Function validateUserAllowsField

  • validateUserAllowsField(authSecrets, authenticate, userAPI, adminFields, logger, context): Promise<number>

  • Validate user allows field validator

    Parameters

    • authSecrets: AuthSecrets

      authentication secrets

    • authenticate: AuthenticationFunction
    • userAPI: UserDefaultAdapterAPI

      injected api use to handle the user related operations

      • isAdminUser
    • adminFields: string[]
    • logger: Logger

      injected logger used to handle the logging

    • context: AdapterHandlerContext

      request context [headers, body, params, query].

    Returns Promise<number>

    200 Status OK

    Description

    This validator will check if the user allows to update the field by applying the following steps in sequence:

    1. Check if the admin only fields exist in the body, if not, return 200, if yes, continue

    2. Authenticate user

    3. Check if user is an admin (userAPI.isAdminUser)

    4. Throw 403 if user is not an admin

    5. Return 200 if user is an admin

    Throws

    401 NBError Unauthorized

    • authentication failed

    Throws

    403 NBError Forbidden

    • You have no permission to update some field

Settings

Member Visibility

Theme

Generated using TypeDoc