📦 Order Validator Blocks
Order validator blocks provide validation functions for order-related operations in Nodeblocks applications. These validators ensure proper access control and data validation for order management and processing.
🎯 Overview
Order validator blocks are designed to:
- Validate order access based on ownership and permissions
- Ensure proper order management with user-based access control
- Support order creation with user validation
- Handle order-specific validation logic for secure operations
- Provide reusable validation for order workflows
📋 Order Validator Types
Access Control Validators
Validators that check user permissions for order resources.
🔧 Available Order Validators
validateOrderAccess
Validates order access based on allowed subjects and token information.
Purpose: Ensures users have proper order ownership and permissions
Parameters:
allowedSubjects:string[]- Array of allowed user types/subjectsauthenticate:Authenticator- Authentication function (optional, defaults to getBearerTokenInfo)payload:RouteHandlerPayload- Contains request context and data
Returns: void - Passes through if user has appropriate permissions
Throws:
- NodeblocksError (401) with message "App token is not valid" or "User token is not valid" for invalid tokens
- NodeblocksError (400) with message "must have userId when creating a new order" for missing userId on new orders
- NodeblocksError (403) with message "Order has no user" for orders without user
- NodeblocksError (403) with message "User is not authorized to access this order" for unauthorized access
- NodeblocksError (404) with message "Order not found" if order doesn't exist
- NodeblocksError (401) with message "Token does not have a valid access type" for invalid token types
Supported Subjects:
'owner'- Order owner access
Order ID Sources (checked in order):
payload.context.data.orderIdpayload.params.requestParams.orderIdpayload.params.requestQuery.orderIdpayload.params.requestBody.orderId
User ID Sources (for new orders):
payload.context.data.userIdpayload.params.requestBody.userId
Usage:
import { validators } from '@nodeblocks/backend-sdk';
const { validateOrderAccess } = validators;
// Order owner access
compose(validateOrderAccess(['owner']), orderHandler);
// Order owner or admin access
compose(validateOrderAccess(['owner', 'admin']), orderHandler);
🔗 Related Documentation
- Order Schema Blocks - Order data validation and contracts
- Order Handler Blocks - Order business logic functions
- Order Route Blocks - Order HTTP endpoint definitions
- Order Feature Blocks - Order composed features