ЕСОЗ - публічна документація
Sign declaration request v3
Related information
(Deprected) IL.Sign declaration request
Specification
Link | |
Resource | /api/v3/declaration_requests/{{id}}/actions/sign |
Scope | declaration_request:sign |
Components | Declarations |
Using Microservices | il/api ops/api |
Protocol type | REST |
Request type | PATCH |
Sync/Async | Sync |
Public/Private/Internal | Public |
The process is initiated by any employee with necessary scopes in this legal entity and involves the transfer of a signed person with electronic digital signature.
Process is asynchronous. If all validations are successfully completed, the asynchronous process of creating a person starts by processing the message.
Service logic
Only authenticated and authorized user can use this service
Only APPROVED declaration request can be signed
The request can be signed only by the employee who works in the same legal entity in which the request was made.
Authorize user
Verify the validity of access token
Return 401 in case validation fails
Check scopes in order to perform this action (scope = 'declaration_request:sign')
Return 403 in case invalid scope(s)
Digital signature
Digital signature validation is different depending on channel
for channel
PIS
and statusAPPROVED
there must be 2 signatures - one for patient and one for doctorfor channel
MIS
and statusAPPROVED
there must be only 1 doctor’s signature
Decode content that is encrypted in an electronic digital signature.
Use Digital signature WS. Method checks digital signature(s) and returns result.
See service specification
Validate patient’s signature
This validation must be done in different ways depending on context:
if request is done by person itself (There is no confidant person in data_to_be_signed
data_to_be_signed.person.confidant_person
(or is nil)) - we must check that signer DRFO matches with person tax_id or documentif request is done by confidant person (There is confidant person in data_to_be_signed
data_to_be_signed.person.confidant_person
) - we must check that signer DRFO matches with confidant person tax_id or document
Request is done by person
Check that DRFO in Certificate details exists and not empty
Check that DRFO in Certificate details is equal to Person’s tax_id
Get
person_id
from tokenGet Person details using
person_id
Compare DRFO in Certificate with person.tax_id
Convert DRFO and TAX_ID to uppercase
Compare DRFO and TAX_ID as Cyrillic letters
Convert DRFO to Cyrillic and compare as Cyrillic letters
In case validation fails - generate 422 error
Request is done by confidant person
Check that DRFO in Certificate details exists and not empty
Check that DRFO in Certificate details is equal to Confidant Person’s tax_id
Get
confidant_person
fromdata_to_be_signed.person
Compare DRFO in Certificate with person.tax_id
Convert DRFO and TAX_ID to uppercase
Compare DRFO and TAX_ID as Cyrillic letters
Convert DRFO to Cyrillic and compare as Cyrillic letters
In case validation fails - generate 422 error
Validate doctor’s signature
Check that DRFO in Certificate details (one of) is equal to DRFO in Party
Get party.tax_id using employee_id in declaration payload
Compare DRFO in Certificate with party.tax_id
Convert DRFO and TAX_ID to uppercase
Compare DRFO and TAX_ID as Cyrillic letters
Convert DRFO to Cyrillic and compare as Cyrillic letters
In case validation fails - generate 422 error
Latin to Cyrillic mapping
%{"A" => "А", "B" => "В", "C" => "С", "E" => "Е", "H" => "Н", "I" => "І", "K" => "К", "M" => "М", "O" => "О", "P" => "Р", "T" => "Т", "X" => "Х"} |
Validate request
Validate request using JSON schema (See specification)
In case validation fails - generate 422 error
Check declaration request status
If status is not APPROVED, - returned error 'Incorrect status'
Validate person verification status
validate patient's verification_status is not equal to NOT_VERIFIED.
in case of error return 409, "Patient is not verified"
Validate Parent declaration
Get parent_declaration_id from IL_DB.declaration_requests.parent_declaration_id.
If parent_declaration_id is not null, check that parent declaration exists and in status 'active'
In case of error - return 404 ("Active parent declaration was not found")
Check signed content
Check decoded signed content with previously created on IL.db.
SELECT data.data_to_be_signed
FROM declaration_requests
WHERE id = {:id}
|
In case if they are not equal - generate 422 error (message: "Signed content does not match the previously created content")
Check employee
Declaration_request can be signed by any employee with necessery scopes in equal legal_entity_id.
Extract legal_entity_id (client_id) from token
Extract employee_id from request
Check if $.client_id=employees.legal_entity_id
in case error return 422
Check patient_signed flag
If "patient_signed" is not present in request, return 422 ("required property patient_signed was not present")
If "patient_signed"=false in request, return 422 ("Patient must sign declaration form")
If “patient_signed”=null, check that parent_declaration_id is not null,
in case of error, return 422 ("Patient must sign declaration form")
Validate human readable declaration number
Search declaration_number in declarations.declaration_number.
if exists return 422 - message 'Declaration with the same declaration_number is already exist in DB'
Processing
Save signed declaration to media storage
Get url for declaration upload.
Use Request a Secret WS
Parameter | Source |
---|---|
action | 'GET' |
bucket | 'DECLARATIONS' |
resource_id | :DECLARATION_ID |
resource_name | :DECLARATION_NAME |
Upload signed declaration to media storage
Update declaration request:
Change entity status in IL_DB.declaration_request to SIGNED
Set status_reason:
If
channel
= MIS - setstatus_reason
to doctor_signedIf
channel
= PIS - setstatus_reason
to doctor_approved_over_limit
Set updated_at - now() (Get current date-time)
Set updated_by - user_id (Extract user from token)
Get active declarations
Search for active declarations using MPI ID
If found, - terminate them and create new declaration.
If not found - create new declaration.
Terminate declaration
In case active declarations found - terminate all by changing status to TERMINATED.
In case parent_declaration_id of declaration request is not null - terminate parent_declaration with reason reason = 'auto_reorganization'.
Create declaration
Check authentication_method_current
SELECT authentication_method_current FROM declaration_requests WHERE id = {:id}
If "type" = "OFFLINE"
set declaration status to "PENDING_VERIFICATION" “active”
set reason to 'offline'
if "type" = "OTP" - set declaration status to "ACTIVE" “active”
if "type" = "NA" - check parent_declaration_id, if not null than set declaration status to "ACTIVE" “active”
Check persons 'no_tax_id' flag
if 'no_tax_id'=true and parent_declaration_id is null
set declaration status to "PENDING_VERIFICATION" “active”
set reason to 'no_tax_id'
if ‘no_tax_id’=true and parent_declaration_id is not null - set declaration status to "ACTIVE" “active”
Create a new declaration by adding a new entity to the declarations table ops_db without declaration_id.
if there is existing record in the declarations table with the same id and declaration_request_id, return ok to IL
ЕСОЗ - публічна документація