Skip to content

E1-F4: Saved Profiles (Family/Friends)

Epic: E1: User & Profile Management

Size: S (Small)

Problem / Outcome

Users need to save profiles for others to streamline checkout.

Scope

In-Scope:

  • CRUD /users/me/saved-profiles
  • Max 10 profiles
  • Fields: name, DOB, nationality, OIB/passport, email, phone, relationship
  • Duplicate detection within user's profiles

Out-of-Scope:

  • Profile sharing between users
  • Global OIB uniqueness (not required for saved profiles)

Business Rules

  1. Local OIB Uniqueness Only: Unlike the default profile, saved profiles do NOT require globally unique OIB. The same person (OIB) can be saved by multiple users (e.g., a child saved by both parents).
  2. Per-User Duplicate Check: OIB must be unique within a user's own saved profiles and default profile to prevent adding the same person twice.
  3. No Age Restriction: Saved profiles can be minors (used to identify minor ticket holders).

Acceptance Criteria

  • AC1: Given < 10 saved profiles, when user creates new profile, then profile is saved with masked OIB display
  • AC2: Given 10 existing profiles, when user creates 11th, then error "Maximum 10 profiles" is returned
  • AC3: Given duplicate OIB in user's own profiles, when creating profile, then error "A profile with this OIB already exists in your saved profiles" is returned
  • AC4: Given OIB used by another user's profile, when creating saved profile, then profile is saved successfully (global uniqueness not required)

Data Model Impact

SavedProfile table:
- id (UUID, PK)
- user_id (UUID, FK)
- full_name (VARCHAR)
- date_of_birth (DATE)
- nationality (VARCHAR)
- oib_encrypted (BYTEA)
- passport_encrypted (BYTEA)
- email (VARCHAR)
- phone (VARCHAR)
- relationship (VARCHAR)
- created_at (TIMESTAMP)

Constraints:
- UNIQUE(user_id, oib_encrypted) - OIB unique only within user's profiles (not global)
- Note: No global uniqueness constraint on OIB for saved profiles

Permissions/Roles

  • Authenticated user

How to Verify

npm test -- --grep "saved profiles"

Expected: CRUD works, max limit enforced, duplicates detected.

Dependencies

  • E1-F3: Default Ticketing Profile

Implementation Tasks

See E1: User & Profile Tasks

Last Updated: January 2026