From 954605a804da399317ca62afa2fb9244afa11ebf Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 27 Oct 2017 16:55:03 +0200 Subject: Support roles with rights and add moderator role --- server/middlewares/validators/users.ts | 5 ++++- server/middlewares/validators/video-channels.ts | 6 ++++-- server/middlewares/validators/videos.ts | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) (limited to 'server/middlewares/validators') diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 1a33cfd8c..0b463acc0 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -13,7 +13,8 @@ import { isUserPasswordValid, isUserVideoQuotaValid, isUserDisplayNSFWValid, - isIdOrUUIDValid + isIdOrUUIDValid, + isUserRoleValid } from '../../helpers' import { UserInstance, VideoInstance } from '../../models' @@ -22,6 +23,7 @@ const usersAddValidator = [ body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'), body('email').isEmail().withMessage('Should have a valid email'), body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), + body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking usersAdd parameters', { parameters: req.body }) @@ -75,6 +77,7 @@ const usersUpdateValidator = [ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), body('email').optional().isEmail().withMessage('Should have a valid email attribute'), body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), + body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking usersUpdate parameters', { parameters: req.body }) diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index 979fbd34a..7d611728b 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts @@ -11,6 +11,8 @@ import { checkVideoChannelExists, checkVideoAuthorExists } from '../../helpers' +import { UserInstance } from '../../models' +import { UserRight } from '../../../shared' const listVideoAuthorChannelsValidator = [ param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), @@ -106,7 +108,7 @@ export { // --------------------------------------------------------------------------- function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { - const user = res.locals.oauth.token.User + const user: UserInstance = res.locals.oauth.token.User // Retrieve the user who did the request if (res.locals.videoChannel.isOwned() === false) { @@ -118,7 +120,7 @@ function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => // Check if the user can delete the video channel // The user can delete it if s/he is an admin // Or if s/he is the video channel's author - if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { + if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Author.userId !== user.id) { return res.status(403) .json({ error: 'Cannot remove video channel of another user' }) .end() diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index a032d14ce..0c07404c5 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts @@ -22,6 +22,7 @@ import { checkVideoExists, isIdValid } from '../../helpers' +import { UserRight } from '../../../shared' const videosAddValidator = [ body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( @@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac // Check if the user can delete the video // The user can delete it if s/he is an admin // Or if s/he is the video's author - if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { + if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { return res.status(403) .json({ error: 'Cannot remove video of another user' }) .end() -- cgit v1.2.3