yetangitu/Peertube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2025-10-04 10:19:35 +02:00
Code Issues Releases Wiki Activity

Destroy user token when changing its role

Browse source
This commit is contained in:
Chocobozzz 2018-01-23 09:15:36 +01:00
parent 59c48d49c5
commit f8b8c36b2a
No known key found for this signature in database
GPG key ID: 583A612D890159BE
6 changed files with 59 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

7
server/controllers/api/users.ts
View file

@ -19,6 +19,7 @@ import {
import { usersUpdateMyAvatarValidator, videosSortValidator } from '../../middlewares/validators'
import { AccountVideoRateModel } from '../../models/account/account-video-rate'
import { UserModel } from '../../models/account/user'
import { OAuthTokenModel } from '../../models/oauth/oauth-token'
import { VideoModel } from '../../models/video/video'
const reqAvatarFile = createReqFiles('avatarfile', CONFIG.STORAGE.AVATARS_DIR, AVATAR_MIMETYPE_EXT)
@ -288,6 +289,7 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next
async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
const body: UserUpdate = req.body
const user = res.locals.user as UserModel
const roleChanged = body.role !== undefined && body.role !== user.role
if (body.email !== undefined) user.email = body.email
if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
@ -295,6 +297,11 @@ async function updateUser (req: express.Request, res: express.Response, next: ex
await user.save()
// Destroy user token to refresh rights
if (roleChanged) {
await OAuthTokenModel.deleteUserToken(user.id)
}
// Don't need to send this update to followers, these attributes are not propagated
return res.sendStatus(204)