Specification
Declaration request logic
Only authenticated and authorized user can use this service
New and Approved declaration request can be rejected
The request can be rejected only by the employee who works in the same legal entity in which the request was made.
Authorize user
Verify the validity of access token
Return 401 in case validation fails
Check scopes in order to perform this action (scope = 'declaration_request:write')
Return 403 in case invalid scope(s)
Validate declaration request
Check that declaration request with such ID exists in the system (is_active = true)
In case of error - return 404
Check that declaration request belongs to the same legal entity as the user
In case of error - return 403
Change declaration request
Change entity status in IL_DB.declaration_request to REJECTED
Set updated_at - now() (Get current date-time)
Set updated_by - user_id (Extract user from token)