Skip to main content
WorkspaceGroupMembership represents a single person’s membership within a workspace group, capturing the lifecycle from invitation through acceptance or revocation. It associates a People record with a WorkspaceGroup, carries the assigned role, invitation token, and status, and is soft-deleted on revocation so the audit trail is preserved. A partial unique index on (person_pk, workspace_group_pk) WHERE deleted_at IS NULL enforces the idempotent-invite guard at the schema level: at most one live membership per person-group pair, while allowing revoke-then-re-invite semantics.
Internal object. Not currently exposed on the public REST API. The operations below describe the intended contract.

API operations

Data model

Attributes

Relationships

System-computed

  • workspace_group_membership_id — generated by gen_random_uuid() at INSERT; unique constraint enforced at the DB level
  • created_at — set once by MikroORM onCreate hook (new Date()); never overwritten
  • updated_at — set by onCreate hook and refreshed on every UPDATE by onUpdate hook
  • deleted_at — set to current timestamp by the revocation path (WorkspaceGroupService.revokeMembership); NULL for live rows
  • Partial unique index workspace_group_memberships_person_group_active_unique on (person_pk, workspace_group_pk) WHERE deleted_at IS NULL — enforced at the schema level; the service’s idempotent-invite guard relies on this index to prevent duplicate pending/active memberships
  • invite_token — generated as a UUID by the service’s invite flow (WorkspaceGroupService.inviteToGroup); consumed/cleared on accept; the token is the cryptographic proof validated by the accept endpoint rather than the membership_id alone
  • status transitions — ‘pending’ on creation (DB default); ‘active’ set by the service on a successful acceptInvite call; no direct user-patch path for status

Example

Source: apps/api/src/database/entities/WorkspaceGroupMembership.ts · domain: workspace · tier: Platform