ClubSphere

Club management with resource-level ownership enforcement and approval workflows.

Overview

Handles club membership and event logistics for organizations with multiple clubs under one platform. Membership requests go through an admin approval step before access is granted. Event operations are enforced at the resource level, not just role level — a club admin can only modify events they created, preventing cross-club interference. Ownership is stored as a denormalized creator ID on each event document, making the authorization check a single field comparison on read rather than a collection join. The MERN stack is kept intentionally lean here — no UI library, no state management library beyond React state — to demonstrate fundamentals without scaffolding.

Key Features

• • Multi-step membership approval — request → admin review → grant/deny with optional reason
• • Resource-level ownership enforcement: event mutations check creator ID server-side, not just user role
• • Club-scoped event listings — members only see events from their joined clubs
• • JWT auth with protected frontend routes and matching server-side API guards
• • Denormalized creator ID on event documents — authorization check is O(1), no join required

Tech Stack

Challenges

• • Resource ownership checks required joining membership and event collections on every protected mutation, adding query complexity and latency

Solutions

• • Denormalized the creator ID into the event document at write time; ownership check on mutation is a single field comparison — trades a small write overhead for significantly faster read-time authorization

Future Improvements

• • Event attendance tracking with QR code check-in for physical events
• • Club analytics dashboard — member growth over time and event attendance rate