Purpose
This WS allows to get a single Specimen by its identifier.
Key points
Only authenticated and authorized employee with appropriate scope can get a Specimen.
Method returns a single Specimen that belongs to the specified patient.
ABAC rules are used here
Specification
Authorization
Verify the validity of access token
in case of error - return 401 “Invalid access token” in case of validation fails
Verify that token is not expired
in case of error - return 401 “Invalid access token”
Check user and client scopes in order to perform this action (scope = 'specimen:read')
return 403 “Your scope does not allow to access this resource. Missing allowances: specimen:read” in case of invalid scope(s)
Access to the resource is also managed by ABAC module
Validate Patient
Get Patient identifier from the URL
Check it exists in DB
Return 404 ('not found') in case of error
Validate Specimen
Get Specimen identifier from the URL
Check it exists in DB
Return 404 ('not found') in case of error
Check Specimen belongs to patient
Return 404 ('not found') in case of error
Service logic
Service returns specified Specimen related to the patient:
Get Specimen by ID from specimens collection (MongoDB)
Render a response according to specification