UserRoleRepository
Component Detail
Data Layer
medium complexity
backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Provides persistent read and write access to user role assignments, support access grants, and role audit records. It abstracts the underlying storage layer and exposes typed queries for resolving roles by user and organisation. All mutations are recorded with timestamps and actor identifiers to support full auditability.
user-role-repository
Sources & reasoning
Line 322 places the two mobile role profiles explicitly in Phase 1 / MVP scope. Lines 254-259 define all four roles with their access boundaries. RBAC is prerequisite to every other feature - without it, sessions have no access scope. Blueprint confirms MVP. Phase 1 = MVP by ordinal mapping.
-
docs/source/likeperson.md · line 254-2564 defined user roles: Peer Mentor (Likeperson): Creates and tracks activities and follow-ups. Logs in to the Mobile App only.
-
docs/source/likeperson.md · line 3222 mobilrolle-profiler: Peer Mentor, Coordinator (Organization Admins logger på som Coordinator i app-konteksten)
Responsibilities
- Retrieve the assigned role for a given user within a specific organisation context
- Persist role assignments and track the actor and timestamp of each change
- Store and retrieve time-bounded support access grants for Global Admins
- Expire or revoke support grants and record the termination event
- Return the audit history of role changes and support access events for a user
Interfaces
getRoleForUser(userId: string, orgId: string): UserRole
assignRole(userId: string, orgId: string, role: UserRole, assignedBy: string): void
createSupportGrant(grant: SupportAccessGrant): SupportAccessGrant
getActiveSupportGrant(userId: string, orgId: string): SupportAccessGrant | null
revokeSupportGrant(grantId: string, revokedBy: string): void
getAuditHistory(userId: string): RoleAuditRecord[]