Assignment Consent
Data Entity
Description
Records a peer mentor's explicit digital consent response to an encrypted assignment dispatch. Tracks whether the peer mentor accepted or declined the assignment, when they responded, and the consent version presented at time of response. Supports progressive digital consent workflows where consent may be required before accessing sensitive assignment details.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key | PKrequiredunique |
assignment_id |
uuid |
Foreign key referencing the encrypted assignment this consent relates to | required |
user_id |
uuid |
Foreign key referencing the peer mentor who provided or was requested to provide consent | required |
status |
enum |
Current consent status for this assignment | required |
consent_version |
string |
Version identifier of the consent text/form presented to the peer mentor at time of response (e.g. '1.0', '2.1'). Enables audit trail if consent wording changes. | required |
consent_text_snapshot |
text |
Full text of the consent prompt shown to the peer mentor at time of response, stored for legal/audit purposes | required |
responded_at |
datetime |
Timestamp when the peer mentor actively accepted or declined. Null if status is still pending. | - |
requested_at |
datetime |
Timestamp when consent was first requested (assignment dispatched) | required |
expires_at |
datetime |
Deadline by which the peer mentor must respond. After this point the consent transitions to expired if still pending. | - |
ip_address |
string |
IP address of the device at time of consent response, for audit trail | - |
device_fingerprint |
string |
Hashed device identifier at time of consent, for audit trail | - |
decline_reason |
text |
Optional free-text reason provided by peer mentor when declining an assignment | - |
revoked_at |
datetime |
Timestamp when a previously accepted consent was revoked. Null unless status is revoked. | - |
revoked_by_user_id |
uuid |
User ID of whoever revoked the consent (may be the peer mentor or a coordinator/admin) | - |
metadata |
json |
Flexible JSON for future extension (e.g. consent step index in progressive flow, linked assignment threshold snapshot) | - |
created_at |
datetime |
Record creation timestamp | required |
updated_at |
datetime |
Last update timestamp | required |
Database Indexes
idx_assignment_consents_assignment_id
Columns: assignment_id
idx_assignment_consents_user_id
Columns: user_id
idx_assignment_consents_assignment_user
Columns: assignment_id, user_id
idx_assignment_consents_status
Columns: status
idx_assignment_consents_expires_at
Columns: expires_at
idx_assignment_consents_requested_at
Columns: requested_at
Validation Rules
valid_assignment_reference
error
Validation failed
valid_user_reference
error
Validation failed
responded_at_required_for_terminal_status
error
Validation failed
decline_reason_optional_max_length
error
Validation failed
consent_version_format
error
Validation failed
expires_at_after_requested_at
error
Validation failed
status_transition_validity
error
Validation failed
Business Rules
one_consent_per_assignment_per_user
Each peer mentor can have at most one consent record per assignment. A unique constraint on (assignment_id, user_id) enforces this. Re-requesting consent requires updating the existing record, not inserting a new one.
consent_required_before_assignment_details
Peer mentors must have an accepted consent record before the full decrypted assignment details are surfaced. The AssignmentDetailScreen checks consent status before rendering sensitive fields.
threshold_check_on_consent_acceptance
When a peer mentor accepts a consent, AssignmentThresholdService checks whether accepting this assignment would cross the org-configured threshold (e.g. 3rd or 15th assignment triggers a coordinator honorarium event). Threshold crossing is recorded but does not block acceptance.
expired_consent_blocks_late_response
If expires_at is in the past and status is still pending, the peer mentor cannot accept or decline — the consent is automatically transitioned to expired and the coordinator is notified.
revocation_audit_required
Any revocation of a previously accepted consent must record revoked_at, revoked_by_user_id, and produce an audit log entry. Revocation notifies the dispatching coordinator.
consent_text_snapshot_immutable
Once a consent record is created, consent_text_snapshot and consent_version must never be modified. They represent the exact text shown to the user at response time for legal compliance.
offline_consent_sync
Consent responses made offline (accepted/declined while device has no connectivity) are queued in the mutation outbox and synced when connectivity is restored. The responded_at timestamp reflects the actual offline response time, not sync time.