if AML decision does not include a new_measure, clear existing KYC requirements

3 files changed, 61 insertions, 37 deletions

diff --git a/src/exchangedb/exchange_do_insert_aml_decision.sql b/src/exchangedb/exchange_do_insert_aml_decision.sql
index e6bcf40f8..360444d26 100644
--- a/src/exchangedb/exchange_do_insert_aml_decision.sql
+++ b/src/exchangedb/exchange_do_insert_aml_decision.sql
@@ -60,9 +60,9 @@ out_invalid_officer=FALSE;
 SELECT decision_time
   INTO out_last_date
   FROM legitimization_outcomes
-  WHERE h_payto=in_h_payto
+ WHERE h_payto=in_h_payto
    AND is_active
-  ORDER BY decision_time DESC;
+ ORDER BY decision_time DESC;
 
 IF FOUND
 THEN
@@ -79,27 +79,32 @@ ELSE
   out_last_date = 0;
 END IF;
 
--- Only do this if we have in_jmeasures to trigger
-IF in_jmeasures IS NOT NULL
-THEN
-
-  -- Note: in_payto_uri is allowed to be NULL *if*
-  -- in_h_payto is already in wire_targets
-  SELECT
-    access_token
-  INTO
-    my_access_token
+-- Note: in_payto_uri is allowed to be NULL *if*
+-- in_h_payto is already in wire_targets
+SELECT access_token
+  INTO my_access_token
   FROM wire_targets
-    WHERE wire_target_h_payto=in_h_payto;
+ WHERE wire_target_h_payto=in_h_payto;
 
-  -- Very strange, should never happen that we
-  -- take an AML decision on an unknown account!
-  IF NOT FOUND
-  THEN
-    out_account_unknown=TRUE;
-    RETURN;
-  END IF;
+-- Very strange, should never happen that we
+-- take an AML decision on an unknown account!
+IF NOT FOUND
+THEN
+  out_account_unknown=TRUE;
+  RETURN;
+END IF;
 
+-- Did KYC measures get prescribed?
+IF in_jmeasures IS NULL
+THEN
+  -- AML decision without measure: mark all
+  -- active measures finished!
+  UPDATE legitimization_measures
+     SET is_finished=TRUE
+   WHERE access_token=my_access_token
+     AND NOT is_finished;
+
+ELSE
   -- Find current maximum DP
   SELECT COALESCE(MAX(display_priority),0)
     INTO my_max_dp
@@ -107,17 +112,28 @@ THEN
    WHERE access_token=my_access_token
      AND NOT is_finished;
 
-  -- Enable legitimization measure
-  INSERT INTO legitimization_measures
-    (access_token
-    ,start_time
-    ,jmeasures
-    ,display_priority)
-    VALUES
-    (my_access_token
-    ,in_decision_time
-    ,in_jmeasures
-    ,my_max_dp + 1);
+  -- First check if a perfectly equivalent legi measure
+  -- already exists, to avoid creating tons of duplicates.
+  UPDATE legitimization_measures
+     SET display_priority=GREATEST(my_max_dp,display_priority)
+   WHERE access_token=my_access_token
+     AND jmeasures=in_jmeasures
+     AND NOT is_finished;
+
+  IF NOT FOUND
+  THEN
+    -- Enable new legitimization measure
+    INSERT INTO legitimization_measures
+      (access_token
+      ,start_time
+      ,jmeasures
+      ,display_priority)
+      VALUES
+      (my_access_token
+      ,in_decision_time
+      ,in_jmeasures
+      ,my_max_dp + 1);
+  END IF;
 
   -- end if for where we had non-NULL in_jmeasures
 END IF;
@@ -178,6 +194,7 @@ INSERT INTO kyc_alerts
    'NOTIFY %s'
   ,in_notify_s);
 
+
 END $$;
 
 
diff --git a/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql b/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql
index 500575872..21d8735db 100644
--- a/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql
+++ b/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql
@@ -53,13 +53,13 @@ END IF;
 
 -- First check if a perfectly equivalent legi measure
 -- already exists, to avoid creating tons of duplicates.
-SELECT legitimization_measure_serial_id
-  INTO out_legitimization_measure_serial_id
-  FROM legitimization_measures
+UPDATE legitimization_measures
+   SET display_priority=GREATEST(in_display_priority,display_priority)
  WHERE access_token=my_access_token
    AND jmeasures=in_jmeasures
-   AND display_priority=in_display_priority
-   AND NOT is_finished;
+   AND NOT is_finished
+ RETURNING legitimization_measure_serial_id
+  INTO out_legitimization_measure_serial_id;
 
 IF NOT FOUND
 THEN
diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c
index 6b8c8cff5..0079bf43b 100644
--- a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c
+++ b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c
@@ -75,10 +75,17 @@ TEH_PG_lookup_kyc_requirement_by_row (
            ",lm.access_token"
            ",lo.jnew_rules AS jrules"
            ",lo.to_investigate AS aml_review"
-           ",NOT lm.is_finished AS kyc_required"
+           ",NOT COALESCE(lm2.is_finished,TRUE)"
+           "   AS kyc_required"
            " FROM legitimization_measures lm"
            " JOIN wire_targets wt"
            "   ON (lm.access_token = wt.access_token)"
+           /* Select *unfinished* and more recent lm2
+              for the same account - if one exists */
+           " LEFT JOIN legitimization_measures lm2"
+           "   ON ( (lm.access_token = lm2.access_token)"
+           "    AND (lm2.start_time >= lm.start_time)"
+           "    AND NOT lm2.is_finished)"
            " LEFT JOIN legitimization_outcomes lo"
            "   ON (wt.wire_target_h_payto = lo.h_payto)"
            " WHERE lm.legitimization_measure_serial_id=$1"