Checking User Rights in the Server API


#1

Hi Devs,

If Google Recaptcha is enabled in the options, I’d like admins to be able to skip the captcha requirement.

I tried this:

Line 222 Role Check in API

But when I submit the signup form using my admin account:

res.locals.oauth && res.locals.oauth.token

Are still null, and thus, I’m never able to get to the userHasPermission(UserRight.MANAGE_USERS) check.

What is the proper way to determine if the API call was made by an admin, moderator, or normal user?


#2

Use optionalAuthenticate: https://github.com/Chocobozzz/PeerTube/blob/develop/server/controllers/api/videos/index.ts#L104