Don't display comments of private/internal videosrelease/4.0.0

author: Chocobozzz <me@florianbigard.com> 2022-01-10 16:07:21 +0100
committer: Chocobozzz <me@florianbigard.com> 2022-01-10 16:15:09 +0100
commit: 84c8d9866890f479faf0168c29be5eb7816ccc8e (patch)
tree: 573184b0aeed9a81f6381fdeaf59f3f1c52da83d /server/tests/api
parent: 795212f7acc690c88c86d0fab8772f6564d59cb8 (diff)
download: PeerTube-84c8d9866890f479faf0168c29be5eb7816ccc8e.tar.gz
PeerTube-84c8d9866890f479faf0168c29be5eb7816ccc8e.tar.zst
PeerTube-84c8d9866890f479faf0168c29be5eb7816ccc8e.zip
1 files changed, 62 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts
index 2d9ee1e0d..8d63fe70c 100644
--- a/server/tests/api/check-params/video-comments.ts
+++ b/server/tests/api/check-params/video-comments.ts
@@ -14,7 +14,7 @@ import {
  PeerTubeServer,
  setAccessTokensToServers
 } from '@shared/extra-utils'
-import { HttpStatusCode, VideoCreateResult } from '@shared/models'
+import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
 const expect = chai.expect
@@ -26,6 +26,8 @@ describe('Test video comments API validator', function () {
  let userAccessToken: string
  let userAccessToken2: string
  let commentId: number
+  let privateCommentId: number
+  let privateVideo: VideoCreateResult
  // ---------------------------------------------------------------
@@ -42,12 +44,21 @@ describe('Test video comments API validator', function () {
    }
    {
+      privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
+    }
+    {
      const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
      commentId = created.id
      pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
    }
    {
+      const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
+      privateCommentId = created.id
+    }
+    {
      const user = { username: 'user1', password: 'my super password' }
      await server.users.create({ username: user.username, password: user.password })
      userAccessToken = await server.login.getAccessToken(user)
@@ -80,6 +91,32 @@ describe('Test video comments API validator', function () {
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })
+    it('Should fail with a private video without token', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail with another user token', async function () {
+      await makeGetRequest({
+        url: server.url,
+        token: userAccessToken,
+        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+    it('Should succeed with the correct params', async function () {
+      await makeGetRequest({
+        url: server.url,
+        token: server.accessToken,
+        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+        expectedStatus: HttpStatusCode.OK_200
+      })
+    })
  })
  describe('When listing comments of a thread', function () {
@@ -99,9 +136,33 @@ describe('Test video comments API validator', function () {
      })
    })
+    it('Should fail with a private video without token', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail with another user token', async function () {
+      await makeGetRequest({
+        url: server.url,
+        token: userAccessToken,
+        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
    it('Should success with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
+        token: server.accessToken,
+        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+        expectedStatus: HttpStatusCode.OK_200
+      })
+      await makeGetRequest({
+        url: server.url,
        path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
        expectedStatus: HttpStatusCode.OK_200
      })
author	Chocobozzz <me@florianbigard.com>	2022-01-10 16:07:21 +0100
committer	Chocobozzz <me@florianbigard.com>	2022-01-10 16:15:09 +0100
commit	84c8d9866890f479faf0168c29be5eb7816ccc8e (patch)
tree	573184b0aeed9a81f6381fdeaf59f3f1c52da83d /server/tests/api
parent	795212f7acc690c88c86d0fab8772f6564d59cb8 (diff)
download	PeerTube-84c8d9866890f479faf0168c29be5eb7816ccc8e.tar.gz PeerTube-84c8d9866890f479faf0168c29be5eb7816ccc8e.tar.zst PeerTube-84c8d9866890f479faf0168c29be5eb7816ccc8e.zip

diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts index 2d9ee1e0d..8d63fe70c 100644 --- a/server/tests/api/check-params/video-comments.ts +++ b/server/tests/api/check-params/video-comments.ts
@@ -14,7 +14,7 @@ import {
14	PeerTubeServer,	14	PeerTubeServer,
15	setAccessTokensToServers	15	setAccessTokensToServers
16	} from '@shared/extra-utils'	16	} from '@shared/extra-utils'
17	import { HttpStatusCode, VideoCreateResult } from '@shared/models'	17	import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
18		18
19	const expect = chai.expect	19	const expect = chai.expect
20		20
@@ -26,6 +26,8 @@ describe('Test video comments API validator', function () {
26	let userAccessToken: string	26	let userAccessToken: string
27	let userAccessToken2: string	27	let userAccessToken2: string
28	let commentId: number	28	let commentId: number
		29	let privateCommentId: number
		30	let privateVideo: VideoCreateResult
29		31
30	// ---------------------------------------------------------------	32	// ---------------------------------------------------------------
31		33
@@ -42,12 +44,21 @@ describe('Test video comments API validator', function () {
42	}	44	}
43		45
44	{	46	{
		47	privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
		48	}
		49
		50	{
45	const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })	51	const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
46	commentId = created.id	52	commentId = created.id
47	pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId	53	pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
48	}	54	}
49		55
50	{	56	{
		57	const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
		58	privateCommentId = created.id
		59	}
		60
		61	{
51	const user = { username: 'user1', password: 'my super password' }	62	const user = { username: 'user1', password: 'my super password' }
52	await server.users.create({ username: user.username, password: user.password })	63	await server.users.create({ username: user.username, password: user.password })
53	userAccessToken = await server.login.getAccessToken(user)	64	userAccessToken = await server.login.getAccessToken(user)
@@ -80,6 +91,32 @@ describe('Test video comments API validator', function () {
80	expectedStatus: HttpStatusCode.NOT_FOUND_404	91	expectedStatus: HttpStatusCode.NOT_FOUND_404
81	})	92	})
82	})	93	})
		94
		95	it('Should fail with a private video without token', async function () {
		96	await makeGetRequest({
		97	url: server.url,
		98	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
		99	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
		100	})
		101	})
		102
		103	it('Should fail with another user token', async function () {
		104	await makeGetRequest({
		105	url: server.url,
		106	token: userAccessToken,
		107	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
		108	expectedStatus: HttpStatusCode.FORBIDDEN_403
		109	})
		110	})
		111
		112	it('Should succeed with the correct params', async function () {
		113	await makeGetRequest({
		114	url: server.url,
		115	token: server.accessToken,
		116	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
		117	expectedStatus: HttpStatusCode.OK_200
		118	})
		119	})
83	})	120	})
84		121
85	describe('When listing comments of a thread', function () {	122	describe('When listing comments of a thread', function () {
@@ -99,9 +136,33 @@ describe('Test video comments API validator', function () {
99	})	136	})
100	})	137	})
101		138
		139	it('Should fail with a private video without token', async function () {
		140	await makeGetRequest({
		141	url: server.url,
		142	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
		143	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
		144	})
		145	})
		146
		147	it('Should fail with another user token', async function () {
		148	await makeGetRequest({
		149	url: server.url,
		150	token: userAccessToken,
		151	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
		152	expectedStatus: HttpStatusCode.FORBIDDEN_403
		153	})
		154	})
		155
102	it('Should success with the correct params', async function () {	156	it('Should success with the correct params', async function () {
103	await makeGetRequest({	157	await makeGetRequest({
104	url: server.url,	158	url: server.url,
		159	token: server.accessToken,
		160	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
		161	expectedStatus: HttpStatusCode.OK_200
		162	})
		163
		164	await makeGetRequest({
		165	url: server.url,
105	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,	166	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
106	expectedStatus: HttpStatusCode.OK_200	167	expectedStatus: HttpStatusCode.OK_200
107	})	168	})