diff options
author | Chocobozzz <me@florianbigard.com> | 2021-06-28 11:54:40 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2021-06-28 11:54:40 +0200 |
commit | 21b5c2982ff93bc67d5dd4c04db352a3f96608b0 (patch) | |
tree | 7d07f1dc83782b8eb06ff960456a154a1a2d92d0 /server/middlewares/validators/videos/videos.ts | |
parent | 50cb778ee6c55e318331ff80a91e891751ab5c73 (diff) | |
download | PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.tar.gz PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.tar.zst PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.zip |
Fix ownership change with a live video
Diffstat (limited to 'server/middlewares/validators/videos/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 80 |
1 files changed, 1 insertions, 79 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 2bed5f181..8201e80c3 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -5,9 +5,8 @@ import { isAbleToUploadVideo } from '@server/lib/user' | |||
5 | import { getServerActor } from '@server/models/application/application' | 5 | import { getServerActor } from '@server/models/application/application' |
6 | import { ExpressPromiseHandler } from '@server/types/express' | 6 | import { ExpressPromiseHandler } from '@server/types/express' |
7 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' | 7 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' |
8 | import { ServerErrorCode, UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared' | 8 | import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' |
9 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 9 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
10 | import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/change-ownership/video-change-ownership-accept.model' | ||
11 | import { | 10 | import { |
12 | exists, | 11 | exists, |
13 | isBooleanValid, | 12 | isBooleanValid, |
@@ -22,7 +21,6 @@ import { | |||
22 | toValueOrNull | 21 | toValueOrNull |
23 | } from '../../../helpers/custom-validators/misc' | 22 | } from '../../../helpers/custom-validators/misc' |
24 | import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' | 23 | import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' |
25 | import { checkUserCanTerminateOwnershipChange } from '../../../helpers/custom-validators/video-ownership' | ||
26 | import { | 24 | import { |
27 | isScheduleVideoUpdatePrivacyValid, | 25 | isScheduleVideoUpdatePrivacyValid, |
28 | isVideoCategoryValid, | 26 | isVideoCategoryValid, |
@@ -48,13 +46,11 @@ import { CONFIG } from '../../../initializers/config' | |||
48 | import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants' | 46 | import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants' |
49 | import { isLocalVideoAccepted } from '../../../lib/moderation' | 47 | import { isLocalVideoAccepted } from '../../../lib/moderation' |
50 | import { Hooks } from '../../../lib/plugins/hooks' | 48 | import { Hooks } from '../../../lib/plugins/hooks' |
51 | import { AccountModel } from '../../../models/account/account' | ||
52 | import { VideoModel } from '../../../models/video/video' | 49 | import { VideoModel } from '../../../models/video/video' |
53 | import { authenticatePromiseIfNeeded } from '../../auth' | 50 | import { authenticatePromiseIfNeeded } from '../../auth' |
54 | import { | 51 | import { |
55 | areValidationErrors, | 52 | areValidationErrors, |
56 | checkUserCanManageVideo, | 53 | checkUserCanManageVideo, |
57 | doesChangeVideoOwnershipExist, | ||
58 | doesVideoChannelOfAccountExist, | 54 | doesVideoChannelOfAccountExist, |
59 | doesVideoExist, | 55 | doesVideoExist, |
60 | doesVideoFileOfVideoExist | 56 | doesVideoFileOfVideoExist |
@@ -342,76 +338,6 @@ const videosRemoveValidator = [ | |||
342 | } | 338 | } |
343 | ] | 339 | ] |
344 | 340 | ||
345 | const videosChangeOwnershipValidator = [ | ||
346 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
347 | |||
348 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
349 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
350 | |||
351 | if (areValidationErrors(req, res)) return | ||
352 | if (!await doesVideoExist(req.params.videoId, res)) return | ||
353 | |||
354 | // Check if the user who did the request is able to change the ownership of the video | ||
355 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return | ||
356 | |||
357 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) | ||
358 | if (!nextOwner) { | ||
359 | res.fail({ message: 'Changing video ownership to a remote account is not supported yet' }) | ||
360 | return | ||
361 | } | ||
362 | |||
363 | res.locals.nextOwner = nextOwner | ||
364 | return next() | ||
365 | } | ||
366 | ] | ||
367 | |||
368 | const videosTerminateChangeOwnershipValidator = [ | ||
369 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
370 | |||
371 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
372 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
373 | |||
374 | if (areValidationErrors(req, res)) return | ||
375 | if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return | ||
376 | |||
377 | // Check if the user who did the request is able to change the ownership of the video | ||
378 | if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return | ||
379 | |||
380 | const videoChangeOwnership = res.locals.videoChangeOwnership | ||
381 | |||
382 | if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { | ||
383 | res.fail({ | ||
384 | status: HttpStatusCode.FORBIDDEN_403, | ||
385 | message: 'Ownership already accepted or refused' | ||
386 | }) | ||
387 | return | ||
388 | } | ||
389 | |||
390 | return next() | ||
391 | } | ||
392 | ] | ||
393 | |||
394 | const videosAcceptChangeOwnershipValidator = [ | ||
395 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
396 | const body = req.body as VideoChangeOwnershipAccept | ||
397 | if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return | ||
398 | |||
399 | const user = res.locals.oauth.token.User | ||
400 | const videoChangeOwnership = res.locals.videoChangeOwnership | ||
401 | const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size) | ||
402 | if (isAble === false) { | ||
403 | res.fail({ | ||
404 | status: HttpStatusCode.PAYLOAD_TOO_LARGE_413, | ||
405 | message: 'The user video quota is exceeded with this video.', | ||
406 | type: ServerErrorCode.QUOTA_REACHED | ||
407 | }) | ||
408 | return | ||
409 | } | ||
410 | |||
411 | return next() | ||
412 | } | ||
413 | ] | ||
414 | |||
415 | const videosOverviewValidator = [ | 341 | const videosOverviewValidator = [ |
416 | query('page') | 342 | query('page') |
417 | .optional() | 343 | .optional() |
@@ -578,10 +504,6 @@ export { | |||
578 | videosCustomGetValidator, | 504 | videosCustomGetValidator, |
579 | videosRemoveValidator, | 505 | videosRemoveValidator, |
580 | 506 | ||
581 | videosChangeOwnershipValidator, | ||
582 | videosTerminateChangeOwnershipValidator, | ||
583 | videosAcceptChangeOwnershipValidator, | ||
584 | |||
585 | getCommonVideoEditAttributes, | 507 | getCommonVideoEditAttributes, |
586 | 508 | ||
587 | commonVideosFiltersValidator, | 509 | commonVideosFiltersValidator, |