🏠 Overview ✅ Implementation Tasks ✅ epic-role-based-access-control-ui-and-navigation-task-004

Build org admin home screen variant and content

epic-role-based-access-control-ui-and-navigation-task-004 — Implement the org admin home screen content variant showing org-level statistics, member counts, area summaries, and admin action shortcuts. This variant is displayed only when the active role is org admin, distinguishing it from the global admin who is redirected to No-Access Screen.

high priority medium complexity frontend pending frontend specialist Tier 1

Acceptance Criteria

OrgAdminHomeContent renders org-level statistics: total active peer mentors, total activities this month across the org, and total member count
Area summaries section lists the org's areas (lokallag/chapters) with a per-area activity count for the current month
Admin action shortcuts section provides quick navigation cards for: Manage Members, View Reports, and Manage Peer Mentors
This variant is rendered ONLY when RoleState is orgAdmin — it must never render for globalAdmin (who sees NoAccessScreen) or for coordinator/peerMentor roles
All org-level statistics are scoped to the admin's own org_id — no cross-org data is shown
Loading state uses skeleton placeholders matching the final card layout
Error state shows a retry prompt without exposing raw Supabase error details
All text and interactive elements meet WCAG 2.2 AA contrast and minimum touch target (48×48dp) requirements
Admin action shortcut cards are semantically labeled as buttons for screen reader users

Technical Requirements

frameworks
Flutter
BLoC
Riverpod
apis
Supabase PostgREST — organizations table
Supabase PostgREST — activities table (org-scoped aggregate)
Supabase PostgREST — user_roles table (org member counts)
data models
Organization
Area
Activity
OrgAdminStats
UserRole
performance requirements
Org-level statistics load within 2 seconds on 4G
Area summaries list renders within the same 2-second budget using a single aggregated query where possible
security requirements
All queries must be scoped to the authenticated admin's own org_id — Row Level Security enforces server-side, client must also filter
Admin action shortcuts must only navigate to routes that are gated behind orgAdmin permission checks — no shortcut bypasses RBAC
ui components
OrgAdminHomeContent (this widget)
OrgStatCard (org-level stat with value + label)
AreaSummaryList
AreaSummaryItem (area name + activity count)
AdminActionShortcutCard
SkeletonCard

Execution Context

Execution Tier
Tier 1

Tier 1 - 540 tasks

Can start after Tier 0 completes

Implementation Notes

Implement OrgAdminHomeCubit or OrgAdminHomeNotifier for data fetching, scoped to the admin's org_id extracted from the current RoleState. For area summaries, prefer a Supabase RPC or aggregated query over N individual queries (one per area) to keep load times acceptable for orgs with many chapters (NHF has up to 1,400 lokallag — a full list is not appropriate here; limit to top 5 by activity count with a 'View All' link). Admin action shortcuts should use the existing reusable card/button components from the shared widget library rather than custom styled containers. Clearly document in code comments that this variant is for orgAdmin only and is distinct from the globalAdmin blocked state.

Testing Requirements

Widget tests using flutter_test. Cover: (a) loaded state with sample org stats and area list, (b) loading state, (c) error state. Assert that OrgAdminHomeContent is NOT present in the widget tree when RoleState is coordinator, peerMentor, or globalAdmin — pump each state and use find.byType with findsNothing. Verify admin shortcut tap navigation using NavigatorObserver.

Assert org_id scoping: inspect the queries captured by the fake Supabase client and verify org_id filter is present on all calls.

Component
Role-Based Home Screen
ui medium
Dependencies (1)
Create the RoleBasedHomeScreen widget that subscribes to the Role State Manager stream and conditionally renders one of three content variants (coordinator, peer mentor, org admin) based on the active role. Implement the widget tree structure, state subscription, and role-variant switching logic using BLoC/Riverpod pattern. epic-role-based-access-control-ui-and-navigation-task-001
Epic Risks (3)
high impact medium prob technical

Combining GoRouter's declarative redirect logic in the route guard with StatefulShellRoute's stateful branch management is known to produce subtle bugs where the shell rebuilds unnecessarily on role switches, losing tab state or causing double-navigation events.

Mitigation & Contingency

Mitigation: Implement the route guard as a GoRouter redirect callback that only evaluates role from an already-resolved Riverpod provider (not async). Use a dedicated ShellRoute navigator key per tab branch to anchor state independently of role-driven rebuilds. Write integration tests for the full navigation graph.

Contingency: If StatefulShellRoute state loss is confirmed during QA, fall back to a manual tab state preservation approach using a TabStateManager service that caches the last route per tab and restores it after role switches, decoupling tab state from the shell lifecycle.

medium impact high prob scope

The role-based home screen must render three significantly different layouts (coordinator dashboard, peer mentor activity summary, org admin overview). If these variants are implemented as a single widget with conditionals, the file will become unmaintainable and difficult to test in isolation, especially as each variant grows with downstream feature additions.

Mitigation & Contingency

Mitigation: Design the role-based home screen as a router/dispatcher widget that delegates to three separate variant widgets (CoordinatorHomeView, PeerMentorHomeView, OrgAdminHomeView). Each variant is independently testable and can be developed by separate team members in parallel.

Contingency: If variant coupling has already occurred before this risk is addressed, refactor to the dispatcher pattern in a dedicated cleanup task before feature handoff. The dispatcher pattern is a straightforward extraction that carries low refactoring risk.

medium impact medium prob integration

The no-access screen must link global admin users to the correct admin portal URL, which may differ per organization (NHF, HLF, Blindeforbundet each have their own admin portals). Hardcoding a single URL will result in wrong or broken links for some global admin users.

Mitigation & Contingency

Mitigation: Source the admin portal URL from the organization's configuration record in Supabase rather than hardcoding it. The no-access screen reads the active org context and resolves the portal URL dynamically. Provide a safe fallback to a generic Norse Digital Products support page if the URL is not configured.

Contingency: If dynamic URL resolution is not ready when the no-access screen ships, display a static instruction to contact the organization's administrator along with a support email address as an interim measure, and track the URL configuration task as a follow-up.

Quick Links
All Tasks Execution Plan