diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-01-20 23:39:51 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-01-21 00:16:34 +0100 |
| commit | f8aa0154b6638cee878db312918b03332d49e458 (patch) | |
| tree | 5d4e50565d15ccbe76886b9774de068687d67bcb /server | |
| parent | 18621fd63f1baf4198c8691e996c47151613eb39 (diff) | |
| download | PeerTube-f8aa0154b6638cee878db312918b03332d49e458.tar.gz PeerTube-f8aa0154b6638cee878db312918b03332d49e458.tar.zst PeerTube-f8aa0154b6638cee878db312918b03332d49e458.zip | |
Forbid video deletion or ownership change for non-admin
Diffstat (limited to 'server')
| -rw-r--r-- | server/controllers/api/videos/index.ts | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index e1c775180..1cbefc3e5 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts | |||
| @@ -41,6 +41,7 @@ import { | |||
| 41 | asyncMiddleware, | 41 | asyncMiddleware, |
| 42 | asyncRetryTransactionMiddleware, | 42 | asyncRetryTransactionMiddleware, |
| 43 | authenticate, | 43 | authenticate, |
| 44 | ensureUserHasRight, | ||
| 44 | checkVideoFollowConstraints, | 45 | checkVideoFollowConstraints, |
| 45 | commonVideosFiltersValidator, | 46 | commonVideosFiltersValidator, |
| 46 | optionalAuthenticate, | 47 | optionalAuthenticate, |
| @@ -56,6 +57,7 @@ import { | |||
| 56 | videosUpdateValidator | 57 | videosUpdateValidator |
| 57 | } from '../../../middlewares' | 58 | } from '../../../middlewares' |
| 58 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' | 59 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' |
| 60 | import { UserRight } from '../../../../shared' | ||
| 59 | import { VideoModel } from '../../../models/video/video' | 61 | import { VideoModel } from '../../../models/video/video' |
| 60 | import { VideoFileModel } from '../../../models/video/video-file' | 62 | import { VideoFileModel } from '../../../models/video/video-file' |
| 61 | import { blacklistRouter } from './blacklist' | 63 | import { blacklistRouter } from './blacklist' |
| @@ -146,6 +148,7 @@ videosRouter.post('/:id/views', | |||
| 146 | 148 | ||
| 147 | videosRouter.delete('/:id', | 149 | videosRouter.delete('/:id', |
| 148 | authenticate, | 150 | authenticate, |
| 151 | ensureUserHasRight(UserRight.REMOVE_ANY_VIDEO), | ||
| 149 | asyncMiddleware(videosRemoveValidator), | 152 | asyncMiddleware(videosRemoveValidator), |
| 150 | asyncRetryTransactionMiddleware(removeVideo) | 153 | asyncRetryTransactionMiddleware(removeVideo) |
| 151 | ) | 154 | ) |