]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/middlewares/validators/video-comments.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add ability to delete comments
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / video-comments.ts
diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts
index ade0b7b9fb440596e603ce63ea6167eeece07c0d..63804da30ac49746a43f943976dffb4a187a3d07 100644 (file)
--- a/server/middlewares/validators/video-comments.ts
+++ b/server/middlewares/validators/video-comments.ts
@@ -1,9 +1,11 @@
 import * as express from 'express'
 import { body, param } from 'express-validator/check'
+import { UserRight } from '../../../shared'
 import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
 import { isValidVideoCommentText } from '../../helpers/custom-validators/video-comments'
 import { isVideoExist } from '../../helpers/custom-validators/videos'
 import { logger } from '../../helpers/logger'
+import { UserModel } from '../../models/account/user'
 import { VideoModel } from '../../models/video/video'
 import { VideoCommentModel } from '../../models/video/video-comment'
 import { areValidationErrors } from './utils'
@@ -83,6 +85,24 @@ const videoCommentGetValidator = [
   }
 ]
 
+const removeVideoCommentValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+
+    // Check if the user who did the request is able to delete the video
+    if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return
+
+    return next()
+  }
+]
+
 // ---------------------------------------------------------------------------
 
 export {
@@ -90,7 +110,8 @@ export {
   listVideoThreadCommentsValidator,
   addVideoCommentThreadValidator,
   addVideoCommentReplyValidator,
-  videoCommentGetValidator
+  videoCommentGetValidator,
+  removeVideoCommentValidator
 }
 
 // ---------------------------------------------------------------------------
@@ -160,3 +181,15 @@ function isVideoCommentsEnabled (video: VideoModel, res: express.Response) {
 
   return true
 }
+
+function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) {
+  const account = videoComment.Account
+  if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) {
+    res.status(403)
+      .json({ error: 'Cannot remove video comment of another user' })
+      .end()
+    return false
+  }
+
+  return true
+}
ActivityPub-federated video streaming platform using P2P directly in your web browser