Hierarchy Access Control Service - Meander Platform | Generated by Eircodex v4.0

Service Layer high complexity Shared Component backend

2

Dependencies

1

Dependents

4

Entities

0

Integrations

Description

Resolves which nodes in the organization tree the requesting admin is authorized to view or modify. Global Admins bypass all scope restrictions, while Org Admins are limited to their own subtree as determined by their JWT organization claim and the closure table.

Feature: Multi-Organization Hierarchy

hierarchy-access-control-service

Responsibilities

Determine admin scope from JWT organization claim
Authorize read/write access per org node based on role and subtree membership
Allow Global Admins unrestricted cross-organization visibility
Reject unauthorized access attempts with appropriate error responses

Interfaces

isAuthorized(adminId, targetOrgId, action): boolean

resolveAdminScope(adminId): OrgScope

isGlobalAdmin(adminId): boolean

assertWithinSubtree(adminOrgId, targetOrgId): void

getAccessibleOrgIds(adminId): string[]

Relationships

Dependencies (2)

Components this component depends on

infrastructure Org Scope JWT Resolver Shared data Hierarchy Store

Dependents (1)

Components that depend on this component

service Hierarchy Service

Related Data Entities (4)

Data entities managed by this component

Organization 17 fields core User 21 fields core User Role 11 fields configuration User Role Assignment 11 fields core