ЕСОЗ - публічна документація

(Draft) Get Equipments

Owned by Serhii Tatarenko (NHSU partner, Edenlab)
Last updated: Mar 09, 2023 by Serhii Boldin (SoE eHealth)
1 min read

Purpose

Specification

Apiary: Get equipments

Service logic

  1. Only authenticated and authorized HR, ADMIN, OWNER employees from MSP, OUTPATIENT, PRIMARY_CARE, EMERGENCY legal entities can get the equipment by id.
  2. Service returns only equipments related to the same legal entity as the user.
  3. User with role NHS ADMIN can get any equipments from any legal entity (requirement will be implemented on corresponding GraphQL method).
  4. Search by next parameters allowed: 
    1. division_id
    2. type
    3. external_id
    4. status

Authentication

  1. Verify the validity of access token
    1. Return 401 in case validation fails
  2. Check scopes in order to perform this action (scope = 'equipment:read')
    1. Return 403 in case invalid scope(s)

Prepare response

Service returns only equipments related to the same legal entity as the user OR any if user has NHS ADMIN role.

  1. Extract client_id from token
  2. Return entries with parameter is_active=true, filtered by client_id and query params


ЕСОЗ - публічна документація