🏠 Overview 🧩 Components 🧩 No-Access Configuration Repository

No-Access Configuration Repository

Component Detail

Data Layer low complexity mobile
0
Dependencies
1
Dependents
3
Entities
0
Integrations

Description

Read-only repository that retrieves the admin portal URL and the list of roles blocked from mobile access. Sources configuration from Supabase remote config or local constants, ensuring the no-access screen always has the correct redirect destination.

Feature: No-Access Screen for Restricted Roles

no-access-config-repository

Summaries

The No-Access Configuration Repository ensures that when users are redirected away from restricted mobile features, they are sent to the correct, organization-specific admin portal rather than a broken or generic page. This is important for maintaining a professional user experience during access-denial scenarios and for ensuring that users can quickly find the right administrative tool to complete their work. By centralizing this configuration and pulling it from a managed remote source (Supabase remote config), the business retains the ability to update redirect destinations and blocked role lists without shipping a new app version — reducing time-to-response for access policy changes.

This repository has low implementation complexity and acts as a supporting component for the no-access feature, meaning it should be delivered in the same sprint or milestone as the No-Access Route Guard and no-access screen. Key dependencies are the Supabase remote config service and the existence of org-specific configuration records. Testing must cover both the network-backed path (Supabase returns values) and the fallback path (local constants used when remote config is unavailable), as well as cache invalidation via `clearCache()`. The primary delivery risk is if Supabase remote config is not yet provisioned for target organizations, which should be validated as part of the QA checklist before release.

This is a read-only repository following the repository pattern, abstracting the data source for blocked role configuration and the admin portal URL behind a clean async interface. `getAdminPortalUrl(String orgId)` performs an async lookup keyed by organization, allowing multi-tenant deployments to redirect to the correct portal per org. `getBlockedRoles()` returns the canonical list of role strings used by the route guard's `isBlocked` check. A local cache layer sits in front of network calls to minimize redundant Supabase round trips — `clearCache()` should be called on logout or when the session changes.

Implementation should handle Supabase failures gracefully by falling back to compile-time constants to ensure the no-access screen is never broken even in degraded network conditions.

Responsibilities

  • Provide the admin portal URL for a given organization
  • Return the canonical list of roles excluded from mobile access
  • Cache configuration to avoid redundant network calls

Interfaces

getAdminPortalUrl(String orgId): Future<String>
getBlockedRoles(): List<String>
clearCache()

Relationships

Dependents (1)

Components that depend on this component

service Access Denial Service

Related Data Entities (3)

Data entities managed by this component

Organisation Configuration 13 fields configuration Organization 14 fields core User Role 13 fields core

API Contract

View full contract →
REST /api/v1/no-access-config 5 endpoints
GET /api/v1/no-access-config/blocked-roles List all role identifiers that are configured as blocked
GET /api/v1/no-access-config/admin-portal-url/:org_id Retrieve the admin portal URL for a specific organization
DELETE /api/v1/no-access-config/cache Invalidate the config cache (blocked roles + portal URLs)
GET /api/v1/no-access-config Get the full no-access configuration snapshot
PUT /api/v1/no-access-config/:config_key Update a specific configuration entry (e.g. blocked_roles, admin_portal_base_url)