]>
Commit | Line | Data |
---|---|---|
954605a8 C |
1 | import 'express-validator' |
2 | import * as express from 'express' | |
3 | ||
4 | import { UserInstance } from '../models' | |
5 | import { UserRight } from '../../shared' | |
6 | import { logger } from '../helpers' | |
7 | ||
8 | function ensureUserHasRight (userRight: UserRight) { | |
9 | return function (req: express.Request, res: express.Response, next: express.NextFunction) { | |
10 | const user: UserInstance = res.locals.oauth.token.user | |
11 | if (user.hasRight(userRight) === false) { | |
12 | logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path) | |
13 | return res.sendStatus(403) | |
14 | } | |
15 | ||
16 | return next() | |
17 | } | |
18 | } | |
19 | ||
20 | // --------------------------------------------------------------------------- | |
21 | ||
22 | export { | |
23 | ensureUserHasRight | |
24 | } |