aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-01-23 09:15:36 +0100
committerChocobozzz <me@florianbigard.com>2018-01-23 09:49:57 +0100
commitf8b8c36b2a92bfee435747ab5a0283924be76281 (patch)
tree99e17a5c9413614071ae63d72e9b9557fc8cef43 /server/controllers
parent59c48d49c5f06a46c342b4e7f86fbd1ed9894bd6 (diff)
downloadPeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.gz
PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.zst
PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.zip
Destroy user token when changing its role
Diffstat (limited to 'server/controllers')
-rw-r--r--server/controllers/api/users.ts7
1 files changed, 7 insertions, 0 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index aced4639e..79bb2665d 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -19,6 +19,7 @@ import {
19import { usersUpdateMyAvatarValidator, videosSortValidator } from '../../middlewares/validators' 19import { usersUpdateMyAvatarValidator, videosSortValidator } from '../../middlewares/validators'
20import { AccountVideoRateModel } from '../../models/account/account-video-rate' 20import { AccountVideoRateModel } from '../../models/account/account-video-rate'
21import { UserModel } from '../../models/account/user' 21import { UserModel } from '../../models/account/user'
22import { OAuthTokenModel } from '../../models/oauth/oauth-token'
22import { VideoModel } from '../../models/video/video' 23import { VideoModel } from '../../models/video/video'
23 24
24const reqAvatarFile = createReqFiles('avatarfile', CONFIG.STORAGE.AVATARS_DIR, AVATAR_MIMETYPE_EXT) 25const reqAvatarFile = createReqFiles('avatarfile', CONFIG.STORAGE.AVATARS_DIR, AVATAR_MIMETYPE_EXT)
@@ -288,6 +289,7 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next
288async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { 289async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
289 const body: UserUpdate = req.body 290 const body: UserUpdate = req.body
290 const user = res.locals.user as UserModel 291 const user = res.locals.user as UserModel
292 const roleChanged = body.role !== undefined && body.role !== user.role
291 293
292 if (body.email !== undefined) user.email = body.email 294 if (body.email !== undefined) user.email = body.email
293 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota 295 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
@@ -295,6 +297,11 @@ async function updateUser (req: express.Request, res: express.Response, next: ex
295 297
296 await user.save() 298 await user.save()
297 299
300 // Destroy user token to refresh rights
301 if (roleChanged) {
302 await OAuthTokenModel.deleteUserToken(user.id)
303 }
304
298 // Don't need to send this update to followers, these attributes are not propagated 305 // Don't need to send this update to followers, these attributes are not propagated
299 306
300 return res.sendStatus(204) 307 return res.sendStatus(204)