aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/users.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-08-22 10:59:14 +0200
committerChocobozzz <me@florianbigard.com>2019-08-22 10:59:14 +0200
commitdea16773dfcc4e38e48c2980731af6e2a17a7aa6 (patch)
tree7751f43e3e827bf3c3bb13ff08f194b58e846378 /server/middlewares/validators/users.ts
parent015d9dec91ecb7a17e4e79407d187aac8a19206d (diff)
downloadPeerTube-dea16773dfcc4e38e48c2980731af6e2a17a7aa6.tar.gz
PeerTube-dea16773dfcc4e38e48c2980731af6e2a17a7aa6.tar.zst
PeerTube-dea16773dfcc4e38e48c2980731af6e2a17a7aa6.zip
Fix user creation by moderators
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r--server/middlewares/validators/users.ts11
1 files changed, 8 insertions, 3 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 16d297047..8ee2ec1f5 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -38,7 +38,9 @@ const usersAddValidator = [
38 body('email').isEmail().withMessage('Should have a valid email'), 38 body('email').isEmail().withMessage('Should have a valid email'),
39 body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), 39 body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
40 body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), 40 body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
41 body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), 41 body('role')
42 .customSanitizer(toIntOrNull)
43 .custom(isUserRoleValid).withMessage('Should have a valid role'),
42 body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), 44 body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
43 45
44 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 46 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -50,7 +52,7 @@ const usersAddValidator = [
50 const authUser = res.locals.oauth.token.User 52 const authUser = res.locals.oauth.token.User
51 if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { 53 if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) {
52 return res.status(403) 54 return res.status(403)
53 .json({ error: 'You can only create users (and not administrators or moderators' }) 55 .json({ error: 'You can only create users (and not administrators or moderators)' })
54 } 56 }
55 57
56 return next() 58 return next()
@@ -160,7 +162,10 @@ const usersUpdateValidator = [
160 body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), 162 body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'),
161 body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), 163 body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
162 body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), 164 body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
163 body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), 165 body('role')
166 .optional()
167 .customSanitizer(toIntOrNull)
168 .custom(isUserRoleValid).withMessage('Should have a valid role'),
164 body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), 169 body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
165 170
166 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 171 async (req: express.Request, res: express.Response, next: express.NextFunction) => {