Table of Contents |
---|
Purpose
Specification
Apiary TBD
Service logic
- Only authenticated and authorized HR, ADMIN, OWNER employees can update equipment.
- Equipment can be updated from MSP, OUTPATIENT, PRIMARY_CARE and EMERGENCY legal entities.
- Only ACTIVE equipment can be updated
- Legal entity can update only its own equipments.
Authentication
- Verify the validity of access token
- Return 401 in case validation fails
- Check user scopes in order to perform this action (scope = 'equipment:write')
- Return 403 in case invalid scope(s)
Validate legal entity
Check that legal entity is active (status = ACTIVE, SUSPENDED)
- Extract client_id from token (token.client_id == legal_entity_id)
- Check legal entity status (status = ACTIVE, SUSPENDED)
- In case of error - return 409 (Legal entity must be ACTIVE or SUSPENDED)
Validate equipment
- Check that ID in URL exists in the system
- In case of error - return 404
- Check that equipment belongs to the same legal entity as the user
- In case of error - return 403
Validate request
Validate request using JSON schema (TBD)
Validate division
If division_id passed in request body:
- Validate division_id in request body - division exists and is_active = true
- Return 422 in case validation fails
- Check division_id belongs to the same legal_entity_id (from token) as the user
- Return 422 with message "Division is not within current legal entity" in case validation fails.
- Check division status =ACTIVE.
- Return 422 with message "Division is not active" in case validation fails.