Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Specification

Apiary TBD

Service logic

  1. Only authenticated and authorized HR, ADMIN, OWNER employees from MSP, OUTPATIENT, PRIMARY_CARE, EMERGENCY legal entities can get the equipment by id.
  2. Service returns only equipment related to the same legal entity as the user. User with role NHS ADMIN can get any equipment from any legal entity.

Authentication

  1. Verify the validity of access token
    1. Return 401 in case validation fails
  2. Check scopes in order to perform this action (scope = 'equipment:read')
    1. Return 403 in case invalid scope(s)

...

  1. Check that equipment with such ID exists in the system (is_active = true)
    1. In case of error - return 404
  2. Check that equipment with such ID belongs to to the same legal entity as the user OR user has NHS ADMIN role.
    1. In case of error - return 403

Prepare response

Render response