diff options
| author | Chocobozzz <me@florianbigard.com> | 2019-08-22 10:59:14 +0200 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2019-08-22 10:59:14 +0200 |
| commit | dea16773dfcc4e38e48c2980731af6e2a17a7aa6 (patch) | |
| tree | 7751f43e3e827bf3c3bb13ff08f194b58e846378 /server/middlewares | |
| parent | 015d9dec91ecb7a17e4e79407d187aac8a19206d (diff) | |
| download | PeerTube-dea16773dfcc4e38e48c2980731af6e2a17a7aa6.tar.gz PeerTube-dea16773dfcc4e38e48c2980731af6e2a17a7aa6.tar.zst PeerTube-dea16773dfcc4e38e48c2980731af6e2a17a7aa6.zip | |
Fix user creation by moderators
Diffstat (limited to 'server/middlewares')
| -rw-r--r-- | server/middlewares/validators/users.ts | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 16d297047..8ee2ec1f5 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -38,7 +38,9 @@ const usersAddValidator = [ | |||
| 38 | body('email').isEmail().withMessage('Should have a valid email'), | 38 | body('email').isEmail().withMessage('Should have a valid email'), |
| 39 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 39 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
| 40 | body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), | 40 | body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), |
| 41 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), | 41 | body('role') |
| 42 | .customSanitizer(toIntOrNull) | ||
| 43 | .custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
| 42 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), | 44 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), |
| 43 | 45 | ||
| 44 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 46 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| @@ -50,7 +52,7 @@ const usersAddValidator = [ | |||
| 50 | const authUser = res.locals.oauth.token.User | 52 | const authUser = res.locals.oauth.token.User |
| 51 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { | 53 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { |
| 52 | return res.status(403) | 54 | return res.status(403) |
| 53 | .json({ error: 'You can only create users (and not administrators or moderators' }) | 55 | .json({ error: 'You can only create users (and not administrators or moderators)' }) |
| 54 | } | 56 | } |
| 55 | 57 | ||
| 56 | return next() | 58 | return next() |
| @@ -160,7 +162,10 @@ const usersUpdateValidator = [ | |||
| 160 | body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), | 162 | body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), |
| 161 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 163 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
| 162 | body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), | 164 | body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), |
| 163 | body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), | 165 | body('role') |
| 166 | .optional() | ||
| 167 | .customSanitizer(toIntOrNull) | ||
| 168 | .custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
| 164 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), | 169 | body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), |
| 165 | 170 | ||
| 166 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 171 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |