E11-F4: Auto-Cancel Tickets on Blacklist Entry

Epic: E11: Blacklist & Security

Size: M (Medium)

Problem / Outcome

When adding someone to blacklist, cancel their existing tickets.

Scope

In-Scope:

• Check for existing tickets on blacklist add
• Warn admin before proceeding
• Cancel based on role: buyer (entire order) vs holder (ticket only)
• No refund for blacklist cancellations

Out-of-Scope:

• Refund processing

Acceptance Criteria

• AC1: Admin warned if blacklisted person has existing tickets
• AC2: If buyer: entire order cancelled; if holder: only their ticket cancelled
• AC3: No refund issued for blacklist cancellations

Data Model Impact

Ticket table:
- status = CANCELLED_BLACKLIST

BlacklistCancellation table:
- id (UUID, PK)
- blacklist_id (UUID, FK)
- cancellation_scope (ENUM: buyer_orders, holder_tickets)
- orders_cancelled (INTEGER)
- tickets_cancelled (INTEGER)
- cancelled_by (UUID, FK)
- cancelled_at (TIMESTAMP)

BlacklistCancellationDetail table:
- id (UUID, PK)
- blacklist_cancellation_id (UUID, FK)
- ticket_id (UUID, FK)
- order_id (UUID, FK)
- was_buyer (BOOLEAN)
- was_holder (BOOLEAN)

Permissions/Roles

• Admin (BLACKADMIN)

How to Verify

npm test -- --grep "blacklist auto-cancel"

Expected: Correct cancellation scope based on role.

Dependencies

• E11-F1: Blacklist Data Model
• E9-F1: Ticket Generation with QR Code

Implementation Tasks

See E11: Blacklist ## Doc References Security Tasks

Doc References

• Admin Blacklist Management Flow

---

Last Updated: January 2026