diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 16:55:03 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 16:55:03 +0200 |
commit | 954605a804da399317ca62afa2fb9244afa11ebf (patch) | |
tree | de6ee69280bfb928bc01c29430e13d5b820e921a /server/middlewares/validators/videos.ts | |
parent | e02573ad67626210ed279bad321ee139094921a1 (diff) | |
download | PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.gz PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.zst PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.zip |
Support roles with rights and add moderator role
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos.ts | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index a032d14ce..0c07404c5 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -22,6 +22,7 @@ import { | |||
22 | checkVideoExists, | 22 | checkVideoExists, |
23 | isIdValid | 23 | isIdValid |
24 | } from '../../helpers' | 24 | } from '../../helpers' |
25 | import { UserRight } from '../../../shared' | ||
25 | 26 | ||
26 | const videosAddValidator = [ | 27 | const videosAddValidator = [ |
27 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( | 28 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( |
@@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
231 | // Check if the user can delete the video | 232 | // Check if the user can delete the video |
232 | // The user can delete it if s/he is an admin | 233 | // The user can delete it if s/he is an admin |
233 | // Or if s/he is the video's author | 234 | // Or if s/he is the video's author |
234 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 235 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
235 | return res.status(403) | 236 | return res.status(403) |
236 | .json({ error: 'Cannot remove video of another user' }) | 237 | .json({ error: 'Cannot remove video of another user' }) |
237 | .end() | 238 | .end() |