E11-F1: Blacklist Data Model¶
Epic: E11: Blacklist & Security
Size: S (Small)
Problem / Outcome¶
Store and manage blacklist entries.
Scope¶
In-Scope:
- Blacklist table: OIB (required), name (optional), status
- Soft delete implementation
- Audit trail for all operations
Out-of-Scope:
- Automatic MUP integration
Data Retention Policy¶
- Removed entries may be hard-deleted after retention period
- All removed entries must be copied to audit log before deletion
- Violation attempts table retains historical record of blocked purchase attempts
Acceptance Criteria¶
- AC1: Blacklist entry requires OIB only; first_name and last_name are optional
- AC2: Removal is soft delete (status = "Removed")
- AC3: All operations logged in audit trail
- AC4: Before hard delete, copy entry to audit log and violation attempts table
Data Model Impact¶
Blacklist table:
- id (UUID, PK)
- oib (VARCHAR(11), UNIQUE, NOT NULL) - Required
- first_name (VARCHAR, nullable) - Optional
- last_name (VARCHAR, nullable) - Optional
- status (ENUM: active, removed)
- source (VARCHAR) - e.g., "MUP", "Admin"
- created_by (UUID, FK)
- created_at (TIMESTAMP)
- removed_by (UUID, FK, nullable)
- removed_at (TIMESTAMP, nullable)
BlacklistAudit table:
- id (UUID, PK)
- blacklist_id (UUID, FK)
- action (ENUM: create, update, remove, restore)
- changed_by (UUID, FK)
- changes_json (JSONB)
- created_at (TIMESTAMP)
Permissions/Roles¶
- Admin (BLACKADMIN)
How to Verify¶
npm test -- --grep "blacklist model"
Expected: CRUD operations work, soft delete implemented.
Dependencies¶
- None (foundational)
Implementation Tasks¶
See E11: Blacklist & Security Tasks
Doc References¶
Last Updated: January 2026