Const// Administrative role assignment
const roleUpdate = {
role: 'content_creator'
};
const result = UserRoleUpdateSchema.parse(roleUpdate);
console.log('Valid role update:', result);
// Administrative role update endpoint
router.put('/users/:userId/role',
authenticateToken,
requireRole('admin'),
validate({
params: z.object({ userId: z.string().uuid() }),
body: UserRoleUpdateSchema
}),
async (req, res) => {
const { role } = req.body; // Validated role
const { userId } = req.params;
const adminId = req.user.id;
// Log administrative action for audit trail
await auditService.logRoleChange(adminId, userId, role);
const updatedUser = await userService.updateRole(userId, role);
res.json({
success: true,
user: updatedUser,
message: `User role updated to ${role}`
});
}
);
// Batch role updates for administrative efficiency
const batchRoleUpdate = async (userRoleUpdates: Array<{userId: string, role: string}>) => {
const validatedUpdates = userRoleUpdates.map(update => {
const validation = UserRoleUpdateSchema.safeParse({ role: update.role });
if (!validation.success) {
throw new ValidationError(`Invalid role for user ${update.userId}: ${update.role}`);
}
return { userId: update.userId, role: validation.data.role };
});
return await Promise.all(
validatedUpdates.map(update =>
userService.updateRole(update.userId, update.role)
)
);
};
// Role promotion workflow
const promoteToContentCreator = async (userId: string) => {
const roleUpdate = { role: 'content_creator' as const };
const validation = UserRoleUpdateSchema.safeParse(roleUpdate);
if (!validation.success) {
throw new Error('Invalid role promotion request');
}
// Check user eligibility for promotion
const user = await userService.findById(userId);
if (!user || user.role !== 'student') {
throw new Error('User not eligible for content creator promotion');
}
return await userService.updateRole(userId, validation.data.role);
};
// Administrative dashboard role management
const handleRoleChange = async (userId: string, newRole: string) => {
try {
const validation = UserRoleUpdateSchema.safeParse({ role: newRole });
if (!validation.success) {
return {
success: false,
error: 'Invalid role selected',
details: validation.error.errors
};
}
const updatedUser = await adminService.updateUserRole(userId, validation.data.role);
return {
success: true,
user: updatedUser,
message: `Role successfully updated to ${validation.data.role}`
};
} catch (error) {
return {
success: false,
error: 'Failed to update user role',
details: error.message
};
}
};
User role update validation schema for administrative user management
Specialized validation schema for administrative role management operations that allows authorized administrators to modify user roles within the platform. This schema enforces strict role validation to maintain security boundaries and prevent unauthorized privilege escalation while supporting legitimate administrative workflows for user management and access control.
The role update schema ensures security through strict role enumeration, prevents privilege escalation through comprehensive validation, supports administrative workflows through streamlined role assignment, and maintains audit trails through structured role change operations that can be logged and monitored for security compliance.
Administrative security features include role validation that prevents invalid role assignments, enumeration constraints that limit roles to valid platform roles, integration with authorization middleware that ensures only authorized administrators can perform role changes, and structured validation that supports comprehensive audit logging and security monitoring.
The schema supports the platform's role-based access control system by providing validated role assignments, ensuring consistent role management across all administrative interfaces, and maintaining security boundaries between different user privilege levels.