Fix video channel update with an admin account

author: Chocobozzz <me@florianbigard.com> 2018-05-16 11:33:11 +0200
committer: Chocobozzz <me@florianbigard.com> 2018-05-17 10:55:49 +0200
commit: 6200d8d91710b03a72a27e35cbe6eed1e6cc8c62 (patch)
tree: ccd64f46009e45272d1a3426e206438cd5d50d4c /server/middlewares
parent: a14d3b6b23816299dba2c5e1010ea8f6eb3d3289 (diff)
download: PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.gz
PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.zst
PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index dd0246a63..c5c45fe58 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -90,7 +90,7 @@ const videosAddValidator = [
    const videoFile: Express.Multer.File = req.files['videofile'][0]
    const user = res.locals.oauth.token.User
-    if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return
+    if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
    const isAble = await user.isAbleToUploadVideo(videoFile)
    if (isAble === false) {
@@ -193,7 +193,7 @@ const videosUpdateValidator = [
        .end()
    }
-    if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return
+    if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
    return next()
  }
@@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
  // Retrieve the user who did the request
  if (video.isOwned() === false) {
    res.status(403)
-              .json({ error: 'Cannot remove video of another server, blacklist it' })
+              .json({ error: 'Cannot manage a video of another server.' })
              .end()
    return false
  }
@@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
  const account = video.VideoChannel.Account
  if (user.hasRight(right) === false && account.userId !== user.id) {
    res.status(403)
-              .json({ error: 'Cannot remove video of another user' })
+              .json({ error: 'Cannot manage a video of another user.' })
              .end()
    return false
  }
author	Chocobozzz <me@florianbigard.com>	2018-05-16 11:33:11 +0200
committer	Chocobozzz <me@florianbigard.com>	2018-05-17 10:55:49 +0200
commit	6200d8d91710b03a72a27e35cbe6eed1e6cc8c62 (patch)
tree	ccd64f46009e45272d1a3426e206438cd5d50d4c /server/middlewares
parent	a14d3b6b23816299dba2c5e1010ea8f6eb3d3289 (diff)
download	PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.gz PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.tar.zst PeerTube-6200d8d91710b03a72a27e35cbe6eed1e6cc8c62.zip

diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index dd0246a63..c5c45fe58 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts
@@ -90,7 +90,7 @@ const videosAddValidator = [
90	const videoFile: Express.Multer.File = req.files['videofile'][0]	90	const videoFile: Express.Multer.File = req.files['videofile'][0]
91	const user = res.locals.oauth.token.User	91	const user = res.locals.oauth.token.User
92		92
93	if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return	93	if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
94		94
95	const isAble = await user.isAbleToUploadVideo(videoFile)	95	const isAble = await user.isAbleToUploadVideo(videoFile)
96	if (isAble === false) {	96	if (isAble === false) {
@@ -193,7 +193,7 @@ const videosUpdateValidator = [
193	.end()	193	.end()
194	}	194	}
195		195
196	if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return	196	if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
197		197
198	return next()	198	return next()
199	}	199	}
@@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
332	// Retrieve the user who did the request	332	// Retrieve the user who did the request
333	if (video.isOwned() === false) {	333	if (video.isOwned() === false) {
334	res.status(403)	334	res.status(403)
335	.json({ error: 'Cannot remove video of another server, blacklist it' })	335	.json({ error: 'Cannot manage a video of another server.' })
336	.end()	336	.end()
337	return false	337	return false
338	}	338	}
@@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
343	const account = video.VideoChannel.Account	343	const account = video.VideoChannel.Account
344	if (user.hasRight(right) === false && account.userId !== user.id) {	344	if (user.hasRight(right) === false && account.userId !== user.id) {
345	res.status(403)	345	res.status(403)
346	.json({ error: 'Cannot remove video of another user' })	346	.json({ error: 'Cannot manage a video of another user.' })
347	.end()	347	.end()
348	return false	348	return false
349	}	349	}