aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api/users.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/controllers/api/users.ts')
-rw-r--r--server/controllers/api/users.ts20
1 files changed, 11 insertions, 9 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 18a094f03..fdc9b0c87 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -1,11 +1,10 @@
1import * as express from 'express' 1import * as express from 'express'
2 2
3import { database as db } from '../../initializers/database' 3import { database as db, CONFIG } from '../../initializers'
4import { USER_ROLES, CONFIG } from '../../initializers'
5import { logger, getFormattedObjects, retryTransactionWrapper } from '../../helpers' 4import { logger, getFormattedObjects, retryTransactionWrapper } from '../../helpers'
6import { 5import {
7 authenticate, 6 authenticate,
8 ensureIsAdmin, 7 ensureUserHasRight,
9 ensureUserRegistrationAllowed, 8 ensureUserRegistrationAllowed,
10 usersAddValidator, 9 usersAddValidator,
11 usersRegisterValidator, 10 usersRegisterValidator,
@@ -25,7 +24,9 @@ import {
25 UserVideoRate as FormattedUserVideoRate, 24 UserVideoRate as FormattedUserVideoRate,
26 UserCreate, 25 UserCreate,
27 UserUpdate, 26 UserUpdate,
28 UserUpdateMe 27 UserUpdateMe,
28 UserRole,
29 UserRight
29} from '../../../shared' 30} from '../../../shared'
30import { createUserAuthorAndChannel } from '../../lib' 31import { createUserAuthorAndChannel } from '../../lib'
31import { UserInstance } from '../../models' 32import { UserInstance } from '../../models'
@@ -58,7 +59,7 @@ usersRouter.get('/:id',
58 59
59usersRouter.post('/', 60usersRouter.post('/',
60 authenticate, 61 authenticate,
61 ensureIsAdmin, 62 ensureUserHasRight(UserRight.MANAGE_USERS),
62 usersAddValidator, 63 usersAddValidator,
63 createUserRetryWrapper 64 createUserRetryWrapper
64) 65)
@@ -77,14 +78,14 @@ usersRouter.put('/me',
77 78
78usersRouter.put('/:id', 79usersRouter.put('/:id',
79 authenticate, 80 authenticate,
80 ensureIsAdmin, 81 ensureUserHasRight(UserRight.MANAGE_USERS),
81 usersUpdateValidator, 82 usersUpdateValidator,
82 asyncMiddleware(updateUser) 83 asyncMiddleware(updateUser)
83) 84)
84 85
85usersRouter.delete('/:id', 86usersRouter.delete('/:id',
86 authenticate, 87 authenticate,
87 ensureIsAdmin, 88 ensureUserHasRight(UserRight.MANAGE_USERS),
88 usersRemoveValidator, 89 usersRemoveValidator,
89 asyncMiddleware(removeUser) 90 asyncMiddleware(removeUser)
90) 91)
@@ -119,7 +120,7 @@ async function createUser (req: express.Request, res: express.Response, next: ex
119 password: body.password, 120 password: body.password,
120 email: body.email, 121 email: body.email,
121 displayNSFW: false, 122 displayNSFW: false,
122 role: USER_ROLES.USER, 123 role: body.role,
123 videoQuota: body.videoQuota 124 videoQuota: body.videoQuota
124 }) 125 })
125 126
@@ -136,7 +137,7 @@ async function registerUser (req: express.Request, res: express.Response, next:
136 password: body.password, 137 password: body.password,
137 email: body.email, 138 email: body.email,
138 displayNSFW: false, 139 displayNSFW: false,
139 role: USER_ROLES.USER, 140 role: UserRole.USER,
140 videoQuota: CONFIG.USER.VIDEO_QUOTA 141 videoQuota: CONFIG.USER.VIDEO_QUOTA
141 }) 142 })
142 143
@@ -203,6 +204,7 @@ async function updateUser (req: express.Request, res: express.Response, next: ex
203 204
204 if (body.email !== undefined) user.email = body.email 205 if (body.email !== undefined) user.email = body.email
205 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota 206 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
207 if (body.role !== undefined) user.role = body.role
206 208
207 await user.save() 209 await user.save()
208 210