Purpose
In case a user was suspected as a fraud there is must be a possibility to Block him (create black list user) and if the suspicion wasn't approved then Unblock the user (deactivate). Blocking user means that the all users related to current party can't be authorized.
Steps to block
- Get all party_id(s) and their tax_id (tax_id or passport_number)
- Find all user_id(s) by party_id(s) (prm.party_users) - new UI/service for NHS admin (Get Users by party_id list)
- Knowing user_id (mithril.users) Mithril admin must block all those users (is_blocked=true) -
- NHS admin add tax_id to black list.
in order to do that table prm.black_list_users with fields must be created:
- id
- tax_id
- is_active
- inserted_at
- inserted_by
- updated_at
- updated_by - When creating new employee_request there is must be additional verification.
- If party.tax_id=black_list_users.tax_id and is_active=true show 422 error (New employee with this tax_id can't be created).
- Expire all current tokens for all user_id(s) by party_id(s) (mithril.tokens):
- expires_at= now()
- To delete user from black_list set is_active=false
Specification
Create black list user
Authorize
- Verify the validity of access token
- In case of error - generate 401 response
- Check user scope (scope = 'bl_user:write') in order to perform this action
- In case error - generate 403 response
Verification
- Check black_list_users.tax_id=$tax_id and is_active=true.
- In case of error show 422 error - 'This user is already in a black list'
- Check all roles were deleted for $tax_id
- Find party_id(s) by $tax_id (prm.parties)
- Find all user_id(s) by party_id(s) (prm.party_users)
- Check there all user(s) for user_id(s) are blocked(mithril.users)
- in case of error show 422 error (Not all users were blocked)
Create new Black list user
Destination | Source | Description |
---|---|---|
id | Autogenerated | |
tax_id | Request: $.tax_id | |
is_active | Const: true | |
inserted_at | Timestamp: now() | Get current date-time |
inserted_by | Token: user_id | Extract user from token |
updated_at | Timestamp: now() | Get current date-time |
updated_by | Token: user_id | Extract user from token |
Deactivate black list user
This WS is design to update flags "is_active" for Black list users.
Authorize
- Verify the validity of access token
- In case error - generate 401 response
- Check user scope (scope = 'bl_user:deactivate') in order to perform this action
- In case error - generate 403 response
Validate PK Black list User
Check exist `Black_list_user` by $.id.
if invalid - return 404 error (message: "User in black list with id={$.id} doesn't exist.")
Validate status
- Validate `is_active` == TRUE
- if invalid - return 409 error (message: "User is not in a black list")
Deactivate black list user
Update black list user record by $.id set values:
Destination | Source |
---|---|
is_active | FALSE |
updated_at | :timestamp |
updated_by | user_id |
Get black list user List
This WS is designed to return Black list users list.
Query parameters (filters)
- id (exact match, optional)
- tax_id (exact match, optional)
- is_active (exact match, optional)
Authorize user
- Verify the validity of access token
- In case error - generate 401 response
- Check user scopes in order to perform this action (scope = 'bl_user:read')
- In case error - generate 403 response
Query data
- Get all records from prm.black_list_users filtered by query params and enriched by name and birth_date (from prm.parties by tax_id):
Fields | Description |
---|---|
id | |
tax_id | |
party_id | |
last_name | |
first_name | |
second_name | |
birth_date | |
is_active |