OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix user creation by moderators

pull/2073/head
Chocobozzz 2019-08-22 10:59:14 +02:00
parent 015d9dec91
commit dea16773df
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server/middlewares/validators/users.ts
View File

@ -38,7 +38,9 @@ const usersAddValidator = [
body('email').isEmail().withMessage('Should have a valid email'), body('email').isEmail().withMessage('Should have a valid email'),
body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), body('role')
.customSanitizer(toIntOrNull)
.custom(isUserRoleValid).withMessage('Should have a valid role'),
body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => { async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@ -50,7 +52,7 @@ const usersAddValidator = [
const authUser = res.locals.oauth.token.User const authUser = res.locals.oauth.token.User
if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) {
return res.status(403) return res.status(403)
.json({ error: 'You can only create users (and not administrators or moderators' }) .json({ error: 'You can only create users (and not administrators or moderators)' })
} }
return next() return next()
@ -160,7 +162,10 @@ const usersUpdateValidator = [
body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'),
body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), body('role')
.optional()
.customSanitizer(toIntOrNull)
.custom(isUserRoleValid).withMessage('Should have a valid role'),
body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => { async (req: express.Request, res: express.Response, next: express.NextFunction) => {