aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2017-10-27 16:55:03 +0200
committerChocobozzz <florian.bigard@gmail.com>2017-10-27 16:55:03 +0200
commit954605a804da399317ca62afa2fb9244afa11ebf (patch)
treede6ee69280bfb928bc01c29430e13d5b820e921a /server/middlewares/validators
parente02573ad67626210ed279bad321ee139094921a1 (diff)
downloadPeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.gz
PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.zst
PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.zip
Support roles with rights and add moderator role
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/users.ts5
-rw-r--r--server/middlewares/validators/video-channels.ts6
-rw-r--r--server/middlewares/validators/videos.ts3
3 files changed, 10 insertions, 4 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 1a33cfd8c..0b463acc0 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -13,7 +13,8 @@ import {
13 isUserPasswordValid, 13 isUserPasswordValid,
14 isUserVideoQuotaValid, 14 isUserVideoQuotaValid,
15 isUserDisplayNSFWValid, 15 isUserDisplayNSFWValid,
16 isIdOrUUIDValid 16 isIdOrUUIDValid,
17 isUserRoleValid
17} from '../../helpers' 18} from '../../helpers'
18import { UserInstance, VideoInstance } from '../../models' 19import { UserInstance, VideoInstance } from '../../models'
19 20
@@ -22,6 +23,7 @@ const usersAddValidator = [
22 body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), 23 body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
23 body('email').isEmail().withMessage('Should have a valid email'), 24 body('email').isEmail().withMessage('Should have a valid email'),
24 body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), 25 body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
26 body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
25 27
26 (req: express.Request, res: express.Response, next: express.NextFunction) => { 28 (req: express.Request, res: express.Response, next: express.NextFunction) => {
27 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 29 logger.debug('Checking usersAdd parameters', { parameters: req.body })
@@ -75,6 +77,7 @@ const usersUpdateValidator = [
75 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), 77 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
76 body('email').optional().isEmail().withMessage('Should have a valid email attribute'), 78 body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
77 body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), 79 body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
80 body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
78 81
79 (req: express.Request, res: express.Response, next: express.NextFunction) => { 82 (req: express.Request, res: express.Response, next: express.NextFunction) => {
80 logger.debug('Checking usersUpdate parameters', { parameters: req.body }) 83 logger.debug('Checking usersUpdate parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts
index 979fbd34a..7d611728b 100644
--- a/server/middlewares/validators/video-channels.ts
+++ b/server/middlewares/validators/video-channels.ts
@@ -11,6 +11,8 @@ import {
11 checkVideoChannelExists, 11 checkVideoChannelExists,
12 checkVideoAuthorExists 12 checkVideoAuthorExists
13} from '../../helpers' 13} from '../../helpers'
14import { UserInstance } from '../../models'
15import { UserRight } from '../../../shared'
14 16
15const listVideoAuthorChannelsValidator = [ 17const listVideoAuthorChannelsValidator = [
16 param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), 18 param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'),
@@ -106,7 +108,7 @@ export {
106// --------------------------------------------------------------------------- 108// ---------------------------------------------------------------------------
107 109
108function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { 110function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
109 const user = res.locals.oauth.token.User 111 const user: UserInstance = res.locals.oauth.token.User
110 112
111 // Retrieve the user who did the request 113 // Retrieve the user who did the request
112 if (res.locals.videoChannel.isOwned() === false) { 114 if (res.locals.videoChannel.isOwned() === false) {
@@ -118,7 +120,7 @@ function checkUserCanDeleteVideoChannel (res: express.Response, callback: () =>
118 // Check if the user can delete the video channel 120 // Check if the user can delete the video channel
119 // The user can delete it if s/he is an admin 121 // The user can delete it if s/he is an admin
120 // Or if s/he is the video channel's author 122 // Or if s/he is the video channel's author
121 if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { 123 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Author.userId !== user.id) {
122 return res.status(403) 124 return res.status(403)
123 .json({ error: 'Cannot remove video channel of another user' }) 125 .json({ error: 'Cannot remove video channel of another user' })
124 .end() 126 .end()
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index a032d14ce..0c07404c5 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -22,6 +22,7 @@ import {
22 checkVideoExists, 22 checkVideoExists,
23 isIdValid 23 isIdValid
24} from '../../helpers' 24} from '../../helpers'
25import { UserRight } from '../../../shared'
25 26
26const videosAddValidator = [ 27const videosAddValidator = [
27 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( 28 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
@@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac
231 // Check if the user can delete the video 232 // Check if the user can delete the video
232 // The user can delete it if s/he is an admin 233 // The user can delete it if s/he is an admin
233 // Or if s/he is the video's author 234 // Or if s/he is the video's author
234 if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { 235 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
235 return res.status(403) 236 return res.status(403)
236 .json({ error: 'Cannot remove video of another user' }) 237 .json({ error: 'Cannot remove video of another user' })
237 .end() 238 .end()