API. Get activity by ID_EN

Purpose

This WS allows to get detailed information of the patient’s Care plan activity. To obtain activity list for the Care plan https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/2125039149/API.+Get+Care+Plan+activities+EN  should be used.

Specification

Apiary

Authorization

• Verify the validity of access token

  • Return (401, 'Invalid access token') in case of validation fails

• Verify that token is not expired

  • in case of error - return (401, 'Invalid access token')

• Check user scopes in order to perform this action (scope = 'care_plan:read')

  • Return (403, 'Your scope does not allow to access this resource. Missing allowances: care_plan:read') in case of invalid scope(s)

Validate Patient

• Get Patient identifier from the URL

• Check it exists in DB

  • Return 404 ('not found') in case of error

Validate Care plan

• Get Care plan identifier from the URL

• Check it exists in DB

  • Return 404 ('not found') in case of error

Validate User

• Extract user_id from token.

• Check user has an active and approved employee from legal entity (token) that:

  • has an active Approval granted by the Patient on write or read the Care plan resource (care plan id from URL)

    • Return 403 ('Access denied') in case employee has no Approval on read or write

  • has an active declaration with the patient

Service logic

Service returns activity within specified Care plan related to the patient:

• Get activity by ID from care_plan_activities collection (MongoDB)

• Validate data consistency:

  • Ensure that requested activity relates to requested Patient and Care Plan (from URL)

    • Return 404 ('not found') in case of error

• Render a response according to specification