🏠 Overview 🧩 Components 🧩 Report Access Control Service

Report Access Control Service

Component Detail

Service Layer medium complexity Shared Component backend
0
Dependencies
1
Dependents
3
Entities
0
Integrations

Description

Service that enforces data scoping rules for report queries based on the authenticated user's role and association membership. Coordinators receive only their local association's data; organization admins receive the full organization scope.

Feature: Team Reports

report-access-control-service

Responsibilities

  • Resolve allowed data scope (association IDs or org ID) for the requesting user
  • Validate that requested filter parameters fall within the user's permitted scope
  • Inject scope constraints into query parameters before execution

Interfaces

resolveDataScope(userId, roleId)
assertFilterWithinScope(userId, filterParams)
getScopedOrgId(userId)
getScopedAssociationIds(userId)

Relationships

Dependents (1)

Components that depend on this component

service Report Generation Service

Related Data Entities (3)

Data entities managed by this component

Organization 17 fields core User 21 fields core User Role Assignment 11 fields core