diff options
| author | kontrollanten <6680299+kontrollanten@users.noreply.github.com> | 2021-12-13 15:29:13 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-13 15:29:13 +0100 |
| commit | a37e9e74ff07b057370d1ed6c0b391a02be8a6d2 (patch) | |
| tree | 30d59e12518149a309bbd10bee1485f8be523c75 /server/controllers/api | |
| parent | 11e520b50d791a0dd48cbb2d0fc681b25eb7cd53 (diff) | |
| download | PeerTube-a37e9e74ff07b057370d1ed6c0b391a02be8a6d2.tar.gz PeerTube-a37e9e74ff07b057370d1ed6c0b391a02be8a6d2.tar.zst PeerTube-a37e9e74ff07b057370d1ed6c0b391a02be8a6d2.zip | |
Give moderators access to edit channels (#4608)
* give admins access to edit all channels
closes #4598
* test(channels): +admin update another users channel
* Fix tests
* fix(server): delete another users channel
Since the channel owner isn't necessary the auth user we need to check
the right account whether it's the last video or not.
* REMOVE_ANY_VIDEO_CHANNEL > MANAGE_ANY_VIDEO_CHANNEL
Merge REMOVE_ANY_VIDEO_CHANNEL and MANY_VIDEO_CHANNELS to
MANAGE_ANY_VIDEO_CHANNEL.
* user-right: moderator can't manage admins channel
* client: MyVideoChannelCreateComponent > VideoChannelCreateComponent
* client: MyVideoChannelEdit > VideoChannelEdit
* Revert "user-right: moderator can't manage admins channel"
This reverts commit 2c627c154e2bfe6af2e0f45efb27faf4117572f3.
* server: clean dupl validator functionality
* fix ensureUserCanManageChannel usage
It's not async anymore.
* server: merge channel validator middleares
ensureAuthUserOwnsChannelValidator & ensureUserCanManageChannel gets
merged into one middleware.
* client(VideoChannelEdit): redirect to prev route
* fix(VideoChannels): handle anon users
* client: new routes for create/update channel
* Refactor channel validators
Co-authored-by: Chocobozzz <me@florianbigard.com>
Diffstat (limited to 'server/controllers/api')
| -rw-r--r-- | server/controllers/api/video-channel.ts | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/server/controllers/api/video-channel.ts b/server/controllers/api/video-channel.ts index d1a1e6473..abb777e08 100644 --- a/server/controllers/api/video-channel.ts +++ b/server/controllers/api/video-channel.ts | |||
| @@ -24,6 +24,7 @@ import { | |||
| 24 | asyncRetryTransactionMiddleware, | 24 | asyncRetryTransactionMiddleware, |
| 25 | authenticate, | 25 | authenticate, |
| 26 | commonVideosFiltersValidator, | 26 | commonVideosFiltersValidator, |
| 27 | ensureCanManageChannel, | ||
| 27 | optionalAuthenticate, | 28 | optionalAuthenticate, |
| 28 | paginationValidator, | 29 | paginationValidator, |
| 29 | setDefaultPagination, | 30 | setDefaultPagination, |
| @@ -36,7 +37,7 @@ import { | |||
| 36 | videoPlaylistsSortValidator | 37 | videoPlaylistsSortValidator |
| 37 | } from '../../middlewares' | 38 | } from '../../middlewares' |
| 38 | import { | 39 | import { |
| 39 | ensureAuthUserOwnsChannelValidator, | 40 | ensureIsLocalChannel, |
| 40 | videoChannelsFollowersSortValidator, | 41 | videoChannelsFollowersSortValidator, |
| 41 | videoChannelsListValidator, | 42 | videoChannelsListValidator, |
| 42 | videoChannelsNameWithHostValidator, | 43 | videoChannelsNameWithHostValidator, |
| @@ -74,7 +75,8 @@ videoChannelRouter.post('/:nameWithHost/avatar/pick', | |||
| 74 | authenticate, | 75 | authenticate, |
| 75 | reqAvatarFile, | 76 | reqAvatarFile, |
| 76 | asyncMiddleware(videoChannelsNameWithHostValidator), | 77 | asyncMiddleware(videoChannelsNameWithHostValidator), |
| 77 | ensureAuthUserOwnsChannelValidator, | 78 | ensureIsLocalChannel, |
| 79 | ensureCanManageChannel, | ||
| 78 | updateAvatarValidator, | 80 | updateAvatarValidator, |
| 79 | asyncMiddleware(updateVideoChannelAvatar) | 81 | asyncMiddleware(updateVideoChannelAvatar) |
| 80 | ) | 82 | ) |
| @@ -83,7 +85,8 @@ videoChannelRouter.post('/:nameWithHost/banner/pick', | |||
| 83 | authenticate, | 85 | authenticate, |
| 84 | reqBannerFile, | 86 | reqBannerFile, |
| 85 | asyncMiddleware(videoChannelsNameWithHostValidator), | 87 | asyncMiddleware(videoChannelsNameWithHostValidator), |
| 86 | ensureAuthUserOwnsChannelValidator, | 88 | ensureIsLocalChannel, |
| 89 | ensureCanManageChannel, | ||
| 87 | updateBannerValidator, | 90 | updateBannerValidator, |
| 88 | asyncMiddleware(updateVideoChannelBanner) | 91 | asyncMiddleware(updateVideoChannelBanner) |
| 89 | ) | 92 | ) |
| @@ -91,27 +94,33 @@ videoChannelRouter.post('/:nameWithHost/banner/pick', | |||
| 91 | videoChannelRouter.delete('/:nameWithHost/avatar', | 94 | videoChannelRouter.delete('/:nameWithHost/avatar', |
| 92 | authenticate, | 95 | authenticate, |
| 93 | asyncMiddleware(videoChannelsNameWithHostValidator), | 96 | asyncMiddleware(videoChannelsNameWithHostValidator), |
| 94 | ensureAuthUserOwnsChannelValidator, | 97 | ensureIsLocalChannel, |
| 98 | ensureCanManageChannel, | ||
| 95 | asyncMiddleware(deleteVideoChannelAvatar) | 99 | asyncMiddleware(deleteVideoChannelAvatar) |
| 96 | ) | 100 | ) |
| 97 | 101 | ||
| 98 | videoChannelRouter.delete('/:nameWithHost/banner', | 102 | videoChannelRouter.delete('/:nameWithHost/banner', |
| 99 | authenticate, | 103 | authenticate, |
| 100 | asyncMiddleware(videoChannelsNameWithHostValidator), | 104 | asyncMiddleware(videoChannelsNameWithHostValidator), |
| 101 | ensureAuthUserOwnsChannelValidator, | 105 | ensureIsLocalChannel, |
| 106 | ensureCanManageChannel, | ||
| 102 | asyncMiddleware(deleteVideoChannelBanner) | 107 | asyncMiddleware(deleteVideoChannelBanner) |
| 103 | ) | 108 | ) |
| 104 | 109 | ||
| 105 | videoChannelRouter.put('/:nameWithHost', | 110 | videoChannelRouter.put('/:nameWithHost', |
| 106 | authenticate, | 111 | authenticate, |
| 107 | asyncMiddleware(videoChannelsNameWithHostValidator), | 112 | asyncMiddleware(videoChannelsNameWithHostValidator), |
| 108 | ensureAuthUserOwnsChannelValidator, | 113 | ensureIsLocalChannel, |
| 114 | ensureCanManageChannel, | ||
| 109 | videoChannelsUpdateValidator, | 115 | videoChannelsUpdateValidator, |
| 110 | asyncRetryTransactionMiddleware(updateVideoChannel) | 116 | asyncRetryTransactionMiddleware(updateVideoChannel) |
| 111 | ) | 117 | ) |
| 112 | 118 | ||
| 113 | videoChannelRouter.delete('/:nameWithHost', | 119 | videoChannelRouter.delete('/:nameWithHost', |
| 114 | authenticate, | 120 | authenticate, |
| 121 | asyncMiddleware(videoChannelsNameWithHostValidator), | ||
| 122 | ensureIsLocalChannel, | ||
| 123 | ensureCanManageChannel, | ||
| 115 | asyncMiddleware(videoChannelsRemoveValidator), | 124 | asyncMiddleware(videoChannelsRemoveValidator), |
| 116 | asyncRetryTransactionMiddleware(removeVideoChannel) | 125 | asyncRetryTransactionMiddleware(removeVideoChannel) |
| 117 | ) | 126 | ) |
| @@ -145,7 +154,7 @@ videoChannelRouter.get('/:nameWithHost/videos', | |||
| 145 | videoChannelRouter.get('/:nameWithHost/followers', | 154 | videoChannelRouter.get('/:nameWithHost/followers', |
| 146 | authenticate, | 155 | authenticate, |
| 147 | asyncMiddleware(videoChannelsNameWithHostValidator), | 156 | asyncMiddleware(videoChannelsNameWithHostValidator), |
| 148 | ensureAuthUserOwnsChannelValidator, | 157 | ensureCanManageChannel, |
| 149 | paginationValidator, | 158 | paginationValidator, |
| 150 | videoChannelsFollowersSortValidator, | 159 | videoChannelsFollowersSortValidator, |
| 151 | setDefaultSort, | 160 | setDefaultSort, |