Role Assignment Service
Component Detail
Service Layer
medium complexity
backend
2
Dependencies
2
Dependents
4
Entities
0
Integrations
Description
Handles the business logic for assigning, changing, and removing user roles within an organization. Validates that the requesting admin's organization matches the target user's organization, enforces the one-active-role-per-organization constraint, updates the user_roles table, and writes a full audit log entry for every change.
role-assignment-service
Responsibilities
- Validate organizational boundary - admin may only assign roles within their own org and its local associations
- Enforce one-active-role-per-organization constraint on the user_roles junction table
- Call PUT /api/v1/users/:id/role and handle optimistic propagation timing
- Write audit log entry with acting admin ID, timestamp, previous role, and new role
- Fetch static role configuration (descriptions, permission summaries) for display in the widget
Interfaces
assignRole(adminId: string, userId: string, roleId: string, orgId: string, localAssociationId: string): Promise<RoleAssignment>
removeRole(adminId: string, userId: string, orgId: string): Promise<void>
getCurrentRole(userId: string, orgId: string): Promise<RoleAssignment | null>
getAvailableRoles(): Promise<Role[]>
validateOrgBoundary(adminId: string, targetUserId: string): Promise<boolean>
Relationships
Dependencies (2)
Components this component depends on
Dependents (2)
Components that depend on this component
Related Data Entities (4)
Data entities managed by this component