ЕСОЗ - публічна документація

Skip to end of banner Go to start of banner

API. Get Equipment by ID

Skip to end of metadata

Created by Serhii Tatarenko (NHSU partner, Edenlab), last modified by Dmytro Kulibaba (Unlicensed) on Nov 25, 2022

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Purpose

Specification

Apiary: Get equipment by ID

Service logic

Only authenticated and authorized HR, ADMIN, OWNER employees from MSP, OUTPATIENT, PRIMARY_CARE, EMERGENCY legal entities can get the equipment by id.
Service returns only equipment related to the same legal entity as the user. User with role NHS ADMIN can get any equipment from any legal entity.

Authentication

Verify the validity of access token
1. Return 401 in case validation fails
Check scopes in order to perform this action (scope = 'equipment:read')
1. Return 403 in case invalid scope(s)

Validate equipment

Check that equipment with such ID exists in the system (is_active = true)
1. In case of error - return 404
Check that equipment with such ID belongs to to the same legal entity as the user OR user has NHS ADMIN role.
1. In case of error - return 403

Prepare response

Render response if is_active = true, else - return error with code 404

No labels

ЕСОЗ - публічна документація