From 954605a804da399317ca62afa2fb9244afa11ebf Mon Sep 17 00:00:00 2001
From: Chocobozzz <florian.bigard@gmail.com>
Date: Fri, 27 Oct 2017 16:55:03 +0200
Subject: Support roles with rights and add moderator role

---
 server/middlewares/user-right.ts | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 server/middlewares/user-right.ts

(limited to 'server/middlewares/user-right.ts')

diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts
new file mode 100644
index 000000000..bcebe9d7f
--- /dev/null
+++ b/server/middlewares/user-right.ts
@@ -0,0 +1,24 @@
+import 'express-validator'
+import * as express from 'express'
+
+import { UserInstance } from '../models'
+import { UserRight } from '../../shared'
+import { logger } from '../helpers'
+
+function ensureUserHasRight (userRight: UserRight) {
+  return function (req: express.Request, res: express.Response, next: express.NextFunction) {
+    const user: UserInstance = res.locals.oauth.token.user
+    if (user.hasRight(userRight) === false) {
+      logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path)
+      return res.sendStatus(403)
+    }
+
+    return next()
+  }
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  ensureUserHasRight
+}
-- 
cgit v1.2.3