PeerTube/server/middlewares/user-right.ts

28 lines
810 B
TypeScript
Raw Normal View History

import * as express from 'express'
import { UserRight } from '../../shared'
2017-12-28 04:16:08 -06:00
import { logger } from '../helpers/logger'
import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
function ensureUserHasRight (userRight: UserRight) {
return function (req: express.Request, res: express.Response, next: express.NextFunction) {
2019-03-19 04:35:15 -05:00
const user = res.locals.oauth.token.user
if (user.hasRight(userRight) === false) {
2020-08-06 07:58:01 -05:00
const message = `User ${user.username} does not have right ${userRight} to access to ${req.path}.`
2017-12-28 07:29:57 -06:00
logger.info(message)
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message
})
}
return next()
}
}
// ---------------------------------------------------------------------------
export {
ensureUserHasRight
}