aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-01-23 09:15:36 +0100
committerChocobozzz <me@florianbigard.com>2018-01-23 09:49:57 +0100
commitf8b8c36b2a92bfee435747ab5a0283924be76281 (patch)
tree99e17a5c9413614071ae63d72e9b9557fc8cef43 /server/middlewares
parent59c48d49c5f06a46c342b4e7f86fbd1ed9894bd6 (diff)
downloadPeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.gz
PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.tar.zst
PeerTube-f8b8c36b2a92bfee435747ab5a0283924be76281.zip
Destroy user token when changing its role
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/users.ts7
1 files changed, 7 insertions, 0 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index d22a745b4..990311d6f 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -77,6 +77,13 @@ const usersUpdateValidator = [
77 if (areValidationErrors(req, res)) return 77 if (areValidationErrors(req, res)) return
78 if (!await checkUserIdExist(req.params.id, res)) return 78 if (!await checkUserIdExist(req.params.id, res)) return
79 79
80 const user = res.locals.user
81 if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) {
82 return res.status(400)
83 .send({ error: 'Cannot change root role.' })
84 .end()
85 }
86
80 return next() 87 return next()
81 } 88 }
82] 89]