Permission Check Before Sensitive Coordinator Actions
Before executing high-impact coordinator actions—bulk activity registration, initiating a peer mentor pause, or approving expense claims—the permission checker service performs a lightweight permission validation against the user's current role and organization scope. If the permission check fails (e.g., the coordinator's access has been revoked since their last login), the UI surface displays a clear inline error message rather than failing silently or showing a generic error. The permission checker integrates with the role repository to obtain up-to-date access grants without requiring a full re-authentication.
User Story
Acceptance Criteria
- Given a coordinator attempts to initiate a bulk registration, When the permission checker determines their bulk registration permission is active, Then the action proceeds normally
- Given a coordinator's bulk registration permission has been revoked by an admin since login, When the permission checker runs before the action, Then a clear error message is shown explaining the permission issue and no partial action is taken
- Given the permission checker service is unavailable due to a network error, When a coordinator attempts a sensitive action, Then the app displays a retry prompt rather than proceeding without verification
- Given a coordinator's permission check passes, When they complete the sensitive action, Then no additional permission re-check is required for subsequent steps within the same flow
Business Value
Organizations rely on coordinators performing bulk operations correctly. A stale permission state causing a mid-flow failure—especially during multi-step proxy registration—results in data integrity issues and coordinator frustration. Proactive permission checks before destructive operations align with the organizations' requirements for reliable, trustworthy tooling.
Components
- Permission Checker Service service
- Role Repository data
- Role Resolution Service service
- Role State Manager service