diff options
author | Chocobozzz <me@florianbigard.com> | 2022-02-22 14:16:34 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-02-22 14:16:51 +0100 |
commit | 6ea9295b8f5dd7cc254202a79aad61c666cc4259 (patch) | |
tree | 0345d57eb47c5b5cd0046fee1456b0dc440ae470 /server/tests | |
parent | fdd5da058aeffb161202124a129789a3c2bb234c (diff) | |
download | PeerTube-6ea9295b8f5dd7cc254202a79aad61c666cc4259.tar.gz PeerTube-6ea9295b8f5dd7cc254202a79aad61c666cc4259.tar.zst PeerTube-6ea9295b8f5dd7cc254202a79aad61c666cc4259.zip |
Check video privacy when creating comments/rates
Diffstat (limited to 'server/tests')
-rw-r--r-- | server/tests/api/check-params/video-comments.ts | 39 | ||||
-rw-r--r-- | server/tests/api/check-params/videos.ts | 18 |
2 files changed, 51 insertions, 6 deletions
diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts index 829f3c8b1..624d657d3 100644 --- a/server/tests/api/check-params/video-comments.ts +++ b/server/tests/api/check-params/video-comments.ts | |||
@@ -19,10 +19,14 @@ const expect = chai.expect | |||
19 | describe('Test video comments API validator', function () { | 19 | describe('Test video comments API validator', function () { |
20 | let pathThread: string | 20 | let pathThread: string |
21 | let pathComment: string | 21 | let pathComment: string |
22 | |||
22 | let server: PeerTubeServer | 23 | let server: PeerTubeServer |
24 | |||
23 | let video: VideoCreateResult | 25 | let video: VideoCreateResult |
26 | |||
24 | let userAccessToken: string | 27 | let userAccessToken: string |
25 | let userAccessToken2: string | 28 | let userAccessToken2: string |
29 | |||
26 | let commentId: number | 30 | let commentId: number |
27 | let privateCommentId: number | 31 | let privateCommentId: number |
28 | let privateVideo: VideoCreateResult | 32 | let privateVideo: VideoCreateResult |
@@ -203,9 +207,8 @@ describe('Test video comments API validator', function () { | |||
203 | 207 | ||
204 | it('Should fail with an incorrect video', async function () { | 208 | it('Should fail with an incorrect video', async function () { |
205 | const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads' | 209 | const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads' |
206 | const fields = { | 210 | const fields = { text: 'super comment' } |
207 | text: 'super comment' | 211 | |
208 | } | ||
209 | await makePostBodyRequest({ | 212 | await makePostBodyRequest({ |
210 | url: server.url, | 213 | url: server.url, |
211 | path, | 214 | path, |
@@ -215,10 +218,21 @@ describe('Test video comments API validator', function () { | |||
215 | }) | 218 | }) |
216 | }) | 219 | }) |
217 | 220 | ||
221 | it('Should fail with a private video of another user', async function () { | ||
222 | const fields = { text: 'super comment' } | ||
223 | |||
224 | await makePostBodyRequest({ | ||
225 | url: server.url, | ||
226 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', | ||
227 | token: userAccessToken, | ||
228 | fields, | ||
229 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
230 | }) | ||
231 | }) | ||
232 | |||
218 | it('Should succeed with the correct parameters', async function () { | 233 | it('Should succeed with the correct parameters', async function () { |
219 | const fields = { | 234 | const fields = { text: 'super comment' } |
220 | text: 'super comment' | 235 | |
221 | } | ||
222 | await makePostBodyRequest({ | 236 | await makePostBodyRequest({ |
223 | url: server.url, | 237 | url: server.url, |
224 | path: pathThread, | 238 | path: pathThread, |
@@ -230,6 +244,7 @@ describe('Test video comments API validator', function () { | |||
230 | }) | 244 | }) |
231 | 245 | ||
232 | describe('When adding a comment to a thread', function () { | 246 | describe('When adding a comment to a thread', function () { |
247 | |||
233 | it('Should fail with a non authenticated user', async function () { | 248 | it('Should fail with a non authenticated user', async function () { |
234 | const fields = { | 249 | const fields = { |
235 | text: 'text' | 250 | text: 'text' |
@@ -276,6 +291,18 @@ describe('Test video comments API validator', function () { | |||
276 | }) | 291 | }) |
277 | }) | 292 | }) |
278 | 293 | ||
294 | it('Should fail with a private video of another user', async function () { | ||
295 | const fields = { text: 'super comment' } | ||
296 | |||
297 | await makePostBodyRequest({ | ||
298 | url: server.url, | ||
299 | path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId, | ||
300 | token: userAccessToken, | ||
301 | fields, | ||
302 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
303 | }) | ||
304 | }) | ||
305 | |||
279 | it('Should fail with an incorrect comment', async function () { | 306 | it('Should fail with an incorrect comment', async function () { |
280 | const path = '/api/v1/videos/' + video.uuid + '/comments/124' | 307 | const path = '/api/v1/videos/' + video.uuid + '/comments/124' |
281 | const fields = { | 308 | const fields = { |
diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts index 4cc70f5cc..41064d2ff 100644 --- a/server/tests/api/check-params/videos.ts +++ b/server/tests/api/check-params/videos.ts | |||
@@ -28,6 +28,7 @@ describe('Test videos API validator', function () { | |||
28 | let channelId: number | 28 | let channelId: number |
29 | let channelName: string | 29 | let channelName: string |
30 | let video: VideoCreateResult | 30 | let video: VideoCreateResult |
31 | let privateVideo: VideoCreateResult | ||
31 | 32 | ||
32 | // --------------------------------------------------------------- | 33 | // --------------------------------------------------------------- |
33 | 34 | ||
@@ -49,6 +50,10 @@ describe('Test videos API validator', function () { | |||
49 | channelName = body.videoChannels[0].name | 50 | channelName = body.videoChannels[0].name |
50 | accountName = body.account.name + '@' + body.account.host | 51 | accountName = body.account.name + '@' + body.account.host |
51 | } | 52 | } |
53 | |||
54 | { | ||
55 | privateVideo = await server.videos.quickUpload({ name: 'private video', privacy: VideoPrivacy.PRIVATE }) | ||
56 | } | ||
52 | }) | 57 | }) |
53 | 58 | ||
54 | describe('When listing videos', function () { | 59 | describe('When listing videos', function () { |
@@ -783,6 +788,19 @@ describe('Test videos API validator', function () { | |||
783 | await makePutBodyRequest({ url: server.url, path: path + videoId + '/rate', token: server.accessToken, fields }) | 788 | await makePutBodyRequest({ url: server.url, path: path + videoId + '/rate', token: server.accessToken, fields }) |
784 | }) | 789 | }) |
785 | 790 | ||
791 | it('Should fail with a private video of another user', async function () { | ||
792 | const fields = { | ||
793 | rating: 'like' | ||
794 | } | ||
795 | await makePutBodyRequest({ | ||
796 | url: server.url, | ||
797 | path: path + privateVideo.uuid + '/rate', | ||
798 | token: userAccessToken, | ||
799 | fields, | ||
800 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
801 | }) | ||
802 | }) | ||
803 | |||
786 | it('Should succeed with the correct parameters', async function () { | 804 | it('Should succeed with the correct parameters', async function () { |
787 | const fields = { | 805 | const fields = { |
788 | rating: 'like' | 806 | rating: 'like' |