🏠 Overview 🧩 Components 🧩 Report Access Guard

Report Access Guard

Component Detail

Infrastructure low complexity Shared Component backend
0
Dependencies
0
Dependents
4
Entities
0
Integrations

Description

Middleware that enforces role-based access control for all Bufdir report generation and export endpoints, restricting access to Coordinator role and above and validating that the requesting user belongs to the organization they are generating a report for.

Feature: Bufdir Report Generation & Export

report-access-guard

Responsibilities

  • Verify requesting user has Coordinator, Organization Administrator, or Global Administrator role
  • Validate user's organization membership matches the report's target organization
  • Block Peer Mentor role from accessing report generation endpoints
  • Log all report generation attempts for audit trail

Interfaces

guardReportEndpoint(req, res, next)
validateOrganizationScope(userId, organizationId)
checkMinimumRole(userId, minimumRole)
logAccessAttempt(userId, organizationId, action)

Related Data Entities (4)

Data entities managed by this component

Bufdir Report 20 fields core Report 17 fields derived Role 11 fields configuration User Organization Role 12 fields core