From d4d9bbc6f24522f5d63b0ab105a02f80ca98d702 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 7 Sep 2022 17:18:29 +0200
Subject: Fix channel sync right check

---
 server/middlewares/validators/users.ts | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'server/middlewares')

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 282034f6d..2de5265fb 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -507,13 +507,14 @@ const ensureAuthUserOwnsAccountValidator = [
   }
 ]
 
-const ensureCanManageChannel = [
+const ensureCanManageChannelOrAccount = [
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user = res.locals.oauth.token.user
-    const isUserOwner = res.locals.videoChannel.Account.userId === user.id
+    const account = res.locals.videoChannel?.Account ?? res.locals.account
+    const isUserOwner = account.userId === user.id
 
     if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
-      const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
+      const message = `User ${user.username} does not have right this channel or account.`
 
       return res.fail({
         status: HttpStatusCode.FORBIDDEN_403,
@@ -525,7 +526,7 @@ const ensureCanManageChannel = [
   }
 ]
 
-const ensureCanManageUser = [
+const ensureCanModerateUser = [
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const authUser = res.locals.oauth.token.User
     const onUser = res.locals.user
@@ -535,7 +536,7 @@ const ensureCanManageUser = [
 
     return res.fail({
       status: HttpStatusCode.FORBIDDEN_403,
-      message: 'A moderator can only manager users.'
+      message: 'A moderator can only manage users.'
     })
   }
 ]
@@ -562,8 +563,8 @@ export {
   usersVerifyEmailValidator,
   userAutocompleteValidator,
   ensureAuthUserOwnsAccountValidator,
-  ensureCanManageUser,
-  ensureCanManageChannel
+  ensureCanModerateUser,
+  ensureCanManageChannelOrAccount
 }
 
 // ---------------------------------------------------------------------------
-- 
cgit v1.2.3