Versions Compared

Version Old Version 3 New Version 4
Changes made by

Anna Popelysheva (SoE eHealth)

Anna Popelysheva (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

A block with information about confidant person must be transferred when the person is created.
New endpoints /wiki/spaces/CSI/pages/17613291561 RC_(CSI-1323)_Confidant Persons technical specification must be used to manage list of persons confidants.

...

  • Check that confidant_person.person_id exists in persons table (MPI DB) with status = active and is_active = true

    • in case of error - return 422 ('Confidant person is not found')

  • Check if confidant person itself shouldn’t be authorized by confidant - so it doesn’t correspond to following rules:

    • confidant persons age < no_self_registration_age global parameter;

    • confidant persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter or person has document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter and legal_capacity_verification_status <> VERIFIED or VERIFICATION_NOT_NEEDED;

    • confidant persons age > person_full_legal_capacity_ageglobal parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/CSI/pages/17667883028 with person_id = $.person.confidant_person.person_id from request - expected :ok, :approved response)

    • confidant person has at least one confidant person in persons.confidant_person array

      • in case of error - return 422 ('Person with incorrect age or with active confidant person relationship can not be submitted as confidant')

  • Check that confidant person cumulative verification status is not in NOT_ALLOWED_CONFIDANT_PERSON_VERIFICATION_STATUSES config parameter

    • in case of error - return 422 ('Person with cumulative verification status <person.verification_status> can not be submitted as confidant')

  • Check that confidant person has active authentication method with type = OTP

    • in case of error - return 422 ('Confidant person must have active authentication method with type "OTP"')

  • Validate confidant persons documents_relationship

    • Validate document issued_at date

      • Check that issued_at <= now()

        • in case of error - return 422 ('Document issued date should be in the past')

      • Check that issued_at => person.birth_date

        • in case of error - return 422 ('Document issued date should greater than person.birth_date')

    • Validate document active_to date

      • Check that active_to > now()

        • in case error - return 422 ('Document active_to should be in future')

    • Validate document type according to DOCUMENT_RELATIONSHIP_TYPEdictionary

      • In case of error - return 422 ('value is not allowed in enum')

    • Validate document number according to regexp (as part of JSON Schema validation) 

      • BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

        • In case of error - return 422 ('string does not match pattern') with the corresponding regexp

      • other document type numbers should be validated according to format varchar (255)

        • in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')

    • If document type contains BIRTH_CERTIFICATE or BIRTH_CERTIFICATE_FOREIGN values, check that persons age < person_full_legal_capacity_age global parameter

      • in case of error - return 422 ('Invalid relationship document type for person in such age')

Validate person documents

  • Check submitted person document types exist in PERSON_REGISTRATION_DOCUMENT_TYPES config parameter that contains values from DOCUMENT_TYPE dictionary

    • in case of error - return 422 ('Submitted document type is not allowed')

  • Check document types from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter (that prove persons legal capacity) are not submitted if persons age is less then no_self_registration_age global parameter or greater then person_full_legal_capacity_age global parameter

    • in case of error - return 422 ('<Document type> can not be submitted for this person') with first found document type

  • If at least one document type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter is submitted, check that at least one document type from PERSON_REGISTRATION_DOCUMENT_TYPES is submitted

    • in case of error - return 422 ('Document that proves personal data must be submitted.')

  • If at least one document type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter is submitted, check that only one legal capacity document type is submitted

    • in case of error - return 422 ('Only one legal capacity document must be submitted')

  • Validate document issued_at date

    • Check that issued_at <= now()

      • in case of error - return 422 ('Document issued date should be in the past')

    • Check that issued_at => person.birth_date

      • in case of error - return 422 ('Document issued date should greater than person.birth_date')

  • Validate document expiration_date

    • Check that expiration_date > now()

      • in case error - return 422 ('Document expiration_date should be in future')

    • Check that expiration_date exists for following document types:

      • NATIONAL_ID

      • COMPLEMENTARY_PROTECTION_CERTIFICATE

      • PERMANENT_RESIDENCE_PERMIT

      • REFUGEE_CERTIFICATE

      • TEMPORARY_CERTIFICATE

      • TEMPORARY_PASSPORT

        • in case error - return 422 ('expiration_date is mandatory for document_type $.documents.type')

  • Validate document number according to regexp (as part of JSON Schema validation) 

    • PASSPORT - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

    • NATIONAL_ID - ^[0-9]{9}$

    • BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • COMPLEMENTARY_PROTECTION_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

    • REFUGEE_CERTIFICATE - ^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$

    • TEMPORARY_CERTIFICATE - ^(((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{4,6}|[0-9]{9}|((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{5}\\/[0-9]{5})$

    • TEMPORARY_PASSPORT - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • CHILD_BIRTH_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • MARRIAGE_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

    • DIVORCE_CERTIFICATE - ^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$

      • in case of error - return 422 ('string does not match pattern') with the corresponding regexp

  • If unzr exists and is not null, check that it matches pattern - ^[0-9]{8}-[0-9]{5}$

    • in case of error - return 422 ('string does not match pattern') with the corresponding regexp

  • If document with type NATIONAL_ID exists in request, check that unzr exists in request

    • in case of error - return 422 ('unzr is mandatory for document type NATIONAL_ID')

  • Check that document types NATIONAL_ID and PASSPORT both do not exist in request

    • in case of error - return 422 ('Person can have only new passport NATIONAL_ID or old PASSPORT.')

  • Check that document types BIRTH_CERTIFICATE or BIRTH_CERTIFICATE_FOREIGN are submitted if persons age < no_self_auth_age global parameter

    • in case of error - return 422 ('Documents should contain one of: BIRTH_CERTIFICATE, BIRTH_CERTIFICATE_FOREIGN.')

  • Check that document number length < 255

    • in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')

...

  • Check that $.person.id is a valid uuid

    • in case error - return 422 ('string does not match pattern') with uuid regexp

  • Check that person exists in persons table (MPI DB) with status = active and is_active = true 

    • in case error - return 422 ('such person doesn't exist’)

  • Check that amount of changes of person data in request is acceptable (person is not updated too much). Check existence of active verification candidates for person in person_verification_candidates table (MPI DB) with person_id = $.person.id, status = NEW and entity_type in (dracs_marriage_act, dracs_divorce_act, dracs_change_name_act):

    • If exists, then merge updated person data with new full name data from found verification candidates entity and compare this merged data with data from person request using existing /wiki/spaces/CSI/pages/17612898385. Check that resulted comparison score is greater that PERSON_ONLINE_DEDUPLICATION_UPDATE_SCORE config parameter at least for one candidate. As new full name data from verification candidates entity:

      • for dracs_marriage_act - use husband_surname, husband_name, husband_patronymic or wife_surname, wife_name, wife_patronymic fields;

      • for dracs_divorce_act - use mn_surname, mn_name, mn_patronymic or wmn_surname, wmn_name, wmn_patronymic fields;

      • for dracs_change_name_act - use old_surname, old_name, old_patronymic from dracs_change_name_act)

        • in case score is lower - return 409 ('Such person can't be updated. Deduplication update score is lower than system value (less changes should be made)')

    • if not exists, then compare updated person data with data from person request using existing /wiki/spaces/CSI/pages/17612898385 deduplication model - check that resulted comparison score is greater that PERSON_ONLINE_DEDUPLICATION_UPDATE_SCORE config parameter

      • in case of error - return 409 ('Such person can't be updated. Deduplication update score is lower than system value (less changes should be made)')

...

  • Check that $.authorize_with with auth_method.type = 'THIRD_PERSON' is submitted for person that must be authorized by confidant person using following logic:

    1. persons age < no_self_registration_age global parameter;

    2. persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter or person has document with type from PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter and legal_capacity_verification_status <> VERIFIED or VERIFICATION_NOT_NEEDED;

    3. persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/CSI/pages/17667883028 with person_id = person from request - expected :ok, :approved response)

      1. in case of error - return 422 ('Authentication method with type THIRD_PERSON must be submitted for this person')

  • Check that $.authorize_with is a valid uuid

    1. in case error - return 422 ('string does not match pattern') with uuid regexp

  • Check that auth method exists in MPI database, person_authentication_methods table, belongs to person from request, stored in $.person.id, is active (ended_at > now() or ended_at is null and is_active = true), and type != NA, additionally for auth method with type = ‘THIRD_PERSON’ - check that person from value is an approved confidant for a $.person.id from request – exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: /wiki/spaces/CSI/pages/17667883028 with person_id = person from request and confidant_person_id = value from auth method - expected :ok, :approved response)

    1. in case error - return 409 ('Authentication method doesn't belong to person.')

...