Skip to content

Phase 6d — institution-scoped scenarios #15

Description

@ludakhris

Split out from #2. The Phase 6 data model is in (institutions + cohorts + memberships shipped in #2 a7f36a1; uniqueness fix-ups tracked in #14). This issue covers letting institution admins author scenarios that are private to their institution, while full admins keep visibility across everything.

Scope

  • Add institutionId (nullable) to Scenario — null means "public, all users"
  • Promote institution-admin to a real role:
    • Tied to a specific institutionId (single-institution admin for now — can extend later)
    • Decide where the binding lives (Clerk publicMetadata.institutionId, or a flag on Membership)
  • Backend filtering on GET /api/scenarios:
    • Anonymous / regular signed-in users → public scenarios + scenarios from any institution they're a member of
    • Institution admins → public + their institution's scenarios
    • Full admins → everything
  • Builder: when an institution admin creates a scenario, auto-set institutionId to their institution
  • Builder list (/builder) for full admins: group scenarios by institution (institution name as section header, public scenarios in their own group)
  • Existing scenario YAML seeding stays public (institutionId = null)

Open questions

  • Can an institution admin make a scenario public after the fact? (Probably no — promotion is a full-admin action.)
  • Can an institution admin edit public scenarios? (Probably no — read-only.)
  • Should institution-private scenarios be surfaced to non-members of that institution who happen to have the URL? (Probably no — 404 if not a member.)

Dependencies

Refs #2.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions