🏠 Overview 🧩 Components 🧩 Org-Scoped Authorization Guard

Org-Scoped Authorization Guard

Component Detail

Infrastructure low complexity Shared Component backend
0
Dependencies
0
Dependents
16
Entities
0
Integrations

Description

Next.js middleware applied to all admin user management API routes. Validates the incoming JWT, resolves the requesting admin's organization scope, and rejects cross-organization access for org admins while permitting global admins to operate across all organizations.

Feature: User CRUD

org-scoped-auth-guard

Responsibilities

  • Validate JWT bearer token and extract admin identity with role and org context
  • Reject requests where the target resource belongs to a different organization (for org-admin callers)
  • Attach resolved org context to the request object for downstream route handlers

Interfaces

withOrgAuth(handler)
resolveAdminScope(token)
isGlobalAdmin(adminId)

Related Data Entities (16)

Data entities managed by this component

Activity 25 fields core Activity Type 15 fields configuration Assignment 19 fields core Audit Log 17 fields audit Bufdir Report 21 fields core Contact 21 fields core Course 20 fields core Course Enrollment 15 fields core Event 18 fields core Event Participant 14 fields core Expense Claim 24 fields core Export Log 21 fields audit Organization 21 fields core Organization Membership 18 fields core User 24 fields core User Role 13 fields core