diff options
Diffstat (limited to 'server/middlewares/validators')
| -rw-r--r-- | server/middlewares/validators/users.ts | 5 | ||||
| -rw-r--r-- | server/middlewares/validators/video-channels.ts | 6 | ||||
| -rw-r--r-- | server/middlewares/validators/videos.ts | 3 |
3 files changed, 10 insertions, 4 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 1a33cfd8c..0b463acc0 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -13,7 +13,8 @@ import { | |||
| 13 | isUserPasswordValid, | 13 | isUserPasswordValid, |
| 14 | isUserVideoQuotaValid, | 14 | isUserVideoQuotaValid, |
| 15 | isUserDisplayNSFWValid, | 15 | isUserDisplayNSFWValid, |
| 16 | isIdOrUUIDValid | 16 | isIdOrUUIDValid, |
| 17 | isUserRoleValid | ||
| 17 | } from '../../helpers' | 18 | } from '../../helpers' |
| 18 | import { UserInstance, VideoInstance } from '../../models' | 19 | import { UserInstance, VideoInstance } from '../../models' |
| 19 | 20 | ||
| @@ -22,6 +23,7 @@ const usersAddValidator = [ | |||
| 22 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), | 23 | body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), |
| 23 | body('email').isEmail().withMessage('Should have a valid email'), | 24 | body('email').isEmail().withMessage('Should have a valid email'), |
| 24 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 25 | body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
| 26 | body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
| 25 | 27 | ||
| 26 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 28 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| 27 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 29 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) |
| @@ -75,6 +77,7 @@ const usersUpdateValidator = [ | |||
| 75 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | 77 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), |
| 76 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), | 78 | body('email').optional().isEmail().withMessage('Should have a valid email attribute'), |
| 77 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), | 79 | body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), |
| 80 | body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), | ||
| 78 | 81 | ||
| 79 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 82 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| 80 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | 83 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) |
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index 979fbd34a..7d611728b 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts | |||
| @@ -11,6 +11,8 @@ import { | |||
| 11 | checkVideoChannelExists, | 11 | checkVideoChannelExists, |
| 12 | checkVideoAuthorExists | 12 | checkVideoAuthorExists |
| 13 | } from '../../helpers' | 13 | } from '../../helpers' |
| 14 | import { UserInstance } from '../../models' | ||
| 15 | import { UserRight } from '../../../shared' | ||
| 14 | 16 | ||
| 15 | const listVideoAuthorChannelsValidator = [ | 17 | const listVideoAuthorChannelsValidator = [ |
| 16 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), | 18 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), |
| @@ -106,7 +108,7 @@ export { | |||
| 106 | // --------------------------------------------------------------------------- | 108 | // --------------------------------------------------------------------------- |
| 107 | 109 | ||
| 108 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { | 110 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { |
| 109 | const user = res.locals.oauth.token.User | 111 | const user: UserInstance = res.locals.oauth.token.User |
| 110 | 112 | ||
| 111 | // Retrieve the user who did the request | 113 | // Retrieve the user who did the request |
| 112 | if (res.locals.videoChannel.isOwned() === false) { | 114 | if (res.locals.videoChannel.isOwned() === false) { |
| @@ -118,7 +120,7 @@ function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => | |||
| 118 | // Check if the user can delete the video channel | 120 | // Check if the user can delete the video channel |
| 119 | // The user can delete it if s/he is an admin | 121 | // The user can delete it if s/he is an admin |
| 120 | // Or if s/he is the video channel's author | 122 | // Or if s/he is the video channel's author |
| 121 | if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { | 123 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Author.userId !== user.id) { |
| 122 | return res.status(403) | 124 | return res.status(403) |
| 123 | .json({ error: 'Cannot remove video channel of another user' }) | 125 | .json({ error: 'Cannot remove video channel of another user' }) |
| 124 | .end() | 126 | .end() |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index a032d14ce..0c07404c5 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
| @@ -22,6 +22,7 @@ import { | |||
| 22 | checkVideoExists, | 22 | checkVideoExists, |
| 23 | isIdValid | 23 | isIdValid |
| 24 | } from '../../helpers' | 24 | } from '../../helpers' |
| 25 | import { UserRight } from '../../../shared' | ||
| 25 | 26 | ||
| 26 | const videosAddValidator = [ | 27 | const videosAddValidator = [ |
| 27 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( | 28 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( |
| @@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
| 231 | // Check if the user can delete the video | 232 | // Check if the user can delete the video |
| 232 | // The user can delete it if s/he is an admin | 233 | // The user can delete it if s/he is an admin |
| 233 | // Or if s/he is the video's author | 234 | // Or if s/he is the video's author |
| 234 | if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | 235 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
| 235 | return res.status(403) | 236 | return res.status(403) |
| 236 | .json({ error: 'Cannot remove video of another user' }) | 237 | .json({ error: 'Cannot remove video of another user' }) |
| 237 | .end() | 238 | .end() |