X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fvideo-comments.ts;h=181282ce15df73cfb4e2b6bb92dc44ac11ee9b97;hb=fde37dc99c0ca43021ac3d1b3537f095ee6114b7;hp=38f0695039d323c5935051f284ae339204311395;hpb=298b3fd31529c047e87d34d397af3b08833bd8d0;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts
index 38f069503..181282ce1 100644
--- a/server/tests/api/check-params/video-comments.ts
+++ b/server/tests/api/check-params/video-comments.ts
@@ -29,6 +29,7 @@ describe('Test video comments API validator', function () {
   let server: ServerInfo
   let videoUUID: string
   let userAccessToken: string
+  let userAccessToken2: string
   let commentId: number
 
   // ---------------------------------------------------------------
@@ -53,13 +54,16 @@ describe('Test video comments API validator', function () {
     }
 
     {
-      const user = {
-        username: 'user1',
-        password: 'my super password'
-      }
+      const user = { username: 'user1', password: 'my super password' }
       await createUser({ url: server.url, accessToken: server.accessToken, username: user.username, password: user.password })
       userAccessToken = await userLogin(server, user)
     }
+
+    {
+      const user = { username: 'user2', password: 'my super password' }
+      await createUser({ url: server.url, accessToken: server.accessToken, username: user.username, password: user.password })
+      userAccessToken2 = await userLogin(server, user)
+    }
   })
 
   describe('When listing video comment threads', function () {
@@ -224,6 +228,40 @@ describe('Test video comments API validator', function () {
       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 404 })
     })
 
+    it('Should succeed with the same user', async function () {
+      let commentToDelete: number
+
+      {
+        const res = await addVideoCommentThread(server.url, userAccessToken, videoUUID, 'hello')
+        commentToDelete = res.body.comment.id
+      }
+
+      const path = '/api/v1/videos/' + videoUUID + '/comments/' + commentToDelete
+
+      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, statusCodeExpected: 403 })
+      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 204 })
+    })
+
+    it('Should succeed with the owner of the video', async function () {
+      let commentToDelete: number
+      let anotherVideoUUID: string
+
+      {
+        const res = await uploadVideo(server.url, userAccessToken, { name: 'video' })
+        anotherVideoUUID = res.body.video.uuid
+      }
+
+      {
+        const res = await addVideoCommentThread(server.url, server.accessToken, anotherVideoUUID, 'hello')
+        commentToDelete = res.body.comment.id
+      }
+
+      const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
+
+      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, statusCodeExpected: 403 })
+      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 204 })
+    })
+
     it('Should succeed with the correct parameters', async function () {
       await makeDeleteRequest({ url: server.url, path: pathComment, token: server.accessToken, statusCodeExpected: 204 })
     })