X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fusers.ts;h=bc6007c6d45b6b4233489989398d877ecca7a364;hb=7b51ede977c299a74728171d8c124bcc4cbba6ea;hp=8f1a7801f351da4507b8ac9715f6a0fdc3d10995;hpb=978c87e7f58b6673fe60f04f1767bc9e02ea4936;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 8f1a7801f..bc6007c6d 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -3,7 +3,7 @@ import { body, param, query } from 'express-validator'
 import { omit } from 'lodash'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { MUserDefault } from '@server/types/models'
-import { HttpStatusCode, UserRegister, UserRole } from '@shared/models'
+import { HttpStatusCode, UserRegister, UserRight, UserRole } from '@shared/models'
 import { isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
 import { isThemeNameValid } from '../../helpers/custom-validators/plugins'
 import {
@@ -15,6 +15,7 @@ import {
   isUserDisplayNameValid,
   isUserNoModal,
   isUserNSFWPolicyValid,
+  isUserP2PEnabledValid,
   isUserPasswordValid,
   isUserPasswordValidOrEmpty,
   isUserRoleValid,
@@ -239,6 +240,9 @@ const usersUpdateMeValidator = [
   body('autoPlayVideo')
     .optional()
     .custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
+  body('p2pEnabled')
+    .optional()
+    .custom(isUserP2PEnabledValid).withMessage('Should have a valid p2p enabled boolean'),
   body('videoLanguages')
     .optional()
     .custom(isUserVideoLanguages).withMessage('Should have a valid video languages attribute'),
@@ -330,7 +334,7 @@ const usersVideosValidator = [
     .custom(isIdValid).withMessage('Should have a valid channel id'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking usersVideosValidator parameters', { parameters: req.params })
+    logger.debug('Checking usersVideosValidator parameters', { parameters: req.query })
 
     if (areValidationErrors(req, res)) return
 
@@ -490,14 +494,17 @@ const ensureAuthUserOwnsAccountValidator = [
   }
 ]
 
-const ensureAuthUserOwnsChannelValidator = [
+const ensureCanManageChannel = [
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    const user = res.locals.oauth.token.User
+    const user = res.locals.oauth.token.user
+    const isUserOwner = res.locals.videoChannel.Account.userId === user.id
+
+    if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
+      const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
 
-    if (res.locals.videoChannel.Account.userId !== user.id) {
       return res.fail({
         status: HttpStatusCode.FORBIDDEN_403,
-        message: 'Only owner of this video channel can access this ressource'
+        message
       })
     }
 
@@ -542,8 +549,8 @@ export {
   usersVerifyEmailValidator,
   userAutocompleteValidator,
   ensureAuthUserOwnsAccountValidator,
-  ensureAuthUserOwnsChannelValidator,
-  ensureCanManageUser
+  ensureCanManageUser,
+  ensureCanManageChannel
 }
 
 // ---------------------------------------------------------------------------