diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 16:55:03 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 16:55:03 +0200 |
commit | 954605a804da399317ca62afa2fb9244afa11ebf (patch) | |
tree | de6ee69280bfb928bc01c29430e13d5b820e921a /server/middlewares/validators | |
parent | e02573ad67626210ed279bad321ee139094921a1 (diff) | |
download | PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.gz PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.tar.zst PeerTube-954605a804da399317ca62afa2fb9244afa11ebf.zip |
Support roles with rights and add moderator role
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/users.ts | 5 | ||||
-rw-r--r-- | server/middlewares/validators/video-channels.ts | 6 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 3 |
3 files changed, 10 insertions, 4 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 1a33cfd8c..0b463acc0 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -13,7 +13,8 @@ import { | |||
13 | isUserPasswordValid, | 13 | isUserPasswordValid, |
14 | isUserVideoQuotaValid, | 14 | isUserVideoQuotaValid, |
15 | isUserDisplayNSFWValid, | 15 | isUserDisplayNSFWValid, |
16 | isIdOrUUIDValid | 16 | isIdOrUUIDValid, |
17 | isUserRoleValid | ||
17 | } from '../../helpers' | 18 | } from '../../helpers' |
18 | import { UserInstance, VideoInstance } from '../../models' | 19 | import { UserInstance, VideoInstance } from '../../models' |
19 | 20 | ||
@@ -22,6 +23,7 @@ const usersAddValidator = [ | |||
22 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), | 23 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), |
23 | body('email').isEmail().withMessage('Should have a valid email'), | 24 | body('email').isEmail().withMessage('Should have a valid email'), |
24 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 25 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
26 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
25 | 27 | ||
26 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 28 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
27 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 29 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) |
@@ -75,6 +77,7 @@ const usersUpdateValidator = [ | |||
75 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | 77 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
76 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), | 78 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), |
77 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 79 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
80 | body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
78 | 81 | ||
79 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 82 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
80 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | 83 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) |
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index 979fbd34a..7d611728b 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts | |||
@@ -11,6 +11,8 @@ import { | |||
11 | checkVideoChannelExists, | 11 | checkVideoChannelExists, |
12 | checkVideoAuthorExists | 12 | checkVideoAuthorExists |
13 | } from '../../helpers' | 13 | } from '../../helpers' |
14 | import { UserInstance } from '../../models' | ||
15 | import { UserRight } from '../../../shared' | ||
14 | 16 | ||
15 | const listVideoAuthorChannelsValidator = [ | 17 | const listVideoAuthorChannelsValidator = [ |
16 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), | 18 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), |
@@ -106,7 +108,7 @@ export { | |||
106 | // --------------------------------------------------------------------------- | 108 | // --------------------------------------------------------------------------- |
107 | 109 | ||
108 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { | 110 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { |
109 | const user = res.locals.oauth.token.User | 111 | const user: UserInstance = res.locals.oauth.token.User |
110 | 112 | ||
111 | // Retrieve the user who did the request | 113 | // Retrieve the user who did the request |
112 | if (res.locals.videoChannel.isOwned() === false) { | 114 | if (res.locals.videoChannel.isOwned() === false) { |
@@ -118,7 +120,7 @@ function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => | |||
118 | // Check if the user can delete the video channel | 120 | // Check if the user can delete the video channel |
119 | // The user can delete it if s/he is an admin | 121 | // The user can delete it if s/he is an admin |
120 | // Or if s/he is the video channel's author | 122 | // Or if s/he is the video channel's author |
121 | if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { | 123 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Author.userId !== user.id) { |
122 | return res.status(403) | 124 | return res.status(403) |
123 | .json({ error: 'Cannot remove video channel of another user' }) | 125 | .json({ error: 'Cannot remove video channel of another user' }) |
124 | .end() | 126 | .end() |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index a032d14ce..0c07404c5 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -22,6 +22,7 @@ import { | |||
22 | checkVideoExists, | 22 | checkVideoExists, |
23 | isIdValid | 23 | isIdValid |
24 | } from '../../helpers' | 24 | } from '../../helpers' |
25 | import { UserRight } from '../../../shared' | ||
25 | 26 | ||
26 | const videosAddValidator = [ | 27 | const videosAddValidator = [ |
27 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( | 28 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( |
@@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
231 | // Check if the user can delete the video | 232 | // Check if the user can delete the video |
232 | // The user can delete it if s/he is an admin | 233 | // The user can delete it if s/he is an admin |
233 | // Or if s/he is the video's author | 234 | // Or if s/he is the video's author |
234 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 235 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
235 | return res.status(403) | 236 | return res.status(403) |
236 | .json({ error: 'Cannot remove video of another user' }) | 237 | .json({ error: 'Cannot remove video of another user' }) |
237 | .end() | 238 | .end() |