RoleAssignmentService
Component Detail
Description
Backend service responsible for assigning and updating user roles within a tenant association. Enforces business rules around valid role values and the multi-association model, persisting changes to the user record and triggering session propagation so active tokens pick up the new role on next refresh.
role-assignment-service
Sources & reasoning
Lines 325-328 include rolletildeling (role assignment) explicitly in the Admin Web Portal MVP scope. Lines 255-259 define four distinct roles with materially different access boundaries - Peer Mentor vs Coordinator vs Org Admin. Correct role assignment is the access-control mechanism determining what each user sees on mobile and whether they can reach the admin portal.
-
docs/source/likeperson.md · line 325-328- Brukeradministrasjon (invitere, deaktivere, rolletildeling)
-
docs/source/likeperson.md · line 255-259- **Coordinator:** Oversees peer mentors within their local association, dispatches assignments, approves expenses, registers on behalf of others. Logs in to the Mobile App only.
Responsibilities
- Validate that the requested role is a permitted value for the target association
- Persist the role assignment scoped to the user-association relationship
- Propagate role changes to active sessions via token refresh invalidation
- Enforce org-admin authorization before allowing role mutations
- Emit audit events for all role change operations
Interfaces
assignRole(adminId: string, userId: string, associationId: string, role: Role): Promise<void>
getUserRole(userId: string, associationId: string): Promise<Role>
listAssignableRoles(): Role[]
invalidateSessionCache(userId: string): Promise<void>
Related Data Entities (5)
Data entities managed by this component