Function allowOwnerAdminUserOrganization

  • allowOwnerAdminUserOrganization(opts, userIdTargetField, logger, context): Promise<util.StatusCodes>

  • Allow owner or admin user in the same organizations to access the resource

    Parameters

    • opts: {
          authSecrets: AuthSecrets;
          authenticate: AuthenticationFunction;
          organizationAPI?: null | Pick<OrganizationDefaultAdapterAPI, "getUserOrganizations" | "getUserOrganizationRole">;
      }

      injected services

      • authSecrets: authentication secrets
      • authenticate: authentication function
      • organizationAPI: organization API
      • authSecrets: AuthSecrets
      • authenticate: AuthenticationFunction
      • Optional organizationAPI?: null | Pick<OrganizationDefaultAdapterAPI, "getUserOrganizations" | "getUserOrganizationRole">
    • userIdTargetField: TargetField

      target field to get the user id from context

    • logger: Logger

      injected logger used to handle the logging

    • context: AdapterHandlerContext

      request context [headers, body, params, query]

    Returns Promise<util.StatusCodes>

    200 Status OK

    Description

    This validator will check if the user is an owner or admin of the same organization by applying the following steps in sequence:

    1. Get the authenticated user from context

    2. Get the organizations authenticated user belongs to

    3. Get the user to edit from context

    4. Get the organizations the user belongs to

    5. Get common organizations between authenticated user and user

    6. Check if the authenticated user is an owner or admin of the common organizations

    Throws

    400 NBError Bad Request

    • userId or attachmentId not exist in request params

    Throws

    403 NBError Forbidden

    • Users do not belong in the same organization
    • User is not an owner or admin and does not have permission to access this resource

    Throws

    500 NBError Internal Server Error

    • Organization API is not provided

Settings

Member Visibility

Theme

Generated using TypeDoc