🏠 Overview 🧩 Components 🧩 Role Assignment Service

Role Assignment Service

Component Detail

Service Layer medium complexity backend
2
Dependencies
2
Dependents
4
Entities
0
Integrations

Description

Role Assignment Service

Feature: Role Assignment

role-assignment-service

Responsibilities

  • Handle PATCH /api/v1/admin/users/:id/role and enforce privilege escalation constraints
  • Return filtered list of assignable roles based on the acting admin's own role level
  • Persist role change to user_roles table and emit audit log entry for compliance traceability
  • Ensure role changes take effect on the target user's next token refresh cycle

Interfaces

assignRole(actingAdminId: string, targetUserId: string, newRole: string): Promise<void>
getAssignableRoles(actingAdminId: string): Promise<string[]>
validateNoEscalation(actingRole: string, requestedRole: string): boolean
getRoleChangeHistory(userId: string): Promise<RoleAuditEntry[]>

Relationships

Dependencies (2)

Components this component depends on

data User Roles Table Shared service Audit Service Shared

Dependents (2)

Components that depend on this component

ui Role Assignment Widget service Bulk User Service

Related Data Entities (4)

Data entities managed by this component

Audit Log 17 fields audit Organization Membership 18 fields core User 24 fields core User Role 13 fields core