diff options
author | Chocobozzz <me@florianbigard.com> | 2019-03-14 14:29:44 +0100 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2019-03-18 11:17:59 +0100 |
commit | c5e4e36d2a1ad777233177c11f7f742df717a8e8 (patch) | |
tree | 65da3defe1e11a5bb18ac8fc9d7f1bec4a1e92cd /server/middlewares/validators | |
parent | bce47964f6241ae56f61089d144b29eb9b5da6d3 (diff) | |
download | PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.gz PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.zst PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.zip |
Forbid public playlists not assigned to a channel
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/videos/video-playlists.ts | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 3bbf796e4..5f33e2d49 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts | |||
@@ -1,6 +1,6 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { body, param, query, ValidationChain } from 'express-validator/check' | 2 | import { body, param, query, ValidationChain } from 'express-validator/check' |
3 | import { UserRight } from '../../../../shared' | 3 | import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared' |
4 | import { logger } from '../../../helpers/logger' | 4 | import { logger } from '../../../helpers/logger' |
5 | import { UserModel } from '../../../models/account/user' | 5 | import { UserModel } from '../../../models/account/user' |
6 | import { areValidationErrors } from '../utils' | 6 | import { areValidationErrors } from '../utils' |
@@ -30,7 +30,14 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | |||
30 | 30 | ||
31 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | 31 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) |
32 | 32 | ||
33 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) | 33 | const body: VideoPlaylistCreate = req.body |
34 | if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) | ||
35 | |||
36 | if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { | ||
37 | cleanUpReqFiles(req) | ||
38 | return res.status(400) | ||
39 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | ||
40 | } | ||
34 | 41 | ||
35 | return next() | 42 | return next() |
36 | } | 43 | } |
@@ -53,19 +60,33 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | |||
53 | return cleanUpReqFiles(req) | 60 | return cleanUpReqFiles(req) |
54 | } | 61 | } |
55 | 62 | ||
56 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) { | 63 | const body: VideoPlaylistUpdate = req.body |
64 | |||
65 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) { | ||
57 | cleanUpReqFiles(req) | 66 | cleanUpReqFiles(req) |
58 | return res.status(409) | 67 | return res.status(400) |
59 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) | 68 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) |
60 | } | 69 | } |
61 | 70 | ||
71 | const newPrivacy = body.privacy || videoPlaylist.privacy | ||
72 | if (newPrivacy === VideoPlaylistPrivacy.PUBLIC && | ||
73 | ( | ||
74 | (!videoPlaylist.videoChannelId && !body.videoChannelId) || | ||
75 | body.videoChannelId === null | ||
76 | ) | ||
77 | ) { | ||
78 | cleanUpReqFiles(req) | ||
79 | return res.status(400) | ||
80 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | ||
81 | } | ||
82 | |||
62 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 83 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
63 | cleanUpReqFiles(req) | 84 | cleanUpReqFiles(req) |
64 | return res.status(409) | 85 | return res.status(400) |
65 | .json({ error: 'Cannot update a watch later playlist.' }) | 86 | .json({ error: 'Cannot update a watch later playlist.' }) |
66 | } | 87 | } |
67 | 88 | ||
68 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) | 89 | if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) |
69 | 90 | ||
70 | return next() | 91 | return next() |
71 | } | 92 | } |
@@ -84,7 +105,7 @@ const videoPlaylistsDeleteValidator = [ | |||
84 | 105 | ||
85 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist | 106 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist |
86 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 107 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
87 | return res.status(409) | 108 | return res.status(400) |
88 | .json({ error: 'Cannot delete a watch later playlist.' }) | 109 | .json({ error: 'Cannot delete a watch later playlist.' }) |
89 | } | 110 | } |
90 | 111 | ||