import * as express from 'express'
-import { body, param } from 'express-validator/check'
+import { body, param, query } from 'express-validator'
+import { MUserAccountUrl } from '@server/types/models'
import { UserRight } from '../../../../shared'
-import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc'
-import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
+import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
+import {
+ doesVideoCommentExist,
+ doesVideoCommentThreadExist,
+ isValidVideoCommentText
+} from '../../../helpers/custom-validators/video-comments'
import { logger } from '../../../helpers/logger'
-import { UserModel } from '../../../models/account/user'
-import { VideoModel } from '../../../models/video/video'
-import { VideoCommentModel } from '../../../models/video/video-comment'
-import { areValidationErrors } from '../utils'
-import { Hooks } from '../../../lib/plugins/hooks'
-import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation'
import { doesVideoExist } from '../../../helpers/middlewares'
+import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
+import { Hooks } from '../../../lib/plugins/hooks'
+import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
+import { areValidationErrors } from '../utils'
+import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
+
+const listVideoCommentsValidator = [
+ query('isLocal')
+ .optional()
+ .customSanitizer(toBooleanOrNull)
+ .custom(isBooleanValid)
+ .withMessage('Should have a valid is local boolean'),
+
+ query('search')
+ .optional()
+ .custom(exists).withMessage('Should have a valid search'),
+
+ query('searchAccount')
+ .optional()
+ .custom(exists).withMessage('Should have a valid account search'),
+
+ query('searchVideo')
+ .optional()
+ .custom(exists).withMessage('Should have a valid video search'),
+
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking listVideoCommentsValidator parameters.', { parameters: req.query })
+
+ if (areValidationErrors(req, res)) return
+
+ return next()
+ }
+]
const listVideoCommentThreadsValidator = [
param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
- if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return
+ if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
return next()
}
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res)) return
- if (!isVideoCommentsEnabled(res.locals.video, res)) return
- if (!await isVideoCommentAccepted(req, res, false)) return
+ if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
+ if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
return next()
}
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res)) return
- if (!isVideoCommentsEnabled(res.locals.video, res)) return
- if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
- if (!await isVideoCommentAccepted(req, res, true)) return
+ if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
+ if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
+ if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return
return next()
}
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res, 'id')) return
- if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+ if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return
return next()
}
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res)) return
- if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+ if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
// Check if the user who did the request is able to delete the video
- if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return
+ if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return
return next()
}
listVideoCommentThreadsValidator,
listVideoThreadCommentsValidator,
addVideoCommentThreadValidator,
+ listVideoCommentsValidator,
addVideoCommentReplyValidator,
videoCommentGetValidator,
removeVideoCommentValidator
// ---------------------------------------------------------------------------
-async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: express.Response) {
- const videoComment = await VideoCommentModel.loadById(id)
-
- if (!videoComment) {
- res.status(404)
- .json({ error: 'Video comment thread not found' })
- .end()
-
- return false
- }
-
- if (videoComment.videoId !== video.id) {
- res.status(400)
- .json({ error: 'Video comment is associated to this video.' })
- .end()
-
- return false
- }
-
- if (videoComment.inReplyToCommentId !== null) {
- res.status(400)
- .json({ error: 'Video comment is not a thread.' })
- .end()
-
- return false
- }
-
- res.locals.videoCommentThread = videoComment
- return true
-}
-
-async function doesVideoCommentExist (id: number, video: VideoModel, res: express.Response) {
- const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id)
-
- if (!videoComment) {
- res.status(404)
- .json({ error: 'Video comment thread not found' })
- .end()
-
- return false
- }
-
- if (videoComment.videoId !== video.id) {
- res.status(400)
- .json({ error: 'Video comment is associated to this video.' })
- .end()
+function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
+ if (video.commentsEnabled !== true) {
+ res.status(HttpStatusCode.CONFLICT_409)
+ .json({ error: 'Video comments are disabled for this video.' })
return false
}
- res.locals.videoComment = videoComment
return true
}
-function isVideoCommentsEnabled (video: VideoModel, res: express.Response) {
- if (video.commentsEnabled !== true) {
- res.status(409)
- .json({ error: 'Video comments are disabled for this video.' })
- .end()
+function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) {
+ if (videoComment.isDeleted()) {
+ res.status(HttpStatusCode.CONFLICT_409)
+ .json({ error: 'This comment is already deleted' })
return false
}
- return true
-}
+ const userAccount = user.Account
-function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) {
- const account = videoComment.Account
- if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) {
- res.status(403)
+ if (
+ user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator
+ videoComment.accountId !== userAccount.id && // Not the comment owner
+ videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner
+ ) {
+ res.status(HttpStatusCode.FORBIDDEN_403)
.json({ error: 'Cannot remove video comment of another user' })
- .end()
+
return false
}
return true
}
-async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) {
+async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) {
const acceptParameters = {
- video: res.locals.video,
+ video,
commentBody: req.body,
user: res.locals.oauth.token.User
}
let acceptedResult: AcceptResult
if (isReply) {
- const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment })
+ const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull })
acceptedResult = await Hooks.wrapFun(
isLocalVideoCommentReplyAccepted,
if (!acceptedResult || acceptedResult.accepted !== true) {
logger.info('Refused local comment.', { acceptedResult, acceptParameters })
- res.status(403)
- .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
+ res.status(HttpStatusCode.FORBIDDEN_403)
+ .json({ error: acceptedResult?.errorMessage || 'Refused local comment' })
return false
}
projects / github / Chocobozzz / PeerTube.git / blobdiff