Purpose
In case a user was suspected as a fraud there is must be a possibility to Block him (create black list user) and if the suspicion wasn't approved then Unblock the user (deactivate). Blocking user means that the all users related to current party can't be authorized.
Steps to block
- Get all party_id(s) and their tax_id
- Find all user_id(s) by party_id(s) (prm.party_users) - new UI/service for NHS admin
- Knowing user_id (mithril.users) Mithril admin must delete all roles for those users - add search by ID for mithril admin
- NHS admin add tax_id to black list.
in order to do that table prm.black_list_users with fields must be created:
- id
- tax_id
- is_active
- inserted_at
- inserted_by
- updated_at
- updated_by - When creating new employee_request there is must be additional verification. If party.tax_id=black_list_users.tax_id and is_active=true show 422 error (New employee with this tax_id can't be created).
- To delete user from black_list set is_active=false
Create black list user
Authorize
- Verify the validity of access token
- In case of error - generate 401 response
- Check user scope (scope = 'bl_user:write') in order to perform this action
- In case error - generate 403 response
Verification
- Check black_list_users.tax_id=$tax_id and is_active=true.
- In case of error show 422 error - 'This user is already in a black list'
- Check all roles were deleted for $tax_id
- Find party_id(s) by $tax_id (prm.parties)
- Find all user_id(s) by party_id(s) (prm.party_users)
- Check no role_id(s) for user_id(s) (mithril.party_users)
- in case of error show 422 error (Not all roles were deleted)
Create new Black list user
Destination | Source | Description |
---|---|---|
id | Autogenerated | |
tax_id | Request: $.tax_id | |
is_active | Const: true | |
inserted_at | Timestamp: now() | Get current date-time |
inserted_by | Token: user_id | Extract user from token |
updated_at | Timestamp: now() | Get current date-time |
updated_by | Token: user_id | Extract user from token |
Deactivate black list user
This WS is design to update flags "is_active" for Black list users.
Authorize
- Verify the validity of access token
- In case error - generate 401 response
- Check user scope (scope = 'bl_user:deactivate') in order to perform this action
- In case error - generate 403 response
Validate PK Black list User
Check exist `Black_list_user` by $.id.
if invalid - return 404 error (message: "User in black list with id={$.id} doesn't exist.")
Validate status
- Validate `is_active` == TRUE
- if invalid - return 409 error (message: "User in black list is not active and can't be deactivated")
Deactivate black list user
Update black list user record by $.id set values:
Destination | Source |
---|---|
is_active | FALSE |
updated_at | :timestamp |
updated_by | user_id |
This WS is designed to return Black list user detail.
Input parameters (filters)
- id
Logic WS
- Verify the validity of access token
- In case error - generate 401 response
- Check user scopes in order to perform this action (scope = 'bl_user:read')
- In case error - generate 403 response
Validate PK Black list User
Check that "Black_list_user" exist:
- in case error - return 404 error (message: "Tax_id is not in black list")
Get black list user List
This WS is designed to return Black list users list.
Input parameters (filters)
- id (optional)
- tax_id (optiona)
- is_active (optional)
Authorize user
- Verify the validity of access token
- In case error - generate 401 response
- Check user scopes in order to perform this action (scope = 'bl_user:read')
- In case error - generate 403 response
Query data
- Get all records from prm.black_list_users filtered by:
- query params: query params
Query param | Condition |
---|---|
id | exact match |
tax_id | exact match |
is_active | exact-match |