🏠 Overview 🧩 Components 🧩 Supabase Role Data Provider

Supabase Role Data Provider

Component Detail

Infrastructure low complexity mobile
0
Dependencies
1
Dependents
2
Entities
0
Integrations

Description

Low-level infrastructure component that queries Supabase for role assignment records. Reads from user JWT claims, user metadata, or a dedicated roles table and returns raw role data to the repository layer.

Feature: Role-Based Access Control

supabase-role-provider

Summaries

The Supabase Role Data Provider establishes the foundational trust layer for the application's access control system by securely retrieving user role assignments directly from the cloud database. By centralizing role data retrieval at the infrastructure level, this component ensures that every permission decision across the app is grounded in verified, real-time data rather than stale or client-side assumptions. This directly reduces the risk of unauthorized access incidents, which carry significant regulatory, reputational, and financial consequences. Its design leverages Supabase's JWT mechanism, minimizing custom backend development costs while maintaining enterprise-grade security standards that support compliance requirements and user trust.

This component sits at the base of the role management stack and is a prerequisite for all role-dependent features. With low complexity, it can be delivered early in the sprint cycle and should be treated as a foundation blocker for higher-complexity components like the route guard and permission checker. Testing requirements include unit tests for JWT extraction logic and integration tests against a Supabase staging environment, requiring environment configuration as a dependency. Network failure and PostgrestException handling must be validated, adding QA surface area.

Risk is low overall, but any Supabase schema changes to the roles table will require coordinated updates to this component and downstream consumers.

This infrastructure component abstracts Supabase-specific role retrieval behind a clean interface consumed by the repository layer. It provides four key methods: `queryUserRoles(String userId)` for table-based role lookups, `extractRoleFromJwt(Map jwt)` for claim-based extraction, `getRolesTable()` for direct table access, and `handleQueryError(PostgrestException e)` for graceful failure handling. It has no dependencies, making it a pure data-access leaf node. Implement using the `supabase_flutter` package with typed responses.

JWT extraction should defensively handle missing or malformed claim keys. Error handling must distinguish between network failures and authorization errors to enable appropriate upstream fallback logic in the repository layer.

Responsibilities

  • Query Supabase roles table for user role assignments
  • Extract role claims from Supabase JWT user metadata
  • Handle Supabase query errors and network failures gracefully

Interfaces

queryUserRoles(String userId)
extractRoleFromJwt(Map<String, dynamic> jwt)
getRolesTable()
handleQueryError(PostgrestException e)

Relationships

Dependents (1)

Components that depend on this component

data Role Repository

Related Data Entities (2)

Data entities managed by this component

User 13 fields core User Role 13 fields core

API Contract

View full contract →
REST /api/v1/role-providers 5 endpoints
GET /api/v1/role-providers List raw role records from the Supabase roles table
GET /api/v1/role-providers/:recordId Get a single role record from Supabase by record ID
POST /api/v1/role-providers Insert a role record into the Supabase roles table
PUT /api/v1/role-providers/:recordId Update a role record in the Supabase roles table
DELETE /api/v1/role-providers/:recordId Delete a role record from the Supabase roles table