aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/video-channels.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/video-channels.ts')
-rw-r--r--server/middlewares/validators/video-channels.ts6
1 files changed, 4 insertions, 2 deletions
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts
index 979fbd34a..7d611728b 100644
--- a/server/middlewares/validators/video-channels.ts
+++ b/server/middlewares/validators/video-channels.ts
@@ -11,6 +11,8 @@ import {
11 checkVideoChannelExists, 11 checkVideoChannelExists,
12 checkVideoAuthorExists 12 checkVideoAuthorExists
13} from '../../helpers' 13} from '../../helpers'
14import { UserInstance } from '../../models'
15import { UserRight } from '../../../shared'
14 16
15const listVideoAuthorChannelsValidator = [ 17const listVideoAuthorChannelsValidator = [
16 param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), 18 param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'),
@@ -106,7 +108,7 @@ export {
106// --------------------------------------------------------------------------- 108// ---------------------------------------------------------------------------
107 109
108function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { 110function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
109 const user = res.locals.oauth.token.User 111 const user: UserInstance = res.locals.oauth.token.User
110 112
111 // Retrieve the user who did the request 113 // Retrieve the user who did the request
112 if (res.locals.videoChannel.isOwned() === false) { 114 if (res.locals.videoChannel.isOwned() === false) {
@@ -118,7 +120,7 @@ function checkUserCanDeleteVideoChannel (res: express.Response, callback: () =>
118 // Check if the user can delete the video channel 120 // Check if the user can delete the video channel
119 // The user can delete it if s/he is an admin 121 // The user can delete it if s/he is an admin
120 // Or if s/he is the video channel's author 122 // Or if s/he is the video channel's author
121 if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { 123 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Author.userId !== user.id) {
122 return res.status(403) 124 return res.status(403)
123 .json({ error: 'Cannot remove video channel of another user' }) 125 .json({ error: 'Cannot remove video channel of another user' })
124 .end() 126 .end()