Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Purpose

Specification

Apiary TBD

Service logic

  1. Only authenticated and authorized HR, ADMIN, OWNER employees can update equipment.
  2. Equipment can be updated from MSP, OUTPATIENT, PRIMARY_CARE and EMERGENCY legal entities.
  3. Only ACTIVE equipment can be updated
  4. Legal entity can update only its own equipments.

Authentication

  1. Verify the validity of access token
    1. Return 401 in case validation fails
  2. Check user scopes in order to perform this action (scope = 'equipment:write')
    1. Return 403 in case invalid scope(s)

Validate legal entity

Check that legal entity is active (status = ACTIVE, SUSPENDED)

  1. Extract client_id from token (token.client_id == legal_entity_id)
  2. Check legal entity status (status = ACTIVE, SUSPENDED)
    1. In case of error - return 409 (Legal entity must be ACTIVE or SUSPENDED)

Validate equipment

  1. Check that ID in URL exists in the system
    1. In case of error - return 404
  2. Check that equipment belongs to the same legal entity as the user
    1. In case of error - return 403

Validate request

Validate request using JSON schema (TBD)

Validate division

If division_id passed in request body:

  1. Validate division_id in request body - division exists and is_active = true
    1. Return 422 in case validation fails
  2. Check division_id belongs to the same legal_entity_id (from token) as the user
    1. Return 422 with message  "Division is not within current legal entity" in case validation fails.
  3. Check division status =ACTIVE.
    1. Return 422 with message "Division is not active" in case validation fails.

Update object in DB