🏠 Overview 🎯 Features 🎯 Role Assignment

Role Assignment

Feature Detail

medium complexity extracted User Management Confidence: 100%
2
Components
4
Shared
0
User Stories
Yes
Analyzed

Description

Role Assignment allows organization administrators to set and update roles - Peer Mentor, Coordinator, or Org Admin - for users within their tenant. A user's role determines their mobile app home experience, visible navigation tabs, and whether they can access the admin portal. The feature supports NHF's multi-association model where a single user can hold different roles across local associations, and ensures role changes propagate to active sessions on the next token refresh.

Sources & reasoning

Lines 325-328 include rolletildeling (role assignment) explicitly in the Admin Web Portal MVP scope. Lines 255-259 define four distinct roles with materially different access boundaries - Peer Mentor vs Coordinator vs Org Admin. Correct role assignment is the access-control mechanism determining what each user sees on mobile and whether they can reach the admin portal.

  • docs/source/likeperson.md · line 325-328
    - Brukeradministrasjon (invitere, deaktivere, rolletildeling)
  • docs/source/likeperson.md · line 255-259
    - **Coordinator:** Oversees peer mentors within their local association, dispatches assignments, approves expenses, registers on behalf of others. Logs in to the Mobile App only.

Analysis

Business Value

Correct role assignment is the primary access-control mechanism for the platform - a user's role determines which screens appear in the mobile app and whether they can access the admin portal at all. The Peer Mentor vs Coordinator distinction shapes the home dashboard, navigation, and reporting capabilities. For NHF with 1,400 lokallag and users potentially in multiple associations, accurate role-to-org mapping prevents double-reporting and unauthorized access. Role assignment also drives module-toggle enforcement - correctly-roled users within an enabled-module organization gain access to toggled features.

Implementation Notes

Roles stored as a user-organization junction, allowing one user to hold different roles in different tenants. RoleAssignmentService enforces that only Org Admins can assign roles within their own tenant. Role changes take effect on next token refresh - mobile clients receive the updated role in the session bootstrap and remount navigation accordingly. RoleGuardMiddleware enforces role-based screen access on mobile. All assignments recorded in the audit log with actor, target, and timestamp. NHF's multi-association scenario, where one user belongs to multiple local associations, must be supported without role collision.

Components (6)

User Interface (1)

ui RoleAssignmentWidget medium

Service Layer (1)

service RoleAssignmentService medium

Shared Components

These components are reused across multiple features

User Stories

No user stories have been generated for this feature yet.