]>
Commit | Line | Data |
---|---|---|
72c7248b C |
1 | import { body, param } from 'express-validator/check' |
2 | import * as express from 'express' | |
3 | ||
4 | import { checkErrors } from './utils' | |
5 | import { database as db } from '../../initializers' | |
6 | import { | |
7 | logger, | |
8 | isIdOrUUIDValid, | |
9 | isVideoChannelDescriptionValid, | |
10 | isVideoChannelNameValid, | |
11 | checkVideoChannelExists, | |
12 | checkVideoAuthorExists | |
13 | } from '../../helpers' | |
14 | ||
15 | const listVideoAuthorChannelsValidator = [ | |
16 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), | |
17 | ||
18 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
19 | logger.debug('Checking listVideoAuthorChannelsValidator parameters', { parameters: req.body }) | |
20 | ||
21 | checkErrors(req, res, () => { | |
22 | checkVideoAuthorExists(req.params.authorId, res, next) | |
23 | }) | |
24 | } | |
25 | ] | |
26 | ||
27 | const videoChannelsAddValidator = [ | |
28 | body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'), | |
29 | body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), | |
30 | ||
31 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
32 | logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body }) | |
33 | ||
34 | checkErrors(req, res, next) | |
35 | } | |
36 | ] | |
37 | ||
38 | const videoChannelsUpdateValidator = [ | |
39 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | |
40 | body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'), | |
41 | body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), | |
42 | ||
43 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
44 | logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body }) | |
45 | ||
46 | checkErrors(req, res, () => { | |
47 | checkVideoChannelExists(req.params.id, res, () => { | |
48 | // We need to make additional checks | |
49 | if (res.locals.videoChannel.isOwned() === false) { | |
50 | return res.status(403) | |
51 | .json({ error: 'Cannot update video channel of another pod' }) | |
52 | .end() | |
53 | } | |
54 | ||
55 | if (res.locals.videoChannel.Author.userId !== res.locals.oauth.token.User.id) { | |
56 | return res.status(403) | |
57 | .json({ error: 'Cannot update video channel of another user' }) | |
58 | .end() | |
59 | } | |
60 | ||
61 | next() | |
62 | }) | |
63 | }) | |
64 | } | |
65 | ] | |
66 | ||
67 | const videoChannelsRemoveValidator = [ | |
68 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | |
69 | ||
70 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
71 | logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params }) | |
72 | ||
73 | checkErrors(req, res, () => { | |
74 | checkVideoChannelExists(req.params.id, res, () => { | |
75 | // Check if the user who did the request is able to delete the video | |
76 | checkUserCanDeleteVideoChannel(res, () => { | |
77 | checkVideoChannelIsNotTheLastOne(res, next) | |
78 | }) | |
79 | }) | |
80 | }) | |
81 | } | |
82 | ] | |
83 | ||
84 | const videoChannelGetValidator = [ | |
85 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | |
86 | ||
87 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
88 | logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) | |
89 | ||
90 | checkErrors(req, res, () => { | |
91 | checkVideoChannelExists(req.params.id, res, next) | |
92 | }) | |
93 | } | |
94 | ] | |
95 | ||
96 | // --------------------------------------------------------------------------- | |
97 | ||
98 | export { | |
99 | listVideoAuthorChannelsValidator, | |
100 | videoChannelsAddValidator, | |
101 | videoChannelsUpdateValidator, | |
102 | videoChannelsRemoveValidator, | |
103 | videoChannelGetValidator | |
104 | } | |
105 | ||
106 | // --------------------------------------------------------------------------- | |
107 | ||
108 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { | |
109 | const user = res.locals.oauth.token.User | |
110 | ||
111 | // Retrieve the user who did the request | |
112 | if (res.locals.videoChannel.isOwned() === false) { | |
113 | return res.status(403) | |
114 | .json({ error: 'Cannot remove video channel of another pod.' }) | |
115 | .end() | |
116 | } | |
117 | ||
118 | // Check if the user can delete the video channel | |
119 | // The user can delete it if s/he is an admin | |
120 | // Or if s/he is the video channel's author | |
121 | if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { | |
122 | return res.status(403) | |
123 | .json({ error: 'Cannot remove video channel of another user' }) | |
124 | .end() | |
125 | } | |
126 | ||
127 | // If we reach this comment, we can delete the video | |
128 | callback() | |
129 | } | |
130 | ||
131 | function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) { | |
132 | db.VideoChannel.countByAuthor(res.locals.oauth.token.User.Author.id) | |
133 | .then(count => { | |
134 | if (count <= 1) { | |
135 | return res.status(409) | |
136 | .json({ error: 'Cannot remove the last channel of this user' }) | |
137 | .end() | |
138 | } | |
139 | ||
140 | callback() | |
141 | }) | |
142 | } |