📦 Order Validator Blocks

Order validator blocks provide validation functions for order-related operations in Nodeblocks applications. These validators ensure proper access control and data validation for order management and processing.

---

🎯 Overview

Order validator blocks are designed to:

• Validate order access based on ownership and permissions
• Ensure proper order management with user-based access control
• Support order creation with user validation
• Handle order-specific validation logic for secure operations
• Provide reusable validation for order workflows

---

📋 Order Validator Types

Access Control Validators

Validators that check user permissions for order resources.

---

🔧 Available Order Validators

ownsOrder

Order ownership validator for authenticated user access.

Purpose: Ensures only the order owner can access/modify the order

Parameters:

• resourceIdPathInPayload: tuple path to orderId in payload (e.g. ['requestParams', 'orderId'])

Returns: void - Passes through if the authenticated identity owns the order

Throws:

• NodeblocksError (401) with message "Invalid token"
• NodeblocksError (500) with message "Resource does not exist"
• NodeblocksError (400) with message "Invalid resource ID"
• NodeblocksError (403) with message "Failed to fetch resource"
• NodeblocksError (403) with message "Invalid owner ID"
• NodeblocksError (403) with message "Identity is not the owner of the resource"

Usage:

import { validators } from '@nodeblocks/backend-sdk';

const { ownsOrder } = validators;

withRoute({
  validators: [
    ownsOrder(['requestParams', 'orderId'])
  ]
});

---

validateOrderAccess

Validates order access based on allowed subjects and token information.

Deprecated

This validator is deprecated.
Replacement: ownsOrder.

Purpose: Ensures users have proper order ownership and permissions

Parameters:

• allowedSubjects: string[] - Array of allowed user types/subjects
• authenticate: Authenticator - Authentication function (optional, defaults to getBearerTokenInfo)
• payload: RouteHandlerPayload - Contains request context and data

Returns: void - Passes through if user has appropriate permissions

Throws:

• NodeblocksError (401) with message "App token is not valid" or "User token is not valid"
• NodeblocksError (400) with message "must have identityId when creating a new order"
• NodeblocksError (404) with message "Order not found"
• NodeblocksError (403) with message "Order has no identity"
• NodeblocksError (403) with message "Identity is not authorized to access this order"
• NodeblocksError (401) with message "Token does not have a valid access type"

Supported Subjects:

• 'owner' - Order owner access

Order ID Sources (checked in order):

• payload.context.data.orderId
• payload.params.requestParams.orderId
• payload.params.requestQuery.orderId
• payload.params.requestBody.orderId

Identity ID Sources (for new orders):

• payload.context.data.identityId
• payload.params.requestBody.identityId

Usage:

import { validators } from '@nodeblocks/backend-sdk';

const { validateOrderAccess } = validators;

// Order owner access
withRoute({
  -- snip --
  validators: [validateOrderAccess(['owner'])]
});

// Order owner or admin access
withRoute({
  -- snip --
  validators: [validateOrderAccess(['owner', 'admin'])]
});

---

🔗 Related Documentation

• Order Schema Blocks - Order data validation and contracts
• Order Handler Blocks - Order business logic functions
• Order Route Blocks - Order HTTP endpoint definitions
• Order Feature Blocks - Order composed features