🏠 Overview 🧩 Components 🧩 Report API Middleware

Report API Middleware

Component Detail

Infrastructure low complexity Shared Component backend
0
Dependencies
0
Dependents
3
Entities
0
Integrations

Description

Next.js API route middleware that enforces role-scoped access control for all team report endpoints, verifying the requesting user holds Coordinator or higher role and is authorized for the requested association_id. Prevents cross-association data leakage at the API layer.

Feature: Coordinator Team Reports

report-api-middleware

Responsibilities

  • Verify JWT token and extract user role and association memberships
  • Confirm requesting user has Coordinator or higher role for the requested association_id
  • Reject requests referencing association IDs outside the user's authorized scope
  • Pass validated association context to downstream handlers

Interfaces

withReportAccess(handler)
validateAssociationScope(userId, associationId)
extractUserContext(req)
rejectUnauthorized(res)

Related Data Entities (3)

Data entities managed by this component

Report 17 fields derived Role 11 fields configuration User Organization Role 12 fields core