User Warning Preferences - Entity | Likepersonsapp

Description

Stores user-level feature-specific settings, primarily the boolean flag controlling whether sensitive field disclosure warnings are suppressed globally. Provides synchronous cached access for hot code paths such as focus-event handlers, and syncs to Supabase on change and on session resume.

Data Structure

Name	Type	Description	Constraints
`id`	`uuid`	Surrogate primary key, generated on record creation.	PKrequiredunique
`user_id`	`uuid`	Foreign key to the Supabase auth user record (auth.users.id). Also corresponds to the peer_mentor profile for the same user. One record exists per authenticated user.	requiredunique
`suppress_sensitive_warnings`	`boolean`	When true, the app suppresses the screen-reader disclosure warning dialog globally for this user across all sessions. When false (default), the sensitive-field-privacy-guard displays a confirmation dialog before vocalization of sensitive fields.	required
`updated_at`	`datetime`	UTC timestamp of the last write to any preference field. Updated on every mutation. Used by the sync layer to detect staleness.	required
`synced_at`	`datetime`	UTC timestamp of the last successful sync with Supabase. Nullable until the first successful remote write. Used by session-resume-manager to decide whether a local-only write needs to be pushed.	-
`created_at`	`datetime`	UTC timestamp when the record was first created. Immutable after creation.	required

Database Indexes

idx_user_preferences_user_id

btree unique

Columns: user_id

idx_user_preferences_updated_at

btree

Columns: updated_at

Validation Rules

user_id_references_valid_user error

Validation failed

suppress_sensitive_warnings_is_boolean error

Validation failed

updated_at_refreshed_on_every_write error

Validation failed

synced_at_not_before_created_at warning

Validation failed

no_extra_fields_in_local_cache warning

Validation failed

Business Rules

one_record_per_user

on_create

Exactly one user_preferences row must exist per authenticated user. The UNIQUE constraint on user_id enforces this at the database level. If no row exists when the app first checks the flag, a default record (suppress_sensitive_warnings = false) is upserted atomically.

Enforced by: Authentication Session Manager Session Resume Manager

default_warnings_enabled

on_create

suppress_sensitive_warnings defaults to false on creation. Sensitive field disclosure warnings are shown by default; the user must explicitly opt out. This upholds the privacy-protective design principle that screen-reader vocalization of sensitive fields requires affirmative user action.

Enforced by: Authentication Session Manager Sensitive Field Warning Dialog

sync_on_change

on_update

Any write to suppress_sensitive_warnings must immediately attempt a Supabase sync. updated_at is refreshed, and synced_at is set on successful write. If the sync fails (offline), the local cache is written and a pending-sync flag is raised for the next session-resume event.

Enforced by: Accessibility Settings Repository Session Resume Manager

sync_on_session_resume

always

On every AppLifecycleState.resumed event, session-resume-manager checks whether synced_at < updated_at on the locally cached record and pushes any pending write to Supabase. This ensures cross-device consistency when the user has changed the setting while offline.

Enforced by: Session Resume Manager

global_suppression_overrides_per_session_suppression

always

When suppress_sensitive_warnings is true, the sensitive-field-privacy-guard must skip the warning dialog entirely, regardless of any per-session suppression cache state. The persistent global flag takes precedence over the transient session-level suppression. Per-session suppression (held in memory only) is a subset of this global flag.

Enforced by: Sensitive Field Privacy Guard Sensitive Field Warning Dialog

rls_owner_only

always

Row-level security ensures a user can only read and write their own user_preferences row. The RLS predicate is: user_id = auth.uid(). No coordinator or admin role may read or modify another user's warning preferences.

Enforced by: Accessibility Settings Repository

cascade_delete_on_user_removal

on_delete

When the parent auth.users record is deleted, the user_preferences row is deleted via CASCADE. No orphaned preference rows are permitted.

Enforced by: Authentication Session Manager

cache_warmed_before_focus_handlers

always

The in-memory cache of suppress_sensitive_warnings must be populated before the first screen is rendered. The synchronous cache accessor used by focus-event handlers must never trigger a network call; only the background sync path may perform I/O.

Enforced by: Sensitive Field Privacy Guard Session Resume Manager