Role Assignment Service - Meander Platform | Generated by Eircodex v4.0

Service Layer medium complexity backend

1

Dependencies

1

Dependents

10

Entities

0

Integrations

Description

Backend service encapsulating role assignment business logic. Validates role changes against the permission hierarchy (e.g., Org Admin cannot grant Global Admin), persists assignments to user_role_assignments, and updates the roles_updated_at timestamp to trigger JWT re-validation on the user's next token refresh.

Feature: Role Assignment

role-assignment-service

Responsibilities

Validate role assignment requests against escalation rules
Persist role changes to user_role_assignments table
Update roles_updated_at timestamp to invalidate existing JWTs
Enforce deny-by-default access model for all role transitions
Log role changes to audit trail

Interfaces

assignRole(userId: string, roleId: string, assignedBy: string): Promise<RoleAssignment>

revokeRole(userId: string, roleId: string, revokedBy: string): Promise<void>

getUserRoles(userId: string): Promise<UserRole[]>

getAssignableRoles(requesterId: string): Promise<Role[]>

validateRoleEscalation(requesterId: string, targetRoleId: string): boolean

getRoleChangeHistory(userId: string): Promise<RoleChangeLog[]>

bulkAssignRole(userIds: string[], roleId: string, assignedBy: string): Promise<BulkResult>

Relationships

Dependencies (1)

Components this component depends on

data Role Assignment Repository

Dependents (1)

Components that depend on this component

ui Role Assignment Component

Related Data Entities (10)

Data entities managed by this component

User 21 fields core User Role 11 fields configuration User Role Assignment 11 fields core Audit Logs 14 fields audit Organizations 25 fields core Refresh Tokens 20 fields core Sessions 16 fields core User Role Assignments 12 fields core User Roles 13 fields core Users 26 fields core