Versions Compared

Version Old Version 1 New Version 2
Changes made by

Anna Popelysheva (SoE eHealth)

Anna Popelysheva (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

  1. Confidant_person is an object, not an array.

  2. It is allowed to submit confidant person when person is created.

  3. It is not allowed to submit confidant person when person is updated.

  4. Validation of confidant person is updated: age, verification status and auth methods are important.

  5. Validation of auth methods is updated: in case if person has confidant, as THIRD_PERSON in auth methods must be submitted confidant.

  6. Validation of person documents is updated: if person`s age is between no_self_registration_age and person_full_legal_capacity_age, documents that prove legal capacity can be sumbitted. In case if legal capacity is provenoven by document, person can not have confidant.

  7. Validate necessity of confidant person is added: in some cases (view on validations below) it is necessary to have confidant if person is created (in the request body) and if person is updated (in db MPI | confidant https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/724729917/MPI#confidant_person_relationships ).

  8. Links to save documents for confidant persons are updated.

  9. When person, that is updated, must be authorized by confidant person - authentication method with type = THIRD_PERSON must be passed in authorize_with field.

...

Create person request

...

  • Check that confidant_person.person_id exists in persons table (MPI DB) with status = active and is_active = true

    • in case of error - return 422 ('Confidant person is not found')

  • Check if confidant person itself shouldn’t be authorized by confidant - so it doesn’t correspond to following rules:

    • confidant persons age < no_self_registration_age global parameter;

    • confidant persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter or person has document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter and legal_capacity_verification_status <> VERIFIED or VERIFICATION_NOT_NEEDED;

    • confidant persons age > person_full_legal_capacity_ageglobal parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/CSI/pages/17667883028 with person_id = $.person.confidant_person.person_id from request - expected :ok, :approved response)

    • confidant person has at least one confidant person in persons.confidant_person array

      • in case of error - return 422 ('Person with incorrect age or with active confidant person relationship can not be submitted as confidant')

  • Check that confidant person cumulative verification status is not in NOT_ALLOWED_CONFIDANT_PERSON_VERIFICATION_STATUSES config parameter

    • in case of error - return 422 ('Person with cumulative verification status <person.verification_status> can not be submitted as confidant')

  • Check that confidant person has active authentication method with type = OTP

    • in case of error - return 422 ('Confidant person must have active authentication method with type "OTP"')

  • Validate confidant persons documents_relationship

    • Validate document issued_at date

      • Check that issued_at <= now()

        • in case of error - return 422 ('Document issued date should be in the past')

      • Check that issued_at => person.birth_date

        • in case of error - return 422 ('Document issued date should greater than person.birth_date')

    • Validate document active_to date

      • Check that active_to > now()

        • in case error - return 422 ('Document active_to should be in future')

    • Validate document type according to DOCUMENT_RELATIONSHIP_TYPEdictionary

      • In case of error - return 422 ('value is not allowed in enum')

    • Validate document number according to regexp (as part of JSON Schema validation) 

      • BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

        • In case of error - return 422 ('string does not match pattern') with the corresponding regexp

      • other document type numbers should be validated according to format varchar (255)

        • in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')

    • If document type contains BIRTH_CERTIFICATE or BIRTH_CERTIFICATE_FOREIGN values, check that persons age < person_full_legal_capacity_age global parameter

      • in case of error - return 422 ('Invalid relationship document type for person in such age')

Validate person documents

  • Check submitted person document types exist in PERSON_REGISTRATION_DOCUMENT_TYPES config parameter that contains values from DOCUMENT_TYPE dictionary

    • in case of error - return 422 ('Submitted document type is not allowed')

  • Check document types from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter (that prove persons legal capacity) are not submitted if persons age is less then no_self_registration_age global parameter or greater then person_full_legal_capacity_age global parameter

    • in case of error - return 422 ('<Document type> can not be submitted for this person') with first found document type

  • If at least one document type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter is submitted, check that at least one document type from PERSON_REGISTRATION_DOCUMENT_TYPES is submitted

    • in case of error - return 422 ('Document that proves personal data must be submitted.')

  • If at least one document type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter is submitted, check that only one legal capacity document type is submitted

    • in case of error - return 422 ('Only one legal capacity document must be submitted')

  • Validate document issued_at date

    • Check that issued_at <= now()

      • in case of error - return 422 ('Document issued date should be in the past')

    • Check that issued_at => person.birth_date

      • in case of error - return 422 ('Document issued date should greater than person.birth_date')

  • Validate document expiration_date

    • Check that expiration_date > now()

      • in case error - return 422 ('Document expiration_date should be in future')

    • Check that expiration_date exists for following document types:

      • NATIONAL_ID

      • COMPLEMENTARY_PROTECTION_CERTIFICATE

      • PERMANENT_RESIDENCE_PERMIT

      • REFUGEE_CERTIFICATE

      • TEMPORARY_CERTIFICATE

      • TEMPORARY_PASSPORT

        • in case error - return 422 ('expiration_date is mandatory for document_type $.documents.type')

  • Validate document number according to regexp (as part of JSON Schema validation) 

    • PASSPORT - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

    • NATIONAL_ID - ^[0-9]{9}$

    • BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • COMPLEMENTARY_PROTECTION_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

    • REFUGEE_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

    • TEMPORARY_CERTIFICATE - ^(((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{4,6}|[0-9]{9}|((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{5}\\/[0-9]{5})$

    • TEMPORARY_PASSPORT - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • CHILD_BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • MARRIAGE_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • DIVORCE_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

      • in case of error - return 422 ('string does not match pattern') with the corresponding regexp

  • If unzr exists and is not null, check that it matches pattern - ^[0-9]{8}-[0-9]{5}$

    • in case of error - return 422 ('string does not match pattern') with the corresponding regexp

  • If document with type NATIONAL_ID exists in request, check that unzr exists in request

    • in case of error - return 422 ('unzr is mandatory for document type NATIONAL_ID')

  • Check that document types NATIONAL_ID and PASSPORT both do not exist in request

    • in case of error - return 422 ('Person can have only new passport NATIONAL_ID or old PASSPORT.')

  • Check that document types BIRTH_CERTIFICATE or BIRTH_CERTIFICATE_FOREIGN are submitted if persons age < no_self_auth_age global parameter

    • in case of error - return 422 ('Documents should contain one of: BIRTH_CERTIFICATE, BIRTH_CERTIFICATE_FOREIGN.')

  • Check that document number length < 255

    • in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')

...

  • Check that $.person.id is a valid uuid

    • in case error - return 422 ('string does not match pattern') with uuid regexp

  • Check that person exists in persons table (MPI DB) with status = active and is_active = true 

    • in case error - return 422 ('such person doesn't exist’)

  • Check that amount of changes of person data in request is acceptable (person is not updated too much). Check existence of active verification candidates for person in person_verification_candidates table (MPI DB) with person_id = $.person.id, status = NEW and entity_type in (dracs_marriage_act, dracs_divorce_act, dracs_change_name_act):

    • If exists, then merge updated person data with new full name data from found verification candidates entity and compare this merged data with data from person request using existing /wiki/spaces/CSI/pages/17612898385. Check that resulted comparison score is greater that PERSON_ONLINE_DEDUPLICATION_UPDATE_SCORE config parameter at least for one candidate. As new full name data from verification candidates entity:

      • for dracs_marriage_act - use husband_surname, husband_name, husband_patronymic or wife_surname, wife_name, wife_patronymic fields;

      • for dracs_divorce_act - use mn_surname, mn_name, mn_patronymic or wmn_surname, wmn_name, wmn_patronymic fields;

      • for dracs_change_name_act - use old_surname, old_name, old_patronymic from dracs_change_name_act)

        • in case score is lower - return 409 ('Such person can't be updated. Deduplication update score is lower than system value (less changes should be made)')

    • if not exists, then compare updated person data with data from person request using existing /wiki/spaces/CSI/pages/17612898385 - check that resulted comparison score is greater that PERSON_ONLINE_DEDUPLICATION_UPDATE_SCORE config parameter

      • in case of error - return 409 ('Such person can't be updated. Deduplication update score is lower than system value (less changes should be made)')

...

  • Check that $.authorize_with with auth_method.type = 'THIRD_PERSON' is submitted for person that must be authorized by confidant person using following logic:

    1. persons age < no_self_registration_age global parameter;

    2. persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter or person has document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter and legal_capacity_verification_status <> VERIFIED or VERIFICATION_NOT_NEEDED;

    3. persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/CSI/pages/17667883028 with person_id = person from request - expected :ok, :approved response)

      1. in case of error - return 422 ('Authentication method with type THIRD_PERSON must be submitted for this person')

  • Check that $.authorize_with is a valid uuid

    1. in case error - return 422 ('string does not match pattern') with uuid regexp

  • Check that auth method exists in MPI database, person_authentication_methods table, belongs to person from request, stored in $.person.id, is active (ended_at > now() or ended_at is null and is_active = true), and type != NA, additionally for auth method with type = ‘THIRD_PERSON’ - check that person from value is an approved confidant for a $.person.id from request – exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: /wiki/spaces/CSI/pages/17667883028 with person_id = person from request and confidant_person_id = value from auth method - expected :ok, :approved response)

    1. in case error - return 409 ('Authentication method doesn't belong to person.')

...