diff options
Diffstat (limited to 'server/middlewares/validators/video-channels.ts')
-rw-r--r-- | server/middlewares/validators/video-channels.ts | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index 979fbd34a..7d611728b 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts | |||
@@ -11,6 +11,8 @@ import { | |||
11 | checkVideoChannelExists, | 11 | checkVideoChannelExists, |
12 | checkVideoAuthorExists | 12 | checkVideoAuthorExists |
13 | } from '../../helpers' | 13 | } from '../../helpers' |
14 | import { UserInstance } from '../../models' | ||
15 | import { UserRight } from '../../../shared' | ||
14 | 16 | ||
15 | const listVideoAuthorChannelsValidator = [ | 17 | const listVideoAuthorChannelsValidator = [ |
16 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), | 18 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), |
@@ -106,7 +108,7 @@ export { | |||
106 | // --------------------------------------------------------------------------- | 108 | // --------------------------------------------------------------------------- |
107 | 109 | ||
108 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { | 110 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { |
109 | const user = res.locals.oauth.token.User | 111 | const user: UserInstance = res.locals.oauth.token.User |
110 | 112 | ||
111 | // Retrieve the user who did the request | 113 | // Retrieve the user who did the request |
112 | if (res.locals.videoChannel.isOwned() === false) { | 114 | if (res.locals.videoChannel.isOwned() === false) { |
@@ -118,7 +120,7 @@ function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => | |||
118 | // Check if the user can delete the video channel | 120 | // Check if the user can delete the video channel |
119 | // The user can delete it if s/he is an admin | 121 | // The user can delete it if s/he is an admin |
120 | // Or if s/he is the video channel's author | 122 | // Or if s/he is the video channel's author |
121 | if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { | 123 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Author.userId !== user.id) { |
122 | return res.status(403) | 124 | return res.status(403) |
123 | .json({ error: 'Cannot remove video channel of another user' }) | 125 | .json({ error: 'Cannot remove video channel of another user' }) |
124 | .end() | 126 | .end() |