Table of Contents |
---|
Purpose
Specification
Apiary TBD: Get equipments
Service logic
- Only authenticated and authorized HR, ADMIN, OWNER employees from MSP, OUTPATIENT, PRIMARY_CARE, EMERGENCY legal entities can get the equipment by id.
- Service returns only equipments related to the same legal entity as the user.
- User with role NHS ADMIN can get any equipments from any legal entity (requirement will be implemented on corresponding GraphQL method).
- Search by next parameters allowed:
- division_id
- type
- external_id
- status
Authentication
- Verify the validity of access token
- Return 401 in case validation fails
- Check scopes in order to perform this action (scope = 'equipment:read')
- Return 403 in case invalid scope(s)
Prepare response
Service returns only equipments related to the same legal entity as the user OR any if user has NHS ADMIN role.
- If user role is not NHS ADMIN:Extract client_id from token
- Return entries with parameter is_active=true, filtered by client_id and query paramsElse if user role is NHS ADMIN:Return entries filtered by query params