diff options
author | Chocobozzz <me@florianbigard.com> | 2018-05-16 11:33:11 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-05-17 10:55:49 +0200 |
commit | 6200d8d91710b03a72a27e35cbe6eed1e6cc8c62 (patch) | |
tree | ccd64f46009e45272d1a3426e206438cd5d50d4c | |
parent | a14d3b6b23816299dba2c5e1010ea8f6eb3d3289 (diff) | |
download | PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.gz PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.zst PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.zip |
Fix video channel update with an admin account
-rw-r--r-- | client/src/app/videos/+video-edit/video-add.component.ts | 1 | ||||
-rw-r--r-- | client/src/app/videos/+video-edit/video-update.component.ts | 20 | ||||
-rw-r--r-- | server/controllers/api/videos/index.ts | 2 | ||||
-rw-r--r-- | server/helpers/custom-validators/videos.ts | 21 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 8 | ||||
-rw-r--r-- | server/tests/api/check-params/videos.ts | 2 |
6 files changed, 38 insertions, 16 deletions
diff --git a/client/src/app/videos/+video-edit/video-add.component.ts b/client/src/app/videos/+video-edit/video-add.component.ts index 41d14573c..032504cea 100644 --- a/client/src/app/videos/+video-edit/video-add.component.ts +++ b/client/src/app/videos/+video-edit/video-add.component.ts | |||
@@ -219,7 +219,6 @@ export class VideoAddComponent extends FormReactive implements OnInit, OnDestroy | |||
219 | 219 | ||
220 | const video = new VideoEdit() | 220 | const video = new VideoEdit() |
221 | video.patch(this.form.value) | 221 | video.patch(this.form.value) |
222 | video.channelId = this.firstStepChannelId | ||
223 | video.id = this.videoUploadedIds.id | 222 | video.id = this.videoUploadedIds.id |
224 | video.uuid = this.videoUploadedIds.uuid | 223 | video.uuid = this.videoUploadedIds.uuid |
225 | 224 | ||
diff --git a/client/src/app/videos/+video-edit/video-update.component.ts b/client/src/app/videos/+video-edit/video-update.component.ts index b1d80bcaa..00c2ed3f1 100644 --- a/client/src/app/videos/+video-edit/video-update.component.ts +++ b/client/src/app/videos/+video-edit/video-update.component.ts | |||
@@ -11,7 +11,7 @@ import { FormReactive } from '../../shared' | |||
11 | import { ValidatorMessage } from '../../shared/forms/form-validators/validator-message' | 11 | import { ValidatorMessage } from '../../shared/forms/form-validators/validator-message' |
12 | import { VideoEdit } from '../../shared/video/video-edit.model' | 12 | import { VideoEdit } from '../../shared/video/video-edit.model' |
13 | import { VideoService } from '../../shared/video/video.service' | 13 | import { VideoService } from '../../shared/video/video.service' |
14 | import { populateAsyncUserVideoChannels } from '@app/shared/misc/utils' | 14 | import { VideoChannelService } from '@app/shared/video-channel/video-channel.service' |
15 | 15 | ||
16 | @Component({ | 16 | @Component({ |
17 | selector: 'my-videos-update', | 17 | selector: 'my-videos-update', |
@@ -36,7 +36,8 @@ export class VideoUpdateComponent extends FormReactive implements OnInit { | |||
36 | private serverService: ServerService, | 36 | private serverService: ServerService, |
37 | private videoService: VideoService, | 37 | private videoService: VideoService, |
38 | private authService: AuthService, | 38 | private authService: AuthService, |
39 | private loadingBar: LoadingBarService | 39 | private loadingBar: LoadingBarService, |
40 | private videoChannelService: VideoChannelService | ||
40 | ) { | 41 | ) { |
41 | super() | 42 | super() |
42 | } | 43 | } |
@@ -59,14 +60,21 @@ export class VideoUpdateComponent extends FormReactive implements OnInit { | |||
59 | return this.videoService | 60 | return this.videoService |
60 | .loadCompleteDescription(video.descriptionPath) | 61 | .loadCompleteDescription(video.descriptionPath) |
61 | .pipe(map(description => Object.assign(video, { description }))) | 62 | .pipe(map(description => Object.assign(video, { description }))) |
63 | }), | ||
64 | switchMap(video => { | ||
65 | return this.videoChannelService | ||
66 | .listAccountVideoChannels(video.account.id) | ||
67 | .pipe( | ||
68 | map(result => result.data), | ||
69 | map(videoChannels => videoChannels.map(c => ({ id: c.id, label: c.displayName }))), | ||
70 | map(videoChannels => ({ video, videoChannels })) | ||
71 | ) | ||
62 | }) | 72 | }) |
63 | ) | 73 | ) |
64 | .subscribe( | 74 | .subscribe( |
65 | video => { | 75 | ({ video, videoChannels }) => { |
66 | this.video = new VideoEdit(video) | 76 | this.video = new VideoEdit(video) |
67 | 77 | this.userVideoChannels = videoChannels | |
68 | populateAsyncUserVideoChannels(this.authService, this.userVideoChannels) | ||
69 | .catch(err => console.error(err)) | ||
70 | 78 | ||
71 | // We cannot set private a video that was not private | 79 | // We cannot set private a video that was not private |
72 | if (video.privacy.id !== VideoPrivacy.PRIVATE) { | 80 | if (video.privacy.id !== VideoPrivacy.PRIVATE) { |
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index bcf1eaee6..05fd79e67 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts | |||
@@ -341,7 +341,7 @@ async function updateVideo (req: express.Request, res: express.Response) { | |||
341 | 341 | ||
342 | // Video channel update? | 342 | // Video channel update? |
343 | if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) { | 343 | if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) { |
344 | await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel) | 344 | await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t }) |
345 | videoInstance.VideoChannel = res.locals.videoChannel | 345 | videoInstance.VideoChannel = res.locals.videoChannel |
346 | 346 | ||
347 | if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t) | 347 | if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t) |
diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts index 002324fe0..0c268a684 100644 --- a/server/helpers/custom-validators/videos.ts +++ b/server/helpers/custom-validators/videos.ts | |||
@@ -3,7 +3,7 @@ import 'express-validator' | |||
3 | import { values } from 'lodash' | 3 | import { values } from 'lodash' |
4 | import 'multer' | 4 | import 'multer' |
5 | import * as validator from 'validator' | 5 | import * as validator from 'validator' |
6 | import { VideoRateType } from '../../../shared' | 6 | import { UserRight, VideoRateType } from '../../../shared' |
7 | import { | 7 | import { |
8 | CONSTRAINTS_FIELDS, | 8 | CONSTRAINTS_FIELDS, |
9 | VIDEO_CATEGORIES, | 9 | VIDEO_CATEGORIES, |
@@ -15,6 +15,7 @@ import { | |||
15 | import { VideoModel } from '../../models/video/video' | 15 | import { VideoModel } from '../../models/video/video' |
16 | import { exists, isArray, isFileValid } from './misc' | 16 | import { exists, isArray, isFileValid } from './misc' |
17 | import { VideoChannelModel } from '../../models/video/video-channel' | 17 | import { VideoChannelModel } from '../../models/video/video-channel' |
18 | import { UserModel } from '../../models/account/user' | ||
18 | 19 | ||
19 | const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS | 20 | const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS |
20 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES | 21 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES |
@@ -127,8 +128,22 @@ async function isVideoExist (id: string, res: Response) { | |||
127 | return true | 128 | return true |
128 | } | 129 | } |
129 | 130 | ||
130 | async function isVideoChannelOfAccountExist (channelId: number, accountId: number, res: Response) { | 131 | async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) { |
131 | const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, accountId) | 132 | if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) { |
133 | const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId) | ||
134 | if (!videoChannel) { | ||
135 | res.status(400) | ||
136 | .json({ error: 'Unknown video video channel on this instance.' }) | ||
137 | .end() | ||
138 | |||
139 | return false | ||
140 | } | ||
141 | |||
142 | res.locals.videoChannel = videoChannel | ||
143 | return true | ||
144 | } | ||
145 | |||
146 | const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id) | ||
132 | if (!videoChannel) { | 147 | if (!videoChannel) { |
133 | res.status(400) | 148 | res.status(400) |
134 | .json({ error: 'Unknown video video channel for this account.' }) | 149 | .json({ error: 'Unknown video video channel for this account.' }) |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index dd0246a63..c5c45fe58 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -90,7 +90,7 @@ const videosAddValidator = [ | |||
90 | const videoFile: Express.Multer.File = req.files['videofile'][0] | 90 | const videoFile: Express.Multer.File = req.files['videofile'][0] |
91 | const user = res.locals.oauth.token.User | 91 | const user = res.locals.oauth.token.User |
92 | 92 | ||
93 | if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return | 93 | if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return |
94 | 94 | ||
95 | const isAble = await user.isAbleToUploadVideo(videoFile) | 95 | const isAble = await user.isAbleToUploadVideo(videoFile) |
96 | if (isAble === false) { | 96 | if (isAble === false) { |
@@ -193,7 +193,7 @@ const videosUpdateValidator = [ | |||
193 | .end() | 193 | .end() |
194 | } | 194 | } |
195 | 195 | ||
196 | if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return | 196 | if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return |
197 | 197 | ||
198 | return next() | 198 | return next() |
199 | } | 199 | } |
@@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use | |||
332 | // Retrieve the user who did the request | 332 | // Retrieve the user who did the request |
333 | if (video.isOwned() === false) { | 333 | if (video.isOwned() === false) { |
334 | res.status(403) | 334 | res.status(403) |
335 | .json({ error: 'Cannot remove video of another server, blacklist it' }) | 335 | .json({ error: 'Cannot manage a video of another server.' }) |
336 | .end() | 336 | .end() |
337 | return false | 337 | return false |
338 | } | 338 | } |
@@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use | |||
343 | const account = video.VideoChannel.Account | 343 | const account = video.VideoChannel.Account |
344 | if (user.hasRight(right) === false && account.userId !== user.id) { | 344 | if (user.hasRight(right) === false && account.userId !== user.id) { |
345 | res.status(403) | 345 | res.status(403) |
346 | .json({ error: 'Cannot remove video of another user' }) | 346 | .json({ error: 'Cannot manage a video of another user.' }) |
347 | .end() | 347 | .end() |
348 | return false | 348 | return false |
349 | } | 349 | } |
diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts index 33e815806..c81e9752e 100644 --- a/server/tests/api/check-params/videos.ts +++ b/server/tests/api/check-params/videos.ts | |||
@@ -280,7 +280,7 @@ describe('Test videos API validator', function () { | |||
280 | const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId }) | 280 | const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId }) |
281 | const attaches = baseCorrectAttaches | 281 | const attaches = baseCorrectAttaches |
282 | 282 | ||
283 | await makeUploadRequest({ url: server.url, path: path + '/upload', token: server.accessToken, fields, attaches }) | 283 | await makeUploadRequest({ url: server.url, path: path + '/upload', token: userAccessToken, fields, attaches }) |
284 | }) | 284 | }) |
285 | 285 | ||
286 | it('Should fail with too many tags', async function () { | 286 | it('Should fail with too many tags', async function () { |