Role Assignment

Description

Assigns and changes functional roles - Peer Mentor, Coordinator, Org Admin - for users within the Admin Web Portal. Role changes take effect on the user's next JWT refresh, immediately rebuilding navigation and permissions on mobile. Enforces the platform boundary that Peer Mentors and Coordinators log in only to the Mobile App, and handles the Org Admin appearing as Coordinator on mobile transparently via an account type flag without a separate UI path.

Sources & reasoning

Blueprint tags role-assignment [MVP]. Source lines 256 and 258 define the role access boundaries - mobile-only for Peer Mentor and Coordinator, portal-primary for Org Admin surfaced as Coordinator on mobile - making role assignment the mechanism that enforces these boundaries at onboarding. Line 326 lists rolletildeling as an explicit Admin Web Portal MVP item. Target release is MVP per both sources.

docs/source/likeperson.md · line 256

Managed (invited, assigned, deactivated) by Org Admin from the admin portal, but does not log in to the admin portal.
docs/source/likeperson.md · line 258

On mobile, an Org Admin is surfaced as a Coordinator - they use the same mobile experience as coordinators without a separate UI path.

Analysis

Business Value

All data visibility, navigation surfaces, and API permissions derive from the assigned role. Assigning the wrong role creates immediate security risks: a Peer Mentor with Coordinator access could approve their own activities; a Coordinator missing elevated access cannot perform proxy registrations their workflow requires. For organizations managing large volunteer cohorts, efficient role management during onboarding, promotions, and restructures reduces operational overhead and eliminates reliance on manual support processes. Role changes that are immediate and audited maintain access hygiene across the platform lifecycle.

Implementation Notes

Role assignment is implemented as a widget in UserDetailPage, calling PATCH /api/v1/users/{id}/role. The backend validates the caller's Org Admin membership and permitted role set. Changes invalidate cached claims; next token refresh returns updated role claims, enabling near-instant permission propagation without forced logout. The mobile RBAC service rebuilds the module registry from new JWT claims. The admin portal enforces role constraints server-side on every request - no client-side check is authoritative. All changes are recorded in the audit log with before/after state, acting admin, and timestamp.