X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideo-comments.ts;h=227bc1fca8f5bd798aeb2818e43f0e671680995a;hb=fd4484f19eae8b0a0c30d5d30e98880c8708516a;hp=ade0b7b9fb440596e603ce63ea6167eeece07c0d;hpb=47564bbe2eeb2baae9b7e3f9b2b8d16522bc7e04;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts index ade0b7b9f..227bc1fca 100644 --- a/server/middlewares/validators/video-comments.ts +++ b/server/middlewares/validators/video-comments.ts @@ -1,9 +1,11 @@ import * as express from 'express' import { body, param } from 'express-validator/check' +import { UserRight } from '../../../shared' import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' import { isValidVideoCommentText } from '../../helpers/custom-validators/video-comments' import { isVideoExist } from '../../helpers/custom-validators/videos' import { logger } from '../../helpers/logger' +import { UserModel } from '../../models/account/user' import { VideoModel } from '../../models/video/video' import { VideoCommentModel } from '../../models/video/video-comment' import { areValidationErrors } from './utils' @@ -41,7 +43,7 @@ const addVideoCommentThreadValidator = [ body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params }) + logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) if (areValidationErrors(req, res)) return if (!await isVideoExist(req.params.videoId, res)) return @@ -57,7 +59,7 @@ const addVideoCommentReplyValidator = [ body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params }) + logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) if (areValidationErrors(req, res)) return if (!await isVideoExist(req.params.videoId, res)) return @@ -83,6 +85,24 @@ const videoCommentGetValidator = [ } ] +const removeVideoCommentValidator = [ + param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) + + if (areValidationErrors(req, res)) return + if (!await isVideoExist(req.params.videoId, res)) return + if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return + + // Check if the user who did the request is able to delete the video + if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return + + return next() + } +] + // --------------------------------------------------------------------------- export { @@ -90,7 +110,8 @@ export { listVideoThreadCommentsValidator, addVideoCommentThreadValidator, addVideoCommentReplyValidator, - videoCommentGetValidator + videoCommentGetValidator, + removeVideoCommentValidator } // --------------------------------------------------------------------------- @@ -160,3 +181,15 @@ function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { return true } + +function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) { + const account = videoComment.Account + if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) { + res.status(403) + .json({ error: 'Cannot remove video comment of another user' }) + .end() + return false + } + + return true +}