X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fuser-right.ts;h=45dda4781211f9a5a85221bd47df989647fcda90;hb=12fa2a6a9ab3af53e2f9461ed36f8c0a3f88776f;hp=5bb5bdfbda5aaee10dcb6902be3bfaf730be9a8c;hpb=da854ddd502cd70685ef779c673b9e63757b8aa0;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts
index 5bb5bdfbd..45dda4781 100644
--- a/server/middlewares/user-right.ts
+++ b/server/middlewares/user-right.ts
@@ -1,15 +1,17 @@
 import * as express from 'express'
-import 'express-validator'
 import { UserRight } from '../../shared'
 import { logger } from '../helpers/logger'
-import { UserModel } from '../models/account/user'
+import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
 
 function ensureUserHasRight (userRight: UserRight) {
   return function (req: express.Request, res: express.Response, next: express.NextFunction) {
-    const user = res.locals.oauth.token.user as UserModel
+    const user = res.locals.oauth.token.user
     if (user.hasRight(userRight) === false) {
-      logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path)
-      return res.sendStatus(403)
+      const message = `User ${user.username} does not have right ${userRight} to access to ${req.path}.`
+      logger.info(message)
+
+      return res.status(HttpStatusCode.FORBIDDEN_403)
+                .json({ error: message })
     }
 
     return next()