Skip to content

feat(access-api): add authenticated member role management API#70

Merged
Lakes41 merged 3 commits into
Adamantine-guild:mainfrom
ekwe7:Add-role-assignment-management-endpoints
Jun 29, 2026
Merged

feat(access-api): add authenticated member role management API#70
Lakes41 merged 3 commits into
Adamantine-guild:mainfrom
ekwe7:Add-role-assignment-management-endpoints

Conversation

@ekwe7

@ekwe7 ekwe7 commented Jun 28, 2026

Copy link
Copy Markdown

closes #42

Add Authenticated Community Role Management Endpoints

Summary

This PR introduces authenticated API endpoints for assigning and removing member roles within a community. The new endpoints provide a secure, validated, and community-scoped mechanism for administrators to manage access rights without requiring direct database modifications.

Problem Statement

The Access API currently evaluates member roles during policy enforcement and access checks, but lacks a public API surface for managing those roles.

As a result:

  • Role assignments require manual database updates.
  • Administrative tooling cannot manage roles through supported APIs.
  • Role lifecycle operations are difficult to audit and validate.
  • Community-scoped access management is incomplete.

Solution

This PR adds authenticated role management endpoints that allow authorized community administrators to:

  • Assign roles to members
  • Remove roles from members
  • Validate role operations against community boundaries
  • Prevent duplicate assignments
  • Enforce authorization requirements

New Endpoints

Assign Role

POST /v1/communities/:communityId/members/:wallet/roles

Assigns a supported role to a member within the specified community.

Validation

  • Community must exist
  • Wallet address must be valid
  • Role must be supported
  • Caller must be authorized as a community administrator

Remove Role

DELETE /v1/communities/:communityId/members/:wallet/roles/:role

Removes an existing role assignment from a member.

Validation

  • Community must exist
  • Wallet address must be valid
  • Role must exist
  • Caller must be authorized as a community administrator

Authorization

Role mutations are restricted to authorized community administrators.

Unauthorized requests return:

  • 401 Unauthorized
  • 403 Forbidden

depending on authentication and permission state.

Validation Rules

Community Validation

Requests targeting unknown communities return:

  • 400 Bad Request

Wallet Validation

Invalid wallet identifiers return:

  • 400 Bad Request

Role Validation

Unsupported or malformed roles return:

  • 400 Bad Request

Duplicate Assignments

Duplicate role assignments are handled safely and do not create duplicate records.

The operation remains idempotent and returns a successful response.

Implementation Details

Routes

Updated:

apps/access-api/src/routes.ts

Services

Extended:

apps/access-api/src/services/memberService.ts

with role assignment and revocation functionality.

Shared Types

Updated:

packages/shared-types/src/index.ts

to expose role mutation request and response types.

SDK

Updated:

packages/sdk-lite/src/index.ts

to support role management operations from client applications.

Testing

Added comprehensive test coverage for:

Role Assignment

  • Assign valid role
  • Assign existing role safely
  • Assign role within correct community scope

Role Removal

  • Remove assigned role
  • Remove non-existent role safely

Authorization

  • Unauthorized requests rejected
  • Non-admin users forbidden

Validation

  • Invalid community
  • Invalid wallet
  • Invalid role

Duplicate Handling

  • Repeated assignment does not create duplicates

Acceptance Criteria

  • Admins can assign supported roles
  • Admins can remove assigned roles
  • Duplicate role assignments handled safely
  • Unauthorized users receive 401 or 403
  • Invalid wallet values return 400
  • Invalid community values return 400
  • Invalid role values return 400
  • Tests cover assign, remove, duplicate, unauthorized, and invalid-input scenarios

@Lakes41 Lakes41 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good Job @ekwe7

@Lakes41 Lakes41 merged commit d0a71d7 into Adamantine-guild:main Jun 29, 2026
0 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add role assignment management endpoints

3 participants