🏠 Overview 🧩 Components 🧩 Route Guard Service

Route Guard Service

Component Detail

Service Layer medium complexity backend
2
Dependencies
11
Dependents
12
Entities
0
Integrations

Description

Backend middleware that reads the role claim array from the validated JWT access token on every protected request and rejects calls from roles not permitted to reach that endpoint. No role check is delegated to the application layer.

Feature: Role-Based Access Control

route-guard-service

Responsibilities

  • Extract and validate role claims from the JWT bearer token on every protected endpoint
  • Return 403 Forbidden with a structured error body for insufficient role
  • Enforce tenant scoping so Global Admins cannot reach organization operational data by default
  • Gate module-level endpoints against the organization's enabled module set

Interfaces

requireRole(allowedRoles: Role[]): Middleware
requireModuleEnabled(moduleId: string): Middleware
extractRoleClaims(token: string): Role[]

Relationships

Dependencies (2)

Components this component depends on

data Refresh Tokens Table service JWT Role Claims Decoder

Dependents (11)

Components that depend on this component

ui No-Access Redirect Screen ui Proxy Registration Screen service Proxy Registration Service service Expense Validation Service ui Team Report Screen service Team Statistics Service ui Workshop Detail Screen service Workshop Service ui Expense Approval Page service Expense Approval Service service Organization Config Service

Related Data Entities (12)

Data entities managed by this component

Activity 25 fields core Activity Attachment 14 fields core Assignment 19 fields core Bufdir Report 21 fields core Confidentiality Declaration 17 fields core Contact 21 fields core Event 18 fields core Event Participant 14 fields core Organization Membership 18 fields core Session 16 fields core User 24 fields core User Role 13 fields core