import { UserRight, VideoPrivacy, VideoRateType } from '../../../shared'
import {
CONSTRAINTS_FIELDS,
+ VIDEO_ABUSE_STATES,
VIDEO_CATEGORIES,
VIDEO_LICENCES,
VIDEO_MIMETYPE_EXT,
import { exists, isArray, isFileValid } from './misc'
import { VideoChannelModel } from '../../models/video/video-channel'
import { UserModel } from '../../models/account/user'
+import * as magnetUtil from 'magnet-uri'
+import { VideoAbuseModel } from '../../models/video/video-abuse'
const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS
const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
)
}
-function isVideoAbuseReasonValid (value: string) {
- return exists(value) && validator.isLength(value, VIDEO_ABUSES_CONSTRAINTS_FIELDS.REASON)
-}
-
function isVideoViewsValid (value: string) {
return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.VIEWS)
}
)
}
-function isVideoFileInfoHashValid (value: string) {
+function isVideoFileInfoHashValid (value: string | null | undefined) {
return exists(value) && validator.isLength(value, VIDEOS_CONSTRAINTS_FIELDS.INFO_HASH)
}
return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.FILE_SIZE)
}
+function isVideoMagnetUriValid (value: string) {
+ if (!exists(value)) return false
+
+ const parsed = magnetUtil.decode(value)
+ return parsed && isVideoFileInfoHashValid(parsed.infoHash)
+}
+
+function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
+ // Retrieve the user who did the request
+ if (video.isOwned() === false) {
+ res.status(403)
+ .json({ error: 'Cannot manage a video of another server.' })
+ .end()
+ return false
+ }
+
+ // Check if the user can delete the video
+ // The user can delete it if he has the right
+ // Or if s/he is the video's account
+ const account = video.VideoChannel.Account
+ if (user.hasRight(right) === false && account.userId !== user.id) {
+ res.status(403)
+ .json({ error: 'Cannot manage a video of another user.' })
+ .end()
+ return false
+ }
+
+ return true
+}
+
async function isVideoExist (id: string, res: Response) {
- let video: VideoModel
+ let video: VideoModel | null
if (validator.isInt(id)) {
video = await VideoModel.loadAndPopulateAccountAndServerAndTags(+id)
video = await VideoModel.loadByUUIDAndPopulateAccountAndServerAndTags(id)
}
- if (!video) {
+ if (video === null) {
res.status(404)
.json({ error: 'Video not found' })
.end()
async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
- if (!videoChannel) {
+ if (videoChannel === null) {
res.status(400)
.json({ error: 'Unknown video video channel on this instance.' })
.end()
}
const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
- if (!videoChannel) {
+ if (videoChannel === null) {
res.status(400)
.json({ error: 'Unknown video video channel for this account.' })
.end()
export {
isVideoCategoryValid,
+ checkUserCanManageVideo,
isVideoLicenceValid,
isVideoLanguageValid,
isVideoTruncatedDescriptionValid,
isVideoTagsValid,
isVideoFPSResolutionValid,
isScheduleVideoUpdatePrivacyValid,
- isVideoAbuseReasonValid,
isVideoFile,
+ isVideoMagnetUriValid,
isVideoStateValid,
isVideoViewsValid,
isVideoRatingTypeValid,
projects / github / Chocobozzz / PeerTube.git / blobdiff