🏠 Overview 💾 Data Models 🗄️ Assignment Consent

Assignment Consent

Data Entity

core PK: id 8 required 1 unique

Description

Records informed digital consent given by a peer mentor before accessing an encrypted assignment containing sensitive personal data (name, address, medical summary). Append-oriented and compliance-critical: the consent text snapshot is stored at sign time so auditors can retrieve exact wording even after template updates. Supports offline consent queuing via the mutation outbox.

16
Attributes
6
Indexes
6
Validation Rules
8
CRUD Operations

Data Structure

Name Type Description Constraints
id uuid Primary key, generated client-side for offline-first compatibility
PKrequiredunique
assignment_id uuid Foreign key to the assignment this consent record is attached to
required
user_id uuid Foreign key to the peer mentor granting or declining consent
required
consent_status enum Lifecycle state of the consent record
required
consent_text_snapshot text Verbatim copy of the consent declaration text as displayed to the user at the moment of signing. Stored immutably so auditors can retrieve exact wording even after template updates.
required
consent_template_version string Version identifier of the consent template used (e.g. 'v2.1'). Allows tracking which template version produced this record.
required
consent_method enum Mechanism by which consent was provided — simple tap confirmation, biometric-confirmed, or PIN-confirmed
-
consented_at datetime UTC timestamp when status transitioned to 'given'. Null if consent has not yet been granted.
-
declined_at datetime UTC timestamp when the peer mentor explicitly declined consent
-
revoked_at datetime UTC timestamp when a previously given consent was revoked. Does not delete the record — status transitions to 'revoked'.
-
expires_at datetime Optional expiry timestamp. When reached, status transitions to 'expired' and the peer mentor must re-consent before accessing the assignment again.
-
related_contact_id uuid Optional reference to the contact whose sensitive data is covered by this consent, enabling consent queries scoped by contact
-
device_fingerprint string Optional device identifier for forensic traceability in security incidents. Collected only with platform secure store access, never from browser.
-
synced_at datetime Timestamp when this consent record was last successfully synced to the server. Null for offline-created records awaiting sync.
-
created_at datetime UTC timestamp when the record was created (may precede synced_at for offline-created records)
required
updated_at datetime UTC timestamp of the last status transition or field update
required

Database Indexes

idx_assignment_consents_assignment_id
btree

Columns: assignment_id

idx_assignment_consents_user_id
btree

Columns: user_id

idx_assignment_consents_user_assignment
btree unique

Columns: user_id, assignment_id

idx_assignment_consents_status
btree

Columns: consent_status

idx_assignment_consents_assignment_status
btree

Columns: assignment_id, consent_status

idx_assignment_consents_expires_at
btree

Columns: expires_at

Validation Rules

consent_text_snapshot_required error

Validation failed

consented_at_required_when_given error

Validation failed

valid_status_transition error

Validation failed

user_must_match_authenticated_session error

Validation failed

assignment_must_exist error

Validation failed

expires_at_must_be_future error

Validation failed

Business Rules

consent_required_before_decrypt
always

A peer mentor may not access the decrypted content of an assignment unless there is an active 'given' consent record for that assignment. The encryption-service and assignment-detail-screen enforce this gate.

immutable_after_given
on_update

Once consent_status is 'given', the record cannot be edited or deleted — only a new revocation event (status → 'revoked') is permitted. This preserves the audit chain.

Enforced by: Consent Service
text_snapshot_frozen_at_creation
on_update

consent_text_snapshot is set exactly once at record creation and may never be updated afterward, regardless of subsequent template changes.

Enforced by: Consent Service
one_active_consent_per_user_per_assignment
on_create

Only one non-declined, non-expired consent record may exist per (user_id, assignment_id) pair at any time. Enforced by the unique index and pre-insert check in consent-service.

Enforced by: Consent Service
offline_consent_queued_via_outbox
on_create

When a peer mentor grants consent while offline, the record is written to the local Drift store and queued in the mutation outbox. It must sync before the server-side assignment decryption endpoint accepts it.

expiry_auto_transition
always

A background check evaluates 'given' consent records with a non-null expires_at. When expires_at is in the past, consent_status is set to 'expired' and the peer mentor is prompted to re-consent on next assignment access.

CRUD Operations

create allowed
read allowed
update allowed
delete not configured

Storage Configuration

Storage Type
primary_table
Location
main_db
Partitioning
No Partitioning
Retention
Permanent Storage

Components Managing This Entity

service Encryption Service ["mobile"] ui Assignment Detail Screen ["mobile"] ui Assignment Inbox Screen ["mobile"] service Consent Service ["mobile","backend"] ui Consent Flow Screen ["mobile"] service Mutation Outbox Service ["mobile"] service Audit Log Service ["backend"]