6 files changed, 92 insertions, 22 deletions
diff --git a/client/src/app/core/auth/auth-user.model.ts b/client/src/app/core/auth/auth-user.model.ts
index 085b763ec..7b6c8816f 100644
--- a/client/src/app/core/auth/auth-user.model.ts
+++ b/client/src/app/core/auth/auth-user.model.ts
@@ -123,7 +123,7 @@ export class AuthUser extends User {
    this.tokens.refreshToken = refreshToken
  }
-  hasRight(right: UserRight) {
+  hasRight (right: UserRight) {
    return hasUserRight(this.role, right)
  }
diff --git a/client/src/app/shared/forms/form-validators/user.ts b/client/src/app/shared/forms/form-validators/user.ts
index e7473b75b..9d200649c 100644
--- a/client/src/app/shared/forms/form-validators/user.ts
+++ b/client/src/app/shared/forms/form-validators/user.ts
@@ -32,6 +32,6 @@ export const USER_VIDEO_QUOTA = {
 export const USER_ROLE = {
  VALIDATORS: [ Validators.required ],
  MESSAGES: {
-    'required': 'User role is required.',
+    'required': 'User role is required.'
  }
 }
diff --git a/server/initializers/migrations/0085-user-role.ts b/server/initializers/migrations/0085-user-role.ts
index e67c5ca24..de75faec2 100644
--- a/server/initializers/migrations/0085-user-role.ts
+++ b/server/initializers/migrations/0085-user-role.ts
@@ -1,5 +1,4 @@
 import * as Sequelize from 'sequelize'
-import * as uuidv4 from 'uuid/v4'
 async function up (utils: {
  transaction: Sequelize.Transaction,
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index ef78c8262..687999c09 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -19,6 +19,7 @@ import {
  makePostBodyRequest,
  getUserAccessToken
 } from '../../utils'
+import { UserRole } from '../../../../shared'
 describe('Test users API validators', function () {
  const path = '/api/v1/users/'
@@ -92,6 +93,7 @@ describe('Test users API validators', function () {
        username: 'ji',
        email: 'test@example.com',
        password: 'my_super_password',
+        role: UserRole.USER,
        videoQuota: 42000000
      }
@@ -103,7 +105,8 @@ describe('Test users API validators', function () {
        username: 'my_super_username_which_is_very_long',
        email: 'test@example.com',
        password: 'my_super_password',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -114,7 +117,8 @@ describe('Test users API validators', function () {
        username: 'my username',
        email: 'test@example.com',
        password: 'my_super_password',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -124,7 +128,8 @@ describe('Test users API validators', function () {
      const fields = {
        username: 'ji',
        password: 'my_super_password',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -135,7 +140,8 @@ describe('Test users API validators', function () {
        username: 'my_super_username_which_is_very_long',
        email: 'test_example.com',
        password: 'my_super_password',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -146,7 +152,8 @@ describe('Test users API validators', function () {
        username: 'my_username',
        email: 'test@example.com',
        password: 'bla',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -159,7 +166,8 @@ describe('Test users API validators', function () {
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -170,7 +178,8 @@ describe('Test users API validators', function () {
        username: 'my_username',
        email: 'test@example.com',
        password: 'my super password',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
@@ -181,7 +190,8 @@ describe('Test users API validators', function () {
        username: 'user1',
        email: 'test@example.com',
        password: 'my super password',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
@@ -192,7 +202,8 @@ describe('Test users API validators', function () {
        username: 'my_username',
        email: 'user1@example.com',
        password: 'my super password',
-        videoQuota: 42000000
+        videoQuota: 42000000,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
@@ -202,7 +213,8 @@ describe('Test users API validators', function () {
      const fields = {
        username: 'my_username',
        email: 'user1@example.com',
-        password: 'my super password'
+        password: 'my super password',
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -213,7 +225,31 @@ describe('Test users API validators', function () {
        username: 'my_username',
        email: 'user1@example.com',
        password: 'my super password',
-        videoQuota: -5
+        videoQuota: -5,
+        role: UserRole.USER
+      }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail without a user role', async function () {
+      const fields = {
+        username: 'my_username',
+        email: 'user1@example.com',
+        password: 'my super password',
+        videoQuota: 0
+      }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid user role', async function () {
+      const fields = {
+        username: 'my_username',
+        email: 'user1@example.com',
+        password: 'my super password',
+        videoQuota: 0,
+        role: 88989
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -224,7 +260,8 @@ describe('Test users API validators', function () {
        username: 'user2',
        email: 'test@example.com',
        password: 'my super password',
-        videoQuota: -1
+        videoQuota: -1,
+        role: UserRole.USER
      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
@@ -327,6 +364,14 @@ describe('Test users API validators', function () {
      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
    })
+    it('Should fail with an invalid user role attribute', async function () {
+      const fields = {
+        role: 54878
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
    it('Should fail with an non authenticated user', async function () {
      const fields = {
        videoQuota: 42
@@ -338,7 +383,8 @@ describe('Test users API validators', function () {
    it('Should succeed with the correct params', async function () {
      const fields = {
        email: 'email@example.com',
-        videoQuota: 42
+        videoQuota: 42,
+        role: UserRole.MODERATOR
      }
      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
diff --git a/server/tests/api/users.ts b/server/tests/api/users.ts
index dbf0801f3..bdef62c46 100644
--- a/server/tests/api/users.ts
+++ b/server/tests/api/users.ts
@@ -25,10 +25,12 @@ import {
  updateUser,
  updateMyUser,
  registerUser,
-  removeUser
+  removeUser,
+  killallServers,
+  getUserInformation,
+  getBlacklistedVideosList
 } from '../utils'
-import { killallServers } from '../utils/servers'
+import { UserRole } from '../../../shared'
-import { getUserInformation } from '../utils/users'
 describe('Test users', function () {
  let server: ServerInfo
@@ -188,6 +190,7 @@ describe('Test users', function () {
    expect(user.email).to.equal('user_1@example.com')
    expect(user.displayNSFW).to.be.false
    expect(user.videoQuota).to.equal(2 * 1024 * 1024)
+    expect(user.roleLabel).to.equal('User')
    expect(user.id).to.be.a('number')
  })
@@ -234,6 +237,7 @@ describe('Test users', function () {
    const user = users[0]
    expect(user.username).to.equal('root')
    expect(user.email).to.equal('admin1@example.com')
+    expect(user.roleLabel).to.equal('Administrator')
    expect(user.displayNSFW).to.be.false
  })
@@ -319,7 +323,7 @@ describe('Test users', function () {
  })
  it('Should be able to update another user', async function () {
-    await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42)
+    await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42, UserRole.MODERATOR)
    const res = await getUserInformation(server.url, accessToken, userId)
    const user = res.body
@@ -328,9 +332,18 @@ describe('Test users', function () {
    expect(user.email).to.equal('updated2@example.com')
    expect(user.displayNSFW).to.be.ok
    expect(user.videoQuota).to.equal(42)
+    expect(user.roleLabel).to.equal('Moderator')
    expect(user.id).to.be.a('number')
  })
+  it('Should not be able to delete a user by a moderator', async function () {
+    await removeUser(server.url, 2, accessTokenUser, 403)
+  })
+  it('Should be able to list video blacklist by a moderator', async function () {
+    await getBlacklistedVideosList(server.url, accessTokenUser)
+  })
  it('Should be able to remove this user', async function () {
    await removeUser(server.url, userId, accessToken)
  })
diff --git a/server/tests/utils/users.ts b/server/tests/utils/users.ts
index e5f3eb1b3..12569dd42 100644
--- a/server/tests/utils/users.ts
+++ b/server/tests/utils/users.ts
@@ -1,10 +1,21 @@
 import * as request from 'supertest'
-function createUser (url: string, accessToken: string, username: string, password: string, videoQuota = 1000000, specialStatus = 204) {
+import { UserRole } from '../../../shared'
+function createUser (
+  url: string,
+  accessToken: string,
+  username: string,
+  password: string,
+  videoQuota = 1000000,
+  role: UserRole = UserRole.USER,
+  specialStatus = 204
+) {
  const path = '/api/v1/users'
  const body = {
    username,
    password,
+    role,
    email: username + '@example.com',
    videoQuota
  }
@@ -114,12 +125,13 @@ function updateMyUser (url: string, accessToken: string, newPassword: string, di
    .expect(204)
 }
-function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number) {
+function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number, role: UserRole) {
  const path = '/api/v1/users/' + userId
  const toSend = {}
  if (email !== undefined && email !== null) toSend['email'] = email
  if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota
+  if (role !== undefined && role !== null) toSend['role'] = role
  return request(url)
          .put(path)