👤 User Validator Blocks
User validator blocks provide validation functions for user-related operations in Nodeblocks applications. These validators ensure proper access control and data validation for user profiles and user management operations.
🎯 Overview
User validator blocks are designed to:
- Validate user profile access based on ownership and permissions
- Ensure proper user management with role-based access control
- Support multiple access patterns (self, admin, user, guest)
- Handle user-specific validation logic for secure operations
- Provide reusable validation for user workflows
📋 User Validator Types
Access Control Validators
Validators that check user permissions for user resources.
🔧 Available User Validators
ownsProfile
Profile ownership validator for authenticated user access.
Note: internally uses users collection for profile data.
Purpose: Ensures only the profile owner can access/modify the profile
Parameters:
resourceIdPathInPayload: tuple path toprofileIdin payload (e.g.['requestParams', 'profileId'])
Returns: void - Passes through if the authenticated identity owns the profile
Throws:
- NodeblocksError (401) with message "Invalid token"
- NodeblocksError (500) with message "Resource does not exist"
- NodeblocksError (400) with message "Invalid resource ID"
- NodeblocksError (403) with message "Failed to fetch resource"
- NodeblocksError (403) with message "Invalid owner ID"
- NodeblocksError (403) with message "Identity is not the owner of the resource"
Usage:
import { validators } from '@nodeblocks/backend-sdk';
const { ownsProfile } = validators;
withRoute({
-- snip --
validators: [
ownsProfile(['requestParams', 'profileId'])
]
});
validateUserProfileAccess
Validates user profile access based on allowed subjects and token information.
This validator is deprecated.
Replacement: ownsProfile.
Purpose: Ensures users can only access their own profiles or have appropriate permissions
Parameters:
allowedSubjects:string[]- Array of allowed user types/subjectsauthenticate:Authenticator- Authentication function (optional, defaults to getBearerTokenInfo)payload:RouteHandlerPayload- Contains request context and data
Returns: void - Passes through if user has appropriate permissions
Throws:
- NodeblocksError (401) with message "App token is not valid" or "User token is not valid"
- NodeblocksError (400) with message "must have identityId when creating a new profile"
- NodeblocksError (404) with message "Profile not found"
- NodeblocksError (403) with message "Profile has no identity"
- NodeblocksError (403) with message "Identity is not authorized to access this profile"
- NodeblocksError (401) with message "Token does not have a valid access type"
Supported Subjects:
'self'- User can access their own profile (email-based matching)'admin'- Administrator access (typeId: '100')'user'- Regular user access (typeId: '001')'guest'- Guest access (typeId: '000')
User Profile ID Sources (checked in order):
payload.context.data.profileIdpayload.params.requestParams.profileIdpayload.params.requestQuery.profileIdpayload.params.requestBody.profileId
User Type Configuration (defaults):
{
admin: '100',
guest: '000',
user: '001'
}
Access Logic:
- App tokens: Always pass if appId is valid
- User tokens:
- For
'self'subject: Match identity/profile ownership viaownsProfile - For role subjects: Match identity typeId with configured typeId
- At least one subject must match for access to be granted
- For
Usage:
import { validators } from '@nodeblocks/backend-sdk';
const { validateUserProfileAccess } = validators;
// Self access only
withRoute({
-- snip --
validators: [validateUserProfileAccess(['self'])]
});
// Self or admin access
withRoute({
-- snip --
validators: [validateUserProfileAccess(['self', 'admin'])]
});
// Admin only access
withRoute({
-- snip --
validators: [validateUserProfileAccess(['admin'])]
});
🔗 Related Documentation
- User Schema Blocks - User data validation and contracts
- User Handler Blocks - User business logic functions
- User Route Blocks - User HTTP endpoint definitions
- User Feature Blocks - User composed features