X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos%2Fvideo-rates.ts;h=923bf3eaf9fe02da1ede9e845015a9a71f020afd;hb=6ea9295b8f5dd7cc254202a79aad61c666cc4259;hp=5d5dfb2227c5b18807d16e99655e9a2e17857f09;hpb=cf21b2cbef61929177b9c09b5e017c3b7eb8535d;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 5d5dfb222..923bf3eaf 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts @@ -1,6 +1,6 @@ -import * as express from 'express' +import express from 'express' import { body, param, query } from 'express-validator' -import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' +import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' import { VideoRateType } from '../../../../shared/models/videos' import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' import { isIdValid } from '../../../helpers/custom-validators/misc' @@ -8,7 +8,7 @@ import { isRatingValid } from '../../../helpers/custom-validators/video-rates' import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' import { logger } from '../../../helpers/logger' import { AccountVideoRateModel } from '../../../models/account/account-video-rate' -import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' +import { areValidationErrors, checkCanSeeVideoIfPrivate, doesVideoExist, isValidVideoIdParam } from '../shared' const videoUpdateRateValidator = [ isValidVideoIdParam('id'), @@ -21,6 +21,13 @@ const videoUpdateRateValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.id, res)) return + if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) { + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot access to this ressource' + }) + } + return next() } ]