diff options
author | Chocobozzz <me@florianbigard.com> | 2018-01-23 09:15:36 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-01-23 09:49:57 +0100 |
commit | f8b8c36b2a92bfee435747ab5a0283924be76281 (patch) | |
tree | 99e17a5c9413614071ae63d72e9b9557fc8cef43 /server/middlewares | |
parent | 59c48d49c5f06a46c342b4e7f86fbd1ed9894bd6 (diff) | |
download | PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.gz PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.zst PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.zip |
Destroy user token when changing its role
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/users.ts | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index d22a745b4..990311d6f 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -77,6 +77,13 @@ const usersUpdateValidator = [ | |||
77 | if (areValidationErrors(req, res)) return | 77 | if (areValidationErrors(req, res)) return |
78 | if (!await checkUserIdExist(req.params.id, res)) return | 78 | if (!await checkUserIdExist(req.params.id, res)) return |
79 | 79 | ||
80 | const user = res.locals.user | ||
81 | if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) { | ||
82 | return res.status(400) | ||
83 | .send({ error: 'Cannot change root role.' }) | ||
84 | .end() | ||
85 | } | ||
86 | |||
80 | return next() | 87 | return next() |
81 | } | 88 | } |
82 | ] | 89 | ] |