| Name |
Create a User |
| Description |
As a PI or a member of the Admins group of a project in the blockchain Network, I want to be able to create a User within a project so that this user can submit transactions to the bc network. |
| Acceptance Criteria |
|
| 1. |
* A PI or an admin of a project logs on the BC Network. On the home page, there needs to be a button that says 'Create a new User for your org'. |
| 2. |
* When the Admin clicks on that button, 2 text fields need to be shown. The 1st asks for the new User's institutional email address which will be used as the APIUserID, and the second asks for a Unique identifier of the User. The App should check that the institutional email address is an actual email address. If it isn't, an error message should be shown, and the user won't be created. |
| 3. |
* The UUID for the user is randomly created and the second text field is automatically filled with it. That unique Identifier will be then associated with the email address passed as parameters by the admin or PI. |
| 5. |
* There is a 'Submit' button that activates once the previous fields are correctly filled. When the admin hits submit, the app needs to check that the email address submitted previously is associated with any other identity in the Fabric-CA. If it is, it means the user has been already created in the network. If that is the case, |
| 6. |
* The groups are Data structs within the chaincode logic, not identities in the network like peers or orgs. |
| 7. |
* The information of the groups is only stored in the PDC of each org, not in the public ledger. For this reason, only members of the Org/Project can create groups in that project. Therefore, the chaincode needs to verify that the peer the user is using to submit this transaction matches the user's organization. |
| 8. |
* Only 2 kinds of users can create a group within a Project/Org: Either the members of an already created 'Admins' group or a user who has a special certificate ID. |
| 9. |
* The chaincode needs to verify that the user submitting the tx for the creation of the group is part of the 'Admins' group in the project. If the use user is part of that group, the creation of the group can continue. If he isn't or the group doesn't exist yet, the chaincode does a second verification. |
| 10. |
* The second verification consists of the chaincode checking the certificate ID of the Submitting user. The certificate needs to have an 'OU' parameter with the value 'IAM Admin'. If the certificate doesn't have this parameter or has a different value, the chaincode should throw an error stating that the submitting user can't create a new group. |
| 11. |
* The chaincode then needs to check that the UUID for the group doesn't exist already in the org's PDC. If it does, an error message should be shown stating that said UUID is already in use. |
| 12. |
* The chaincode needs to check also that the GroupName is not in use in the PDC. If it does, an error message should be shown stating that said GroupName is already in use. |
| 13. |
* For a single group, 2 entries are stored in the PDC. The 1st entry is the new Group information associated with a UUID key, and the second entry in the PDC is the UUID of the new group associated with the group name key. Both the UUID key and the group name key are created based on the parameters passed by the user, at the moment of creating the new group. |
| 14. |
* If the group is correctly created, a success message is shown to the user. If an error occurs during the process, it should be informed to the user. |