aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/videos.ts
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2017-10-27 16:55:03 +0200
committerChocobozzz <florian.bigard@gmail.com>2017-10-27 16:55:03 +0200
commit954605a804da399317ca62afa2fb9244afa11ebf (patch)
treede6ee69280bfb928bc01c29430e13d5b820e921a /server/middlewares/validators/videos.ts
parente02573ad67626210ed279bad321ee139094921a1 (diff)
downloadPeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.gz
PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.zst
PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.zip
Support roles with rights and add moderator role
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r--server/middlewares/validators/videos.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index a032d14ce..0c07404c5 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -22,6 +22,7 @@ import {
22 checkVideoExists, 22 checkVideoExists,
23 isIdValid 23 isIdValid
24} from '../../helpers' 24} from '../../helpers'
25import { UserRight } from '../../../shared'
25 26
26const videosAddValidator = [ 27const videosAddValidator = [
27 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( 28 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
@@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac
231 // Check if the user can delete the video 232 // Check if the user can delete the video
232 // The user can delete it if s/he is an admin 233 // The user can delete it if s/he is an admin
233 // Or if s/he is the video's author 234 // Or if s/he is the video's author
234 if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { 235 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
235 return res.status(403) 236 return res.status(403)
236 .json({ error: 'Cannot remove video of another user' }) 237 .json({ error: 'Cannot remove video of another user' })
237 .end() 238 .end()