RC_Get Device requests by search params

Purpose

This WS is designed to return records about Device requests in person context by search params.

Specification

Apiary

Authorization

• Verify the validity of access token

  • Return (401, 'Invalid access token') in case of validation fails

• Verify that token is not expired

  • in case of error - return (401, 'Invalid access token')

• Check user scopes in order to perform this action (scope = 'device_request:read')

  • Return (403, 'Your scope does not allow to access this resource. Missing allowances: device_request:read') in case of invalid scope(s)

Access to the resource is also managed by ABAC rules.

Service logic

Service returns all Device requests related to the person filtered by submitted parameters:

1. Get all Device requests by person_id from device_requests collection (Mongo database)

2. Validate data consistency:

   • Ensure that requested Device requests have ABAC context

     • Return 403 ('Access denied') in case of error

3. Filter list above by submitted search parameters

4. Render a response according to specification with found Device requests entities.