-import * as express from 'express'
+import express from 'express'
import { body, param, query } from 'express-validator'
import { MUserAccountUrl } from '@server/types/models'
import { UserRight } from '../../../../shared'
import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
import { Hooks } from '../../../lib/plugins/hooks'
import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
-import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist, isValidVideoIdParam } from '../shared'
+import {
+ areValidationErrors,
+ checkCanSeeVideoIfPrivate,
+ doesVideoCommentExist,
+ doesVideoCommentThreadExist,
+ doesVideoExist,
+ isValidVideoIdParam
+} from '../shared'
const listVideoCommentsValidator = [
query('isLocal')
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
+ if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot list comments of private/internal/blocklisted video'
+ })
+ }
+
return next()
}
]
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
+ if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot list threads of private/internal/blocklisted video'
+ })
+ }
+
return next()
}
]
projects / github / Chocobozzz / PeerTube.git / blobdiff