PeerTubeServer,
setAccessTokensToServers
} from '@shared/extra-utils'
-import { HttpStatusCode, VideoCreateResult } from '@shared/models'
+import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
const expect = chai.expect
let userAccessToken: string
let userAccessToken2: string
let commentId: number
+ let privateCommentId: number
+ let privateVideo: VideoCreateResult
// ---------------------------------------------------------------
pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
}
+ {
+ privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
+ }
+
{
const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
commentId = created.id
pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
}
+ {
+ const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
+ privateCommentId = created.id
+ }
+
{
const user = { username: 'user1', password: 'my super password' }
await server.users.create({ username: user.username, password: user.password })
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
+
+ it('Should fail with a private video without token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+ expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+ })
+ })
+
+ it('Should fail with another user token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: userAccessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: server.accessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+ expectedStatus: HttpStatusCode.OK_200
+ })
+ })
})
describe('When listing comments of a thread', function () {
})
})
+ it('Should fail with a private video without token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+ expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+ })
+ })
+
+ it('Should fail with another user token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: userAccessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
+ })
+ })
+
it('Should success with the correct params', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: server.accessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+ expectedStatus: HttpStatusCode.OK_200
+ })
+
await makeGetRequest({
url: server.url,
path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
projects / github / Chocobozzz / PeerTube.git / blobdiff