Purpose
Specification
Service logic
- Only authenticated and authorized user can use this service
- Service returns only employee roles related to the same legal entity as the user
Authentication
- Verify the validity of access token
- Return 401 in case validation fails
- Check scopes in order to perform this action (scope = 'employee_role:read')
- Return 403 in case invalid scope(s)
Validate employee role
- Check that employee roel with such ID exists in the system (is_active = true)
- In case of error - return 404
- Check that employee role with such ID belongs to to the same legal entity as the user
- In case of error - return 403
Prepare response
Render response