diff options
Diffstat (limited to 'server/controllers/api')
-rw-r--r-- | server/controllers/api/users/index.ts | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index 63747a0a9..ae40e86f8 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
@@ -31,7 +31,8 @@ import { | |||
31 | usersAskSendVerifyEmailValidator, | 31 | usersAskSendVerifyEmailValidator, |
32 | usersBlockingValidator, | 32 | usersBlockingValidator, |
33 | usersResetPasswordValidator, | 33 | usersResetPasswordValidator, |
34 | usersVerifyEmailValidator | 34 | usersVerifyEmailValidator, |
35 | ensureCanManageUser | ||
35 | } from '../../../middlewares/validators' | 36 | } from '../../../middlewares/validators' |
36 | import { UserModel } from '../../../models/account/user' | 37 | import { UserModel } from '../../../models/account/user' |
37 | import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' | 38 | import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' |
@@ -97,12 +98,14 @@ usersRouter.post('/:id/block', | |||
97 | authenticate, | 98 | authenticate, |
98 | ensureUserHasRight(UserRight.MANAGE_USERS), | 99 | ensureUserHasRight(UserRight.MANAGE_USERS), |
99 | asyncMiddleware(usersBlockingValidator), | 100 | asyncMiddleware(usersBlockingValidator), |
101 | ensureCanManageUser, | ||
100 | asyncMiddleware(blockUser) | 102 | asyncMiddleware(blockUser) |
101 | ) | 103 | ) |
102 | usersRouter.post('/:id/unblock', | 104 | usersRouter.post('/:id/unblock', |
103 | authenticate, | 105 | authenticate, |
104 | ensureUserHasRight(UserRight.MANAGE_USERS), | 106 | ensureUserHasRight(UserRight.MANAGE_USERS), |
105 | asyncMiddleware(usersBlockingValidator), | 107 | asyncMiddleware(usersBlockingValidator), |
108 | ensureCanManageUser, | ||
106 | asyncMiddleware(unblockUser) | 109 | asyncMiddleware(unblockUser) |
107 | ) | 110 | ) |
108 | 111 | ||
@@ -132,6 +135,7 @@ usersRouter.put('/:id', | |||
132 | authenticate, | 135 | authenticate, |
133 | ensureUserHasRight(UserRight.MANAGE_USERS), | 136 | ensureUserHasRight(UserRight.MANAGE_USERS), |
134 | asyncMiddleware(usersUpdateValidator), | 137 | asyncMiddleware(usersUpdateValidator), |
138 | ensureCanManageUser, | ||
135 | asyncMiddleware(updateUser) | 139 | asyncMiddleware(updateUser) |
136 | ) | 140 | ) |
137 | 141 | ||
@@ -139,6 +143,7 @@ usersRouter.delete('/:id', | |||
139 | authenticate, | 143 | authenticate, |
140 | ensureUserHasRight(UserRight.MANAGE_USERS), | 144 | ensureUserHasRight(UserRight.MANAGE_USERS), |
141 | asyncMiddleware(usersRemoveValidator), | 145 | asyncMiddleware(usersRemoveValidator), |
146 | ensureCanManageUser, | ||
142 | asyncMiddleware(removeUser) | 147 | asyncMiddleware(removeUser) |
143 | ) | 148 | ) |
144 | 149 | ||