diff options
author | Chocobozzz <me@florianbigard.com> | 2018-04-25 10:21:38 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-04-25 13:50:48 +0200 |
commit | 6b738c7a31591a83fdcd9c78b6b1f98e543c378b (patch) | |
tree | db771d0e99e9ff27570885fe2a6f58a7c1948fbc /server/middlewares/validators | |
parent | 48dce1c90dff4e90a4bcffefaecf157336cf904b (diff) | |
download | PeerTube-6b738c7a31591a83fdcd9c78b6b1f98e543c378b.tar.gz PeerTube-6b738c7a31591a83fdcd9c78b6b1f98e543c378b.tar.zst PeerTube-6b738c7a31591a83fdcd9c78b6b1f98e543c378b.zip |
Video channel API routes refractor
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/video-channels.ts | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index e3a11a41b..9e6f459cf 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts | |||
@@ -11,6 +11,7 @@ import { logger } from '../../helpers/logger' | |||
11 | import { UserModel } from '../../models/account/user' | 11 | import { UserModel } from '../../models/account/user' |
12 | import { VideoChannelModel } from '../../models/video/video-channel' | 12 | import { VideoChannelModel } from '../../models/video/video-channel' |
13 | import { areValidationErrors } from './utils' | 13 | import { areValidationErrors } from './utils' |
14 | import { AccountModel } from '../../models/account/account' | ||
14 | 15 | ||
15 | const listVideoAccountChannelsValidator = [ | 16 | const listVideoAccountChannelsValidator = [ |
16 | param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'), | 17 | param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'), |
@@ -53,6 +54,7 @@ const videoChannelsUpdateValidator = [ | |||
53 | if (areValidationErrors(req, res)) return | 54 | if (areValidationErrors(req, res)) return |
54 | if (!await isAccountIdExist(req.params.accountId, res)) return | 55 | if (!await isAccountIdExist(req.params.accountId, res)) return |
55 | if (!await isVideoChannelExist(req.params.id, res)) return | 56 | if (!await isVideoChannelExist(req.params.id, res)) return |
57 | if (!checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return | ||
56 | 58 | ||
57 | // We need to make additional checks | 59 | // We need to make additional checks |
58 | if (res.locals.videoChannel.Actor.isOwned() === false) { | 60 | if (res.locals.videoChannel.Actor.isOwned() === false) { |
@@ -82,6 +84,7 @@ const videoChannelsRemoveValidator = [ | |||
82 | if (!await isAccountIdExist(req.params.accountId, res)) return | 84 | if (!await isAccountIdExist(req.params.accountId, res)) return |
83 | if (!await isVideoChannelExist(req.params.id, res)) return | 85 | if (!await isVideoChannelExist(req.params.id, res)) return |
84 | 86 | ||
87 | if (!checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return | ||
85 | // Check if the user who did the request is able to delete the video | 88 | // Check if the user who did the request is able to delete the video |
86 | if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return | 89 | if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return |
87 | if (!await checkVideoChannelIsNotTheLastOne(res)) return | 90 | if (!await checkVideoChannelIsNotTheLastOne(res)) return |
@@ -98,10 +101,13 @@ const videoChannelsGetValidator = [ | |||
98 | logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) | 101 | logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) |
99 | 102 | ||
100 | if (areValidationErrors(req, res)) return | 103 | if (areValidationErrors(req, res)) return |
104 | |||
101 | // On some routes, accountId is optional (for example in the ActivityPub route) | 105 | // On some routes, accountId is optional (for example in the ActivityPub route) |
102 | if (req.params.accountId && !await isAccountIdExist(req.params.accountId, res)) return | 106 | if (req.params.accountId && !await isAccountIdExist(req.params.accountId, res)) return |
103 | if (!await isVideoChannelExist(req.params.id, res)) return | 107 | if (!await isVideoChannelExist(req.params.id, res)) return |
104 | 108 | ||
109 | if (res.locals.account && !checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return | ||
110 | |||
105 | return next() | 111 | return next() |
106 | } | 112 | } |
107 | ] | 113 | ] |
@@ -154,3 +160,15 @@ async function checkVideoChannelIsNotTheLastOne (res: express.Response) { | |||
154 | 160 | ||
155 | return true | 161 | return true |
156 | } | 162 | } |
163 | |||
164 | function checkAccountOwnsVideoChannel (account: AccountModel, videoChannel: VideoChannelModel, res: express.Response) { | ||
165 | if (videoChannel.Account.id !== account.id) { | ||
166 | res.status(400) | ||
167 | .json({ error: 'This account does not own this video channel' }) | ||
168 | .end() | ||
169 | |||
170 | return false | ||
171 | } | ||
172 | |||
173 | return true | ||
174 | } | ||