RBAC Service
Component Detail
Service Layer
high complexity
mobilebackend
2
Dependencies
8
Dependents
18
Entities
0
Integrations
Description
Core authorization service encapsulating the permissions matrix for all four Meander roles - Peer Mentor, Coordinator, Organization Admin, and Global Admin. Provides permission-check methods consumed by both the Flutter UI guards and the Next.js API middleware, ensuring consistent enforcement across client and server.
rbac-service
Responsibilities
- Maintain and evaluate the permissions matrix defining allowed actions per role
- Support multi-organization role membership where a user holds different roles across organizations
- Scope all permission checks to the user's active organization for tenant isolation
- Expose role metadata for conditional UI rendering and navigation filtering
- Coordinate with the token denylist to support immediate revocation on role changes
Interfaces
hasPermission(userId: String, organizationId: String, action: String) -> bool
getUserRoles(userId: String, organizationId: String) -> List<UserRole>
getEffectivePermissions(role: UserRole) -> PermissionSet
isAuthorized(jwtClaims: JwtClaims, resource: String, action: String) -> bool
checkTenantAccess(userId: String, organizationId: String) -> bool
resolveActiveRole(userId: String, organizationId: String) -> UserRole
Relationships
Dependents (8)
Components that depend on this component
Related Data Entities (18)
Data entities managed by this component
Activity Type
16 fields
configuration
Assignment
20 fields
core
Assignment Status Log
12 fields
audit
Attachment
14 fields
core
Certification
19 fields
core
Contact
29 fields
core
Contact Caregiver
13 fields
core
Course Enrollment
19 fields
core
Event
17 fields
core
Event Registration
14 fields
core
Expense
31 fields
core
Note
16 fields
core
Organization
22 fields
core
Reimbursement Approval
12 fields
core
Role
14 fields
configuration
Session
19 fields
core
User
26 fields
core
User Role
15 fields
core