Profile Switching

Multi-membership scenarios are not edge cases in this platform - NHF alone has 1,400 local associations, and active peer mentors commonly volunteer across chapters. Without profile switching, these users would need separate accounts per organization, creating duplicate records, split reporting, and administrative overhead for coordinators who must reconcile activities across accounts. A seamless context switch eliminates that overhead entirely. From a data integrity perspective, profile switching with strict organization scoping prevents the double-reporting problem NHF explicitly flagged: a peer mentor active in two chapters could otherwise log the same activity under both, inflating Bufdir statistics. By making the active context explicit and enforced at the API level, the platform ensures that each activity is attributed to exactly one organizational context.

The Role Switch Widget lives in the app's hamburger menu and is always rendered when the user has more than one active membership. The Organization Membership Service holds a stream of OrganizationMembership objects fetched at login and cached in Drift. Switching context calls POST /api/v1/sessions/context with the target organization ID; the backend issues a new short-lived access token scoped to that organization, which the API HTTP Client swaps in atomically. After context swap, the module registry re-evaluates the enabled area set for the new tenant and triggers a navigation rebuild. Any pending mutations in the outbox that belong to the previous context are flushed or quarantined before the switch completes to prevent cross-tenant writes. The Organization Memberships Table stores the user-to-organization join with role and status columns, and the backend validates that the requested context is active and not suspended before issuing the new token.