aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api
diff options
context:
space:
mode:
Diffstat (limited to 'server/controllers/api')
-rw-r--r--server/controllers/api/users/index.ts7
1 files changed, 6 insertions, 1 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 63747a0a9..ae40e86f8 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -31,7 +31,8 @@ import {
31 usersAskSendVerifyEmailValidator, 31 usersAskSendVerifyEmailValidator,
32 usersBlockingValidator, 32 usersBlockingValidator,
33 usersResetPasswordValidator, 33 usersResetPasswordValidator,
34 usersVerifyEmailValidator 34 usersVerifyEmailValidator,
35 ensureCanManageUser
35} from '../../../middlewares/validators' 36} from '../../../middlewares/validators'
36import { UserModel } from '../../../models/account/user' 37import { UserModel } from '../../../models/account/user'
37import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' 38import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
@@ -97,12 +98,14 @@ usersRouter.post('/:id/block',
97 authenticate, 98 authenticate,
98 ensureUserHasRight(UserRight.MANAGE_USERS), 99 ensureUserHasRight(UserRight.MANAGE_USERS),
99 asyncMiddleware(usersBlockingValidator), 100 asyncMiddleware(usersBlockingValidator),
101 ensureCanManageUser,
100 asyncMiddleware(blockUser) 102 asyncMiddleware(blockUser)
101) 103)
102usersRouter.post('/:id/unblock', 104usersRouter.post('/:id/unblock',
103 authenticate, 105 authenticate,
104 ensureUserHasRight(UserRight.MANAGE_USERS), 106 ensureUserHasRight(UserRight.MANAGE_USERS),
105 asyncMiddleware(usersBlockingValidator), 107 asyncMiddleware(usersBlockingValidator),
108 ensureCanManageUser,
106 asyncMiddleware(unblockUser) 109 asyncMiddleware(unblockUser)
107) 110)
108 111
@@ -132,6 +135,7 @@ usersRouter.put('/:id',
132 authenticate, 135 authenticate,
133 ensureUserHasRight(UserRight.MANAGE_USERS), 136 ensureUserHasRight(UserRight.MANAGE_USERS),
134 asyncMiddleware(usersUpdateValidator), 137 asyncMiddleware(usersUpdateValidator),
138 ensureCanManageUser,
135 asyncMiddleware(updateUser) 139 asyncMiddleware(updateUser)
136) 140)
137 141
@@ -139,6 +143,7 @@ usersRouter.delete('/:id',
139 authenticate, 143 authenticate,
140 ensureUserHasRight(UserRight.MANAGE_USERS), 144 ensureUserHasRight(UserRight.MANAGE_USERS),
141 asyncMiddleware(usersRemoveValidator), 145 asyncMiddleware(usersRemoveValidator),
146 ensureCanManageUser,
142 asyncMiddleware(removeUser) 147 asyncMiddleware(removeUser)
143) 148)
144 149