Role Manager Design Documentation - SoenCapstone/GameOn GitHub Wiki

Overview

The Role Manager is an independent microservice responsible for managing user access levels and permissions across the GameOn platform. It implements a Role-Based Access Control (RBAC) model, defining roles (e.g., Admin, Coach, Player) and associating them with permissions (e.g., CREATE_LEAGUE, EDIT_TEAM, VIEW_STATS).

Instead of storing roles directly in the User entity, all user-role relationships are managed through RoleAssignments, making sure full separation between user data and access control logic.

System Components

OwnerEntity: Abstract base class representing any entity that can own a league.

User: Inherits from OwnerEntity. Represents a platform member and includes authentication details.

Role: Represents a named grouping of permissions such as Admin, Coach, or Player.

Permission: Defines specific actions that a role can perform.

League: Represents a sports league owned by a User or organization. A league can contain multiple teams.

Team: Represents a group of users participating within a league.

RoleAssignment: Connects User, Role, and optionally a League or Team. This enables contextual permissions.

RoleManagerService: Core microservice that manages role assignments, role removal, and permission validation.

RoleController: REST controller that exposes API endpoints for role and permission management.

RoleAssignmentRepository: Provides CRUD access for managing RoleAssignment entities.

RoleRepository: Handles persistence and retrieval of available roles.

PermissionRepository: Handles storage and lookup of permissions.

UserService: External service used for fetching user data in a read-only manner, ensuring microservice decoupling.

Architecture Summary

The Role Manager functions as its own microservice, independent from the User Service. All role-related data (assignments, validation, and permissions) are managed within this service. Roles are not stored in the User entity instead, they are resolved through RoleAssignment. This architecture supports both global roles and contextual roles at the league or team level. The RoleManagerService only depends on: RoleRepository, PermissionRepository, RoleAssignmentRepositoryand UserService.

UML Class Diagram

The following diagram illustrates the key entities and relationships within the Role Manager system: