diff options
author | Chocobozzz <me@florianbigard.com> | 2019-02-28 11:14:26 +0100 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2019-03-18 11:17:59 +0100 |
commit | 07b1a18aa678d260009a93e36606c5c5f585723d (patch) | |
tree | 27a399fa0f7a29a7ac1d7d7cf077a24ea6ee39de /server/middlewares/validators | |
parent | 418d092afa81e2c8fe8ac6838fc4b5eb0af6a782 (diff) | |
download | PeerTube-07b1a18aa678d260009a93e36606c5c5f585723d.tar.gz PeerTube-07b1a18aa678d260009a93e36606c5c5f585723d.tar.zst PeerTube-07b1a18aa678d260009a93e36606c5c5f585723d.zip |
Add playlist check param tests
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/videos/video-playlists.ts | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index ef8d0b851..0e97c8dc0 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts | |||
@@ -6,7 +6,7 @@ import { UserModel } from '../../../models/account/user' | |||
6 | import { areValidationErrors } from '../utils' | 6 | import { areValidationErrors } from '../utils' |
7 | import { isVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos' | 7 | import { isVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos' |
8 | import { CONSTRAINTS_FIELDS } from '../../../initializers' | 8 | import { CONSTRAINTS_FIELDS } from '../../../initializers' |
9 | import { isIdOrUUIDValid, toValueOrNull } from '../../../helpers/custom-validators/misc' | 9 | import { isIdOrUUIDValid, isUUIDValid, toValueOrNull } from '../../../helpers/custom-validators/misc' |
10 | import { | 10 | import { |
11 | isVideoPlaylistDescriptionValid, | 11 | isVideoPlaylistDescriptionValid, |
12 | isVideoPlaylistExist, | 12 | isVideoPlaylistExist, |
@@ -43,10 +43,19 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | |||
43 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | 43 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) |
44 | 44 | ||
45 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return cleanUpReqFiles(req) | 45 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return cleanUpReqFiles(req) |
46 | |||
47 | const videoPlaylist = res.locals.videoPlaylist | ||
48 | |||
46 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { | 49 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { |
47 | return cleanUpReqFiles(req) | 50 | return cleanUpReqFiles(req) |
48 | } | 51 | } |
49 | 52 | ||
53 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) { | ||
54 | cleanUpReqFiles(req) | ||
55 | return res.status(409) | ||
56 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) | ||
57 | } | ||
58 | |||
50 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) | 59 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) |
51 | 60 | ||
52 | return next() | 61 | return next() |
@@ -83,6 +92,14 @@ const videoPlaylistsGetValidator = [ | |||
83 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return | 92 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return |
84 | 93 | ||
85 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist | 94 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist |
95 | |||
96 | // Video is unlisted, check we used the uuid to fetch it | ||
97 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { | ||
98 | if (isUUIDValid(req.params.playlistId)) return next() | ||
99 | |||
100 | return res.status(404).end() | ||
101 | } | ||
102 | |||
86 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { | 103 | if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { |
87 | await authenticatePromiseIfNeeded(req, res) | 104 | await authenticatePromiseIfNeeded(req, res) |
88 | 105 | ||
@@ -121,7 +138,7 @@ const videoPlaylistsAddVideoValidator = [ | |||
121 | if (areValidationErrors(req, res)) return | 138 | if (areValidationErrors(req, res)) return |
122 | 139 | ||
123 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return | 140 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return |
124 | if (!await isVideoExist(req.body.videoId, res, 'id')) return | 141 | if (!await isVideoExist(req.body.videoId, res, 'only-video')) return |
125 | 142 | ||
126 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist | 143 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist |
127 | const video: VideoModel = res.locals.video | 144 | const video: VideoModel = res.locals.video |
@@ -161,7 +178,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ | |||
161 | if (areValidationErrors(req, res)) return | 178 | if (areValidationErrors(req, res)) return |
162 | 179 | ||
163 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return | 180 | if (!await isVideoPlaylistExist(req.params.playlistId, res)) return |
164 | if (!await isVideoExist(req.params.playlistId, res, 'id')) return | 181 | if (!await isVideoExist(req.params.videoId, res, 'id')) return |
165 | 182 | ||
166 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist | 183 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist |
167 | const video: VideoModel = res.locals.video | 184 | const video: VideoModel = res.locals.video |
@@ -233,6 +250,27 @@ const videoPlaylistsReorderVideosValidator = [ | |||
233 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist | 250 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist |
234 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return | 251 | if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return |
235 | 252 | ||
253 | const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id) | ||
254 | const startPosition: number = req.body.startPosition | ||
255 | const insertAfterPosition: number = req.body.insertAfterPosition | ||
256 | const reorderLength: number = req.body.reorderLength | ||
257 | |||
258 | if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) { | ||
259 | res.status(400) | ||
260 | .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` }) | ||
261 | .end() | ||
262 | |||
263 | return | ||
264 | } | ||
265 | |||
266 | if (reorderLength && reorderLength + startPosition > nextPosition) { | ||
267 | res.status(400) | ||
268 | .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` }) | ||
269 | .end() | ||
270 | |||
271 | return | ||
272 | } | ||
273 | |||
236 | return next() | 274 | return next() |
237 | } | 275 | } |
238 | ] | 276 | ] |