diff options
| author | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 16:55:03 +0200 |
|---|---|---|
| committer | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 16:55:03 +0200 |
| commit | 954605a804da399317ca62afa2fb9244afa11ebf (patch) | |
| tree | de6ee69280bfb928bc01c29430e13d5b820e921a /server/middlewares/user-right.ts | |
| parent | e02573ad67626210ed279bad321ee139094921a1 (diff) | |
| download | PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.gz PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.zst PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.zip | |
Support roles with rights and add moderator role
Diffstat (limited to 'server/middlewares/user-right.ts')
| -rw-r--r-- | server/middlewares/user-right.ts | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts new file mode 100644 index 000000000..bcebe9d7f --- /dev/null +++ b/server/middlewares/user-right.ts | |||
| @@ -0,0 +1,24 @@ | |||
| 1 | import 'express-validator' | ||
| 2 | import * as express from 'express' | ||
| 3 | |||
| 4 | import { UserInstance } from '../models' | ||
| 5 | import { UserRight } from '../../shared' | ||
| 6 | import { logger } from '../helpers' | ||
| 7 | |||
| 8 | function ensureUserHasRight (userRight: UserRight) { | ||
| 9 | return function (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
| 10 | const user: UserInstance = res.locals.oauth.token.user | ||
| 11 | if (user.hasRight(userRight) === false) { | ||
| 12 | logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path) | ||
| 13 | return res.sendStatus(403) | ||
| 14 | } | ||
| 15 | |||
| 16 | return next() | ||
| 17 | } | ||
| 18 | } | ||
| 19 | |||
| 20 | // --------------------------------------------------------------------------- | ||
| 21 | |||
| 22 | export { | ||
| 23 | ensureUserHasRight | ||
| 24 | } | ||