import { ActorFollowModel } from '@server/models/actor/actor-follow'
import { getServerActor } from '@server/models/application/application'
import { guessAdditionalAttributesFromQuery } from '@server/models/video/formatter/video-format-utils'
+import { VideoChannelSyncModel } from '@server/models/video/video-channel-sync'
import { buildNSFWFilter, getCountVideos, isUserAbleToSearchRemoteURI } from '../../helpers/express-utils'
import { getFormattedObjects } from '../../helpers/utils'
import { JobQueue } from '../../lib/job-queue'
accountsFollowersSortValidator,
accountsSortValidator,
ensureAuthUserOwnsAccountValidator,
- ensureCanManageUser,
+ ensureCanManageChannelOrAccount,
videoChannelsSortValidator,
videoChannelStatsValidator,
videoChannelSyncsSortValidator,
import { VideoModel } from '../../models/video/video'
import { VideoChannelModel } from '../../models/video/video-channel'
import { VideoPlaylistModel } from '../../models/video/video-playlist'
-import { VideoChannelSyncModel } from '@server/models/video/video-channel-sync'
const accountsRouter = express.Router()
accountsRouter.get('/:accountName/video-channel-syncs',
authenticate,
asyncMiddleware(accountNameWithHostGetValidator),
- ensureCanManageUser,
+ ensureCanManageChannelOrAccount,
paginationValidator,
videoChannelSyncsSortValidator,
setDefaultSort,
usersUpdateValidator
} from '../../../middlewares'
import {
- ensureCanManageUser,
+ ensureCanModerateUser,
usersAskResetPasswordValidator,
usersAskSendVerifyEmailValidator,
usersBlockingValidator,
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersBlockingValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(blockUser)
)
usersRouter.post('/:id/unblock',
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersBlockingValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(unblockUser)
)
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersUpdateValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(updateUser)
)
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
asyncMiddleware(usersRemoveValidator),
- ensureCanManageUser,
+ ensureCanModerateUser,
asyncMiddleware(removeUser)
)
asyncMiddleware,
asyncRetryTransactionMiddleware,
authenticate,
- ensureCanManageChannel as ensureCanManageSyncedChannel,
+ ensureCanManageChannelOrAccount,
ensureSyncExists,
ensureSyncIsEnabled,
videoChannelSyncValidator
authenticate,
ensureSyncIsEnabled,
asyncMiddleware(videoChannelSyncValidator),
- ensureCanManageSyncedChannel,
+ ensureCanManageChannelOrAccount,
asyncRetryTransactionMiddleware(createVideoChannelSync)
)
videoChannelSyncRouter.delete('/:id',
authenticate,
asyncMiddleware(ensureSyncExists),
- ensureCanManageSyncedChannel,
+ ensureCanManageChannelOrAccount,
asyncRetryTransactionMiddleware(removeVideoChannelSync)
)
asyncRetryTransactionMiddleware,
authenticate,
commonVideosFiltersValidator,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
optionalAuthenticate,
paginationValidator,
setDefaultPagination,
reqAvatarFile,
asyncMiddleware(videoChannelsNameWithHostValidator),
ensureIsLocalChannel,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
updateAvatarValidator,
asyncMiddleware(updateVideoChannelAvatar)
)
reqBannerFile,
asyncMiddleware(videoChannelsNameWithHostValidator),
ensureIsLocalChannel,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
updateBannerValidator,
asyncMiddleware(updateVideoChannelBanner)
)
authenticate,
asyncMiddleware(videoChannelsNameWithHostValidator),
ensureIsLocalChannel,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
asyncMiddleware(deleteVideoChannelAvatar)
)
authenticate,
asyncMiddleware(videoChannelsNameWithHostValidator),
ensureIsLocalChannel,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
asyncMiddleware(deleteVideoChannelBanner)
)
authenticate,
asyncMiddleware(videoChannelsNameWithHostValidator),
ensureIsLocalChannel,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
videoChannelsUpdateValidator,
asyncRetryTransactionMiddleware(updateVideoChannel)
)
authenticate,
asyncMiddleware(videoChannelsNameWithHostValidator),
ensureIsLocalChannel,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
asyncMiddleware(videoChannelsRemoveValidator),
asyncRetryTransactionMiddleware(removeVideoChannel)
)
videoChannelRouter.get('/:nameWithHost/followers',
authenticate,
asyncMiddleware(videoChannelsNameWithHostValidator),
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
paginationValidator,
videoChannelsFollowersSortValidator,
setDefaultSort,
asyncMiddleware(videoChannelsNameWithHostValidator),
asyncMiddleware(videoChannelImportVideosValidator),
ensureIsLocalChannel,
- ensureCanManageChannel,
+ ensureCanManageChannelOrAccount,
asyncMiddleware(ensureChannelOwnerCanUpload),
asyncMiddleware(importVideosInChannel)
)
}
]
-const ensureCanManageChannel = [
+const ensureCanManageChannelOrAccount = [
(req: express.Request, res: express.Response, next: express.NextFunction) => {
const user = res.locals.oauth.token.user
- const isUserOwner = res.locals.videoChannel.Account.userId === user.id
+ const account = res.locals.videoChannel?.Account ?? res.locals.account
+ const isUserOwner = account.userId === user.id
if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
- const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
+ const message = `User ${user.username} does not have right this channel or account.`
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
}
]
-const ensureCanManageUser = [
+const ensureCanModerateUser = [
(req: express.Request, res: express.Response, next: express.NextFunction) => {
const authUser = res.locals.oauth.token.User
const onUser = res.locals.user
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
- message: 'A moderator can only manager users.'
+ message: 'A moderator can only manage users.'
})
}
]
usersVerifyEmailValidator,
userAutocompleteValidator,
ensureAuthUserOwnsAccountValidator,
- ensureCanManageUser,
- ensureCanManageChannel
+ ensureCanModerateUser,
+ ensureCanManageChannelOrAccount
}
// ---------------------------------------------------------------------------