crowd.dev icon indicating copy to clipboard operation
crowd.dev copied to clipboard

Published 20 hours ago โ€ข verified publisher icon CrowdDotDev

chore(api): add `memberIdOrLfid` param support and user validation endpoints

Open skwowet opened this issue 6 months ago โ€ข 0 comments

Overview

This PR introduces LFID support across member-related endpoints and adds new APIs to support user validation from the Individual Dashboard (ID). It also includes permission refinements and audit logging.

Highlights

  • LFID Support: Middleware resolves :memberIdOrLfid to a canonical memberId (UUID), allowing endpoints to accept either a member UUID or LFID.
  • Granular Permissions: Identity and organization CRUD, as well as validation actions, now use fine-grained permission checks for better security and role separation.
  • Audit Logging: All user validation actions are recorded in a new memberUserValidations table, with audit log hooks for traceability.

๐Ÿ”„ Modified Endpoints

  • The following existing endpoints now support the :memberIdOrLfid (either a member UUID or LFID) param:
    • GET /member/:memberIdOrLfid/organization
  • Internal logic refactored to use req.memberId (set by the new middleware).
  • Permissions for identity and organization endpoints are now more granular (e.g., memberIdentityCreate, memberOrganizationRead, etc.).

๐Ÿ†• New Endpoints

GET /member/:memberIdOrLfid/detected-identity

Returns detected identities for a member (LFID) that have not yet been validated, including an optional activityCount for username identities.

Permissions: memberIdentityRead

Response Example:

[
  {
    "id": "string",
    "platform": "string",
    "type": "string",
    "value": "string",
    "verified": true,
    "activityCount": number
  }
]

POST /member/:memberIdOrLfid/user-validation

Creates a user validation record for a member identity (accept or reject).

Permissions: memberUserValidationCreate

Request Body Example:

{
  "action": "accept" | "reject",
  "details": { "identityId": "string" }
}

Response: 200 OK

GET /member/:memberIdOrLfid/organization/status

Checks if work history records exist for the member.

Permissions: memberOrganizationRead

Response Example:

{ "status": true }

POST /member/:memberIdOrLfid/organization/user-validation

Creates a user validation record for a memberโ€™s organization (create, update, or delete).

Permissions: memberUserValidationCreate

Request Body Example:

{
  "action": "create" | "update" | "delete",
  "details": {
    "organizationId": "string",
    "organizationName": "string",
    "title": "string",
    "dateStart": "string",
    "dateEnd": "string"
  }
}

Response: 200 OK

๐Ÿ—„๏ธ Data Layer & Audit Logging

  • New table: memberUserValidations for storing user validation actions.
  • Data access layer extended with methods for creating and querying validations.
  • Audit logging for all validation actions via new action type.

๐Ÿ” Permissions & Roles

  • New externalService role and fine-grained permissions for all new and updated endpoints.
  • User validation endpoints are accessible only to the externalService role.

skwowet avatar Apr 24 '25 15:04 skwowet