Skip to main content
Version: v1.0.0(int)

W017: Update user role

Promotes or demotes a member among owner, admin, and member. Triggered from Settings, Users.

Steps

  1. Reject self-modification. A user cannot change their own role through this workflow; the L4 boundary returns 400 first, but the workflow re-checks because role escalation is sensitive.

  2. Confirm the target is a member. Call Platform.getMembership(targetUserId, orgId). If no row exists, reject.

  3. Guard against orphaning the org. If the patch demotes the current target from owner to anything else, count owners in this org via Platform.countOwners(orgId). Reject if the count would drop to zero after the change (i.e., the target is the only owner left).

  4. Write the new role. Call Platform.updateMembershipRole with the patch.

Returns

The updated membership row.

Business rules

  • Owner-count invariant. An organization must always have at least one owner. Demotions that would violate this are rejected at step 3.
  • No self-modification. Owners can demote other owners but not themselves; preventing the obvious footgun where a sole owner self-demotes mid-session.
  • Only owners can change roles. Admins cannot promote themselves or others; enforced at the request boundary.

Errors

  • NotFoundError. The target user is not a member of this org.
  • ValidationError. The caller is targeting themselves.
  • InvalidTransitionError. The demotion would leave the org without an owner.