Summary
Move runtime org-team / LO / admin permission data out of mledb.player_to_org and into Sprocket-owned authorization data.
Why
Sprocket login and authorization still depend on legacy MLEDB org-team rows. That makes the legacy schema a hard blocker for bot deprecation and prevents Sprocket from becoming the system of record for active league administration.
Relevant code
core/src/identity/auth/oauth/oauth.controller.tscore/src/mledb/mledb-player/mledb-player.service.tscore/src/mledb/mledb-player/mle-organization-team.guard.ts- resolvers guarded by
MLEOrganizationTeamGuard(...)
Scope
- Add a Sprocket-native persistence model for org-team / league-admin permissions.
- Add read/write service APIs in Sprocket core for managing those permissions.
- Update login / refresh token generation to read org-team membership from Sprocket.
- Update guards and permission checks to prefer Sprocket data.
- If needed, keep a temporary compatibility path while migration is in progress.
Acceptance criteria
- Login and token refresh no longer require reads from
mledb.player_to_org.
- Existing LO / admin / org-team gated actions still authorize correctly.
- The runtime source of truth for org-team permissions is documented and lives in Sprocket.
- Any temporary dual-read compatibility path is explicitly documented with a removal plan.
Summary
Move runtime org-team / LO / admin permission data out of
mledb.player_to_organd into Sprocket-owned authorization data.Why
Sprocket login and authorization still depend on legacy MLEDB org-team rows. That makes the legacy schema a hard blocker for bot deprecation and prevents Sprocket from becoming the system of record for active league administration.
Relevant code
core/src/identity/auth/oauth/oauth.controller.tscore/src/mledb/mledb-player/mledb-player.service.tscore/src/mledb/mledb-player/mle-organization-team.guard.tsMLEOrganizationTeamGuard(...)Scope
Acceptance criteria
mledb.player_to_org.