diff options
author | Chocobozzz <me@florianbigard.com> | 2018-01-23 09:15:36 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-01-23 09:49:57 +0100 |
commit | f8b8c36b2a92bfee435747ab5a0283924be76281 (patch) | |
tree | 99e17a5c9413614071ae63d72e9b9557fc8cef43 /server/controllers/api/users.ts | |
parent | 59c48d49c5f06a46c342b4e7f86fbd1ed9894bd6 (diff) | |
download | PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.gz PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.zst PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.zip |
Destroy user token when changing its role
Diffstat (limited to 'server/controllers/api/users.ts')
-rw-r--r-- | server/controllers/api/users.ts | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index aced4639e..79bb2665d 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts | |||
@@ -19,6 +19,7 @@ import { | |||
19 | import { usersUpdateMyAvatarValidator, videosSortValidator } from '../../middlewares/validators' | 19 | import { usersUpdateMyAvatarValidator, videosSortValidator } from '../../middlewares/validators' |
20 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' | 20 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' |
21 | import { UserModel } from '../../models/account/user' | 21 | import { UserModel } from '../../models/account/user' |
22 | import { OAuthTokenModel } from '../../models/oauth/oauth-token' | ||
22 | import { VideoModel } from '../../models/video/video' | 23 | import { VideoModel } from '../../models/video/video' |
23 | 24 | ||
24 | const reqAvatarFile = createReqFiles('avatarfile', CONFIG.STORAGE.AVATARS_DIR, AVATAR_MIMETYPE_EXT) | 25 | const reqAvatarFile = createReqFiles('avatarfile', CONFIG.STORAGE.AVATARS_DIR, AVATAR_MIMETYPE_EXT) |
@@ -288,6 +289,7 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next | |||
288 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 289 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { |
289 | const body: UserUpdate = req.body | 290 | const body: UserUpdate = req.body |
290 | const user = res.locals.user as UserModel | 291 | const user = res.locals.user as UserModel |
292 | const roleChanged = body.role !== undefined && body.role !== user.role | ||
291 | 293 | ||
292 | if (body.email !== undefined) user.email = body.email | 294 | if (body.email !== undefined) user.email = body.email |
293 | if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota | 295 | if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota |
@@ -295,6 +297,11 @@ async function updateUser (req: express.Request, res: express.Response, next: ex | |||
295 | 297 | ||
296 | await user.save() | 298 | await user.save() |
297 | 299 | ||
300 | // Destroy user token to refresh rights | ||
301 | if (roleChanged) { | ||
302 | await OAuthTokenModel.deleteUserToken(user.id) | ||
303 | } | ||
304 | |||
298 | // Don't need to send this update to followers, these attributes are not propagated | 305 | // Don't need to send this update to followers, these attributes are not propagated |
299 | 306 | ||
300 | return res.sendStatus(204) | 307 | return res.sendStatus(204) |