Multi-Organization Membership Handling
Feature Detail
Description
This feature handles the complex scenario where a single user is a member of multiple local associations simultaneously, which is a documented reality for NHF where members can belong to up to five different lokallag. It provides tools to manage membership affiliations, prevent double-reporting of the same activity across organizations, and give users and coordinators a clear view of which organization context is active at any given time. The feature merges Members in Multiple Local Associations, Double-Reporting Prevention, and Membership Affiliation Management into one cohesive workflow.
Analysis
Double-reporting is a significant compliance and data quality risk for organizations receiving Bufdir funding, where activity counts must be accurate to justify grant allocations. NHF explicitly identified this as a priority concern, with members belonging to up to five lokallag creating ambiguity about which organization should report which activity. Resolving this ensures reporting integrity, avoids funding disputes, and builds trust between Norse Digital Products and its organizational clients. For peer mentors themselves, clear affiliation management reduces confusion and ensures their contributions are attributed correctly, which directly impacts honorarium calculations and gamification features.
The data model centers on the user_organization_memberships join table, which must support multiple active memberships per user with a concept of a 'primary' or 'active context' affiliation. The Membership Affiliation Screen allows users to switch between their organizational contexts, while the Duplicate Report Prevention Service implements business logic to detect when an activity being logged matches an existing record across affiliated organizations. Detection can use a combination of activity type, contact, date, and duration fuzzy matching. Supabase RLS policies must be carefully designed to allow cross-membership queries only for deduplication purposes while preserving data isolation otherwise. BLoC state management should track the currently active organization context throughout the session.
Dependencies
Definition of Done
User Stories (11)
As a As a Organization Administrator
I want I want to configure the sensitivity thresholds for the duplicate detection algorithm — including the acceptable date window, duration variance, and which fields are required to match — through the admin settings panel
So that So that the duplicate detection system is appropriately calibrated for my organization's specific activity patterns, avoiding both false positives that block legitimate registrations and false negatives that allow genuine duplicates through
- Given an Organization Administrator accesses the duplicate detection configuration, when they view the settings, then current threshold values for date window, duration tolerance, and required match fields are displayed with their current values
- Given an Organization Administrator updates the date proximity threshold from 1 day to 3 days, when the change is saved, then subsequent duplicate checks use the new threshold and a confirmation message is shown
- Given the threshold configuration is saved, when a peer mentor registers a new activity, then the Duplicate Report Prevention Service applies the updated thresholds in real time
- +2 more
As a As a Global Administrator
I want I want to audit the Supabase Row Level Security policy configuration for multi-membership users and verify that cross-organization data access is strictly limited to deduplication service queries, with all other access patterns remaining fully isolated per organization
So that So that I can ensure GDPR compliance and data protection obligations are met when peer mentor data is accessed across organizational boundaries during duplicate detection, and that no unintended data leakage occurs between organizations
- Given a Global Administrator navigates to the RLS policy audit view in the admin portal, when the view loads, then the active policies for the user_organization_memberships and related tables are displayed in a human-readable format
- Given the RLS audit view is open, when the Global Administrator reviews the deduplication service's policy scope, then it is clearly documented which tables and columns the deduplication role can access and under what conditions
- Given the Global Administrator runs a policy validation check, when the check completes, then it confirms that no Organization Administrator role can query activity data belonging to a different organization — even for users with multi-organization memberships
- +2 more
As a As an administrator
I want I want a contextual banner displayed at the top of activity registration, approval, and report submission screens that clearly shows which organization is currently active
So that So that I am always aware of the organizational context before committing any data submission, preventing accidental reporting under the wrong organization
- Given an administrator is on an activity registration or approval screen, when the screen renders, then the Organization Context Banner shows the name of the currently active organization prominently
- Given the active organization context has been switched in the current session, when the administrator navigates to a reporting screen, then the banner reflects the updated organization name immediately
- Given an administrator is on a read-only analytics or reporting screen, when the screen loads, then the banner is present but uses a neutral informational style rather than a warning style
- +2 more
As a As a Organization Administrator
I want I want to designate or change which local association is a user's primary affiliation from the Membership Affiliation Screen
So that So that the system has an unambiguous default organization for attributing that user's activities when no explicit context override is provided, reducing the need for manual conflict resolution
- Given a user with multiple organization memberships, when an Organization Administrator selects 'Set as Primary' for a specific affiliation, then that affiliation is marked as primary and all other affiliations for that user are marked as secondary
- Given a primary affiliation is updated, when the Membership Service persists the change, then the update is reflected in the Membership Affiliation Screen without requiring a page reload
- Given the primary affiliation has changed, when subsequent activities are registered by that user without an explicit context override, then the new primary affiliation is used as the default attribution organization
- +2 more
As a As an administrator
I want I want a contextual banner displayed at the top of activity registration, approval, and report submission screens that clearly shows which organization is currently active
So that So that I am always aware of the organizational context before committing any data submission, preventing accidental reporting under the wrong organization
- Given an administrator is on an activity registration or approval screen, when the screen renders, then the Organization Context Banner shows the name of the currently active organization prominently
- Given the active organization context has been switched in the current session, when the administrator navigates to a reporting screen, then the banner reflects the updated organization name immediately
- Given an administrator is on a read-only analytics or reporting screen, when the screen loads, then the banner is present but uses a neutral informational style rather than a warning style
- +2 more
As a As a Global Administrator
I want I want to view a platform-wide dashboard showing the count of users with multi-organization memberships, the number of duplicate detection events raised and resolved per organization, and any unresolved membership conflicts flagged for administrator action
So that So that I can identify organizations that are struggling with multi-membership complexity, provide targeted support to Organization Administrators, and ensure platform-wide data quality ahead of Bufdir reporting cycles
- Given a Global Administrator accesses the multi-membership monitoring dashboard, when the page loads, then they see aggregate counts of multi-membership users per organization
- Given the dashboard is loaded, when the Global Administrator views the duplicate detection summary, then they see per-organization counts of: total warnings raised, confirmed duplicates blocked, and overrides accepted in the current reporting period
- Given one or more organizations have unresolved membership conflicts older than the configured SLA threshold, when the dashboard loads, then those organizations are highlighted with an alert indicator and a count of overdue conflicts
- +2 more
As a As an administrator
I want I want to view a complete list of all local associations a user belongs to, including their primary affiliation and membership status in each
So that So that I can understand the full scope of a user's organizational relationships and make informed decisions about activity attribution and reporting
- Given a user who belongs to multiple organizations, when an administrator navigates to the Membership Affiliation Screen for that user, then all affiliated organizations are listed with their name, region, and membership status
- Given a user with a designated primary affiliation, when the screen loads, then the primary organization is clearly badged and visually distinguished from secondary affiliations
- Given a user with inactive or paused membership in one organization, when the list is displayed, then the inactive status is shown with a distinct visual indicator
- +1 more
As a As an administrator
I want I want to switch the active organization context from the persistent profile widget in the app header so that subsequent actions, reports, and data views are scoped to the selected organization
So that So that I can work within any organization's data context without needing to log out and log back in, and so that every administrative action I take is unambiguously attributed to the correct organization
- Given an administrator with access to multiple organizations, when they tap the Multi-Org Profile Widget, then a dropdown lists all accessible organizations with the currently active one marked
- Given an administrator selects a different organization from the dropdown, when the selection is confirmed, then the active context updates immediately across all open screens and the widget reflects the new organization name
- Given an administrator switches organization context, when they navigate to activity, report, or member screens, then all displayed data is scoped exclusively to the newly selected organization
- +2 more
As a As a Organization Administrator
I want I want the system to automatically detect when a peer mentor is about to submit an activity that closely matches a record already registered under one of their other affiliated organizations, and surface a warning before the submission is finalized
So that So that double-counting of activities across organizational boundaries is prevented, ensuring Bufdir grant reports reflect accurate and deduplicated activity data
- Given a peer mentor registers an activity with the same activity type, contact, and date as an existing record under a different affiliated organization, when the Duplicate Report Prevention Service evaluates the submission, then a duplicate warning is surfaced to the user before finalization
- Given a duplicate warning is raised, when the administrator reviews the audit log, then they can see the original record, the duplicate candidate, the matched fields, and the confidence score
- Given a peer mentor acknowledges a duplicate warning and chooses to proceed, when the activity is submitted, then it is logged with a 'confirmed-duplicate-override' flag for administrator review
- +2 more
As a As an administrator
I want I want to view a complete list of all local associations a user belongs to, including their primary affiliation and membership status in each
So that So that I can understand the full scope of a user's organizational relationships and make informed decisions about activity attribution and reporting
- Given a user who belongs to multiple organizations, when an administrator navigates to the Membership Affiliation Screen for that user, then all affiliated organizations are listed with their name, region, and membership status
- Given a user with a designated primary affiliation, when the screen loads, then the primary organization is clearly badged and visually distinguished from secondary affiliations
- Given a user with inactive or paused membership in one organization, when the list is displayed, then the inactive status is shown with a distinct visual indicator
- +1 more
As a As an administrator
I want I want to switch the active organization context from the persistent profile widget in the app header so that subsequent actions, reports, and data views are scoped to the selected organization
So that So that I can work within any organization's data context without needing to log out and log back in, and so that every administrative action I take is unambiguously attributed to the correct organization
- Given an administrator with access to multiple organizations, when they tap the Multi-Org Profile Widget, then a dropdown lists all accessible organizations with the currently active one marked
- Given an administrator selects a different organization from the dropdown, when the selection is confirmed, then the active context updates immediately across all open screens and the widget reflects the new organization name
- Given an administrator switches organization context, when they navigate to activity, report, or member screens, then all displayed data is scoped exclusively to the newly selected organization
- +2 more