aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-03-14 14:29:44 +0100
committerChocobozzz <chocobozzz@cpy.re>2019-03-18 11:17:59 +0100
commitc5e4e36d2a1ad777233177c11f7f742df717a8e8 (patch)
tree65da3defe1e11a5bb18ac8fc9d7f1bec4a1e92cd /server
parentbce47964f6241ae56f61089d144b29eb9b5da6d3 (diff)
downloadPeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.gz
PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.tar.zst
PeerTube-c5e4e36d2a1ad777233177c11f7f742df717a8e8.zip
Forbid public playlists not assigned to a channel
Diffstat (limited to 'server')
-rw-r--r--server/middlewares/validators/videos/video-playlists.ts35
-rw-r--r--server/tests/api/check-params/video-playlists.ts40
2 files changed, 62 insertions, 13 deletions
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 3bbf796e4..5f33e2d49 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -1,6 +1,6 @@
1import * as express from 'express' 1import * as express from 'express'
2import { body, param, query, ValidationChain } from 'express-validator/check' 2import { body, param, query, ValidationChain } from 'express-validator/check'
3import { UserRight } from '../../../../shared' 3import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { UserModel } from '../../../models/account/user' 5import { UserModel } from '../../../models/account/user'
6import { areValidationErrors } from '../utils' 6import { areValidationErrors } from '../utils'
@@ -30,7 +30,14 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
30 30
31 if (areValidationErrors(req, res)) return cleanUpReqFiles(req) 31 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
32 32
33 if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) 33 const body: VideoPlaylistCreate = req.body
34 if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
35
36 if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
37 cleanUpReqFiles(req)
38 return res.status(400)
39 .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
40 }
34 41
35 return next() 42 return next()
36 } 43 }
@@ -53,19 +60,33 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
53 return cleanUpReqFiles(req) 60 return cleanUpReqFiles(req)
54 } 61 }
55 62
56 if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) { 63 const body: VideoPlaylistUpdate = req.body
64
65 if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) {
57 cleanUpReqFiles(req) 66 cleanUpReqFiles(req)
58 return res.status(409) 67 return res.status(400)
59 .json({ error: 'Cannot set "private" a video playlist that was not private.' }) 68 .json({ error: 'Cannot set "private" a video playlist that was not private.' })
60 } 69 }
61 70
71 const newPrivacy = body.privacy || videoPlaylist.privacy
72 if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
73 (
74 (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
75 body.videoChannelId === null
76 )
77 ) {
78 cleanUpReqFiles(req)
79 return res.status(400)
80 .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
81 }
82
62 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { 83 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
63 cleanUpReqFiles(req) 84 cleanUpReqFiles(req)
64 return res.status(409) 85 return res.status(400)
65 .json({ error: 'Cannot update a watch later playlist.' }) 86 .json({ error: 'Cannot update a watch later playlist.' })
66 } 87 }
67 88
68 if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) 89 if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
69 90
70 return next() 91 return next()
71 } 92 }
@@ -84,7 +105,7 @@ const videoPlaylistsDeleteValidator = [
84 105
85 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist 106 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
86 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { 107 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
87 return res.status(409) 108 return res.status(400)
88 .json({ error: 'Cannot delete a watch later playlist.' }) 109 .json({ error: 'Cannot delete a watch later playlist.' })
89 } 110 }
90 111
diff --git a/server/tests/api/check-params/video-playlists.ts b/server/tests/api/check-params/video-playlists.ts
index 4d8000dbf..229c23118 100644
--- a/server/tests/api/check-params/video-playlists.ts
+++ b/server/tests/api/check-params/video-playlists.ts
@@ -16,7 +16,7 @@ import {
16 reorderVideosPlaylist, 16 reorderVideosPlaylist,
17 runServer, 17 runServer,
18 ServerInfo, 18 ServerInfo,
19 setAccessTokensToServers, 19 setAccessTokensToServers, setDefaultVideoChannel,
20 updateVideoPlaylist, 20 updateVideoPlaylist,
21 updateVideoPlaylistElement, 21 updateVideoPlaylistElement,
22 uploadVideoAndGetId 22 uploadVideoAndGetId
@@ -33,6 +33,7 @@ describe('Test video playlists API validator', function () {
33 let server: ServerInfo 33 let server: ServerInfo
34 let userAccessToken: string 34 let userAccessToken: string
35 let playlistUUID: string 35 let playlistUUID: string
36 let privatePlaylistUUID: string
36 let watchLaterPlaylistId: number 37 let watchLaterPlaylistId: number
37 let videoId: number 38 let videoId: number
38 let videoId2: number 39 let videoId2: number
@@ -47,6 +48,7 @@ describe('Test video playlists API validator', function () {
47 server = await runServer(1) 48 server = await runServer(1)
48 49
49 await setAccessTokensToServers([ server ]) 50 await setAccessTokensToServers([ server ])
51 await setDefaultVideoChannel([ server ])
50 52
51 userAccessToken = await generateUserAccessToken(server, 'user1') 53 userAccessToken = await generateUserAccessToken(server, 'user1')
52 videoId = (await uploadVideoAndGetId({ server, videoName: 'video 1' })).id 54 videoId = (await uploadVideoAndGetId({ server, videoName: 'video 1' })).id
@@ -63,11 +65,24 @@ describe('Test video playlists API validator', function () {
63 token: server.accessToken, 65 token: server.accessToken,
64 playlistAttrs: { 66 playlistAttrs: {
65 displayName: 'super playlist', 67 displayName: 'super playlist',
66 privacy: VideoPlaylistPrivacy.PUBLIC 68 privacy: VideoPlaylistPrivacy.PUBLIC,
69 videoChannelId: server.videoChannel.id
67 } 70 }
68 }) 71 })
69 playlistUUID = res.body.videoPlaylist.uuid 72 playlistUUID = res.body.videoPlaylist.uuid
70 } 73 }
74
75 {
76 const res = await createVideoPlaylist({
77 url: server.url,
78 token: server.accessToken,
79 playlistAttrs: {
80 displayName: 'private',
81 privacy: VideoPlaylistPrivacy.PRIVATE
82 }
83 })
84 privatePlaylistUUID = res.body.videoPlaylist.uuid
85 }
71 }) 86 })
72 87
73 describe('When listing playlists', function () { 88 describe('When listing playlists', function () {
@@ -172,7 +187,8 @@ describe('Test video playlists API validator', function () {
172 playlistAttrs: Object.assign({ 187 playlistAttrs: Object.assign({
173 displayName: 'display name', 188 displayName: 'display name',
174 privacy: VideoPlaylistPrivacy.UNLISTED, 189 privacy: VideoPlaylistPrivacy.UNLISTED,
175 thumbnailfile: 'thumbnail.jpg' 190 thumbnailfile: 'thumbnail.jpg',
191 videoChannelId: server.videoChannel.id
176 }, playlistAttrs) 192 }, playlistAttrs)
177 }, wrapper) 193 }, wrapper)
178 } 194 }
@@ -229,6 +245,18 @@ describe('Test video playlists API validator', function () {
229 await updateVideoPlaylist(getUpdate(params, playlistUUID)) 245 await updateVideoPlaylist(getUpdate(params, playlistUUID))
230 }) 246 })
231 247
248 it('Should fail to set "public" a playlist not assigned to a channel', async function () {
249 const params = getBase({ privacy: VideoPlaylistPrivacy.PUBLIC, videoChannelId: undefined })
250 const params2 = getBase({ privacy: VideoPlaylistPrivacy.PUBLIC, videoChannelId: 'null' })
251 const params3 = getBase({ privacy: undefined, videoChannelId: 'null' })
252
253 await createVideoPlaylist(params)
254 await createVideoPlaylist(params2)
255 await updateVideoPlaylist(getUpdate(params, privatePlaylistUUID))
256 await updateVideoPlaylist(getUpdate(params2, playlistUUID))
257 await updateVideoPlaylist(getUpdate(params3, playlistUUID))
258 })
259
232 it('Should fail with an unknown playlist to update', async function () { 260 it('Should fail with an unknown playlist to update', async function () {
233 await updateVideoPlaylist(getUpdate( 261 await updateVideoPlaylist(getUpdate(
234 getBase({}, { expectedStatus: 404 }), 262 getBase({}, { expectedStatus: 404 }),
@@ -249,14 +277,14 @@ describe('Test video playlists API validator', function () {
249 const res = await createVideoPlaylist(params) 277 const res = await createVideoPlaylist(params)
250 const playlist = res.body.videoPlaylist 278 const playlist = res.body.videoPlaylist
251 279
252 const paramsUpdate = getBase({ privacy: VideoPlaylistPrivacy.PRIVATE }, { expectedStatus: 409 }) 280 const paramsUpdate = getBase({ privacy: VideoPlaylistPrivacy.PRIVATE }, { expectedStatus: 400 })
253 281
254 await updateVideoPlaylist(getUpdate(paramsUpdate, playlist.id)) 282 await updateVideoPlaylist(getUpdate(paramsUpdate, playlist.id))
255 }) 283 })
256 284
257 it('Should fail to update the watch later playlist', async function () { 285 it('Should fail to update the watch later playlist', async function () {
258 await updateVideoPlaylist(getUpdate( 286 await updateVideoPlaylist(getUpdate(
259 getBase({}, { expectedStatus: 409 }), 287 getBase({}, { expectedStatus: 400 }),
260 watchLaterPlaylistId 288 watchLaterPlaylistId
261 )) 289 ))
262 }) 290 })
@@ -634,7 +662,7 @@ describe('Test video playlists API validator', function () {
634 }) 662 })
635 663
636 it('Should fail with the watch later playlist', async function () { 664 it('Should fail with the watch later playlist', async function () {
637 await deleteVideoPlaylist(server.url, server.accessToken, watchLaterPlaylistId, 409) 665 await deleteVideoPlaylist(server.url, server.accessToken, watchLaterPlaylistId, 400)
638 }) 666 })
639 667
640 it('Should succeed with the correct params', async function () { 668 it('Should succeed with the correct params', async function () {