]>
Commit | Line | Data |
---|---|---|
795212f7 | 1 | import { Request, Response } from 'express' |
868fce62 | 2 | import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' |
795212f7 C |
3 | import { authenticatePromiseIfNeeded } from '@server/middlewares/auth' |
4 | import { VideoModel } from '@server/models/video/video' | |
10363c74 C |
5 | import { VideoChannelModel } from '@server/models/video/video-channel' |
6 | import { VideoFileModel } from '@server/models/video/video-file' | |
7eba5e1f C |
7 | import { |
8 | MUser, | |
9 | MUserAccountId, | |
795212f7 | 10 | MVideo, |
7eba5e1f | 11 | MVideoAccountLight, |
ca4b4b2e | 12 | MVideoFormattableDetails, |
7eba5e1f | 13 | MVideoFullLight, |
71d4af1e | 14 | MVideoId, |
7eba5e1f | 15 | MVideoImmutable, |
795212f7 C |
16 | MVideoThumbnail, |
17 | MVideoWithRights | |
26d6bf65 | 18 | } from '@server/types/models' |
4c7e60bc | 19 | import { HttpStatusCode, UserRight } from '@shared/models' |
3e753302 | 20 | |
868fce62 | 21 | async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') { |
3e753302 C |
22 | const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined |
23 | ||
868fce62 | 24 | const video = await loadVideo(id, fetchType, userId) |
3e753302 C |
25 | |
26 | if (video === null) { | |
76148b27 RK |
27 | res.fail({ |
28 | status: HttpStatusCode.NOT_FOUND_404, | |
29 | message: 'Video not found' | |
30 | }) | |
3e753302 C |
31 | return false |
32 | } | |
33 | ||
453e83ea | 34 | switch (fetchType) { |
ca4b4b2e C |
35 | case 'for-api': |
36 | res.locals.videoAPI = video as MVideoFormattableDetails | |
37 | break | |
38 | ||
453e83ea C |
39 | case 'all': |
40 | res.locals.videoAll = video as MVideoFullLight | |
41 | break | |
42 | ||
7eba5e1f C |
43 | case 'only-immutable-attributes': |
44 | res.locals.onlyImmutableVideo = video as MVideoImmutable | |
45 | break | |
46 | ||
453e83ea | 47 | case 'id': |
71d4af1e | 48 | res.locals.videoId = video as MVideoId |
453e83ea C |
49 | break |
50 | ||
51 | case 'only-video': | |
0283eaac | 52 | res.locals.onlyVideo = video as MVideoThumbnail |
453e83ea | 53 | break |
453e83ea C |
54 | } |
55 | ||
3e753302 C |
56 | return true |
57 | } | |
58 | ||
8319d6ae RK |
59 | async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) { |
60 | if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) { | |
76148b27 RK |
61 | res.fail({ |
62 | status: HttpStatusCode.NOT_FOUND_404, | |
63 | message: 'VideoFile matching Video not found' | |
64 | }) | |
8319d6ae RK |
65 | return false |
66 | } | |
67 | ||
68 | return true | |
69 | } | |
70 | ||
453e83ea | 71 | async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) { |
2cb03dc1 | 72 | const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId) |
3e753302 | 73 | |
2cb03dc1 | 74 | if (videoChannel === null) { |
76148b27 | 75 | res.fail({ message: 'Unknown video "video channel" for this instance.' }) |
2cb03dc1 C |
76 | return false |
77 | } | |
78 | ||
79 | // Don't check account id if the user can update any video | |
80 | if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) { | |
3e753302 C |
81 | res.locals.videoChannel = videoChannel |
82 | return true | |
83 | } | |
84 | ||
2cb03dc1 | 85 | if (videoChannel.Account.id !== user.Account.id) { |
76148b27 RK |
86 | res.fail({ |
87 | message: 'Unknown video "video channel" for this account.' | |
88 | }) | |
3e753302 C |
89 | return false |
90 | } | |
91 | ||
92 | res.locals.videoChannel = videoChannel | |
93 | return true | |
94 | } | |
95 | ||
795212f7 C |
96 | async function checkCanSeeVideoIfPrivate (req: Request, res: Response, video: MVideo, authenticateInQuery = false) { |
97 | if (!video.requiresAuth()) return true | |
98 | ||
99 | const videoWithRights = await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id) | |
100 | ||
101 | return checkCanSeePrivateVideo(req, res, videoWithRights, authenticateInQuery) | |
102 | } | |
103 | ||
104 | async function checkCanSeePrivateVideo (req: Request, res: Response, video: MVideoWithRights, authenticateInQuery = false) { | |
105 | await authenticatePromiseIfNeeded(req, res, authenticateInQuery) | |
106 | ||
107 | const user = res.locals.oauth ? res.locals.oauth.token.User : null | |
108 | ||
109 | // Only the owner or a user that have blocklist rights can see the video | |
110 | if (!user || !user.canGetVideo(video)) { | |
111 | return false | |
112 | } | |
113 | ||
114 | return true | |
115 | } | |
116 | ||
af4ae64f | 117 | function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) { |
3e753302 | 118 | // Retrieve the user who did the request |
af4ae64f | 119 | if (onlyOwned && video.isOwned() === false) { |
76148b27 RK |
120 | res.fail({ |
121 | status: HttpStatusCode.FORBIDDEN_403, | |
122 | message: 'Cannot manage a video of another server.' | |
123 | }) | |
3e753302 C |
124 | return false |
125 | } | |
126 | ||
127 | // Check if the user can delete the video | |
128 | // The user can delete it if he has the right | |
129 | // Or if s/he is the video's account | |
130 | const account = video.VideoChannel.Account | |
131 | if (user.hasRight(right) === false && account.userId !== user.id) { | |
76148b27 RK |
132 | res.fail({ |
133 | status: HttpStatusCode.FORBIDDEN_403, | |
134 | message: 'Cannot manage a video of another user.' | |
135 | }) | |
3e753302 C |
136 | return false |
137 | } | |
138 | ||
139 | return true | |
140 | } | |
141 | ||
142 | // --------------------------------------------------------------------------- | |
143 | ||
144 | export { | |
145 | doesVideoChannelOfAccountExist, | |
146 | doesVideoExist, | |
8319d6ae | 147 | doesVideoFileOfVideoExist, |
795212f7 C |
148 | checkUserCanManageVideo, |
149 | checkCanSeeVideoIfPrivate, | |
150 | checkCanSeePrivateVideo | |
3e753302 | 151 | } |