import { omit } from 'lodash'
import { Hooks } from '@server/lib/plugins/hooks'
import { MUserDefault } from '@server/types/models'
-import { HttpStatusCode, UserRegister, UserRole } from '@shared/models'
+import { HttpStatusCode, UserRegister, UserRight, UserRole } from '@shared/models'
import { isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
import { isThemeNameValid } from '../../helpers/custom-validators/plugins'
import {
isUserDisplayNameValid,
isUserNoModal,
isUserNSFWPolicyValid,
+ isUserP2PEnabledValid,
isUserPasswordValid,
isUserPasswordValidOrEmpty,
isUserRoleValid,
body('autoPlayVideo')
.optional()
.custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
+ body('p2pEnabled')
+ .optional()
+ .custom(isUserP2PEnabledValid).withMessage('Should have a valid p2p enabled boolean'),
body('videoLanguages')
.optional()
.custom(isUserVideoLanguages).withMessage('Should have a valid video languages attribute'),
}
]
-const ensureAuthUserOwnsChannelValidator = [
+const ensureCanManageChannel = [
(req: express.Request, res: express.Response, next: express.NextFunction) => {
- const user = res.locals.oauth.token.User
+ const user = res.locals.oauth.token.user
+ const isUserOwner = res.locals.videoChannel.Account.userId === user.id
+
+ if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
+ const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
- if (res.locals.videoChannel.Account.userId !== user.id) {
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
- message: 'Only owner of this video channel can access this ressource'
+ message
})
}
usersVerifyEmailValidator,
userAutocompleteValidator,
ensureAuthUserOwnsAccountValidator,
- ensureAuthUserOwnsChannelValidator,
- ensureCanManageUser
+ ensureCanManageUser,
+ ensureCanManageChannel
}
// ---------------------------------------------------------------------------