Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Table of Contents

Purpose

In case a user was suspected as a fraud there is must be a possibility to Block him (create black list user) and if the suspicion wasn't approved then Unblock the user (deactivate). Blocking user means that the all users related to current party can't be authorized.

Steps to block

  1. Get all party_id(s) and their tax_id (tax_id or passport_number)
  2. Find all user_id(s) by party_id(s) (prm.party_users) - new UI/service for NHS admin (Get Users by party_id list)
  3. Knowing user_id (mithril.users) Mithril admin must delete block all roles for those users - add search by ID for mithril admin(is_blocked=true) -
  4. NHS admin add tax_id to black list.
    in order to do that table prm.black_list_users with fields must be created:
    - id 
    - tax_id
    - is_active
    - inserted_at
    - inserted_by
    - updated_at
    - updated_by
  5. When creating new employee_request there is must be additional verification.
    1. If party.tax_id=black_list_users.tax_id and is_active=true show 422 error (New employee with this tax_id can't be created).
  6. Expire all current tokens for all user_id(s) by party_id(s) (mithril.tokens):
    1. expires_at= now()
  7. To delete user from black_list set is_active=false

Specification

  Apiary

Create black list user

Authorize

  1. Verify the validity of access token
    1. In case of error - generate 401 response
  2. Check user scope (scope = 'bl_user:write') in order to perform this action
    1. In case error - generate 403 response

Verification

  1. Check black_list_users.tax_id=$tax_id and is_active=true.
    1. In case of error show 422 error - 'This user is already in a black list'
  2. Check all roles were deleted for $tax_id 
    1. Find party_id(s) by $tax_id (prm.parties)
    2. Find all user_id(s) by party_id(s) (prm.party_users)
    3. Check no role_idthere all user(s) for user_id(s) are blocked(mithril.party_users)
      1. in case of error show 422 error (Not all roles users were deletedblocked)

Create new Black list user

  1. Create new record in prm.black_list_users 


Destination
Source
Description
id
Autogenerated
tax_idRequest: $.tax_id
is_activeConst: true
inserted_atTimestamp: now()Get current date-time
inserted_byToken: user_idExtract user from token
updated_atTimestamp: now()Get current date-time
updated_byToken: user_idExtract user from token

Deactivate black list user

This WS  is design to update flags "is_active" for Black list users.

Authorize

  1. Verify the validity of access token
    1. In case error - generate 401 response
  2. Check user scope (scope = 'bl_user:deactivate') in order to perform this action
    1. In case error - generate 403 response

Validate PK Black list User

  1. Check exist `Black_list_user` by $.id.

    1. if invalid - return 404 error (message: "User in black list with id={$.id} doesn't exist.")

Validate status

  1. Validate `is_active` == TRUE
    1. if invalid  - return 409 error (message: "User is not in a black list is not active and can't be deactivated")

Deactivate black list user

Update black list user record by $.id  set values:


Destination

Source

is_active

FALSE

updated_at:timestamp
updated_byuser_id

Get black list user List

This WS is designed to return Black list users list.

Input

Query parameters (filters)

  • id (exact match, optional)
  • tax_id (optionaexact match, optional)
  • is_active (exact match, optional)

Authorize user

  1. Verify the validity of access token
    1. In case error - generate 401 response
  2. Check user scopes in order to perform this action (scope = 'bl_user:read')
    1. In case error - generate 403 response

Query data

  1. Get all records from prm.black_list_users filtered by :
    query params : query params
Query paramConditionidexact matchtax_idexact matchis_activeexact-match
  1. and enriched by name and birth_date (from prm.parties by tax_id):


FieldsDescription
id
tax_id
party_id
last_name
first_name
second_name
birth_date
is_active