Role Guard
Component Detail
Service Layer
medium complexity
mobilebackend
0
Dependencies
0
Dependents
14
Entities
0
Integrations
Description
Enforces per-request authorization by checking the caller's role against the required role for each protected operation or surface. Lives inside each consuming product (Mobile App and Admin Web Portal) rather than in the shared Authentication Module, preserving auth portability.
role-guard
Sources & reasoning
Source defines four roles and strict tenant isolation rules in §Core Roles, and lists RBAC under Mobile App Architecture Auth & Access as well as the §5 Fase 1 MVP scope (two mobile role profiles, two admin role profiles). Target_release matches the source phase name 'MVP'.
-
docs/source/likeperson.md · line 189-1934 defined user roles: Peer Mentor, Coordinator, Organization Administrator, Global Administrator
-
docs/source/likeperson.md · line 193No default access to an organization's operational data ... Tenant separation is strict ... Orgs can grant a Global Admin time-bounded support access
-
docs/source/likeperson.md · line 212Role-based access control - Peer Mentor and Coordinator roles
-
docs/source/likeperson.md · line 2422 mobilrolle-profiler: Peer Mentor, Coordinator (Organization Admins logger på som Coordinator i app-konteksten)
Responsibilities
- Resolve the current user's role from the Role Store on each protected request
- Authorize or reject access based on canonical role-to-surface boundary rules
- Map Org Admin to Coordinator behavior when running in the Mobile App context
- Deny Global Admin default access to tenant data unless explicitly elevated
- Emit authorization failure signals for logging and UI redirect handling
Interfaces
authorize(userId, action): AuthorizationResult
requireRole(userId, allowedRoles): void
getEffectiveRole(userId, surface): Role
canAccessSurface(userId, surface): boolean
Related Data Entities (14)
Data entities managed by this component
Activities
26 fields
core
Contacts
24 fields
core
Encrypted Assignments
25 fields
core
Member Associations
12 fields
core
Notes
15 fields
core
Organization Hierarchy
15 fields
core
Organization Labels
11 fields
configuration
Organization Modules
13 fields
configuration
Organization Settings
21 fields
configuration
Organizations
21 fields
core
Receipts
20 fields
core
Roles
14 fields
core
User Sessions
21 fields
core
Users
18 fields
core