feat[event]: emit structured user role change event

[nevil-mathew]

Summary by CodeRabbit

• Bug Fixes

  • Organization memberships now update correctly across the app after role changes.
  • Prevents stale user data by refreshing user information immediately after updates.

• Refactor

  • User update propagation improved so role and organization changes appear more consistently and quickly.

• Chores

  • More reliable error handling, event broadcasting, and cache invalidation to ensure update visibility and reduce inconsistencies.

[coderabbitai]

Warning

Rate limit exceeded

@nevil-mathew has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 28 minutes and 0 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 47da053 and 7947b03.

📒 Files selected for processing (1)

• src/services/org-admin.js (2 hunks)

Walkthrough

Refactors updateRoleForApprovedRequest to async/try-catch: captures old organizations, creates role association, refetches updated user, computes organizations diff, builds eventBodyDTO (with timestamps), broadcasts via broadcastUserEvent (internal, userEvents), invalidates Redis user cache, returns { success: true } or throws on error.

Changes

Cohort / File(s)

Summary

Org admin service src/services/org-admin.js

Refactor updateRoleForApprovedRequest from Promise to async/try-catch; capture oldOrganizations, persist role assignment, fetch updatedUser, compute changedValues for organizations, construct eventBodyDTO (includes created_at/updated_at), call broadcastUserEvent(..., internal: true) with userEvents type, delete Redis user cache key, return { success: true } on success and rethrow errors. Adjust imports to include broadcastUserEvent and eventBodyDTO.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant OA as OrgAdmin Service
  participant DB as Data Store
  participant BC as Broadcaster
  participant RC as Redis Cache

  rect rgba(230,245,255,0.6)
    note right of OA: updateRoleForApprovedRequest (async)
    OA->>DB: Read user (oldOrganizations)
    DB-->>OA: user (oldOrganizations)
    OA->>DB: Create/Update role association
    DB-->>OA: role result
    OA->>DB: Fetch updated user (newOrganizations, timestamps)
    DB-->>OA: updatedUser
    OA->>OA: Build eventBodyDTO (old vs new orgs, created_at, updated_at)
  end

  rect rgba(235,255,235,0.6)
    OA->>BC: broadcastUserEvent(eventBodyDTO, internal: true, type: userEvents)
    BC-->>OA: Ack
    OA->>RC: Delete Redis user cache key
    RC-->>OA: Done
  end

  rect rgba(255,240,240,0.6)
    alt Error
      OA-->>OA: throw error
    end
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• tenantCode and orgCode added to role change request body #812 — Modifies updateRoleForApprovedRequest event payload (adds tenant_code and organization_code); likely intersects with this change to event payload and DTO usage.

Poem

I nibble old orgs, then plant the new,
DTO in paw, I send the view.
A twitch, a hop, cache swept away,
Broadcast hums — internal relay.
Carrot cheers for clean deploy today. 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "feat[event]: emit structured user role change event" accurately describes the main change in the pull request. The changeset shows that the code was refactored to broadcast a structured user update event using broadcastUserEvent with eventBodyDTO (which creates structured event payloads) when a user's role changes, replacing the previous roleChange broadcast payload. The title is concise, clear, and specifically highlights the key technical change from a developer's perspective: emitting a structured event for role changes rather than an unstructured one.

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

src/services/org-admin.js (2)

652-656: Consider race conditions when refetching user data.

Refetching the user after creating the role assignment is necessary to get the updated organizations array. However, if other concurrent operations modify the user between lines 645-650 and 652-656, you might capture unrelated changes in the event payload.

While this is unlikely in practice for role assignments, consider whether the event should only reflect the specific role change rather than all organization differences.

---

684-686: Cache invalidation occurs after event broadcast - verify this order is intentional.

The user cache is cleared after broadcasting the event. If downstream event consumers query the user service expecting fresh data, they might receive stale cached data before this invalidation completes.

Consider whether cache invalidation should occur before broadcasting to ensure consistency for event consumers.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2dc3075 and 314e78f.

📒 Files selected for processing (1)

• src/services/org-admin.js (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

src/services/**

⚙️ CodeRabbit configuration file

This is core business logic. Please check for correctness, efficiency, and potential edge cases.

Files:

• src/services/org-admin.js

🧠 Learnings (4)

📓 Common learnings

Learnt from: praveenKDass
PR: ELEVATE-Project/user#816
File: src/services/organization.js:831-0
Timestamp: 2025-09-12T10:40:34.860Z
Learning: In the ELEVATE-Project/user codebase, the organizationDTO.eventBodyDTO is designed to handle empty changes arrays properly, so organization update events should always be emitted even when changedValues is empty. The DTO handles this scenario correctly and there may be other reasons to emit events beyond just field changes (like metadata updates).

📚 Learning: 2025-09-12T10:40:34.860Z

Learnt from: praveenKDass
PR: ELEVATE-Project/user#816
File: src/services/organization.js:831-0
Timestamp: 2025-09-12T10:40:34.860Z
Learning: In the ELEVATE-Project/user codebase, the organizationDTO.eventBodyDTO is designed to handle empty changes arrays properly, so organization update events should always be emitted even when changedValues is empty. The DTO handles this scenario correctly and there may be other reasons to emit events beyond just field changes (like metadata updates).

Applied to files:

• src/services/org-admin.js

📚 Learning: 2025-09-12T11:02:51.008Z

Learnt from: praveenKDass
PR: ELEVATE-Project/user#816
File: src/dtos/organizationDTO.js:14-43
Timestamp: 2025-09-12T11:02:51.008Z
Learning: In the ELEVATE-Project/user codebase, oldValue and newValue in the changedValues array for organizationDTO.eventBodyDTO are guaranteed to not be undefined by the business logic, and filtering out falsy values (0, false, '') from changes is the intended behavior.

Applied to files:

• src/services/org-admin.js

📚 Learning: 2025-09-12T10:35:28.285Z

Learnt from: praveenKDass
PR: ELEVATE-Project/user#816
File: src/services/admin.js:704-704
Timestamp: 2025-09-12T10:35:28.285Z
Learning: In ELEVATE-Project/user admin.js, there's an inconsistency in organizationQueries.update usage: addOrgAdmin calls it without options (returns number), while deactivateOrg calls it with { returning: true, raw: true } (returns object). The validation logic 'if (orgRowsAffected === 0)' only works for the first case - the second case needs 'if (orgRowsAffected.rowsAffected === 0)' to properly validate updates.

Applied to files:

• src/services/org-admin.js

🧬 Code graph analysis (1)

src/services/org-admin.js (4)

src/services/admin.js (11)

• require (11-11)
• require (27-27)
• require (34-34)
• require (36-36)
• require (37-37)
• user (54-54)
• user (200-203)
• user (338-338)
• user (449-449)
• eventBody (63-80)
• eventBody (207-218)

src/services/account.js (16)

• require (26-26)
• require (27-27)
• require (37-37)
• require (41-41)
• user (136-145)
• user (703-703)
• user (848-848)
• user (898-898)
• user (1051-1051)
• user (1204-1213)
• user (1385-1393)
• user (1733-1733)
• user (1956-1959)
• user (2067-2067)
• eventBody (604-623)
• eventBody (1754-1769)

src/database/queries/users.js (1)

• user (225-270)

src/services/user.js (1)

• eventBody (191-201)

🔇 Additional comments (4)

src/services/org-admin.js (4)

31-32: LGTM!

The new imports for structured event broadcasting align with the codebase's event-driven architecture.

---

662-668: Event may be emitted even when organizations array is identical.

If the role assignment doesn't materially change the organizations array structure (e.g., the organization was already present with different roles), oldOrganizations and newOrganizations could be identical or very similar. The event will still be emitted with a changedValues array containing the same data in both fields.

Based on learnings, empty or unchanged changedValues arrays are acceptable as the DTO handles them properly. However, verify this is the intended behavior for role changes where the organizations array structure remains unchanged.

Based on learnings

---

670-682: eventBodyDTO usage is correct.

The eventBodyDTO function signature accepts changedValues as a top-level parameter (not within args). The function is defined in src/dtos/userDTO.js:80 as:

eventBodyDTO({ entity, eventType, entityId, changedValues = [], args = {} })

The calling code correctly passes changedValues at the top level and args containing created_at and updated_at. The DTO transforms the changedValues array into a changes object and spreads args into the returned event body.

Likely an incorrect or invalid review comment.

---

641-642: The concern about user.organizations being undefined is not valid.

The UserTransformDTO.transform function (called in findUserWithOrganization at line 274 of src/database/queries/users.js) explicitly maps user.user_organizations to user.organizations with a built-in fallback to an empty array:

organizations: (user.user_organizations || []).map((orgLink) => { ... })

Since findUserWithOrganization is called without the raw parameter on line 653, the transform is applied, guaranteeing that user.organizations will always be an array (empty or populated). The fallback || [] on line 642 is redundant but harmless.

Likely an incorrect or invalid review comment.

[nevil-mathew]

@coderabbitai summary

[coderabbitai]

✅ Actions performed

Summary regeneration triggered.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/services/org-admin.js (1)

681-684: Enhance error handling with context.

The error handling logs and rethrows the error, but doesn't add context about which operation failed. This makes debugging difficult in production.

Consider adding contextual information to the error:

 	} catch (error) {
-		console.log(error, 'error')
+		console.error('Error updating role for approved request:', {
+			requestId: requestDetails.id,
+			userId: requestDetails.requester_id,
+			roleId: requestDetails.role,
+			error: error.message,
+			stack: error.stack
+		})
 		throw error
 	}

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 314e78f and 47da053.

📒 Files selected for processing (1)

• src/services/org-admin.js (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

src/services/**

⚙️ CodeRabbit configuration file

This is core business logic. Please check for correctness, efficiency, and potential edge cases.

Files:

• src/services/org-admin.js

🔇 Additional comments (5)

src/services/org-admin.js (5)

31-32: LGTM!

The new imports for broadcastUserEvent and eventBodyDTO are appropriate for the structured event emission functionality introduced in this PR.

---

656-673: Well-structured event body construction.

The changed values computation and event body DTO construction correctly capture:

• Old and new organizations state
• Entity metadata (id, type, eventType)
• Timestamps (created_at, updated_at)

This provides consumers with comprehensive information about the role change.

---

677-678: Cache invalidation correctly targets the updated user.

The Redis key construction uses the tenant code and user ID, properly invalidating the cached user data after the role assignment.

---

642-647: Verify handling of duplicate role assignments.

The create operation does not check if the user already has this role in the organization. If a user requests the same role multiple times and all are approved, this could create duplicate entries.

Run the following script to check if the database schema or query method prevents duplicates:

---

675-675: Verify the isInternal flag behavior.

The isInternal: true flag is passed to broadcastUserEvent. Ensure this flag correctly limits the event to internal consumers and does not inadvertently suppress necessary external notifications.

Run the following script to understand how the isInternal flag is handled:

[nevil-mathew]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.