Add user update for admins

2 files changed, 80 insertions, 7 deletions

diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 1b5b7f903..6922661ae 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -9,15 +9,22 @@ import {
   ensureUserRegistrationAllowed,
   usersAddValidator,
   usersUpdateValidator,
+  usersUpdateMeValidator,
   usersRemoveValidator,
   usersVideoRatingValidator,
+  usersGetValidator,
   paginationValidator,
   setPagination,
   usersSortValidator,
   setUsersSort,
   token
 } from '../../middlewares'
-import { UserVideoRate as FormattedUserVideoRate, UserCreate, UserUpdate } from '../../../shared'
+import {
+  UserVideoRate as FormattedUserVideoRate,
+  UserCreate,
+  UserUpdate,
+  UserUpdateMe
+} from '../../../shared'
 
 const usersRouter = express.Router()
 
@@ -40,6 +47,11 @@ usersRouter.get('/',
   listUsers
 )
 
+usersRouter.get('/:id',
+  usersGetValidator,
+  getUser
+)
+
 usersRouter.post('/',
   authenticate,
   ensureIsAdmin,
@@ -53,8 +65,15 @@ usersRouter.post('/register',
   createUser
 )
 
+usersRouter.put('/me',
+  authenticate,
+  usersUpdateMeValidator,
+  updateMe
+)
+
 usersRouter.put('/:id',
   authenticate,
+  ensureIsAdmin,
   usersUpdateValidator,
   updateUser
 )
@@ -105,6 +124,10 @@ function getUserInformation (req: express.Request, res: express.Response, next:
     .catch(err => next(err))
 }
 
+function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
+  return res.json(res.locals.user.toFormattedJSON())
+}
+
 function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
   const videoId = +req.params.videoId
   const userId = +res.locals.oauth.token.User.id
@@ -139,14 +162,15 @@ function removeUser (req: express.Request, res: express.Response, next: express.
     })
 }
 
-function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const body: UserUpdate = req.body
+function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const body: UserUpdateMe = req.body
 
+  // FIXME: user is not already a Sequelize instance?
   db.User.loadByUsername(res.locals.oauth.token.user.username)
     .then(user => {
-      if (body.password) user.password = body.password
+      if (body.password !== undefined) user.password = body.password
+      if (body.email !== undefined) user.email = body.email
       if (body.displayNSFW !== undefined) user.displayNSFW = body.displayNSFW
-      if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
 
       return user.save()
     })
@@ -154,6 +178,18 @@ function updateUser (req: express.Request, res: express.Response, next: express.
     .catch(err => next(err))
 }
 
+function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const body: UserUpdate = req.body
+  const user = res.locals.user
+
+  if (body.email !== undefined) user.email = body.email
+  if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
+
+  return user.save()
+    .then(() => res.sendStatus(204))
+    .catch(err => next(err))
+}
+
 function success (req: express.Request, res: express.Response, next: express.NextFunction) {
   res.end()
 }
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index eeb0e3557..ebb343535 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -53,16 +53,35 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next
 
 function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
   req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+  req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
+  req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
+
+  logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+
+  checkErrors(req, res, () => {
+    checkUserExists(req.params.id, res, next)
+  })
+}
+
+function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
   // Add old password verification
   req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()
+  req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
   req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
-  req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
 
   logger.debug('Checking usersUpdate parameters', { parameters: req.body })
 
   checkErrors(req, res, next)
 }
 
+function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+
+  checkErrors(req, res, () => {
+    checkUserExists(req.params.id, res, next)
+  })
+}
+
 function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
   req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
 
@@ -106,6 +125,24 @@ export {
   usersAddValidator,
   usersRemoveValidator,
   usersUpdateValidator,
+  usersUpdateMeValidator,
   usersVideoRatingValidator,
-  ensureUserRegistrationAllowed
+  ensureUserRegistrationAllowed,
+  usersGetValidator
+}
+
+// ---------------------------------------------------------------------------
+
+function checkUserExists (id: number, res: express.Response, callback: () => void) {
+  db.User.loadById(id)
+    .then(user => {
+      if (!user) return res.status(404).send('User not found')
+
+      res.locals.user = user
+      callback()
+    })
+    .catch(err => {
+      logger.error('Error in user request validator.', err)
+      return res.sendStatus(500)
+    })
 }