Role Scope Resolver - Meander Platform | Generated by Eircodex v4.0

Service Layer low complexity Shared Component backend

Dependencies

Dependents

Entities

Integrations

Description

Shared service that determines the data visibility scope for the authenticated user based on their role. Coordinators are scoped to their local association; org admins are scoped to their full organization. Used consistently across dashboard KPIs, the activity feed, and reporting endpoints to enforce data isolation.

Feature: Activity Feed

role-scope-resolver

Responsibilities

Resolve organizationId or localAssociationId scope from JWT claims
Return scope descriptor used in WHERE clause construction
Enforce that global admins cannot access org-level operational data by default

Interfaces

resolveScope(user: AuthUser): DataScope

getScopeWhereClause(scope): SQLFragment

isScopedToLocalAssociation(user): boolean

isScopedToOrganization(user): boolean

Relationships

Dependents (1)

Components that depend on this component

service Activity Feed Service

Related Data Entities (5)

Data entities managed by this component

Local Association 13 fields core Organization 17 fields core User 21 fields core User Role 11 fields configuration User Role Assignment 11 fields core