When a professional sends a GET request to the /v1/patients/{patient.id} endpoint, they should be able to see not the the basic patient information but also on overview of additional resources they have access to, such as glycemia data, insulin boluses, meals consumed, and treatments. This will help avoid unnecessary requests for resources the professional does not have access to.
Objectives
Display Accessible Resources: Add an accessible_resources section to the response from the /v1/patients/{patient.id} endpoint that lists the types of additional data the professional is authorized to view.
Permission Checks: Before displaying the resources, check the professional's permissions for each type of data (e.g., glycemia, bolus, meals, treatments). Permissions may be based on the patient's establishment, the professional's specialty, and explicit authorizations granted by the patient or another professional.
Technical Details
Update the Controller: Modify the controller handling the /v1/patients/{patient.id} endpoint to include permission checks for access to the various resources associated with the patient.
accessible_resources Section: Add a section to the JSON response containing an array that lists the types of accessible resources.
Permission Checks: Implement logic to verify access permissions for each type of resource according to the following rules:
Check if the professional has access to the patient's company
Check if the professional's speciality permits access to the requested resource.
Check if the patient or another professional has granted temporary or permanent authorization to access the resource.
Acceptance Criteria
When a professional requests /v1/patients/{patient.id}, they should see a precise list of additional data types they can access under the accessible_resources key.
If the professional does not have access to any additional resources, the accessible_resources key should be present with an empty array.
The permission check logic should be optimized to minimize unnecessary calls and redundant checks
Impact
This enhancement will improve the user experience for professionals by making the accessible data more transparent without the need to attempt accessing each resource individually. It will also help optimize server resource usage by reducing the number of unnecessary requests.
Tasks
[ ] Modify the controller for the /v1/patients/{patient.id} endpoint to include the accessible_resources section.
[ ] Implement permission checks for each resource type.
[ ] Add unit tests to verify that the accessible_resources list is accurate based on the professional's permissions.
[ ] Update the API documentation to include the new accessible_resources section in the response.
When a professional sends a GET request to the
/v1/patients/{patient.id}
endpoint, they should be able to see not the the basic patient information but also on overview of additional resources they have access to, such as glycemia data, insulin boluses, meals consumed, and treatments. This will help avoid unnecessary requests for resources the professional does not have access to.Objectives
accessible_resources
section to the response from the/v1/patients/{patient.id}
endpoint that lists the types of additional data the professional is authorized to view.Technical Details
/v1/patients/{patient.id}
endpoint to include permission checks for access to the various resources associated with the patient.accessible_resources
Section: Add a section to the JSON response containing an array that lists the types of accessible resources.Acceptance Criteria
/v1/patients/{patient.id}
, they should see a precise list of additional data types they can access under theaccessible_resources
key.accessible_resources
key should be present with an empty array.Impact
This enhancement will improve the user experience for professionals by making the accessible data more transparent without the need to attempt accessing each resource individually. It will also help optimize server resource usage by reducing the number of unnecessary requests.
Tasks
/v1/patients/{patient.id}
endpoint to include theaccessible_resources
section.accessible_resources
list is accurate based on the professional's permissions.accessible_resources
section in the response.