diff options
author | Chocobozzz <me@florianbigard.com> | 2019-03-14 14:29:44 +0100 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2019-03-18 11:17:59 +0100 |
commit | c5e4e36d2a1ad777233177c11f7f742df717a8e8 (patch) | |
tree | 65da3defe1e11a5bb18ac8fc9d7f1bec4a1e92cd /server | |
parent | bce47964f6241ae56f61089d144b29eb9b5da6d3 (diff) | |
download | PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.gz PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.zst PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.zip |
Forbid public playlists not assigned to a channel
Diffstat (limited to 'server')
-rw-r--r-- | server/middlewares/validators/videos/video-playlists.ts | 35 | ||||
-rw-r--r-- | server/tests/api/check-params/video-playlists.ts | 40 |
2 files changed, 62 insertions, 13 deletions
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 3bbf796e4..5f33e2d49 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts | |||
@@ -1,6 +1,6 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { body, param, query, ValidationChain } from 'express-validator/check' | 2 | import { body, param, query, ValidationChain } from 'express-validator/check' |
3 | import { UserRight } from '../../../../shared' | 3 | import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared' |
4 | import { logger } from '../../../helpers/logger' | 4 | import { logger } from '../../../helpers/logger' |
5 | import { UserModel } from '../../../models/account/user' | 5 | import { UserModel } from '../../../models/account/user' |
6 | import { areValidationErrors } from '../utils' | 6 | import { areValidationErrors } from '../utils' |
@@ -30,7 +30,14 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | |||
30 | 30 | ||
31 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | 31 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) |
32 | 32 | ||
33 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) | 33 | const body: VideoPlaylistCreate = req.body |
34 | if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) | ||
35 | |||
36 | if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { | ||
37 | cleanUpReqFiles(req) | ||
38 | return res.status(400) | ||
39 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | ||
40 | } | ||
34 | 41 | ||
35 | return next() | 42 | return next() |
36 | } | 43 | } |
@@ -53,19 +60,33 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | |||
53 | return cleanUpReqFiles(req) | 60 | return cleanUpReqFiles(req) |
54 | } | 61 | } |
55 | 62 | ||
56 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) { | 63 | const body: VideoPlaylistUpdate = req.body |
64 | |||
65 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) { | ||
57 | cleanUpReqFiles(req) | 66 | cleanUpReqFiles(req) |
58 | return res.status(409) | 67 | return res.status(400) |
59 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) | 68 | .json({ error: 'Cannot set "private" a video playlist that was not private.' }) |
60 | } | 69 | } |
61 | 70 | ||
71 | const newPrivacy = body.privacy || videoPlaylist.privacy | ||
72 | if (newPrivacy === VideoPlaylistPrivacy.PUBLIC && | ||
73 | ( | ||
74 | (!videoPlaylist.videoChannelId && !body.videoChannelId) || | ||
75 | body.videoChannelId === null | ||
76 | ) | ||
77 | ) { | ||
78 | cleanUpReqFiles(req) | ||
79 | return res.status(400) | ||
80 | .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | ||
81 | } | ||
82 | |||
62 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 83 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
63 | cleanUpReqFiles(req) | 84 | cleanUpReqFiles(req) |
64 | return res.status(409) | 85 | return res.status(400) |
65 | .json({ error: 'Cannot update a watch later playlist.' }) | 86 | .json({ error: 'Cannot update a watch later playlist.' }) |
66 | } | 87 | } |
67 | 88 | ||
68 | if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) | 89 | if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) |
69 | 90 | ||
70 | return next() | 91 | return next() |
71 | } | 92 | } |
@@ -84,7 +105,7 @@ const videoPlaylistsDeleteValidator = [ | |||
84 | 105 | ||
85 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist | 106 | const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist |
86 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { | 107 | if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { |
87 | return res.status(409) | 108 | return res.status(400) |
88 | .json({ error: 'Cannot delete a watch later playlist.' }) | 109 | .json({ error: 'Cannot delete a watch later playlist.' }) |
89 | } | 110 | } |
90 | 111 | ||
diff --git a/server/tests/api/check-params/video-playlists.ts b/server/tests/api/check-params/video-playlists.ts index 4d8000dbf..229c23118 100644 --- a/server/tests/api/check-params/video-playlists.ts +++ b/server/tests/api/check-params/video-playlists.ts | |||
@@ -16,7 +16,7 @@ import { | |||
16 | reorderVideosPlaylist, | 16 | reorderVideosPlaylist, |
17 | runServer, | 17 | runServer, |
18 | ServerInfo, | 18 | ServerInfo, |
19 | setAccessTokensToServers, | 19 | setAccessTokensToServers, setDefaultVideoChannel, |
20 | updateVideoPlaylist, | 20 | updateVideoPlaylist, |
21 | updateVideoPlaylistElement, | 21 | updateVideoPlaylistElement, |
22 | uploadVideoAndGetId | 22 | uploadVideoAndGetId |
@@ -33,6 +33,7 @@ describe('Test video playlists API validator', function () { | |||
33 | let server: ServerInfo | 33 | let server: ServerInfo |
34 | let userAccessToken: string | 34 | let userAccessToken: string |
35 | let playlistUUID: string | 35 | let playlistUUID: string |
36 | let privatePlaylistUUID: string | ||
36 | let watchLaterPlaylistId: number | 37 | let watchLaterPlaylistId: number |
37 | let videoId: number | 38 | let videoId: number |
38 | let videoId2: number | 39 | let videoId2: number |
@@ -47,6 +48,7 @@ describe('Test video playlists API validator', function () { | |||
47 | server = await runServer(1) | 48 | server = await runServer(1) |
48 | 49 | ||
49 | await setAccessTokensToServers([ server ]) | 50 | await setAccessTokensToServers([ server ]) |
51 | await setDefaultVideoChannel([ server ]) | ||
50 | 52 | ||
51 | userAccessToken = await generateUserAccessToken(server, 'user1') | 53 | userAccessToken = await generateUserAccessToken(server, 'user1') |
52 | videoId = (await uploadVideoAndGetId({ server, videoName: 'video 1' })).id | 54 | videoId = (await uploadVideoAndGetId({ server, videoName: 'video 1' })).id |
@@ -63,11 +65,24 @@ describe('Test video playlists API validator', function () { | |||
63 | token: server.accessToken, | 65 | token: server.accessToken, |
64 | playlistAttrs: { | 66 | playlistAttrs: { |
65 | displayName: 'super playlist', | 67 | displayName: 'super playlist', |
66 | privacy: VideoPlaylistPrivacy.PUBLIC | 68 | privacy: VideoPlaylistPrivacy.PUBLIC, |
69 | videoChannelId: server.videoChannel.id | ||
67 | } | 70 | } |
68 | }) | 71 | }) |
69 | playlistUUID = res.body.videoPlaylist.uuid | 72 | playlistUUID = res.body.videoPlaylist.uuid |
70 | } | 73 | } |
74 | |||
75 | { | ||
76 | const res = await createVideoPlaylist({ | ||
77 | url: server.url, | ||
78 | token: server.accessToken, | ||
79 | playlistAttrs: { | ||
80 | displayName: 'private', | ||
81 | privacy: VideoPlaylistPrivacy.PRIVATE | ||
82 | } | ||
83 | }) | ||
84 | privatePlaylistUUID = res.body.videoPlaylist.uuid | ||
85 | } | ||
71 | }) | 86 | }) |
72 | 87 | ||
73 | describe('When listing playlists', function () { | 88 | describe('When listing playlists', function () { |
@@ -172,7 +187,8 @@ describe('Test video playlists API validator', function () { | |||
172 | playlistAttrs: Object.assign({ | 187 | playlistAttrs: Object.assign({ |
173 | displayName: 'display name', | 188 | displayName: 'display name', |
174 | privacy: VideoPlaylistPrivacy.UNLISTED, | 189 | privacy: VideoPlaylistPrivacy.UNLISTED, |
175 | thumbnailfile: 'thumbnail.jpg' | 190 | thumbnailfile: 'thumbnail.jpg', |
191 | videoChannelId: server.videoChannel.id | ||
176 | }, playlistAttrs) | 192 | }, playlistAttrs) |
177 | }, wrapper) | 193 | }, wrapper) |
178 | } | 194 | } |
@@ -229,6 +245,18 @@ describe('Test video playlists API validator', function () { | |||
229 | await updateVideoPlaylist(getUpdate(params, playlistUUID)) | 245 | await updateVideoPlaylist(getUpdate(params, playlistUUID)) |
230 | }) | 246 | }) |
231 | 247 | ||
248 | it('Should fail to set "public" a playlist not assigned to a channel', async function () { | ||
249 | const params = getBase({ privacy: VideoPlaylistPrivacy.PUBLIC, videoChannelId: undefined }) | ||
250 | const params2 = getBase({ privacy: VideoPlaylistPrivacy.PUBLIC, videoChannelId: 'null' }) | ||
251 | const params3 = getBase({ privacy: undefined, videoChannelId: 'null' }) | ||
252 | |||
253 | await createVideoPlaylist(params) | ||
254 | await createVideoPlaylist(params2) | ||
255 | await updateVideoPlaylist(getUpdate(params, privatePlaylistUUID)) | ||
256 | await updateVideoPlaylist(getUpdate(params2, playlistUUID)) | ||
257 | await updateVideoPlaylist(getUpdate(params3, playlistUUID)) | ||
258 | }) | ||
259 | |||
232 | it('Should fail with an unknown playlist to update', async function () { | 260 | it('Should fail with an unknown playlist to update', async function () { |
233 | await updateVideoPlaylist(getUpdate( | 261 | await updateVideoPlaylist(getUpdate( |
234 | getBase({}, { expectedStatus: 404 }), | 262 | getBase({}, { expectedStatus: 404 }), |
@@ -249,14 +277,14 @@ describe('Test video playlists API validator', function () { | |||
249 | const res = await createVideoPlaylist(params) | 277 | const res = await createVideoPlaylist(params) |
250 | const playlist = res.body.videoPlaylist | 278 | const playlist = res.body.videoPlaylist |
251 | 279 | ||
252 | const paramsUpdate = getBase({ privacy: VideoPlaylistPrivacy.PRIVATE }, { expectedStatus: 409 }) | 280 | const paramsUpdate = getBase({ privacy: VideoPlaylistPrivacy.PRIVATE }, { expectedStatus: 400 }) |
253 | 281 | ||
254 | await updateVideoPlaylist(getUpdate(paramsUpdate, playlist.id)) | 282 | await updateVideoPlaylist(getUpdate(paramsUpdate, playlist.id)) |
255 | }) | 283 | }) |
256 | 284 | ||
257 | it('Should fail to update the watch later playlist', async function () { | 285 | it('Should fail to update the watch later playlist', async function () { |
258 | await updateVideoPlaylist(getUpdate( | 286 | await updateVideoPlaylist(getUpdate( |
259 | getBase({}, { expectedStatus: 409 }), | 287 | getBase({}, { expectedStatus: 400 }), |
260 | watchLaterPlaylistId | 288 | watchLaterPlaylistId |
261 | )) | 289 | )) |
262 | }) | 290 | }) |
@@ -634,7 +662,7 @@ describe('Test video playlists API validator', function () { | |||
634 | }) | 662 | }) |
635 | 663 | ||
636 | it('Should fail with the watch later playlist', async function () { | 664 | it('Should fail with the watch later playlist', async function () { |
637 | await deleteVideoPlaylist(server.url, server.accessToken, watchLaterPlaylistId, 409) | 665 | await deleteVideoPlaylist(server.url, server.accessToken, watchLaterPlaylistId, 400) |
638 | }) | 666 | }) |
639 | 667 | ||
640 | it('Should succeed with the correct params', async function () { | 668 | it('Should succeed with the correct params', async function () { |