REMOVE_ANY_VIDEO_CHANNEL > MANAGE_ANY_VIDEO_CHANNEL

Merge REMOVE_ANY_VIDEO_CHANNEL and MANY_VIDEO_CHANNELS to
MANAGE_ANY_VIDEO_CHANNEL.

client/src/app/+video-channels/video-channels.component.ts

@@ -105,7 +105,7 @@ export class VideoChannelsComponent implements OnInit, OnDestroy {
   isManageable () {
     if (!this.isUserLoggedIn()) return false
 
-    return this.isOwner() || this.authService.getUser().hasRight(UserRight.MANAGE_VIDEO_CHANNELS)
+    return this.isOwner() || this.authService.getUser().hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL)
   }
 
   activateCopiedMessage () {

server/controllers/api/video-channel.ts

@@ -75,7 +75,7 @@ videoChannelRouter.post('/:nameWithHost/avatar/pick',
   authenticate,
   reqAvatarFile,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  asyncMiddleware(ensureUserCanManageChannel),
   updateAvatarValidator,
   asyncMiddleware(updateVideoChannelAvatar)
 )
@@ -84,36 +84,37 @@ videoChannelRouter.post('/:nameWithHost/banner/pick',
   authenticate,
   reqBannerFile,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  asyncMiddleware(ensureUserCanManageChannel),
   updateBannerValidator,
   asyncMiddleware(updateVideoChannelBanner)
 )
 
 videoChannelRouter.delete('/:nameWithHost/avatar',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  asyncMiddleware(ensureUserCanManageChannel),
   asyncMiddleware(deleteVideoChannelAvatar)
 )
 
 videoChannelRouter.delete('/:nameWithHost/banner',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  asyncMiddleware(ensureUserCanManageChannel),
   asyncMiddleware(deleteVideoChannelBanner)
 )
 
 videoChannelRouter.put('/:nameWithHost',
   authenticate,
   asyncMiddleware(videoChannelsNameWithHostValidator),
-  ensureUserCanManageChannel,
+  asyncMiddleware(ensureUserCanManageChannel),
   videoChannelsUpdateValidator,
   asyncRetryTransactionMiddleware(updateVideoChannel)
 )
 
 videoChannelRouter.delete('/:nameWithHost',
   authenticate,
   asyncMiddleware(videoChannelsRemoveValidator),
+  asyncMiddleware(ensureUserCanManageChannel),
   asyncRetryTransactionMiddleware(removeVideoChannel)
 )
 

server/middlewares/user-right.ts

@@ -20,11 +20,11 @@ function ensureUserHasRight (userRight: UserRight) {
   }
 }
 
-function ensureUserCanManageChannel (req: express.Request, res: express.Response, next: express.NextFunction) {
+async function ensureUserCanManageChannel (req: express.Request, res: express.Response, next: express.NextFunction) {
   const user = res.locals.oauth.token.user
   const isUserOwner = res.locals.videoChannel.Account.userId !== user.id
 
-  if (isUserOwner && user.hasRight(UserRight.MANAGE_VIDEO_CHANNELS) === false) {
+  if (isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
     const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
     logger.info(message)
 

server/middlewares/validators/videos/video-channels.ts

@@ -1,7 +1,6 @@
 import express from 'express'
 import { body, param, query } from 'express-validator'
-import { MChannelAccountDefault, MUser } from '@server/types/models'
-import { UserRight } from '../../../../shared'
+import { MChannelAccountDefault } from '@server/types/models'
 import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import { isBooleanValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
 import {
@@ -79,7 +78,6 @@ const videoChannelsRemoveValidator = [
     if (areValidationErrors(req, res)) return
     if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
 
-    if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
     if (!await checkVideoChannelIsNotTheLastOne(res.locals.videoChannel, res)) return
 
     return next()
@@ -151,29 +149,6 @@ export {
 
 // ---------------------------------------------------------------------------
 
-function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAccountDefault, res: express.Response) {
-  if (videoChannel.Actor.isOwned() === false) {
-    res.fail({
-      status: HttpStatusCode.FORBIDDEN_403,
-      message: 'Cannot remove video channel of another server.'
-    })
-    return false
-  }
-
-  // Check if the user can delete the video channel
-  // The user can delete it if s/he is an admin
-  // Or if s/he is the video channel's account
-  if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
-    res.fail({
-      status: HttpStatusCode.FORBIDDEN_403,
-      message: 'Cannot remove video channel of another user'
-    })
-    return false
-  }
-
-  return true
-}
-
 async function checkVideoChannelIsNotTheLastOne (videoChannel: MChannelAccountDefault, res: express.Response) {
   const count = await VideoChannelModel.countByAccount(videoChannel.Account.id)
 

shared/core-utils/users/user-role.ts

@@ -14,8 +14,8 @@ const userRoleRights: { [ id in UserRole ]: UserRight[] } = {
   [UserRole.MODERATOR]: [
     UserRight.MANAGE_VIDEO_BLACKLIST,
     UserRight.MANAGE_ABUSES,
+    UserRight.MANAGE_ANY_VIDEO_CHANNEL,
     UserRight.REMOVE_ANY_VIDEO,
-    UserRight.REMOVE_ANY_VIDEO_CHANNEL,
     UserRight.REMOVE_ANY_VIDEO_PLAYLIST,
     UserRight.REMOVE_ANY_VIDEO_COMMENT,
     UserRight.UPDATE_ANY_VIDEO,

shared/models/users/user-right.enum.ts

@@ -22,9 +22,9 @@ export const enum UserRight {
   MANAGE_SERVERS_BLOCKLIST,
 
   MANAGE_VIDEO_BLACKLIST,
+  MANAGE_ANY_VIDEO_CHANNEL,
 
   REMOVE_ANY_VIDEO,
-  REMOVE_ANY_VIDEO_CHANNEL,
   REMOVE_ANY_VIDEO_PLAYLIST,
   REMOVE_ANY_VIDEO_COMMENT,
 
@@ -41,7 +41,5 @@ export const enum UserRight {
   MANAGE_VIDEOS_REDUNDANCIES,
 
   MANAGE_VIDEO_FILES,
-  RUN_VIDEO_TRANSCODING,
-
-  MANAGE_VIDEO_CHANNELS
+  RUN_VIDEO_TRANSCODING
 }