The process is initiated by Legal Entity's side and involves the signature previously signed contract request. 

Contract must be 2 time signed: from legal_entity and NHS sides. There is a particular order who must signed first - NHS side. After that legal entity owner or admin can either sign contract request (will be created contract) or terminate contract request.

Input parameters 

Invoke service 'Get Partially Signed Contract Reqeust by ID'. In the response will be received link to download file in PKCS7 format, which contains data (json + printout form + signature of responsible person from NHS side + digital stamp from NHS side).

This PKCS7 file must be signed and decode in base64.

Authorize user

1. Verify the validity of access token

2. Check user scopes in order to perform this action

   1. In case error - generate 401 response

Check employee

Contract_request can be signed by owner or admin with necessary scopes in equal legal_entity_id and same id as was perviously input in contract_request.

1. Extract legal_entity_id (client_id) from token. Take contract_request_id.

2. Check client_id=contractor_legal_entity_id (contractor_side)

3. Validate that contract_request hasn't been signed by  contractor_side already

   1. Check status<>'SIGNED'.

   2. In case of error return 422 error ('The contract was already signed by contractor')

Digital signature

Decode content that is encrypted in an electronic digital signature.
Use Digital signature WS. Method checks digital signature and returns result.

Validations

Validate DRFO or EDRPOU

We need to check DS based on legal entity legal form. DS can belong to individual entrepreneur or to legal entity. As previous version of DS can contain tax_id in EDRPOU field, not in DRFO validation must be done as described below:

1. Get client_id from token

2. Find prn.legal_entities by client_id

3. Check EDRPOU or DRFO matches prm.legal_entities.EDRPOU

   1. Check if  EDRPOU in Certificate details exists and not empty

      1. Check if  Certificate_details.EDRPOU=prm.legal_entities.EDRPOU

   2. in case validation from a. didn't pass - Check that DRFO in Certificate details exists and not empty

      1. Convert DRFO and prm.legal_entities.EDRPOU to uppercase

      2. Compare DRFO and prm.legal_entities.EDRPOU as Cyrillic letters

      3. Convert DRFO to Cyrillic and compare as Cyrillic letters

      4. Check if  Certificate_details.DRFO=prm.legal_entities.EDRPOU 

   3. In case validation fails - generate 422 error

4. Check that SURNAME in Certificate details is equal to LAST_NAME in Party

   1. Get party.last_name using contractor_owner_id from contract_request (employees.employee_id=contractor_owner_id and client_id=employee.legal_entity_id –> parties.id)

      1. Convert prm.parties.LAST_NAME and Certificate details.SURNAME to uppercase

      2. Compare prm.parties.LAST_NAME and Certificate details.SURNAME as Cyrillic letters

      3. In case validation fails - generate 422 error

Validate DRFO

1. Get parties.tax_id using party_users.party_id by user_id.

2. Compare DRFO in Certificate with party.tax_id

   1. Convert DRFO and TAX_ID to uppercase

   2. Compare DRFO and TAX_ID as Cyrillic letters

   3. Convert DRFO to Cyrillic and compare as Cyrillic letters

3. In case validation fails - generate 422 error

Validate Status

1. Check contract_request.status='NHS_SIGNED'

   1. in case of error return 422 Error 'Incorrect status for signing'

Check signed content

1. Check decoded signed content with previously created on IL.db

In case if they are not equal - generate 422 error (message: "Signed content does not match the previously created content")

2. Actualize data:

Invoke service 'Get Contract Reqeust by ID'. In the response will be received printout form and json. Compare it with previously created on IL.db

In case if they are not equal - generate 422 error (message: "Signed content does not match the previously created content")

Validate 1st Signature

1. Get client_id from token

2. Find prm.legal_entities by  nhs_signer_id → prm.employee→ legal_entity

3. Check EDRPOU or DRFO matches prn.legal_entities.EDRPOU

   1. Check if  EDRPOU in Certificate details exists and not empty

      1. Check if  Certificate_details.EDRPOU=prm.legal_entities.EDRPOU

   2. in case validation from a. didn't pass - Check that DRFO in Certificate details exists and not empty

      1. Convert DRFO and prn.legal_entities.EDRPOU to uppercase

      2. Compare DRFO and prn.legal_entities.EDRPOU as Cyrillic letters

      3. Convert DRFO to Cyrillic and compare as Cyrillic letters

      4. Check if  Certificate_details.DRFO=prn.legal_entities.EDRPOU 

   3. In case validation fails - generate 422 error

4. Check that SURNAME in Certificate details is equal to LAST_NAME in Party

   1. Get party.last_name using nhs_signer_id from contract_request (employees.employee_id=nhs_signer_id –> parties.id)

      1. Convert prm.parties.LAST_NAME and Certificate details.SURNAME to uppercase

      2. Compare prm.parties.LAST_NAME and Certificate details.SURNAME as Cyrillic letters

      3. In case validation fails - generate 422 error

5. Validate DRFO

   1. Get parties.tax_id using party_users.party_id by user_id.

   2. Compare DRFO in Certificate with party.tax_id

      1. Convert DRFO and TAX_ID to uppercase

      2. Compare DRFO and TAX_ID as Cyrillic letters

      3. Convert DRFO to Cyrillic and compare as Cyrillic letters

   3. In case validation fails - generate 422 error

Validate Digital Stamp

1. Check that EDRPOU in Certificate details is equal to EDROU in legal entity by nhs_signer_id → prm.employee→ legal_entity

   1. Check if  EDRPOU in Certificate details exists and not empty

   2. Check if  Certificate_details.EDRPOU=prm.legal_entities.EDRPOU

   3. In case validation fails - generate 422 error

Validate request

1. Validate request using JSON schema
   
   

   1. In case validation fails - generate 422 error

2. Check contract request status
   
   

   1. If status is not APPROVED - returned error 'Incorrect status'

3. Capitation only: Validate contractor_employee_divisions

   1. Employees from employee_divisions has employee_type='DOCTOR', status='APPROVED', division is not null

      1. in case of error return 422  error view $employee ('Employee must be an active DOCTOR with linked division')

   2. Check divisions belongs to legal_entity and divisions.status='active'

      1. in case of error return 422  error view $divisions ('Division must be active and within current legal_entity')

   3. Check employee belongs to division

      1.  in case of error return 422  error view $employee  ('Employee must be within current division')

4. Validate start_date

   1. start_date>now()

      1. in case of error return 422 error $start_date ('Start date must be greater than create date')

5. Check whether all id is resolved and valid. For
    - contractor_legal_entity_id and nhs_legal_entity_id in status='active'  and nhs_verified = true (prm.legal_entities)
    - contractor_owner_id and nhs_signer_id in status = 'APPROVED' (prm.employees)

6. Search contract_number in contracts.contract_number. if found none or one contract in status='VERIFIED' - validation passed.

   1. In case found contract(s), but in status='TERMINATED' show an error 422 ('There is no active contract with such contract_number')

7. Reimbursement only: validate that medical_program_id is a valid ID of an ACTIVE medical_program with type 'medication'

   1. in case of error return "Medical program is not active"

Save signed contract to media storage

1. Get url for declaration upload

    

   
   
   

2. Upload signed contract to media storage.

Update contract request

1. update contract_request.status='SIGNED'

2. update contract_request.contract_id=contract.id

   UPDATE contract_requests SET status = 'SIGNED' WHERE id = {:id}

   
   
   

Create Contract

If status='SIGNED'

• Create a new record in PRM.contracts with status='VERIFIED'

• set is_suspended=false, is_active=true

• for each division from array contract_divisions create a new row in contract_divisions

• capitation only: for each employee from array create a new row in PRM.contract_employees

Check parent_contract_id

Search parent_contract_id in contracts.id.

1. Get contract.id by parent_contract_id and status='VERIFIED'

   1. fetch all records in contract_employees by contract_id and end_date is null

      1. set for those records end_date=$contract_request.start_date

2. In case active contract found - terminate by changing status to TERMINATED.

Check parent contracts

1. Find there is no contracts 

• for same contractor_legal_entity_id

• within same period [start_date, end_date]

• status = VERIFIED

• id_form

• medical_program_id 

In case there is such contract change its' status to 'TERMINATE' and fetch all records in contract_employees by contract_id and end_date is null

1. set for those records end_date=$contract_request.start_date

Add status to event manager

After status was changed (status = SIGNED) - add new status to event_manager

Deactivate Medical Program Provision

If contract update operation (Sign Contract Request by MSP api with contract_number) (according to link):

• define medical programs that are not present in the new contract.

• deactivate all active medical program provision for defined programs within contract number and current legal entity: 

  • set is_active = false

  • set deactivate_reason = AUTO_CONTRACT_TERMINATION

  • set updated_at, updated by
    Note: Status of medical program provision entities for the programs remained in the new contract should not be changed.