aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-05-16 11:33:11 +0200
committerChocobozzz <me@florianbigard.com>2018-05-17 10:55:49 +0200
commit6200d8d91710b03a72a27e35cbe6eed1e6cc8c62 (patch)
treeccd64f46009e45272d1a3426e206438cd5d50d4c
parenta14d3b6b23816299dba2c5e1010ea8f6eb3d3289 (diff)
downloadPeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.gz
PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.zst
PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.zip
Fix video channel update with an admin account
-rw-r--r--client/src/app/videos/+video-edit/video-add.component.ts1
-rw-r--r--client/src/app/videos/+video-edit/video-update.component.ts20
-rw-r--r--server/controllers/api/videos/index.ts2
-rw-r--r--server/helpers/custom-validators/videos.ts21
-rw-r--r--server/middlewares/validators/videos.ts8
-rw-r--r--server/tests/api/check-params/videos.ts2
6 files changed, 38 insertions, 16 deletions
diff --git a/client/src/app/videos/+video-edit/video-add.component.ts b/client/src/app/videos/+video-edit/video-add.component.ts
index 41d14573c..032504cea 100644
--- a/client/src/app/videos/+video-edit/video-add.component.ts
+++ b/client/src/app/videos/+video-edit/video-add.component.ts
@@ -219,7 +219,6 @@ export class VideoAddComponent extends FormReactive implements OnInit, OnDestroy
219 219
220 const video = new VideoEdit() 220 const video = new VideoEdit()
221 video.patch(this.form.value) 221 video.patch(this.form.value)
222 video.channelId = this.firstStepChannelId
223 video.id = this.videoUploadedIds.id 222 video.id = this.videoUploadedIds.id
224 video.uuid = this.videoUploadedIds.uuid 223 video.uuid = this.videoUploadedIds.uuid
225 224
diff --git a/client/src/app/videos/+video-edit/video-update.component.ts b/client/src/app/videos/+video-edit/video-update.component.ts
index b1d80bcaa..00c2ed3f1 100644
--- a/client/src/app/videos/+video-edit/video-update.component.ts
+++ b/client/src/app/videos/+video-edit/video-update.component.ts
@@ -11,7 +11,7 @@ import { FormReactive } from '../../shared'
11import { ValidatorMessage } from '../../shared/forms/form-validators/validator-message' 11import { ValidatorMessage } from '../../shared/forms/form-validators/validator-message'
12import { VideoEdit } from '../../shared/video/video-edit.model' 12import { VideoEdit } from '../../shared/video/video-edit.model'
13import { VideoService } from '../../shared/video/video.service' 13import { VideoService } from '../../shared/video/video.service'
14import { populateAsyncUserVideoChannels } from '@app/shared/misc/utils' 14import { VideoChannelService } from '@app/shared/video-channel/video-channel.service'
15 15
16@Component({ 16@Component({
17 selector: 'my-videos-update', 17 selector: 'my-videos-update',
@@ -36,7 +36,8 @@ export class VideoUpdateComponent extends FormReactive implements OnInit {
36 private serverService: ServerService, 36 private serverService: ServerService,
37 private videoService: VideoService, 37 private videoService: VideoService,
38 private authService: AuthService, 38 private authService: AuthService,
39 private loadingBar: LoadingBarService 39 private loadingBar: LoadingBarService,
40 private videoChannelService: VideoChannelService
40 ) { 41 ) {
41 super() 42 super()
42 } 43 }
@@ -59,14 +60,21 @@ export class VideoUpdateComponent extends FormReactive implements OnInit {
59 return this.videoService 60 return this.videoService
60 .loadCompleteDescription(video.descriptionPath) 61 .loadCompleteDescription(video.descriptionPath)
61 .pipe(map(description => Object.assign(video, { description }))) 62 .pipe(map(description => Object.assign(video, { description })))
63 }),
64 switchMap(video => {
65 return this.videoChannelService
66 .listAccountVideoChannels(video.account.id)
67 .pipe(
68 map(result => result.data),
69 map(videoChannels => videoChannels.map(c => ({ id: c.id, label: c.displayName }))),
70 map(videoChannels => ({ video, videoChannels }))
71 )
62 }) 72 })
63 ) 73 )
64 .subscribe( 74 .subscribe(
65 video => { 75 ({ video, videoChannels }) => {
66 this.video = new VideoEdit(video) 76 this.video = new VideoEdit(video)
67 77 this.userVideoChannels = videoChannels
68 populateAsyncUserVideoChannels(this.authService, this.userVideoChannels)
69 .catch(err => console.error(err))
70 78
71 // We cannot set private a video that was not private 79 // We cannot set private a video that was not private
72 if (video.privacy.id !== VideoPrivacy.PRIVATE) { 80 if (video.privacy.id !== VideoPrivacy.PRIVATE) {
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts
index bcf1eaee6..05fd79e67 100644
--- a/server/controllers/api/videos/index.ts
+++ b/server/controllers/api/videos/index.ts
@@ -341,7 +341,7 @@ async function updateVideo (req: express.Request, res: express.Response) {
341 341
342 // Video channel update? 342 // Video channel update?
343 if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) { 343 if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) {
344 await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel) 344 await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t })
345 videoInstance.VideoChannel = res.locals.videoChannel 345 videoInstance.VideoChannel = res.locals.videoChannel
346 346
347 if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t) 347 if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t)
diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts
index 002324fe0..0c268a684 100644
--- a/server/helpers/custom-validators/videos.ts
+++ b/server/helpers/custom-validators/videos.ts
@@ -3,7 +3,7 @@ import 'express-validator'
3import { values } from 'lodash' 3import { values } from 'lodash'
4import 'multer' 4import 'multer'
5import * as validator from 'validator' 5import * as validator from 'validator'
6import { VideoRateType } from '../../../shared' 6import { UserRight, VideoRateType } from '../../../shared'
7import { 7import {
8 CONSTRAINTS_FIELDS, 8 CONSTRAINTS_FIELDS,
9 VIDEO_CATEGORIES, 9 VIDEO_CATEGORIES,
@@ -15,6 +15,7 @@ import {
15import { VideoModel } from '../../models/video/video' 15import { VideoModel } from '../../models/video/video'
16import { exists, isArray, isFileValid } from './misc' 16import { exists, isArray, isFileValid } from './misc'
17import { VideoChannelModel } from '../../models/video/video-channel' 17import { VideoChannelModel } from '../../models/video/video-channel'
18import { UserModel } from '../../models/account/user'
18 19
19const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS 20const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS
20const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES 21const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
@@ -127,8 +128,22 @@ async function isVideoExist (id: string, res: Response) {
127 return true 128 return true
128} 129}
129 130
130async function isVideoChannelOfAccountExist (channelId: number, accountId: number, res: Response) { 131async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
131 const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, accountId) 132 if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
133 const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
134 if (!videoChannel) {
135 res.status(400)
136 .json({ error: 'Unknown video video channel on this instance.' })
137 .end()
138
139 return false
140 }
141
142 res.locals.videoChannel = videoChannel
143 return true
144 }
145
146 const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
132 if (!videoChannel) { 147 if (!videoChannel) {
133 res.status(400) 148 res.status(400)
134 .json({ error: 'Unknown video video channel for this account.' }) 149 .json({ error: 'Unknown video video channel for this account.' })
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index dd0246a63..c5c45fe58 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -90,7 +90,7 @@ const videosAddValidator = [
90 const videoFile: Express.Multer.File = req.files['videofile'][0] 90 const videoFile: Express.Multer.File = req.files['videofile'][0]
91 const user = res.locals.oauth.token.User 91 const user = res.locals.oauth.token.User
92 92
93 if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return 93 if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
94 94
95 const isAble = await user.isAbleToUploadVideo(videoFile) 95 const isAble = await user.isAbleToUploadVideo(videoFile)
96 if (isAble === false) { 96 if (isAble === false) {
@@ -193,7 +193,7 @@ const videosUpdateValidator = [
193 .end() 193 .end()
194 } 194 }
195 195
196 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return 196 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
197 197
198 return next() 198 return next()
199 } 199 }
@@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
332 // Retrieve the user who did the request 332 // Retrieve the user who did the request
333 if (video.isOwned() === false) { 333 if (video.isOwned() === false) {
334 res.status(403) 334 res.status(403)
335 .json({ error: 'Cannot remove video of another server, blacklist it' }) 335 .json({ error: 'Cannot manage a video of another server.' })
336 .end() 336 .end()
337 return false 337 return false
338 } 338 }
@@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
343 const account = video.VideoChannel.Account 343 const account = video.VideoChannel.Account
344 if (user.hasRight(right) === false && account.userId !== user.id) { 344 if (user.hasRight(right) === false && account.userId !== user.id) {
345 res.status(403) 345 res.status(403)
346 .json({ error: 'Cannot remove video of another user' }) 346 .json({ error: 'Cannot manage a video of another user.' })
347 .end() 347 .end()
348 return false 348 return false
349 } 349 }
diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts
index 33e815806..c81e9752e 100644
--- a/server/tests/api/check-params/videos.ts
+++ b/server/tests/api/check-params/videos.ts
@@ -280,7 +280,7 @@ describe('Test videos API validator', function () {
280 const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId }) 280 const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId })
281 const attaches = baseCorrectAttaches 281 const attaches = baseCorrectAttaches
282 282
283 await makeUploadRequest({ url: server.url, path: path + '/upload', token: server.accessToken, fields, attaches }) 283 await makeUploadRequest({ url: server.url, path: path + '/upload', token: userAccessToken, fields, attaches })
284 }) 284 })
285 285
286 it('Should fail with too many tags', async function () { 286 it('Should fail with too many tags', async function () {