aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/users.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r--server/middlewares/validators/users.ts15
1 files changed, 8 insertions, 7 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 282034f6d..2de5265fb 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -507,13 +507,14 @@ const ensureAuthUserOwnsAccountValidator = [
507 } 507 }
508] 508]
509 509
510const ensureCanManageChannel = [ 510const ensureCanManageChannelOrAccount = [
511 (req: express.Request, res: express.Response, next: express.NextFunction) => { 511 (req: express.Request, res: express.Response, next: express.NextFunction) => {
512 const user = res.locals.oauth.token.user 512 const user = res.locals.oauth.token.user
513 const isUserOwner = res.locals.videoChannel.Account.userId === user.id 513 const account = res.locals.videoChannel?.Account ?? res.locals.account
514 const isUserOwner = account.userId === user.id
514 515
515 if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) { 516 if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
516 const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.` 517 const message = `User ${user.username} does not have right this channel or account.`
517 518
518 return res.fail({ 519 return res.fail({
519 status: HttpStatusCode.FORBIDDEN_403, 520 status: HttpStatusCode.FORBIDDEN_403,
@@ -525,7 +526,7 @@ const ensureCanManageChannel = [
525 } 526 }
526] 527]
527 528
528const ensureCanManageUser = [ 529const ensureCanModerateUser = [
529 (req: express.Request, res: express.Response, next: express.NextFunction) => { 530 (req: express.Request, res: express.Response, next: express.NextFunction) => {
530 const authUser = res.locals.oauth.token.User 531 const authUser = res.locals.oauth.token.User
531 const onUser = res.locals.user 532 const onUser = res.locals.user
@@ -535,7 +536,7 @@ const ensureCanManageUser = [
535 536
536 return res.fail({ 537 return res.fail({
537 status: HttpStatusCode.FORBIDDEN_403, 538 status: HttpStatusCode.FORBIDDEN_403,
538 message: 'A moderator can only manager users.' 539 message: 'A moderator can only manage users.'
539 }) 540 })
540 } 541 }
541] 542]
@@ -562,8 +563,8 @@ export {
562 usersVerifyEmailValidator, 563 usersVerifyEmailValidator,
563 userAutocompleteValidator, 564 userAutocompleteValidator,
564 ensureAuthUserOwnsAccountValidator, 565 ensureAuthUserOwnsAccountValidator,
565 ensureCanManageUser, 566 ensureCanModerateUser,
566 ensureCanManageChannel 567 ensureCanManageChannelOrAccount
567} 568}
568 569
569// --------------------------------------------------------------------------- 570// ---------------------------------------------------------------------------