API. Update Equipment

Purpose

Specification

Apiary: Update equipment

Service logic

1. Only authenticated and authorized HR, ADMIN, OWNER employees can update equipment.
2. Equipment can be updated from MSP, OUTPATIENT, PRIMARY_CARE and EMERGENCY legal entities.
3. Only ACTIVE equipment can be updated.
4. Update of division_id and status is not allowed with this service.
5. Legal entity can update only its own equipments.

Authentication

1. Verify the validity of access token
   
   1. Return 401 in case validation fails
2. Check user scopes in order to perform this action (scope = 'equipment:write')
   1. Return 403 in case invalid scope(s)

Validate legal entity

Check that legal entity is active (status = ACTIVE, SUSPENDED)

1. Extract client_id from token (token.client_id == legal_entity_id)
2. Check legal entity status (status = ACTIVE, SUSPENDED)
   1. In case of error - return 409 (Legal entity must be ACTIVE or SUSPENDED)

Validate equipment

1. Check that ID in URL exists in the system
   1. In case of error - return 404
2. Check that equipment belongs to the same legal entity as the user
   1. In case of error - return 403

Validate request

Validate request using schema (TBD)

Update object in DB

1. equipments table