Versions Compared

Old Version 4

changes.mady.by.user Serhii Tatarenko (NHSU partner, Edenlab)

Saved on

compared with

New Version 5

changes.mady.by.user Serhii Tatarenko (NHSU partner, Edenlab)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Specification

Apiary TBD

Service logic

  1. Only authenticated and authorized HR, ADMIN, OWNER employees from MSP, OUTPATIENT, PRIMARY_CARE, EMERGENCY legal entities can get the equipment by id.
  2. Service returns only equipments related to the same legal entity as the user. User with role NHS ADMIN can get any equipments from any legal entity.

Authentication

  1. Verify the validity of access token
    1. Return 401 in case validation fails
  2. Check scopes in order to perform this action (scope = 'equipment:read')
    1. Return 403 in case invalid scope(s)

Prepare response

Service returns only equipments related to the same legal entity as the user OR any if user has NHS ADMIN role.

  1. If user role is not NHS ADMIN:
    1. Extract client_id from token
    2. Return entries filtered by client_id and query params
  2. Else if user role is NHS ADMIN:
    1. Return entries filtered by query params

...