Table of Contents |
---|
...
Specification
Apiary TBD
Service logic
- Only authenticated and authorized HR, ADMIN, OWNER employees from MSP, OUTPATIENT, PRIMARY_CARE, EMERGENCY legal entities can get the equipment by id.
- Service returns only equipment related to the same legal entity as the user. User with role NHS ADMIN can get any equipment from any legal entity.
Authentication
- Verify the validity of access token
- Return 401 in case validation fails
- Check scopes in order to perform this action (scope = 'equipment:read')
- Return 403 in case invalid scope(s)
...
- Check that equipment with such ID exists in the system (is_active = true)
- In case of error - return 404
- Check that equipment with such ID belongs to to the same legal entity as the user OR user has NHS ADMIN role.
- In case of error - return 403
Prepare response
Render response