Page Comparison

...

• Check that at least one address record with type = 'RESIDENCE' is submitted

  • in case of error - return 422 ('one and only one residence address is required')

Validate necessity of confidant person

A block with information about confidant person must be transferred when the person is created.
New endpoints /wiki/spaces/CSI/pages/17613291561 must be used to manage list of persons confidants.

Expand
title Validation process diagram
View file name necessity_confidant_persons.drawio

• In case if persons age < no_self_registration_age global parameter - check that confidant_person is submitted

  • in case of error - return 422 ('Confidant person is mandatory for children.')

• In caseif persons age is greater then no_self_registration_age global parameter, but less then person_full_legal_capacity_age global parameter:

  • if none of persons documents has type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter - check that confidant_person is submitted

    • In case of error - return 422 ('Confidant person is mandatory for minor patients.')

  • Else if at least one of submitted person document types exist in PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter - check that confidant_person is not submitted

    • in case of error - return 422 ('Confidant can not be submitted for person who has document that proves legal capacity.')

Validate confidant person

Confidant person must be validated only if $.person.confidant_person block is presented in the request:

• Check that confidant_person.person_id exists in persons table (MPI DB) with status = active and is_active = true

  • in case of error - return 422 ('Confidant person is not found')

• Check if confidant person itself shouldn’t be authorized by confidant - so it doesn’t correspond to following rules:

  • confidant persons age < no_self_registration_age global parameter;

  • confidant persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;

  • confidant persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/CSI/pages/17667883028 Check confidant person with person_id = $.person.confidant_person.person_id from request - expected :ok, :approved response)

  • confidant person has at least one confidant person in persons.confidant_person array

    • in case of error - return 422 ('Person with incorrect age or with active confidant person relationship can not be submitted as confidant')

• Check that confidant person cumulative verification status is not in NOT_ALLOWED_CONFIDANT_PERSON_VERIFICATION_STATUSES config parameter

  • in case of error - return 422 ('Person with cumulative verification status <person.verification_status> can not be submitted as confidant')

• Check that confidant person has active authentication method with type = OTP

  • in case of error - return 422 ('Confidant person must have active authentication method with type "OTP"')

• Validate confidant persons documents_relationship

  • Validate document issued_at date

    • Check that issued_at <= now()

      • in case of error - return 422 ('Document issued date should be in the past')

    • Check that issued_at => person.birth_date

      • in case of error - return 422 ('Document issued date should greater than person.birth_date')

  • Validate document active_to date

    • Check that active_to > now()

      • in case error - return 422 ('Document active_to should be in future')

  • Validate document type according to DOCUMENT_RELATIONSHIP_TYPEdictionary

    • In case of error - return 422 ('value is not allowed in enum')

  • Validate document number according to regexp (as part of JSON Schema validation) 

    • BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

      • In case of error - return 422 ('string does not match pattern') with the corresponding regexp

    • other document type numbers should be validated according to format varchar (255)

      • in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')

Validate person documents

• Check submitted person document types exist in PERSON_REGISTRATION_DOCUMENT_TYPES config parameter that contains values from DOCUMENT_TYPE dictionary

  • in case of error - return 422 ('Submitted document type is not allowed')

• Check document types from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter (that prove persons legal capacity) are not submitted if persons age is less then no_self_registration_age global parameter or greater then person_full_legal_capacity_age global parameter

  • in case of error - return 422 ('<Document type> can not be submitted for this person') with first found document type

• If at least one document type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter is submitted, check that at least one document type from PERSON_REGISTRATION_DOCUMENT_TYPES is submitted

  • in case of error - return 422 ('Document that proves personal data must be submitted.')

• Validate document issued_at date

  • Check that issued_at <= now()

    • in case of error - return 422 ('Document issued date should be in the past')

  • Check that issued_at => person.birth_date

    • in case of error - return 422 ('Document issued date should greater than person.birth_date')

• Validate document expiration_date

  • Check that expiration_date > now()

    • in case error - return 422 ('Document expiration_date should be in future')

  • Check that expiration_date exists for following document types:

    • NATIONAL_ID

    • COMPLEMENTARY_PROTECTION_CERTIFICATE

    • PERMANENT_RESIDENCE_PERMIT

    • REFUGEE_CERTIFICATE

    • TEMPORARY_CERTIFICATE

    • TEMPORARY_PASSPORT

      • in case error - return 422 ('expiration_date is mandatory for document_type $.documents.type')

• Validate document number according to regexp (as part of JSON Schema validation) 

  • PASSPORT - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

  • NATIONAL_ID - ^[0-9]{9}$

  • BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

  • COMPLEMENTARY_PROTECTION_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

  • REFUGEE_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

  • TEMPORARY_CERTIFICATE - ^(((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{4,6}|[0-9]{9}|((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{5}\\/[0-9]{5})$

  • TEMPORARY_PASSPORT - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

  • CHILD_BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

  • MARRIAGE_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

  • DIVORCE_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • in case of error - return 422 ('string does not match pattern') with the corresponding regexp

• If unzr exists and is not null, check that it matches pattern - ^[0-9]{8}-[0-9]{5}$

  • in case of error - return 422 ('string does not match pattern') with the corresponding regexp

• If document with type NATIONAL_ID exists in request, check that unzr exists in request

  • in case of error - return 422 ('unzr is mandatory for document type NATIONAL_ID')

• Check that document types NATIONAL_ID and PASSPORT both do not exist in request

  • in case of error - return 422 ('Person can have only new passport NATIONAL_ID or old PASSPORT.')

• Check that document types BIRTH_CERTIFICATE or BIRTH_CERTIFICATE_FOREIGN are submitted if persons age < no_self_auth_age global parameter

  • in case of error - return 422 ('Documents should contain one of: BIRTH_CERTIFICATE, BIRTH_CERTIFICATE_FOREIGN.')

• Check that document number length < 255

  • in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')

...

• Check that only one authentication method is submitted for person

  • in case of error - return 422 ('expected a maximum of 1 items but got <<count_authentication_method_objects>>')

• In case if person.confidant_person block is notempty:

  • Check that submitted authentication_methods record has type = 'THIRD_PERSON'

    • in case of error - return 422 ('Only THIRD_PERSON authentication method can be created for person')

  • Check that THIRD_PERSON is the same person who is submitted as confidant (authentication_methods[0].value = confidant_person[0].person_id)

    • in case of error - return 422 ('Confidant person must be submitted as THIRD_PERSON for authentication method')

  • Check that THIRD_PERSON is found less than third_person_limit global parameter value in the system (in table person_authentication_methods with value = authentication_methods[0].value& ended_at іs empty or > now() & type = THIRD_PERSON)

    • in case of error - return 422 ('This fiduciary person is present more than $.global_parameters.third_person_limit times times in the system')

• Else if person.confidant_person block is empty:

  • Check that submitted authentication_methods block contains record with type = 'OTP' or type = 'OFFLINE'

    • in case of error - return 422 ('Only OTP or OFFLINE authentication method can be created for person')

  • For authentication method with type = ‘OTP’ perform following phone number limit validation only if USE_PHONE_NUMBER_AUTH_LIMIT config parameter is set to true:

    • check that phone number from persons authentication method is found less than phone_number_auth_limit global parameter in the system (in table person_authentication_methods with phone_number = $.person.authentication_methods.[0].phone_number & ended_at іs empty or > now() & type = OTP)

      • in case of error - return 409 ('This phone number is present more then $.global_parameters.phone_number_auth_limit times in the system')

...

1. Validate block confidant person. If $.person.confidant_person is not null:

   • Generate URLs with type confidant_person.{confidant_person.person_id}.documents_relationship.[:].{type}

2. Validate block of person documents. If one of the documents has document.type = BIRTH_CERTIFICATE_FOREIGN and there is no same document in {$.person_request.person.confidant_person.[:].documents_relationship.[:]}

   and persons age < no_self_auth_age global parameter then

   1. Generate URL with type person.BIRTH_CERTIFICATE_FOREIGN

3. Validate block of person documents. If one of the documents has document.type = PERMANENT_RESIDENCE_PERMIT and persons age >= no_self_auth_age global parameter then

   1. Generate URL with type person.PERMANENT_RESIDENCE_PERMIT

4. Validate block of authentication methods. If authentication method type = OFFLINE

   1. Generate URLs with type person.{$.person.documents.[:].type} for each persons document

5. Validate persons unzr. If $.person.unzr is not empty and first 8 digits of $.person.unzr != $.person.birth_date

   1. Generate URL with type person.unzr

...

• id = autogenerate uuid

• person_data = $.person from request in json format

• status = NEW

• authentication_method_current = type for auth method that is used to authorize request (set phone_number for type OTP or THIRD_PERSON with type OTP)

• channel = MIS

• legal_entity_id = client_id from token (id of legal entity where person request is created)

• tax_id = $.person.tax_id from request (if not null)

• last_name = $.person.last_name from request

• first_name = $.person.first_name from request

• birth_date = $.person.birth_date from request

• documents = generated links for documents upload (if needed)

• person_documents = $.person.documents from request in json format

• inserted_by = user_id from token

• updated_by = user_id from token

• inserted_at = now()

• updated_at = now()

• patient_signed = $.patient_signed from request

• process_disclosure_data_consent = $.process_disclosure_data_consent from request

• version = 2

Generate verification code

...

The person can pass the id of his auth method which he wants to use to confirm the update person request. The necessary auth method can be found by making Get person's auth methods.

• Check that $.authorize_with with auth_method.type = 'THIRD_PERSON' is submitted for person that must be authorized by confidant person using following logic:

  1. persons age < no_self_registration_age global parameter;

  2. persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;

  3. persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/CSI/pages/17667883028 with person_id = person from request - expected :ok, :approved response)

     1. in case of error - return 422 ('Authentication method with type THIRD_PERSON must be submitted for this person')

• Check that $.authorize_with is a valid uuid

  1. in case error - return 422 ('string does not match pattern') with uuid regexp

• Check that auth method exists in MPI database, person_authentication_methods table, belongs to person from request, stored in $.person.id, is active (ended_at > now() or ended_at is null and is_active = true), and type != NA, additionally for auth method with type = ‘THIRD_PERSON’ - check that person from value is an approved confidant for a $.person.id from request – exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: /wiki/spaces/CSI/pages/17667883028 with person_id = person from request and confidant_person_id = value from auth method - expected :ok, :approved response)

  1. in case error - return 409 ('Authentication method doesn't belong to person.')

...

• id = autogenerate uuid

• person_data = $.person from request in json format

• status = NEW

• authentication_method_current = calculated authentication method current for request (set phone_number for type OTP or THIRD_PERSON with type OTP)

• channel = MIS

• legal_entity_id = client_id from token (id of legal entity where person request is created)

• tax_id = $.person.tax_id from request (if not null)

• last_name = $.person.last_name from request

• first_name = $.person.first_name from request

• birth_date = $.person.birth_date from request

• documents = generated links for documents upload (if needed)

• person_documents = $.person.documents from request in json format

• inserted_by = user_id from token

• updated_by = user_id from token

• inserted_at = now()

• updated_at = now()

• patient_signed = $.patient_signed from request

• process_disclosure_data_consent = $.process_disclosure_data_consent from request

• person_data_id = $.person.id from request

• authorize_with = $.authorize_with from request (if not null)

• version = 2

Generate verification code

...