AdminRoleService
Component Detail
Description
Backend service responsible for validating and persisting role assignments for users within an organisation. Enforces platform boundaries (Peer Mentors and Coordinators are mobile-only) and sets the account type flag that maps Org Admin to Coordinator on mobile. Coordinates with the auth layer so that the next JWT issued for the affected user carries the updated claims.
admin-role-service
Sources & reasoning
Blueprint tags role-assignment [MVP]. Source lines 256 and 258 define the role access boundaries - mobile-only for Peer Mentor and Coordinator, portal-primary for Org Admin surfaced as Coordinator on mobile - making role assignment the mechanism that enforces these boundaries at onboarding. Line 326 lists rolletildeling as an explicit Admin Web Portal MVP item. Target release is MVP per both sources.
-
docs/source/likeperson.md · line 256Managed (invited, assigned, deactivated) by Org Admin from the admin portal, but does not log in to the admin portal.
-
docs/source/likeperson.md · line 258On mobile, an Org Admin is surfaced as a Coordinator - they use the same mobile experience as coordinators without a separate UI path.
Responsibilities
- Validate that the requested role transition is permitted for the target user and organisation
- Persist the new role to the user record and set the org-admin account type flag where applicable
- Reject assignments that would violate the mobile-only platform boundary for non-admin roles
- Notify the auth/token layer to include updated role claims on the user's next JWT refresh
- Emit an audit event recording who changed the role, from what, to what, and when
Interfaces
assignRole(adminId: string, targetUserId: string, newRole: RoleType): Promise<RoleChangeResult>
getUserRole(userId: string): Promise<RoleOption>
validateRoleTransition(currentRole: RoleType, newRole: RoleType): ValidationResult
getPermittedRoles(organisationId: string): Promise<RoleType[]>
Related Data Entities (2)
Data entities managed by this component