ЕСОЗ - публічна документація
RC_(MC-1184)_[UPD] Medical Events filtration by Forbidden groups
- Kateryna Haleta (SoE eHealth)
Filtration Logic
For each method described in Table “Medical events to filter“ use following logic to define if User has an access to medical events with data included in the Forbidden groups.
1. Define forbidden group Items
Define forbidden group Items presented in Medical events the User should not see
Get Forbidden group Items from cache.
if cache is empty - fill it with all active forbidden group items (forbidden_group_codes and forbidden_group_services)
Get all active and approved user's employees
Get all active Approvals on forbidden groups granted by patient to all user's employees
if it merged person/preperson - get all active Approvals on forbidden groups granted by active master_person to all user's employees
Form list of forbidden group items that still are restricted for the User: eliminate items in approvals from the all forbidden group items.
2. Check Medical event is allowed to access
Check Medical event data is allowed to access according to Forbidden groups
Do usual validations in methods described in the table “Medical events to filter” (column “Method”)
If client_type from token is not CABINET, then additionally filter Medical events by rule: values in fields at column “Filter by“ (table below) are not in the forbidden list of items defined at p.1 OR user is an author of the ME OR there is an approval (granted_resource) on particular medical event
in case values in forbidden list and user is not an author - return error described at “Result“ column (table below)
How to define user is an author of the Medical event?
Check party_users table: If inserted_by user in ME belongs to the same party as user from the token, then this is an author.
Medical events to filter
Medical event | Method | Filter by | Forbidden group items | Result | Additional info |
|---|---|---|---|---|---|
Episode | diagnoses_history | codes from dictionaries:
| Return 403 error with type “forbidden“ and message “Access denied“ | ||
Do not render in the response | |||||
Do not render in the response | |||||
current_diagnoses | Do not render in the response | ||||
diagnoses_history | Do not render in the response | ||||
diagnoses_history | Do not render in the response | ||||
diagnoses_history | Return 403 error with type “forbidden“ and message “Access denied“ | RC_(MC-1180)_[NEW] Get Episode details in Composition context | |||
Encounter | diagnoses actions reasons action_references
|
| Return 403 error with type “forbidden“ and message “Access denied“ | ||
Do not render in the response | |||||
Do not render in the response |
| ||||
Return 403 with type “forbidden“ and message “Access denied“ |
| ||||
Do not render in the response | |||||
Return 403 with type “forbidden“ and message “Access denied“ | |||||
Return 403 with type “forbidden“ and message “Access denied“ | RC_(MC-1180)_[NEW] Get Encounter details in Composition context | ||||
Condition | code evidences |
| Do not render in the response |
| |
Return 403 error with type “forbidden“ and message “Access denied“ |
| ||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | RC_(MC-1180)_[NEW] Get Condition details in Composition context | ||||
Diagnostic report | conclusion_code code |
| Return 403 error with type “forbidden“ and message “Access denied“ | ||
Do not render in the response | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | |||||
Do not render in the response | |||||
Do not render in the response | RC_Get Short Diagnostic Reports by Service Groups (CSI-1834) | ||||
Return 403 error with type “forbidden“ and message “Access denied“ | RC_(MC-1180)_[NEW] Get Diagnostic Report details in Composition context | ||||
Procedure | code | service_id | Return 403 error with type “forbidden“ and message “Access denied“ | ||
Do not render in the response | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | |||||
Do not render in the response | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | RC_(MC-1180)_[NEW] Get Procedure details in Composition context | ||||
Care plan | addresses | codes from dictionaries:
| Return 403 error with type “forbidden“ and message “Access denied“ | ||
RC_(MC-1180)_[NEW] Get Care Plan details in Composition context | |||||
Filtration is not used. Response of this method does not return sensetive data | |||||
Care plan activity | reason_code product_reference (if kind=service_request) |
| Return 403 error with type “forbidden“ and message “Access denied“ | ||
Do not render in the response | |||||
Service request | code context_program_service | code by:
context_program_service.service_id by service_id context_program_service.service_group_id by service_group_id | Do not render in the response |
| |
Return 403 error with type “forbidden“ and message “Access denied“ |
| ||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ and message “Access denied“ | RC_(MC-1180)_[NEW] Get Service Request details in Composition context | ||||
ЕСОЗ - публічна документація