diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-01-11 18:41:09 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-01-11 18:41:09 +0100 |
commit | 45abb8b97b8313f8f58a4a73b527882ad7b4af9c (patch) | |
tree | 6b5936d30261334abcafaa16779a32171031a87b /server/middlewares | |
parent | d8cc063e9775688a1631eda9203411a2dba0333c (diff) | |
download | PeerTube-45abb8b97b8313f8f58a4a73b527882ad7b4af9c.tar.gz PeerTube-45abb8b97b8313f8f58a4a73b527882ad7b4af9c.tar.zst PeerTube-45abb8b97b8313f8f58a4a73b527882ad7b4af9c.zip |
Server: rights check for update a video
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/videos.js | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index ff18a99c2..3d7c04b60 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js | |||
@@ -53,6 +53,14 @@ function videosUpdate (req, res, next) { | |||
53 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) | 53 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) |
54 | 54 | ||
55 | checkErrors(req, res, function () { | 55 | checkErrors(req, res, function () { |
56 | if (res.locals.video.isOwned() === false) { | ||
57 | return res.status(403).send('Cannot update video of another pod') | ||
58 | } | ||
59 | |||
60 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | ||
61 | return res.status(403).send('Cannot update video of another user') | ||
62 | } | ||
63 | |||
56 | checkVideoExists(req.params.id, res, next) | 64 | checkVideoExists(req.params.id, res, next) |
57 | }) | 65 | }) |
58 | } | 66 | } |