aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2017-01-11 18:41:09 +0100
committerChocobozzz <florian.bigard@gmail.com>2017-01-11 18:41:09 +0100
commit45abb8b97b8313f8f58a4a73b527882ad7b4af9c (patch)
tree6b5936d30261334abcafaa16779a32171031a87b /server/middlewares
parentd8cc063e9775688a1631eda9203411a2dba0333c (diff)
downloadPeerTube-45abb8b97b8313f8f58a4a73b527882ad7b4af9c.tar.gz
PeerTube-45abb8b97b8313f8f58a4a73b527882ad7b4af9c.tar.zst
PeerTube-45abb8b97b8313f8f58a4a73b527882ad7b4af9c.zip
Server: rights check for update a video
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/videos.js8
1 files changed, 8 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index ff18a99c2..3d7c04b60 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -53,6 +53,14 @@ function videosUpdate (req, res, next) {
53 logger.debug('Checking videosUpdate parameters', { parameters: req.body }) 53 logger.debug('Checking videosUpdate parameters', { parameters: req.body })
54 54
55 checkErrors(req, res, function () { 55 checkErrors(req, res, function () {
56 if (res.locals.video.isOwned() === false) {
57 return res.status(403).send('Cannot update video of another pod')
58 }
59
60 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
61 return res.status(403).send('Cannot update video of another user')
62 }
63
56 checkVideoExists(req.params.id, res, next) 64 checkVideoExists(req.params.id, res, next)
57 }) 65 })
58} 66}