X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fcustom-validators%2Fvideos.ts;h=338c96582e49f13750a0dfb6b02275ba8f02018f;hb=fbad87b0472f574409f7aa3ae7f8b54927d0cdd6;hp=8496e679aad708c31d2f046c4ad52685ff213c56;hpb=2186386cca113506791583cb07d6ccacba7af4e0;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts
index 8496e679a..338c96582 100644
--- a/server/helpers/custom-validators/videos.ts
+++ b/server/helpers/custom-validators/videos.ts
@@ -3,7 +3,7 @@ import 'express-validator'
 import { values } from 'lodash'
 import 'multer'
 import * as validator from 'validator'
-import { UserRight, VideoRateType } from '../../../shared'
+import { UserRight, VideoPrivacy, VideoRateType } from '../../../shared'
 import {
   CONSTRAINTS_FIELDS,
   VIDEO_CATEGORIES,
@@ -86,7 +86,7 @@ const videoFileTypes = Object.keys(VIDEO_MIMETYPE_EXT).map(m => `(${m})`)
 const videoFileTypesRegex = videoFileTypes.join('|')
 
 function isVideoFile (files: { [ fieldname: string ]: Express.Multer.File[] } | Express.Multer.File[]) {
-  return isFileValid(files, videoFileTypesRegex, 'videofile')
+  return isFileValid(files, videoFileTypesRegex, 'videofile', null)
 }
 
 const videoImageTypes = CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME
@@ -95,14 +95,22 @@ const videoImageTypes = CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME
 const videoImageTypesRegex = `image/(${videoImageTypes})`
 
 function isVideoImage (files: { [ fieldname: string ]: Express.Multer.File[] } | Express.Multer.File[], field: string) {
-  return isFileValid(files, videoImageTypesRegex, field, true)
+  return isFileValid(files, videoImageTypesRegex, field, CONSTRAINTS_FIELDS.VIDEOS.IMAGE.FILE_SIZE.max, true)
 }
 
-function isVideoPrivacyValid (value: string) {
+function isVideoPrivacyValid (value: number) {
   return validator.isInt(value + '') && VIDEO_PRIVACIES[ value ] !== undefined
 }
 
-function isVideoFileInfoHashValid (value: string) {
+function isScheduleVideoUpdatePrivacyValid (value: number) {
+  return validator.isInt(value + '') &&
+    (
+      value === VideoPrivacy.UNLISTED ||
+      value === VideoPrivacy.PUBLIC
+    )
+}
+
+function isVideoFileInfoHashValid (value: string | null | undefined) {
   return exists(value) && validator.isLength(value, VIDEOS_CONSTRAINTS_FIELDS.INFO_HASH)
 }
 
@@ -110,12 +118,39 @@ function isVideoFileResolutionValid (value: string) {
   return exists(value) && validator.isInt(value + '')
 }
 
+function isVideoFPSResolutionValid (value: string) {
+  return value === null || validator.isInt(value + '')
+}
+
 function isVideoFileSizeValid (value: string) {
   return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.FILE_SIZE)
 }
 
+function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
+  // Retrieve the user who did the request
+  if (video.isOwned() === false) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another server.' })
+       .end()
+    return false
+  }
+
+  // Check if the user can delete the video
+  // The user can delete it if he has the right
+  // Or if s/he is the video's account
+  const account = video.VideoChannel.Account
+  if (user.hasRight(right) === false && account.userId !== user.id) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another user.' })
+       .end()
+    return false
+  }
+
+  return true
+}
+
 async function isVideoExist (id: string, res: Response) {
-  let video: VideoModel
+  let video: VideoModel | null
 
   if (validator.isInt(id)) {
     video = await VideoModel.loadAndPopulateAccountAndServerAndTags(+id)
@@ -123,7 +158,7 @@ async function isVideoExist (id: string, res: Response) {
     video = await VideoModel.loadByUUIDAndPopulateAccountAndServerAndTags(id)
   }
 
-  if (!video) {
+  if (video === null) {
     res.status(404)
        .json({ error: 'Video not found' })
        .end()
@@ -138,7 +173,7 @@ async function isVideoExist (id: string, res: Response) {
 async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
   if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
     const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
-    if (!videoChannel) {
+    if (videoChannel === null) {
       res.status(400)
          .json({ error: 'Unknown video video channel on this instance.' })
          .end()
@@ -151,7 +186,7 @@ async function isVideoChannelOfAccountExist (channelId: number, user: UserModel,
   }
 
   const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
-  if (!videoChannel) {
+  if (videoChannel === null) {
     res.status(400)
        .json({ error: 'Unknown video video channel for this account.' })
        .end()
@@ -167,6 +202,7 @@ async function isVideoChannelOfAccountExist (channelId: number, user: UserModel,
 
 export {
   isVideoCategoryValid,
+  checkUserCanManageVideo,
   isVideoLicenceValid,
   isVideoLanguageValid,
   isVideoTruncatedDescriptionValid,
@@ -174,6 +210,8 @@ export {
   isVideoFileInfoHashValid,
   isVideoNameValid,
   isVideoTagsValid,
+  isVideoFPSResolutionValid,
+  isScheduleVideoUpdatePrivacyValid,
   isVideoAbuseReasonValid,
   isVideoFile,
   isVideoStateValid,