.

    2. granted_to.employee_id should be active.

  3. If service_request block is presented in request

    1. Get Service_request details

       (only in active status)

    2. use Response.permitted_resources as resources for approval(could be episode or diagnostic_report).

  4. Check patient_id

    1. if belongs to person, then GET auth_method from MPI using {patient_id}

      1. If it's OTP:

        1. send SMS to the auth_phone via otp_verification service POST /verifications

        2. save approval to DB 

        3. save authentication_method_current.type and number to DB

        4. return authentication_method_current.type = OTP

      2. If it is offline

        1. save approval to DB 

        2. save authentication_method_current.type and number to DB

        3. return  authentication_method_current.type = offline

      3.  if it is null:

        1. return error 409 (Person hasn’t active authentication methods. It is necessary to add)

    2. if belongs to preperson:

      1. save approval to DB

      2. set approval status = active

      3. set approval urgent = null 

Validate access_level

  1. Validate that access_level correspond to granted_resources:

    1. In case error return 422 ("Resource types [\"$.granted_resources[].code\"] not allowed to use write access_level")

 

granted_resources

access_level

access to

 

granted_resources

access_level

access to

resources

episode_of_care

read

Reading all the data of specified in approval episode

diagnostic_report

read

Reading all the data of specified in approval diagnostic report

care_plan

read

Reading all the data of specified in approval care plan

care_plan

write

Creating activities for care plan

service_request

episode_of_care

diagnostic_report

read

Reading data from permitted_resources in approval service re

Validate authorize_with

The patient can pass the id of his auth_method which he wants to confirm the approval. The necessary auth method can be found by making Get person's auth methods

  1. validate auth_method.id is UUID

    1. in case error return 422

  2. search auth method in MPI.person_authentication_method

    1. in case error return 422, "such authentication method doesn't exist"

  3. search auth method of this patient where  MPI.person_authentication_method.person_id = $.patient.id

    1. in case error return 422, "such authentication method does not belong to this person"

  4. validate if auth_method.type = NA

    1. error return 422, "Сannot be confirmed by a method with type= NA. Use a different method."

  5. validate that this method is active ( authentication_method.ended_at > now() and is_active = true)

This field is optional and set in new field authorize_with and save type and phone_number in approvals.urgent.authentication_method_current.

If approval doesn't have this field, then choose that method which is returned from mpi as person's default method.

Additional logic

  1. All the approvals in status "new" should be deleted 12 hours after creation - env. configuration parameter

ЕСОЗ - публічна документація