Every Protected Route Enforces Access Control Regardless of Navigation Method

• Given any protected route in the app, when a user navigates to it via any method including tap, back, or deep link, then the Permission Guard evaluates the user's current role before allowing navigation
• Given a user attempts to access a route via a deep link that exceeds their current role's permissions, when the Permission Guard evaluates the link, then the user is redirected to the No-Access Screen rather than the requested route
• Given a user is not authenticated, when they attempt to access any protected route, then the Permission Guard redirects them to the login screen
• Given a user switches roles, when they subsequently attempt to navigate to a route that was accessible under their previous role but not their current one, then the Permission Guard blocks the navigation and redirects appropriately
• Given the Permission Guard is active on an allowed route, when a user navigates to it, then the navigation completes without additional steps or observable delay

Route-level access enforcement is the primary client-side defense against unauthorized data access. Without consistent Permission Guard checks on every navigation event, a user could bypass UI-level role checks by constructing deep links or using back navigation to reach restricted screens. This is especially critical given that the app handles GDPR-sensitive personal data about vulnerable individuals and encrypted assignment information for organizations such as Blindeforbundet.

• Permission Guard service
• Role Authorization Service service
• User Role Repository data
• No-Access Screen ui