Permission Check Before Sensitive Coordinator Actions

Before executing high-impact coordinator actions—bulk activity registration, initiating a peer mentor pause, or approving expense claims—the permission checker service performs a lightweight permission validation against the user's current role and organization scope. If the permission check fails (e.g., the coordinator's access has been revoked since their last login), the UI surface displays a clear inline error message rather than failing silently or showing a generic error. The permission checker integrates with the role repository to obtain up-to-date access grants without requiring a full re-authentication.

HIGH story-role-based-access-control-peer-mentor-004 5 pts

Story Points

High

Priority

Role-Based Access Control

Feature

User Story

As a Peer Mentor (Likeperson)

I want the app to verify my permissions before I execute sensitive actions such as bulk registrations or pause management

So that I am notified immediately if my permissions have changed (e.g., due to an admin action) rather than encountering a cryptic server error mid-flow

Audience Summaries

This high-priority story directly protects organizational data integrity and coordinator trust by ensuring that permission states are validated in real time before any destructive or bulk operation is executed. When coordinators perform bulk activity registrations or approve expense claims, a stale permission state can cause partial data writes, compliance violations, and significant manual remediation effort. By surfacing clear, actionable inline errors when permissions have been revoked, organizations gain confidence that their access governance policies are enforced at the point of action—not discovered after damage is done. This directly reduces operational risk, lowers support overhead, and strengthens the platform's reputation as a reliable tool for volunteer management at scale.

This story carries high delivery priority and depends on two upstream RBAC stories (story-role-based-access-control-coordinator-001 and -002), which must be completed and stable before integration work can begin. Effort spans the permission checker service, role repository API wiring, and three distinct UI error states: permission denied, network unavailable with retry, and success flow. Acceptance criteria require testing revoked-permission scenarios, which demands coordination with QA to set up controlled role-revocation test data in staging. The network-failure retry path introduces a UX edge case that needs design sign-off.

Rollout should be gated on end-to-end testing of bulk registration flows to avoid coordinator-facing regressions in high-volume periods.

Implementation requires the permission checker service to call the role repository immediately before any of three sensitive action entry points: bulk registration initiation, peer mentor pause, and expense claim approval. The checker must return a structured result distinguishing permission denied from service unavailable, so the UI can branch to the appropriate inline error state or retry prompt. No partial state mutation should occur on a failed check—action handlers must be wrapped to short-circuit before any write operations. The role repository integration should use a lightweight read endpoint (not re-authentication) and must be tolerant of transient network failures with appropriate timeout handling.

Unit tests must cover all four acceptance criteria branches, and integration tests should simulate revoked permissions mid-session.

Acceptance Criteria

Given a coordinator attempts to initiate a bulk registration, When the permission checker determines their bulk registration permission is active, Then the action proceeds normally
Given a coordinator's bulk registration permission has been revoked by an admin since login, When the permission checker runs before the action, Then a clear error message is shown explaining the permission issue and no partial action is taken
Given the permission checker service is unavailable due to a network error, When a coordinator attempts a sensitive action, Then the app displays a retry prompt rather than proceeding without verification
Given a coordinator's permission check passes, When they complete the sensitive action, Then no additional permission re-check is required for subsequent steps within the same flow

Business Value

Organizations rely on coordinators performing bulk operations correctly. A stale permission state causing a mid-flow failure—especially during multi-step proxy registration—results in data integrity issues and coordinator frustration. Proactive permission checks before destructive operations align with the organizations' requirements for reliable, trustworthy tooling.

Components

Dependencies

Role-Specific Home Screen After Login critical
Route-Level Access Enforcement for Coordinator Screens critical

Role-Based Access Control

Related Feature

Peer Mentor (Likeperson)

User Role