diff options
| author | Chocobozzz <florian.bigard@gmail.com> | 2016-08-05 21:41:28 +0200 |
|---|---|---|
| committer | Chocobozzz <florian.bigard@gmail.com> | 2016-08-05 21:41:28 +0200 |
| commit | 58b2ba55a90f05f24661e664b1fb0a3486f037e8 (patch) | |
| tree | 1f44b344423667280fca24661918cea8018195f7 /server/middlewares | |
| parent | f3391f9237269ed671c23fdbcc9d86dc52134fe5 (diff) | |
| download | PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.tar.gz PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.tar.zst PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.zip | |
Server: do not allow a user to remove a video of another user
Diffstat (limited to 'server/middlewares')
| -rw-r--r-- | server/middlewares/validators/videos.js | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 9d21ee16f..e51087d5a 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js | |||
| @@ -77,6 +77,7 @@ function videosRemove (req, res, next) { | |||
| 77 | 77 | ||
| 78 | if (!video) return res.status(404).send('Video not found') | 78 | if (!video) return res.status(404).send('Video not found') |
| 79 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') | 79 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') |
| 80 | else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') | ||
| 80 | 81 | ||
| 81 | next() | 82 | next() |
| 82 | }) | 83 | }) |