.end()
}
- const user= res.locals.oauth.token.User
+ const user = res.locals.oauth.token.User
if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
return res.status(401)
.send({ error: 'currentPassword is invalid.' })
param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
]
+const ensureAuthUserOwnsAccountValidator = [
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const user = res.locals.oauth.token.User
+
+ if (res.locals.account.id !== user.Account.id) {
+ return res.status(403)
+ .send({ error: 'Only owner can access ratings list.' })
+ .end()
+ }
+
+ return next()
+ }
+]
+
// ---------------------------------------------------------------------------
export {
usersResetPasswordValidator,
usersAskSendVerifyEmailValidator,
usersVerifyEmailValidator,
- userAutocompleteValidator
+ userAutocompleteValidator,
+ ensureAuthUserOwnsAccountValidator
}
// ---------------------------------------------------------------------------