diff options
| author | Chocobozzz <me@florianbigard.com> | 2019-03-14 14:29:44 +0100 |
|---|---|---|
| committer | Chocobozzz <chocobozzz@cpy.re> | 2019-03-18 11:17:59 +0100 |
| commit | c5e4e36d2a1ad777233177c11f7f742df717a8e8 (patch) | |
| tree | 65da3defe1e11a5bb18ac8fc9d7f1bec4a1e92cd /server/middlewares | |
| parent | bce47964f6241ae56f61089d144b29eb9b5da6d3 (diff) | |
| download | PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.gz PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.zst PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.zip | |
Forbid public playlists not assigned to a channel
Diffstat (limited to 'server/middlewares')
| -rw-r--r-- | server/middlewares/validators/videos/video-playlists.ts | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 3bbf796e4..5f33e2d49 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | import * as express from 'express' | 1 | import * as express from 'express' |
| 2 | import { body, param, query, ValidationChain } from 'express-validator/check' | 2 | import { body, param, query, ValidationChain } from 'express-validator/check' |
| 3 | import { UserRight } from '../../../../shared' | 3 | import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared' |
| 4 | import { logger } from '../../../helpers/logger' | 4 | import { logger } from '../../../helpers/logger' |
| 5 | import { UserModel } from '../../../models/account/user' | 5 | import { UserModel } from '../../../models/account/user' |
| 6 | import { areValidationErrors } from '../utils' | 6 | import { areValidationErrors } from '../utils' |
| @@ -30,7 +30,14 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | |||
| 30 | 30 | ||
| 31 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | 31 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) |
| 32 | 32 | ||
| 33 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) | 33 | const body: VideoPlaylistCreate = req.body |
| 34 | if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) | ||
| 35 | |||
| 36 | if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { | ||
| 37 | cleanUpReqFiles(req) | ||
| 38 | return res.status(400) | ||
| 39 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | ||
| 40 | } | ||
| 34 | 41 | ||
| 35 | return next() | 42 | return next() |
| 36 | } | 43 | } |
| @@ -53,19 +60,33 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | |||
| 53 | return cleanUpReqFiles(req) | 60 | return cleanUpReqFiles(req) |
| 54 | } | 61 | } |
| 55 | 62 | ||
| 56 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) { | 63 | const body: VideoPlaylistUpdate = req.body |
| 64 | |||
| 65 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) { | ||
| 57 | cleanUpReqFiles(req) | 66 | cleanUpReqFiles(req) |
| 58 | return res.status(409) | 67 | return res.status(400) |
| 59 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) | 68 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) |
| 60 | } | 69 | } |
| 61 | 70 | ||
| 71 | const newPrivacy = body.privacy || videoPlaylist.privacy | ||
| 72 | if (newPrivacy === VideoPlaylistPrivacy.PUBLIC && | ||
| 73 | ( | ||
| 74 | (!videoPlaylist.videoChannelId && !body.videoChannelId) || | ||
| 75 | body.videoChannelId === null | ||
| 76 | ) | ||
| 77 | ) { | ||
| 78 | cleanUpReqFiles(req) | ||
| 79 | return res.status(400) | ||
| 80 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | ||
| 81 | } | ||
| 82 | |||
| 62 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 83 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
| 63 | cleanUpReqFiles(req) | 84 | cleanUpReqFiles(req) |
| 64 | return res.status(409) | 85 | return res.status(400) |
| 65 | .json({ error: 'Cannot update a watch later playlist.' }) | 86 | .json({ error: 'Cannot update a watch later playlist.' }) |
| 66 | } | 87 | } |
| 67 | 88 | ||
| 68 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) | 89 | if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) |
| 69 | 90 | ||
| 70 | return next() | 91 | return next() |
| 71 | } | 92 | } |
| @@ -84,7 +105,7 @@ const videoPlaylistsDeleteValidator = [ | |||
| 84 | 105 | ||
| 85 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist | 106 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist |
| 86 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 107 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
| 87 | return res.status(409) | 108 | return res.status(400) |
| 88 | .json({ error: 'Cannot delete a watch later playlist.' }) | 109 | .json({ error: 'Cannot delete a watch later playlist.' }) |
| 89 | } | 110 | } |
| 90 | 111 | ||