diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-01-20 23:39:51 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-01-21 00:16:34 +0100 |
commit | f8aa0154b6638cee878db312918b03332d49e458 (patch) | |
tree | 5d4e50565d15ccbe76886b9774de068687d67bcb | |
parent | 18621fd63f1baf4198c8691e996c47151613eb39 (diff) | |
download | PeerTube-f8aa0154b6638cee878db312918b03332d49e458.tar.gz PeerTube-f8aa0154b6638cee878db312918b03332d49e458.tar.zst PeerTube-f8aa0154b6638cee878db312918b03332d49e458.zip |
Forbid video deletion or ownership change for non-admin
4 files changed, 4 insertions, 15 deletions
diff --git a/client/src/app/+my-library/my-videos/my-videos.component.html b/client/src/app/+my-library/my-videos/my-videos.component.html index 977f7b03b..7f9fc9de8 100644 --- a/client/src/app/+my-library/my-videos/my-videos.component.html +++ b/client/src/app/+my-library/my-videos/my-videos.component.html | |||
@@ -38,10 +38,6 @@ | |||
38 | #videosSelection | 38 | #videosSelection |
39 | > | 39 | > |
40 | <ng-template ptTemplate="globalButtons"> | 40 | <ng-template ptTemplate="globalButtons"> |
41 | <span class="action-button action-button-delete-selection" (click)="deleteSelectedVideos()"> | ||
42 | <my-global-icon iconName="delete" aria-hidden="true"></my-global-icon> | ||
43 | <ng-container i18n>Delete</ng-container> | ||
44 | </span> | ||
45 | </ng-template> | 41 | </ng-template> |
46 | 42 | ||
47 | <ng-template ptTemplate="rowButtons" let-video> | 43 | <ng-template ptTemplate="rowButtons" let-video> |
diff --git a/client/src/app/+my-library/my-videos/my-videos.component.ts b/client/src/app/+my-library/my-videos/my-videos.component.ts index e89bb12e1..990f85693 100644 --- a/client/src/app/+my-library/my-videos/my-videos.component.ts +++ b/client/src/app/+my-library/my-videos/my-videos.component.ts | |||
@@ -162,16 +162,6 @@ export class MyVideosComponent implements OnInit, DisableForReuseHook { | |||
162 | handler: ({ video }) => this.displayLiveInformation(video), | 162 | handler: ({ video }) => this.displayLiveInformation(video), |
163 | isDisplayed: ({ video }) => video.isLive, | 163 | isDisplayed: ({ video }) => video.isLive, |
164 | iconName: 'live' | 164 | iconName: 'live' |
165 | }, | ||
166 | { | ||
167 | label: $localize`Change ownership`, | ||
168 | handler: ({ video }) => this.changeOwnership(video), | ||
169 | iconName: 'ownership-change' | ||
170 | }, | ||
171 | { | ||
172 | label: $localize`Delete`, | ||
173 | handler: ({ video }) => this.deleteVideo(video), | ||
174 | iconName: 'delete' | ||
175 | } | 165 | } |
176 | ] | 166 | ] |
177 | } | 167 | } |
diff --git a/client/src/app/shared/shared-main/video/video.model.ts b/client/src/app/shared/shared-main/video/video.model.ts index adb6e884f..d51dfbc6d 100644 --- a/client/src/app/shared/shared-main/video/video.model.ts +++ b/client/src/app/shared/shared-main/video/video.model.ts | |||
@@ -180,7 +180,7 @@ export class Video implements VideoServerModel { | |||
180 | } | 180 | } |
181 | 181 | ||
182 | isRemovableBy (user: AuthUser) { | 182 | isRemovableBy (user: AuthUser) { |
183 | return user && this.isLocal === true && (this.account.name === user.username || user.hasRight(UserRight.REMOVE_ANY_VIDEO)) | 183 | return user && this.isLocal === true && user.hasRight(UserRight.REMOVE_ANY_VIDEO) |
184 | } | 184 | } |
185 | 185 | ||
186 | isBlockableBy (user: AuthUser) { | 186 | isBlockableBy (user: AuthUser) { |
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index e1c775180..1cbefc3e5 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts | |||
@@ -41,6 +41,7 @@ import { | |||
41 | asyncMiddleware, | 41 | asyncMiddleware, |
42 | asyncRetryTransactionMiddleware, | 42 | asyncRetryTransactionMiddleware, |
43 | authenticate, | 43 | authenticate, |
44 | ensureUserHasRight, | ||
44 | checkVideoFollowConstraints, | 45 | checkVideoFollowConstraints, |
45 | commonVideosFiltersValidator, | 46 | commonVideosFiltersValidator, |
46 | optionalAuthenticate, | 47 | optionalAuthenticate, |
@@ -56,6 +57,7 @@ import { | |||
56 | videosUpdateValidator | 57 | videosUpdateValidator |
57 | } from '../../../middlewares' | 58 | } from '../../../middlewares' |
58 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' | 59 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' |
60 | import { UserRight } from '../../../../shared' | ||
59 | import { VideoModel } from '../../../models/video/video' | 61 | import { VideoModel } from '../../../models/video/video' |
60 | import { VideoFileModel } from '../../../models/video/video-file' | 62 | import { VideoFileModel } from '../../../models/video/video-file' |
61 | import { blacklistRouter } from './blacklist' | 63 | import { blacklistRouter } from './blacklist' |
@@ -146,6 +148,7 @@ videosRouter.post('/:id/views', | |||
146 | 148 | ||
147 | videosRouter.delete('/:id', | 149 | videosRouter.delete('/:id', |
148 | authenticate, | 150 | authenticate, |
151 | ensureUserHasRight(UserRight.REMOVE_ANY_VIDEO), | ||
149 | asyncMiddleware(videosRemoveValidator), | 152 | asyncMiddleware(videosRemoveValidator), |
150 | asyncRetryTransactionMiddleware(removeVideo) | 153 | asyncRetryTransactionMiddleware(removeVideo) |
151 | ) | 154 | ) |