X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fvideos.ts;h=e5c9b90c40651aafd2da5dd6ebe85898078dbc1f;hb=fd3c2e87051f5029cdec39d877b576a62f48e219;hp=3b2607eed2931c6d7314cd8721691946e2d78942;hpb=bf54587a3e2ad9c2c186828f2a5682b91ee2cc00;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts
index 3b2607eed..e5c9b90c4 100644
--- a/server/tests/api/check-params/videos.ts
+++ b/server/tests/api/check-params/videos.ts
@@ -4,12 +4,10 @@ import 'mocha'
 import * as chai from 'chai'
 import { omit } from 'lodash'
 import { join } from 'path'
-import { randomInt } from '@shared/core-utils'
+import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination, checkUploadVideoParam } from '@server/tests/shared'
+import { randomInt, root } from '@shared/core-utils'
+import { HttpStatusCode, PeerTubeProblemDocument, VideoCreateResult, VideoPrivacy } from '@shared/models'
 import {
-  checkBadCountPagination,
-  checkBadSortPagination,
-  checkBadStartPagination,
-  checkUploadVideoParam,
   cleanupTests,
   createSingleServer,
   makeDeleteRequest,
@@ -17,10 +15,8 @@ import {
   makePutBodyRequest,
   makeUploadRequest,
   PeerTubeServer,
-  root,
   setAccessTokensToServers
 } from '@shared/server-commands'
-import { HttpStatusCode, PeerTubeProblemDocument, VideoCreateResult, VideoPrivacy } from '@shared/models'
 
 const expect = chai.expect
 
@@ -32,6 +28,7 @@ describe('Test videos API validator', function () {
   let channelId: number
   let channelName: string
   let video: VideoCreateResult
+  let privateVideo: VideoCreateResult
 
   // ---------------------------------------------------------------
 
@@ -42,10 +39,7 @@ describe('Test videos API validator', function () {
 
     await setAccessTokensToServers([ server ])
 
-    const username = 'user1'
-    const password = 'my super password'
-    await server.users.create({ username: username, password: password })
-    userAccessToken = await server.login.getAccessToken({ username, password })
+    userAccessToken = await server.users.generateUserAndToken('user1')
 
     {
       const body = await server.users.getMyInfo()
@@ -53,6 +47,10 @@ describe('Test videos API validator', function () {
       channelName = body.videoChannels[0].name
       accountName = body.account.name + '@' + body.account.host
     }
+
+    {
+      privateVideo = await server.videos.quickUpload({ name: 'private video', privacy: VideoPrivacy.PRIVATE })
+    }
   })
 
   describe('When listing videos', function () {
@@ -207,7 +205,7 @@ describe('Test videos API validator', function () {
         support: 'my super support text',
         tags: [ 'tag1', 'tag2' ],
         privacy: VideoPrivacy.PUBLIC,
-        channelId: channelId,
+        channelId,
         originallyPublishedAt: new Date().toISOString()
       }
     })
@@ -787,6 +785,19 @@ describe('Test videos API validator', function () {
       await makePutBodyRequest({ url: server.url, path: path + videoId + '/rate', token: server.accessToken, fields })
     })
 
+    it('Should fail with a private video of another user', async function () {
+      const fields = {
+        rating: 'like'
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + privateVideo.uuid + '/rate',
+        token: userAccessToken,
+        fields,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+
     it('Should succeed with the correct parameters', async function () {
       const fields = {
         rating: 'like'