X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fshared%2Fvideos.ts;h=e3a98c58f9d85640bfc4b9cb3c500a3e3cde81ee;hb=4fae2b1f300c1f027629569817262f60873a663a;hp=39aab6df7207aae0bf24c1c37dcef2132076b717;hpb=ff9d43f62a4f4737c5bfe955883b48c5440f323a;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index 39aab6df7..e3a98c58f 100644
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -2,7 +2,7 @@ import { Request, Response } from 'express'
 import { isUUIDValid } from '@server/helpers/custom-validators/misc'
 import { loadVideo, VideoLoadType } from '@server/lib/model-loaders'
 import { isAbleToUploadVideo } from '@server/lib/user'
-import { authenticatePromiseIfNeeded } from '@server/middlewares/auth'
+import { authenticatePromise } from '@server/middlewares/auth'
 import { VideoModel } from '@server/models/video/video'
 import { VideoChannelModel } from '@server/models/video/video-channel'
 import { VideoFileModel } from '@server/models/video/video-file'
@@ -137,14 +137,14 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
     return false
   }
 
-  await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
+  await authenticatePromise(req, res, authenticateInQuery)
 
   const user = res.locals.oauth?.token.User
   if (!user) return fail()
 
   const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId
     ? video as MVideoWithRights
-    : await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id)
+    : await VideoModel.loadFull(video.id)
 
   const privacy = videoWithRights.privacy
 
@@ -154,14 +154,15 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
   }
 
   const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id
-  if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) {
-    if (isOwnedByUser && user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true
+
+  if (videoWithRights.isBlacklisted()) {
+    if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true
 
     return fail()
   }
 
-  if (videoWithRights.isBlacklisted()) {
-    if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true
+  if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) {
+    if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true
 
     return fail()
   }