X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fcustom-validators%2Fvideos.ts;h=b5cb126d9d3367984623937fb2befe1eef9b5c76;hb=f4001cf408a99049d01a356bfb20a62342de06ea;hp=0c268a68425e1cb7dbf42b0f19bc993fabefcd6e;hpb=6200d8d91710b03a72a27e35cbe6eed1e6cc8c62;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts
index 0c268a684..b5cb126d9 100644
--- a/server/helpers/custom-validators/videos.ts
+++ b/server/helpers/custom-validators/videos.ts
@@ -3,14 +3,15 @@ import 'express-validator'
 import { values } from 'lodash'
 import 'multer'
 import * as validator from 'validator'
-import { UserRight, VideoRateType } from '../../../shared'
+import { UserRight, VideoPrivacy, VideoRateType } from '../../../shared'
 import {
   CONSTRAINTS_FIELDS,
   VIDEO_CATEGORIES,
-  VIDEO_LANGUAGES,
-  VIDEO_LICENCES, VIDEO_MIMETYPE_EXT,
+  VIDEO_LICENCES,
+  VIDEO_MIMETYPE_EXT,
   VIDEO_PRIVACIES,
-  VIDEO_RATE_TYPES
+  VIDEO_RATE_TYPES,
+  VIDEO_STATES
 } from '../../initializers'
 import { VideoModel } from '../../models/video/video'
 import { exists, isArray, isFileValid } from './misc'
@@ -21,11 +22,15 @@ const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS
 const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
 
 function isVideoCategoryValid (value: any) {
-  return value === null || VIDEO_CATEGORIES[value] !== undefined
+  return value === null || VIDEO_CATEGORIES[ value ] !== undefined
+}
+
+function isVideoStateValid (value: any) {
+  return exists(value) && VIDEO_STATES[ value ] !== undefined
 }
 
 function isVideoLicenceValid (value: any) {
-  return value === null || VIDEO_LICENCES[value] !== undefined
+  return value === null || VIDEO_LICENCES[ value ] !== undefined
 }
 
 function isVideoLanguageValid (value: any) {
@@ -79,20 +84,30 @@ function isVideoRatingTypeValid (value: string) {
 
 const videoFileTypes = Object.keys(VIDEO_MIMETYPE_EXT).map(m => `(${m})`)
 const videoFileTypesRegex = videoFileTypes.join('|')
+
 function isVideoFile (files: { [ fieldname: string ]: Express.Multer.File[] } | Express.Multer.File[]) {
-  return isFileValid(files, videoFileTypesRegex, 'videofile')
+  return isFileValid(files, videoFileTypesRegex, 'videofile', null)
 }
 
 const videoImageTypes = CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME
-  .map(v => v.replace('.', ''))
-  .join('|')
+                                          .map(v => v.replace('.', ''))
+                                          .join('|')
 const videoImageTypesRegex = `image/(${videoImageTypes})`
+
 function isVideoImage (files: { [ fieldname: string ]: Express.Multer.File[] } | Express.Multer.File[], field: string) {
-  return isFileValid(files, videoImageTypesRegex, field, true)
+  return isFileValid(files, videoImageTypesRegex, field, CONSTRAINTS_FIELDS.VIDEOS.IMAGE.FILE_SIZE.max, true)
+}
+
+function isVideoPrivacyValid (value: number) {
+  return validator.isInt(value + '') && VIDEO_PRIVACIES[ value ] !== undefined
 }
 
-function isVideoPrivacyValid (value: string) {
-  return validator.isInt(value + '') && VIDEO_PRIVACIES[value] !== undefined
+function isScheduleVideoUpdatePrivacyValid (value: number) {
+  return validator.isInt(value + '') &&
+    (
+      value === VideoPrivacy.UNLISTED ||
+      value === VideoPrivacy.PUBLIC
+    )
 }
 
 function isVideoFileInfoHashValid (value: string) {
@@ -103,10 +118,37 @@ function isVideoFileResolutionValid (value: string) {
   return exists(value) && validator.isInt(value + '')
 }
 
+function isVideoFPSResolutionValid (value: string) {
+  return value === null || validator.isInt(value + '')
+}
+
 function isVideoFileSizeValid (value: string) {
   return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.FILE_SIZE)
 }
 
+function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
+  // Retrieve the user who did the request
+  if (video.isOwned() === false) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another server.' })
+       .end()
+    return false
+  }
+
+  // Check if the user can delete the video
+  // The user can delete it if he has the right
+  // Or if s/he is the video's account
+  const account = video.VideoChannel.Account
+  if (user.hasRight(right) === false && account.userId !== user.id) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another user.' })
+       .end()
+    return false
+  }
+
+  return true
+}
+
 async function isVideoExist (id: string, res: Response) {
   let video: VideoModel
 
@@ -118,8 +160,8 @@ async function isVideoExist (id: string, res: Response) {
 
   if (!video) {
     res.status(404)
-      .json({ error: 'Video not found' })
-      .end()
+       .json({ error: 'Video not found' })
+       .end()
 
     return false
   }
@@ -160,6 +202,7 @@ async function isVideoChannelOfAccountExist (channelId: number, user: UserModel,
 
 export {
   isVideoCategoryValid,
+  checkUserCanManageVideo,
   isVideoLicenceValid,
   isVideoLanguageValid,
   isVideoTruncatedDescriptionValid,
@@ -167,8 +210,11 @@ export {
   isVideoFileInfoHashValid,
   isVideoNameValid,
   isVideoTagsValid,
+  isVideoFPSResolutionValid,
+  isScheduleVideoUpdatePrivacyValid,
   isVideoAbuseReasonValid,
   isVideoFile,
+  isVideoStateValid,
   isVideoViewsValid,
   isVideoRatingTypeValid,
   isVideoDurationValid,