From d4d9bbc6f24522f5d63b0ab105a02f80ca98d702 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 7 Sep 2022 17:18:29 +0200 Subject: Fix channel sync right check --- server/middlewares/validators/users.ts | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'server/middlewares') diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 282034f6d..2de5265fb 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -507,13 +507,14 @@ const ensureAuthUserOwnsAccountValidator = [ } ] -const ensureCanManageChannel = [ +const ensureCanManageChannelOrAccount = [ (req: express.Request, res: express.Response, next: express.NextFunction) => { const user = res.locals.oauth.token.user - const isUserOwner = res.locals.videoChannel.Account.userId === user.id + const account = res.locals.videoChannel?.Account ?? res.locals.account + const isUserOwner = account.userId === user.id if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) { - const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.` + const message = `User ${user.username} does not have right this channel or account.` return res.fail({ status: HttpStatusCode.FORBIDDEN_403, @@ -525,7 +526,7 @@ const ensureCanManageChannel = [ } ] -const ensureCanManageUser = [ +const ensureCanModerateUser = [ (req: express.Request, res: express.Response, next: express.NextFunction) => { const authUser = res.locals.oauth.token.User const onUser = res.locals.user @@ -535,7 +536,7 @@ const ensureCanManageUser = [ return res.fail({ status: HttpStatusCode.FORBIDDEN_403, - message: 'A moderator can only manager users.' + message: 'A moderator can only manage users.' }) } ] @@ -562,8 +563,8 @@ export { usersVerifyEmailValidator, userAutocompleteValidator, ensureAuthUserOwnsAccountValidator, - ensureCanManageUser, - ensureCanManageChannel + ensureCanModerateUser, + ensureCanManageChannelOrAccount } // --------------------------------------------------------------------------- -- cgit v1.2.3