[github/Chocobozzz/PeerTube.git] / server / helpers / middlewares / videos.ts

import { Response } from 'express'
import { fetchVideo, VideoFetchType } from '../video'
import { UserModel } from '../../models/account/user'
import { UserRight } from '../../../shared/models/users'
import { VideoChannelModel } from '../../models/video/video-channel'
import { VideoModel } from '../../models/video/video'

async function doesVideoExist (id: number | string, res: Response, fetchType: VideoFetchType = 'all') {
  const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined

  const video = await fetchVideo(id, fetchType, userId)

  if (video === null) {
    res.status(404)
       .json({ error: 'Video not found' })
       .end()

    return false
  }

  if (fetchType !== 'none') res.locals.video = video
  return true
}

async function doesVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
  if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
    const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
    if (videoChannel === null) {
      res.status(400)
         .json({ error: 'Unknown video `video channel` on this instance.' })
         .end()

      return false
    }

    res.locals.videoChannel = videoChannel
    return true
  }

  const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
  if (videoChannel === null) {
    res.status(400)
       .json({ error: 'Unknown video `video channel` for this account.' })
       .end()

    return false
  }

  res.locals.videoChannel = videoChannel
  return true
}

function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
  // Retrieve the user who did the request
  if (video.isOwned() === false) {
    res.status(403)
       .json({ error: 'Cannot manage a video of another server.' })
       .end()
    return false
  }

  // Check if the user can delete the video
  // The user can delete it if he has the right
  // Or if s/he is the video's account
  const account = video.VideoChannel.Account
  if (user.hasRight(right) === false && account.userId !== user.id) {
    res.status(403)
       .json({ error: 'Cannot manage a video of another user.' })
       .end()
    return false
  }

  return true
}

// ---------------------------------------------------------------------------

export {
  doesVideoChannelOfAccountExist,
  doesVideoExist,
  checkUserCanManageVideo
}
Commit	Line	Data
3e753302 C	1	import { Response } from 'express'
	2	import { fetchVideo, VideoFetchType } from '../video'
	3	import { UserModel } from '../../models/account/user'
	4	import { UserRight } from '../../../shared/models/users'
	5	import { VideoChannelModel } from '../../models/video/video-channel'
	6	import { VideoModel } from '../../models/video/video'
	7
	8	async function doesVideoExist (id: number \| string, res: Response, fetchType: VideoFetchType = 'all') {
	9	const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
	10
	11	const video = await fetchVideo(id, fetchType, userId)
	12
	13	if (video === null) {
	14	res.status(404)
	15	.json({ error: 'Video not found' })
	16	.end()
	17
	18	return false
	19	}
	20
	21	if (fetchType !== 'none') res.locals.video = video
	22	return true
	23	}
	24
	25	async function doesVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
	26	if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
	27	const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
	28	if (videoChannel === null) {
	29	res.status(400)
	30	.json({ error: 'Unknown video `video channel` on this instance.' })
	31	.end()
	32
	33	return false
	34	}
	35
	36	res.locals.videoChannel = videoChannel
	37	return true
	38	}
	39
	40	const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
	41	if (videoChannel === null) {
	42	res.status(400)
	43	.json({ error: 'Unknown video `video channel` for this account.' })
	44	.end()
	45
	46	return false
	47	}
	48
	49	res.locals.videoChannel = videoChannel
	50	return true
	51	}
	52
	53	function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
	54	// Retrieve the user who did the request
	55	if (video.isOwned() === false) {
	56	res.status(403)
	57	.json({ error: 'Cannot manage a video of another server.' })
	58	.end()
	59	return false
	60	}
	61
	62	// Check if the user can delete the video
	63	// The user can delete it if he has the right
	64	// Or if s/he is the video's account
65	const account = video.VideoChannel.Account
66	if (user.hasRight(right) === false && account.userId !== user.id) {
67	res.status(403)
68	.json({ error: 'Cannot manage a video of another user.' })
69	.end()
70	return false
71	}
72
73	return true
74	}
75
76	// ---------------------------------------------------------------------------
77
78	export {
79	doesVideoChannelOfAccountExist,
80	doesVideoExist,
81	checkUserCanManageVideo
82	}