aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2021-01-20 23:39:51 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2021-01-21 00:16:34 +0100
commitf8aa0154b6638cee878db312918b03332d49e458 (patch)
tree5d4e50565d15ccbe76886b9774de068687d67bcb
parent18621fd63f1baf4198c8691e996c47151613eb39 (diff)
downloadPeerTube-f8aa0154b6638cee878db312918b03332d49e458.tar.gz
PeerTube-f8aa0154b6638cee878db312918b03332d49e458.tar.zst
PeerTube-f8aa0154b6638cee878db312918b03332d49e458.zip
Forbid video deletion or ownership change for non-admin
-rw-r--r--client/src/app/+my-library/my-videos/my-videos.component.html4
-rw-r--r--client/src/app/+my-library/my-videos/my-videos.component.ts10
-rw-r--r--client/src/app/shared/shared-main/video/video.model.ts2
-rw-r--r--server/controllers/api/videos/index.ts3
4 files changed, 4 insertions, 15 deletions
diff --git a/client/src/app/+my-library/my-videos/my-videos.component.html b/client/src/app/+my-library/my-videos/my-videos.component.html
index 977f7b03b..7f9fc9de8 100644
--- a/client/src/app/+my-library/my-videos/my-videos.component.html
+++ b/client/src/app/+my-library/my-videos/my-videos.component.html
@@ -38,10 +38,6 @@
38 #videosSelection 38 #videosSelection
39> 39>
40 <ng-template ptTemplate="globalButtons"> 40 <ng-template ptTemplate="globalButtons">
41 <span class="action-button action-button-delete-selection" (click)="deleteSelectedVideos()">
42 <my-global-icon iconName="delete" aria-hidden="true"></my-global-icon>
43 <ng-container i18n>Delete</ng-container>
44 </span>
45 </ng-template> 41 </ng-template>
46 42
47 <ng-template ptTemplate="rowButtons" let-video> 43 <ng-template ptTemplate="rowButtons" let-video>
diff --git a/client/src/app/+my-library/my-videos/my-videos.component.ts b/client/src/app/+my-library/my-videos/my-videos.component.ts
index e89bb12e1..990f85693 100644
--- a/client/src/app/+my-library/my-videos/my-videos.component.ts
+++ b/client/src/app/+my-library/my-videos/my-videos.component.ts
@@ -162,16 +162,6 @@ export class MyVideosComponent implements OnInit, DisableForReuseHook {
162 handler: ({ video }) => this.displayLiveInformation(video), 162 handler: ({ video }) => this.displayLiveInformation(video),
163 isDisplayed: ({ video }) => video.isLive, 163 isDisplayed: ({ video }) => video.isLive,
164 iconName: 'live' 164 iconName: 'live'
165 },
166 {
167 label: $localize`Change ownership`,
168 handler: ({ video }) => this.changeOwnership(video),
169 iconName: 'ownership-change'
170 },
171 {
172 label: $localize`Delete`,
173 handler: ({ video }) => this.deleteVideo(video),
174 iconName: 'delete'
175 } 165 }
176 ] 166 ]
177 } 167 }
diff --git a/client/src/app/shared/shared-main/video/video.model.ts b/client/src/app/shared/shared-main/video/video.model.ts
index adb6e884f..d51dfbc6d 100644
--- a/client/src/app/shared/shared-main/video/video.model.ts
+++ b/client/src/app/shared/shared-main/video/video.model.ts
@@ -180,7 +180,7 @@ export class Video implements VideoServerModel {
180 } 180 }
181 181
182 isRemovableBy (user: AuthUser) { 182 isRemovableBy (user: AuthUser) {
183 return user && this.isLocal === true && (this.account.name === user.username || user.hasRight(UserRight.REMOVE_ANY_VIDEO)) 183 return user && this.isLocal === true && user.hasRight(UserRight.REMOVE_ANY_VIDEO)
184 } 184 }
185 185
186 isBlockableBy (user: AuthUser) { 186 isBlockableBy (user: AuthUser) {
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts
index e1c775180..1cbefc3e5 100644
--- a/server/controllers/api/videos/index.ts
+++ b/server/controllers/api/videos/index.ts
@@ -41,6 +41,7 @@ import {
41 asyncMiddleware, 41 asyncMiddleware,
42 asyncRetryTransactionMiddleware, 42 asyncRetryTransactionMiddleware,
43 authenticate, 43 authenticate,
44 ensureUserHasRight,
44 checkVideoFollowConstraints, 45 checkVideoFollowConstraints,
45 commonVideosFiltersValidator, 46 commonVideosFiltersValidator,
46 optionalAuthenticate, 47 optionalAuthenticate,
@@ -56,6 +57,7 @@ import {
56 videosUpdateValidator 57 videosUpdateValidator
57} from '../../../middlewares' 58} from '../../../middlewares'
58import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' 59import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update'
60import { UserRight } from '../../../../shared'
59import { VideoModel } from '../../../models/video/video' 61import { VideoModel } from '../../../models/video/video'
60import { VideoFileModel } from '../../../models/video/video-file' 62import { VideoFileModel } from '../../../models/video/video-file'
61import { blacklistRouter } from './blacklist' 63import { blacklistRouter } from './blacklist'
@@ -146,6 +148,7 @@ videosRouter.post('/:id/views',
146 148
147videosRouter.delete('/:id', 149videosRouter.delete('/:id',
148 authenticate, 150 authenticate,
151 ensureUserHasRight(UserRight.REMOVE_ANY_VIDEO),
149 asyncMiddleware(videosRemoveValidator), 152 asyncMiddleware(videosRemoveValidator),
150 asyncRetryTransactionMiddleware(removeVideo) 153 asyncRetryTransactionMiddleware(removeVideo)
151) 154)