Table of Contents |
---|
Purpose
Specification
Service logic
- Only authenticated and authorized HR, ADMIN employees from MSP, OUTPATIENT, PRIMARY_CARE, EMERGENCY legal entities can get the equipment by id.
- Service returns only equipments related to the same legal entity as the user. User with role NHS ADMIN can get any equipments from any legal entity.
Authentication
- Verify the validity of access token
- Return 401 in case validation fails
- Check scopes in order to perform this action (scope = 'equipment:read')
- Return 403 in case invalid scope(s)
Prepare response
Service returns only equipments related to the same legal entity as the user OR any if user has NHS ADMIN role.
- If user role is not NHS ADMIN:
- Extract client_id from token
- Return entries filtered by client_id and query params
- Else if user role is NHS ADMIN:
- Return entries filtered by query params