From a95a4cc89155f448e6f9ca0957170f3c72a9d964 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 30 Jul 2019 09:59:19 +0200 Subject: Moderators can only manage users --- .../+admin/users/user-edit/user-create.component.ts | 4 ++-- .../+admin/users/user-edit/user-edit.component.html | 2 +- client/src/app/+admin/users/user-edit/user-edit.ts | 20 ++++++++++++++++---- .../+admin/users/user-edit/user-update.component.ts | 3 ++- .../+admin/users/user-list/user-list.component.ts | 19 ++++++++++++++----- client/src/app/core/auth/auth-user.model.ts | 9 +++++++++ .../moderation/user-moderation-dropdown.component.ts | 3 ++- 7 files changed, 46 insertions(+), 14 deletions(-) (limited to 'client/src') diff --git a/client/src/app/+admin/users/user-edit/user-create.component.ts b/client/src/app/+admin/users/user-edit/user-create.component.ts index 9a6801806..3b57a49c6 100644 --- a/client/src/app/+admin/users/user-edit/user-create.component.ts +++ b/client/src/app/+admin/users/user-edit/user-create.component.ts @@ -1,6 +1,6 @@ import { Component, OnInit } from '@angular/core' import { Router } from '@angular/router' -import { Notifier, ServerService } from '@app/core' +import { AuthService, Notifier, ServerService } from '@app/core' import { UserCreate, UserRole } from '../../../../../../shared' import { UserEdit } from './user-edit' import { I18n } from '@ngx-translate/i18n-polyfill' @@ -8,7 +8,6 @@ import { FormValidatorService } from '@app/shared/forms/form-validators/form-val import { UserValidatorsService } from '@app/shared/forms/form-validators/user-validators.service' import { ConfigService } from '@app/+admin/config/shared/config.service' import { UserService } from '@app/shared' -import { UserAdminFlag } from '@shared/models/users/user-flag.model' @Component({ selector: 'my-user-create', @@ -22,6 +21,7 @@ export class UserCreateComponent extends UserEdit implements OnInit { protected serverService: ServerService, protected formValidatorService: FormValidatorService, protected configService: ConfigService, + protected auth: AuthService, private userValidatorsService: UserValidatorsService, private router: Router, private notifier: Notifier, diff --git a/client/src/app/+admin/users/user-edit/user-edit.component.html b/client/src/app/+admin/users/user-edit/user-edit.component.html index 400bac5d4..cb0f36f05 100644 --- a/client/src/app/+admin/users/user-edit/user-edit.component.html +++ b/client/src/app/+admin/users/user-edit/user-edit.component.html @@ -41,7 +41,7 @@
diff --git a/client/src/app/+admin/users/user-edit/user-edit.ts b/client/src/app/+admin/users/user-edit/user-edit.ts index ee6d2c489..6625d65d6 100644 --- a/client/src/app/+admin/users/user-edit/user-edit.ts +++ b/client/src/app/+admin/users/user-edit/user-edit.ts @@ -1,22 +1,34 @@ -import { ServerService } from '../../../core' +import { AuthService, ServerService } from '../../../core' import { FormReactive } from '../../../shared' -import { USER_ROLE_LABELS, VideoResolution } from '../../../../../../shared' +import { USER_ROLE_LABELS, UserRole, VideoResolution } from '../../../../../../shared' import { ConfigService } from '@app/+admin/config/shared/config.service' import { UserAdminFlag } from '@shared/models/users/user-flag.model' export abstract class UserEdit extends FormReactive { videoQuotaOptions: { value: string, label: string }[] = [] videoQuotaDailyOptions: { value: string, label: string }[] = [] - roles = Object.keys(USER_ROLE_LABELS) - .map(key => ({ value: key.toString(), label: USER_ROLE_LABELS[key] })) username: string userId: number protected abstract serverService: ServerService protected abstract configService: ConfigService + protected abstract auth: AuthService abstract isCreation (): boolean abstract getFormButtonTitle (): string + getRoles () { + const authUser = this.auth.getUser() + + if (authUser.role === UserRole.ADMINISTRATOR) { + return Object.keys(USER_ROLE_LABELS) + .map(key => ({ value: key.toString(), label: USER_ROLE_LABELS[key] })) + } + + return [ + { value: UserRole.USER.toString(), label: USER_ROLE_LABELS[UserRole.USER] } + ] + } + isTranscodingInformationDisplayed () { const formVideoQuota = parseInt(this.form.value['videoQuota'], 10) diff --git a/client/src/app/+admin/users/user-edit/user-update.component.ts b/client/src/app/+admin/users/user-edit/user-update.component.ts index 04b2935f4..c7052a925 100644 --- a/client/src/app/+admin/users/user-edit/user-update.component.ts +++ b/client/src/app/+admin/users/user-edit/user-update.component.ts @@ -1,7 +1,7 @@ import { Component, OnDestroy, OnInit } from '@angular/core' import { ActivatedRoute, Router } from '@angular/router' import { Subscription } from 'rxjs' -import { Notifier } from '@app/core' +import { AuthService, Notifier } from '@app/core' import { ServerService } from '../../../core' import { UserEdit } from './user-edit' import { User, UserUpdate } from '../../../../../../shared' @@ -29,6 +29,7 @@ export class UserUpdateComponent extends UserEdit implements OnInit, OnDestroy { protected formValidatorService: FormValidatorService, protected serverService: ServerService, protected configService: ConfigService, + protected auth: AuthService, private userValidatorsService: UserValidatorsService, private route: ActivatedRoute, private router: Router, diff --git a/client/src/app/+admin/users/user-list/user-list.component.ts b/client/src/app/+admin/users/user-list/user-list.component.ts index c9c790689..ab82713b2 100644 --- a/client/src/app/+admin/users/user-list/user-list.component.ts +++ b/client/src/app/+admin/users/user-list/user-list.component.ts @@ -1,5 +1,5 @@ import { Component, OnInit, ViewChild } from '@angular/core' -import { Notifier } from '@app/core' +import { AuthService, Notifier } from '@app/core' import { SortMeta } from 'primeng/components/common/sortmeta' import { ConfirmService, ServerService } from '../../../core' import { RestPagination, RestTable, UserService } from '../../../shared' @@ -30,11 +30,16 @@ export class UserListComponent extends RestTable implements OnInit { private confirmService: ConfirmService, private serverService: ServerService, private userService: UserService, + private auth: AuthService, private i18n: I18n ) { super() } + get authUser () { + return this.auth.getUser() + } + get requiresEmailVerification () { return this.serverService.getConfig().signup.requiresEmailVerification } @@ -45,22 +50,26 @@ export class UserListComponent extends RestTable implements OnInit { this.bulkUserActions = [ { label: this.i18n('Delete'), - handler: users => this.removeUsers(users) + handler: users => this.removeUsers(users), + isDisplayed: users => users.every(u => this.authUser.canManage(u)) }, { label: this.i18n('Ban'), handler: users => this.openBanUserModal(users), - isDisplayed: users => users.every(u => u.blocked === false) + isDisplayed: users => users.every(u => this.authUser.canManage(u) && u.blocked === false) }, { label: this.i18n('Unban'), handler: users => this.unbanUsers(users), - isDisplayed: users => users.every(u => u.blocked === true) + isDisplayed: users => users.every(u => this.authUser.canManage(u) && u.blocked === true) }, { label: this.i18n('Set Email as Verified'), handler: users => this.setEmailsAsVerified(users), - isDisplayed: users => this.requiresEmailVerification && users.every(u => !u.blocked && u.emailVerified === false) + isDisplayed: users => { + return this.requiresEmailVerification && + users.every(u => this.authUser.canManage(u) && !u.blocked && u.emailVerified === false) + } } ] } diff --git a/client/src/app/core/auth/auth-user.model.ts b/client/src/app/core/auth/auth-user.model.ts index abb11fdc2..334ede0cd 100644 --- a/client/src/app/core/auth/auth-user.model.ts +++ b/client/src/app/core/auth/auth-user.model.ts @@ -139,6 +139,15 @@ export class AuthUser extends User { return hasUserRight(this.role, right) } + canManage (user: ServerUserModel) { + const myRole = this.role + + if (myRole === UserRole.ADMINISTRATOR) return true + + // I'm a moderator: I can only manage users + return user.role === UserRole.USER + } + save () { peertubeLocalStorage.setItem(AuthUser.KEYS.ID, this.id.toString()) peertubeLocalStorage.setItem(AuthUser.KEYS.USERNAME, this.username) diff --git a/client/src/app/shared/moderation/user-moderation-dropdown.component.ts b/client/src/app/shared/moderation/user-moderation-dropdown.component.ts index 24f717821..e9d4c1437 100644 --- a/client/src/app/shared/moderation/user-moderation-dropdown.component.ts +++ b/client/src/app/shared/moderation/user-moderation-dropdown.component.ts @@ -33,6 +33,7 @@ export class UserModerationDropdownComponent implements OnChanges { private serverService: ServerService, private userService: UserService, private blocklistService: BlocklistService, + private auth: AuthService, private i18n: I18n ) { } @@ -230,7 +231,7 @@ export class UserModerationDropdownComponent implements OnChanges { if (this.user && authUser.id === this.user.id) return - if (this.user && authUser.hasRight(UserRight.MANAGE_USERS)) { + if (this.user && authUser.hasRight(UserRight.MANAGE_USERS) && authUser.canManage(this.user)) { this.userActions.push([ { label: this.i18n('Edit'), -- cgit v1.2.3