🏢 Organization Validator Blocks
Organization validator blocks provide validation functions for organization-related operations in Nodeblocks applications. These validators ensure proper access control and data validation for organization management and membership operations.
🎯 Overview
Organization validator blocks are designed to:
- Validate organization access based on membership and permissions
- Ensure proper organization management with role-based access control
- Support organization membership validation
- Handle organization-specific validation logic for secure operations
- Provide reusable validation for organization workflows
📋 Organization Validator Types
Access Control Validators
Validators that check user permissions for organization resources.
🔧 Available Organization Validators
validateOrganizationAccess
Validates organization access based on allowed subjects and token information.
Purpose: Ensures users have proper organization membership and permissions
Parameters:
allowedSubjects:string[]- Array of allowed user types/subjectsauthenticate:Authenticator- Authentication function (optional, defaults to getBearerTokenInfo)payload:RouteHandlerPayload- Contains request context and data
Returns: void - Passes through if user has appropriate permissions
Throws:
- NodeblocksError (401) with message "App token is not valid" or "User token is not valid" for invalid tokens
- NodeblocksError (404) with message "Organization not found" if organization doesn't exist
- NodeblocksError (403) with message "Organization has no users" for organizations without users
- NodeblocksError (403) with message "User does not belong to this organization" for non-members
- NodeblocksError (403) with message "User is not authorized to access this organization" for unauthorized access
- NodeblocksError (401) with message "Token does not have a valid access type" for invalid token types
Supported Subjects:
'admin'- Administrator access'member'- Organization member access'owner'- Organization owner access
Organization ID Sources (checked in order):
payload.context.data.organizationIdpayload.params.requestParams.organizationIdpayload.params.requestQuery.organizationIdpayload.params.requestBody.organizationId
User Role Configuration (defaults):
{
admin: 'admin',
member: 'member',
owner: 'owner'
}
Access Logic:
- App tokens: Always pass if appId is valid
- User tokens:
- Verify organization exists
- Verify organization has users
- Verify user belongs to organization
- Verify user role matches allowed subjects
- At least one subject must match for access to be granted
Usage:
import { validators } from '@nodeblocks/backend-sdk';
const { validateOrganizationAccess } = validators;
// Organization member access
compose(validateOrganizationAccess(['member']), organizationHandler);
// Organization admin or owner access
compose(validateOrganizationAccess(['admin', 'owner']), adminHandler);
// Any organization member access
compose(validateOrganizationAccess(['admin', 'member', 'owner']), memberHandler);
🔗 Related Documentation
- Organization Schema Blocks - Organization data validation and contracts
- Organization Handler Blocks - Organization business logic functions
- Organization Route Blocks - Organization HTTP endpoint definitions
- Organization Feature Blocks - Organization composed features