aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'server/controllers')
-rw-r--r--server/controllers/api/pods.ts9
-rw-r--r--server/controllers/api/request-schedulers.ts6
-rw-r--r--server/controllers/api/users.ts20
-rw-r--r--server/controllers/api/videos/abuse.ts6
-rw-r--r--server/controllers/api/videos/blacklist.ts10
5 files changed, 27 insertions, 24 deletions
diff --git a/server/controllers/api/pods.ts b/server/controllers/api/pods.ts
index bf1b744e5..b44cd6b83 100644
--- a/server/controllers/api/pods.ts
+++ b/server/controllers/api/pods.ts
@@ -9,7 +9,7 @@ import {
9} from '../../lib' 9} from '../../lib'
10import { 10import {
11 authenticate, 11 authenticate,
12 ensureIsAdmin, 12 ensureUserHasRight,
13 makeFriendsValidator, 13 makeFriendsValidator,
14 setBodyHostsPort, 14 setBodyHostsPort,
15 podRemoveValidator, 15 podRemoveValidator,
@@ -20,6 +20,7 @@ import {
20 asyncMiddleware 20 asyncMiddleware
21} from '../../middlewares' 21} from '../../middlewares'
22import { PodInstance } from '../../models' 22import { PodInstance } from '../../models'
23import { UserRight } from '../../../shared'
23 24
24const podsRouter = express.Router() 25const podsRouter = express.Router()
25 26
@@ -32,19 +33,19 @@ podsRouter.get('/',
32) 33)
33podsRouter.post('/make-friends', 34podsRouter.post('/make-friends',
34 authenticate, 35 authenticate,
35 ensureIsAdmin, 36 ensureUserHasRight(UserRight.MANAGE_PODS),
36 makeFriendsValidator, 37 makeFriendsValidator,
37 setBodyHostsPort, 38 setBodyHostsPort,
38 asyncMiddleware(makeFriendsController) 39 asyncMiddleware(makeFriendsController)
39) 40)
40podsRouter.get('/quit-friends', 41podsRouter.get('/quit-friends',
41 authenticate, 42 authenticate,
42 ensureIsAdmin, 43 ensureUserHasRight(UserRight.MANAGE_PODS),
43 asyncMiddleware(quitFriendsController) 44 asyncMiddleware(quitFriendsController)
44) 45)
45podsRouter.delete('/:id', 46podsRouter.delete('/:id',
46 authenticate, 47 authenticate,
47 ensureIsAdmin, 48 ensureUserHasRight(UserRight.MANAGE_PODS),
48 podRemoveValidator, 49 podRemoveValidator,
49 asyncMiddleware(removeFriendController) 50 asyncMiddleware(removeFriendController)
50) 51)
diff --git a/server/controllers/api/request-schedulers.ts b/server/controllers/api/request-schedulers.ts
index 28f46f3ee..4c8fbe18b 100644
--- a/server/controllers/api/request-schedulers.ts
+++ b/server/controllers/api/request-schedulers.ts
@@ -7,14 +7,14 @@ import {
7 getRequestVideoQaduScheduler, 7 getRequestVideoQaduScheduler,
8 getRequestVideoEventScheduler 8 getRequestVideoEventScheduler
9} from '../../lib' 9} from '../../lib'
10import { authenticate, ensureIsAdmin, asyncMiddleware } from '../../middlewares' 10import { authenticate, ensureUserHasRight, asyncMiddleware } from '../../middlewares'
11import { RequestSchedulerStatsAttributes } from '../../../shared' 11import { RequestSchedulerStatsAttributes, UserRight } from '../../../shared'
12 12
13const requestSchedulerRouter = express.Router() 13const requestSchedulerRouter = express.Router()
14 14
15requestSchedulerRouter.get('/stats', 15requestSchedulerRouter.get('/stats',
16 authenticate, 16 authenticate,
17 ensureIsAdmin, 17 ensureUserHasRight(UserRight.MANAGE_REQUEST_SCHEDULERS),
18 asyncMiddleware(getRequestSchedulersStats) 18 asyncMiddleware(getRequestSchedulersStats)
19) 19)
20 20
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 18a094f03..fdc9b0c87 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -1,11 +1,10 @@
1import * as express from 'express' 1import * as express from 'express'
2 2
3import { database as db } from '../../initializers/database' 3import { database as db, CONFIG } from '../../initializers'
4import { USER_ROLES, CONFIG } from '../../initializers'
5import { logger, getFormattedObjects, retryTransactionWrapper } from '../../helpers' 4import { logger, getFormattedObjects, retryTransactionWrapper } from '../../helpers'
6import { 5import {
7 authenticate, 6 authenticate,
8 ensureIsAdmin, 7 ensureUserHasRight,
9 ensureUserRegistrationAllowed, 8 ensureUserRegistrationAllowed,
10 usersAddValidator, 9 usersAddValidator,
11 usersRegisterValidator, 10 usersRegisterValidator,
@@ -25,7 +24,9 @@ import {
25 UserVideoRate as FormattedUserVideoRate, 24 UserVideoRate as FormattedUserVideoRate,
26 UserCreate, 25 UserCreate,
27 UserUpdate, 26 UserUpdate,
28 UserUpdateMe 27 UserUpdateMe,
28 UserRole,
29 UserRight
29} from '../../../shared' 30} from '../../../shared'
30import { createUserAuthorAndChannel } from '../../lib' 31import { createUserAuthorAndChannel } from '../../lib'
31import { UserInstance } from '../../models' 32import { UserInstance } from '../../models'
@@ -58,7 +59,7 @@ usersRouter.get('/:id',
58 59
59usersRouter.post('/', 60usersRouter.post('/',
60 authenticate, 61 authenticate,
61 ensureIsAdmin, 62 ensureUserHasRight(UserRight.MANAGE_USERS),
62 usersAddValidator, 63 usersAddValidator,
63 createUserRetryWrapper 64 createUserRetryWrapper
64) 65)
@@ -77,14 +78,14 @@ usersRouter.put('/me',
77 78
78usersRouter.put('/:id', 79usersRouter.put('/:id',
79 authenticate, 80 authenticate,
80 ensureIsAdmin, 81 ensureUserHasRight(UserRight.MANAGE_USERS),
81 usersUpdateValidator, 82 usersUpdateValidator,
82 asyncMiddleware(updateUser) 83 asyncMiddleware(updateUser)
83) 84)
84 85
85usersRouter.delete('/:id', 86usersRouter.delete('/:id',
86 authenticate, 87 authenticate,
87 ensureIsAdmin, 88 ensureUserHasRight(UserRight.MANAGE_USERS),
88 usersRemoveValidator, 89 usersRemoveValidator,
89 asyncMiddleware(removeUser) 90 asyncMiddleware(removeUser)
90) 91)
@@ -119,7 +120,7 @@ async function createUser (req: express.Request, res: express.Response, next: ex
119 password: body.password, 120 password: body.password,
120 email: body.email, 121 email: body.email,
121 displayNSFW: false, 122 displayNSFW: false,
122 role: USER_ROLES.USER, 123 role: body.role,
123 videoQuota: body.videoQuota 124 videoQuota: body.videoQuota
124 }) 125 })
125 126
@@ -136,7 +137,7 @@ async function registerUser (req: express.Request, res: express.Response, next:
136 password: body.password, 137 password: body.password,
137 email: body.email, 138 email: body.email,
138 displayNSFW: false, 139 displayNSFW: false,
139 role: USER_ROLES.USER, 140 role: UserRole.USER,
140 videoQuota: CONFIG.USER.VIDEO_QUOTA 141 videoQuota: CONFIG.USER.VIDEO_QUOTA
141 }) 142 })
142 143
@@ -203,6 +204,7 @@ async function updateUser (req: express.Request, res: express.Response, next: ex
203 204
204 if (body.email !== undefined) user.email = body.email 205 if (body.email !== undefined) user.email = body.email
205 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota 206 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
207 if (body.role !== undefined) user.role = body.role
206 208
207 await user.save() 209 await user.save()
208 210
diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts
index 4c7abf395..04349042b 100644
--- a/server/controllers/api/videos/abuse.ts
+++ b/server/controllers/api/videos/abuse.ts
@@ -9,7 +9,7 @@ import {
9} from '../../../helpers' 9} from '../../../helpers'
10import { 10import {
11 authenticate, 11 authenticate,
12 ensureIsAdmin, 12 ensureUserHasRight,
13 paginationValidator, 13 paginationValidator,
14 videoAbuseReportValidator, 14 videoAbuseReportValidator,
15 videoAbusesSortValidator, 15 videoAbusesSortValidator,
@@ -18,13 +18,13 @@ import {
18 asyncMiddleware 18 asyncMiddleware
19} from '../../../middlewares' 19} from '../../../middlewares'
20import { VideoInstance } from '../../../models' 20import { VideoInstance } from '../../../models'
21import { VideoAbuseCreate } from '../../../../shared' 21import { VideoAbuseCreate, UserRight } from '../../../../shared'
22 22
23const abuseVideoRouter = express.Router() 23const abuseVideoRouter = express.Router()
24 24
25abuseVideoRouter.get('/abuse', 25abuseVideoRouter.get('/abuse',
26 authenticate, 26 authenticate,
27 ensureIsAdmin, 27 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
28 paginationValidator, 28 paginationValidator,
29 videoAbusesSortValidator, 29 videoAbusesSortValidator,
30 setVideoAbusesSort, 30 setVideoAbusesSort,
diff --git a/server/controllers/api/videos/blacklist.ts b/server/controllers/api/videos/blacklist.ts
index 5a2c3fd80..be7cf6ea4 100644
--- a/server/controllers/api/videos/blacklist.ts
+++ b/server/controllers/api/videos/blacklist.ts
@@ -4,7 +4,7 @@ import { database as db } from '../../../initializers'
4import { logger, getFormattedObjects } from '../../../helpers' 4import { logger, getFormattedObjects } from '../../../helpers'
5import { 5import {
6 authenticate, 6 authenticate,
7 ensureIsAdmin, 7 ensureUserHasRight,
8 videosBlacklistAddValidator, 8 videosBlacklistAddValidator,
9 videosBlacklistRemoveValidator, 9 videosBlacklistRemoveValidator,
10 paginationValidator, 10 paginationValidator,
@@ -14,20 +14,20 @@ import {
14 asyncMiddleware 14 asyncMiddleware
15} from '../../../middlewares' 15} from '../../../middlewares'
16import { BlacklistedVideoInstance } from '../../../models' 16import { BlacklistedVideoInstance } from '../../../models'
17import { BlacklistedVideo } from '../../../../shared' 17import { BlacklistedVideo, UserRight } from '../../../../shared'
18 18
19const blacklistRouter = express.Router() 19const blacklistRouter = express.Router()
20 20
21blacklistRouter.post('/:videoId/blacklist', 21blacklistRouter.post('/:videoId/blacklist',
22 authenticate, 22 authenticate,
23 ensureIsAdmin, 23 ensureUserHasRight(UserRight.MANAGE_VIDEO_BLACKLIST),
24 videosBlacklistAddValidator, 24 videosBlacklistAddValidator,
25 asyncMiddleware(addVideoToBlacklist) 25 asyncMiddleware(addVideoToBlacklist)
26) 26)
27 27
28blacklistRouter.get('/blacklist', 28blacklistRouter.get('/blacklist',
29 authenticate, 29 authenticate,
30 ensureIsAdmin, 30 ensureUserHasRight(UserRight.MANAGE_VIDEO_BLACKLIST),
31 paginationValidator, 31 paginationValidator,
32 blacklistSortValidator, 32 blacklistSortValidator,
33 setBlacklistSort, 33 setBlacklistSort,
@@ -37,7 +37,7 @@ blacklistRouter.get('/blacklist',
37 37
38blacklistRouter.delete('/:videoId/blacklist', 38blacklistRouter.delete('/:videoId/blacklist',
39 authenticate, 39 authenticate,
40 ensureIsAdmin, 40 ensureUserHasRight(UserRight.MANAGE_VIDEO_BLACKLIST),
41 videosBlacklistRemoveValidator, 41 videosBlacklistRemoveValidator,
42 asyncMiddleware(removeVideoFromBlacklistController) 42 asyncMiddleware(removeVideoFromBlacklistController)
43) 43)