Paradaux
IssuesPAR-141Pending Release
0

Reconcile Treasury access on proprietorship transfer & role-permission changes

Problem (confirmed in prod)

Business → Treasury access reconciliation is done with ad-hoc syncAllFirmAccounts() calls bolted onto some mutation paths. Two paths that change access never reconcile:

  1. Proprietorship transferFirmRequestServiceImpl.completeTransferProprietorship calls firms.updateProprietor(...) but never (a) reassigns the Treasury account owner or (b) re-syncs members/authorizers. Result: the new proprietor is locked out of their own firm account (not owner/member/authorizer → canAccessAccount false), and the old owner keeps ownership + access.
  2. Role-permission editsFirmRoleServiceImpl.addRolePermission/removeRolePermission/deleteRole/renameRole change what current role-holders can do but never re-sync, so granting/revoking FINANCIAL/ADMIN on a role does not propagate to Treasury membership until an unrelated employment event or a manual /business account sync.

Evidence (prod, 2026-06-11)

  • Member/authorizer drift for current employees: 0 (sync-on-employment works).
  • Firm accounts whose Treasury owner ≠ current proprietor: 5 (Costco, UMStone, UMTree, UMNet, Deliveroo) — all default accounts; old owner still a member; new proprietor not a member. Costco & Deliveroo have ACCEPTED firm_transfer_requests rows matching exactly.
  • This is the recurring reason staff have had to manually run the sync command.

Change

  • Depends on PAR-140 (TreasuryApi.reassignOwner).
  • completeTransferProprietorship: after updateProprietor, reassign every live firm account's Treasury owner to the new proprietor and syncAllFirmAccounts(firmId) (adds new proprietor as member+authorizer, removes old owner if not a current employee).
  • Add syncAllFirmAccounts(firmId) to the role/permission mutators (addRolePermission, removeRolePermission, deleteRole, renameRole).
  • Centralize so the reconcile can't be forgotten again (single helper invoked by all access-affecting writes).

Remediation

One-time fix for the 5 live firms (reassign owner → current proprietor, add as member+authorizer, drop the stale old owner). SQL drafted for review before running against prod.

Acceptance

  • After a proprietorship transfer the new owner can immediately use /business account ...; the old owner cannot.
  • Granting FINANCIAL/ADMIN to a role immediately grants matching role-holders account access (no manual sync).
  • The 5 known firms remediated and re-verified at 0 drift.

Comments

No comments yet.

Activity

  • tesks changed status to Status → Pending ReleaseJun 11, 2026, 10:35 AM
  • ParadauxIO linked a commit — Commit fa4c3ec — Reconcile Treasury access on proprietorship transfer & role changes (PAR-141)Jun 11, 2026, 10:35 AM
  • tesks created the issueJun 11, 2026, 10:22 AM