Complaint Management System
Institutional complaint workflows are typically handled through spreadsheets or fragmented email chains, with no visibility into status, ownership, or resolution history. This system brings structure, audit trails, and role-based access to the entire lifecycle.
Role-based access control (RBAC) is implemented at the API route level with three roles: Admin, Faculty, and Student. Each role has a distinct set of permissions enforced server-side via JWT claims — the frontend only reflects what the backend already restricts.
MongoDB stores complaints as documents with embedded status history arrays, enabling full audit trails without a separate audit table. File uploads are handled via multipart form data and stored with references in the complaint document.
JWT tokens are short-lived with refresh token rotation. The Next.js API routes act as a BFF (Backend for Frontend), centralising auth checks and data transformation before sending responses to the client.