]>
Commit | Line | Data |
---|---|---|
954605a8 | 1 | import * as express from 'express' |
3fd3ab2d | 2 | import 'express-validator' |
954605a8 C |
3 | import { UserRight } from '../../shared' |
4 | import { logger } from '../helpers' | |
3fd3ab2d | 5 | import { UserModel } from '../models/account/user' |
954605a8 C |
6 | |
7 | function ensureUserHasRight (userRight: UserRight) { | |
8 | return function (req: express.Request, res: express.Response, next: express.NextFunction) { | |
3fd3ab2d | 9 | const user = res.locals.oauth.token.user as UserModel |
954605a8 C |
10 | if (user.hasRight(userRight) === false) { |
11 | logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path) | |
12 | return res.sendStatus(403) | |
13 | } | |
14 | ||
15 | return next() | |
16 | } | |
17 | } | |
18 | ||
19 | // --------------------------------------------------------------------------- | |
20 | ||
21 | export { | |
22 | ensureUserHasRight | |
23 | } |