diff options
Diffstat (limited to 'server/middlewares/user-right.ts')
| -rw-r--r-- | server/middlewares/user-right.ts | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts index 5bb5bdfbd..7cea7aa1e 100644 --- a/server/middlewares/user-right.ts +++ b/server/middlewares/user-right.ts | |||
| @@ -8,8 +8,14 @@ function ensureUserHasRight (userRight: UserRight) { | |||
| 8 | return function (req: express.Request, res: express.Response, next: express.NextFunction) { | 8 | return function (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 9 | const user = res.locals.oauth.token.user as UserModel | 9 | const user = res.locals.oauth.token.user as UserModel |
| 10 | if (user.hasRight(userRight) === false) { | 10 | if (user.hasRight(userRight) === false) { |
| 11 | logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path) | 11 | const message = `User ${user.username} does not have right ${UserRight[userRight]} to access to ${req.path}.` |
| 12 | return res.sendStatus(403) | 12 | logger.info(message) |
| 13 | |||
| 14 | return res.status(403) | ||
| 15 | .json({ | ||
| 16 | error: message | ||
| 17 | }) | ||
| 18 | .end() | ||
| 13 | } | 19 | } |
| 14 | 20 | ||
| 15 | return next() | 21 | return next() |