1 files changed, 24 insertions, 0 deletions
diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts
index 672f06dc0..b5cb126d9 100644
--- a/server/helpers/custom-validators/videos.ts
+++ b/server/helpers/custom-validators/videos.ts
@@ -126,6 +126,29 @@ function isVideoFileSizeValid (value: string) {
  return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.FILE_SIZE)
 }
+function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
+  // Retrieve the user who did the request
+  if (video.isOwned() === false) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another server.' })
+       .end()
+    return false
+  }
+  // Check if the user can delete the video
+  // The user can delete it if he has the right
+  // Or if s/he is the video's account
+  const account = video.VideoChannel.Account
+  if (user.hasRight(right) === false && account.userId !== user.id) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another user.' })
+       .end()
+    return false
+  }
+  return true
+}
 async function isVideoExist (id: string, res: Response) {
  let video: VideoModel
@@ -179,6 +202,7 @@ async function isVideoChannelOfAccountExist (channelId: number, user: UserModel,
 export {
  isVideoCategoryValid,
+  checkUserCanManageVideo,
  isVideoLicenceValid,
  isVideoLanguageValid,
  isVideoTruncatedDescriptionValid,

diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts index 672f06dc0..b5cb126d9 100644 --- a/server/helpers/custom-validators/videos.ts +++ b/server/helpers/custom-validators/videos.ts
@@ -126,6 +126,29 @@ function isVideoFileSizeValid (value: string) {
126	return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.FILE_SIZE)	126	return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.FILE_SIZE)
127	}	127	}
128		128
		129	function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
		130	// Retrieve the user who did the request
		131	if (video.isOwned() === false) {
		132	res.status(403)
		133	.json({ error: 'Cannot manage a video of another server.' })
		134	.end()
		135	return false
		136	}
		137
		138	// Check if the user can delete the video
		139	// The user can delete it if he has the right
		140	// Or if s/he is the video's account
		141	const account = video.VideoChannel.Account
		142	if (user.hasRight(right) === false && account.userId !== user.id) {
		143	res.status(403)
		144	.json({ error: 'Cannot manage a video of another user.' })
		145	.end()
		146	return false
		147	}
		148
		149	return true
		150	}
		151
129	async function isVideoExist (id: string, res: Response) {	152	async function isVideoExist (id: string, res: Response) {
130	let video: VideoModel	153	let video: VideoModel
131		154
@@ -179,6 +202,7 @@ async function isVideoChannelOfAccountExist (channelId: number, user: UserModel,
179		202
180	export {	203	export {
181	isVideoCategoryValid,	204	isVideoCategoryValid,
		205	checkUserCanManageVideo,
182	isVideoLicenceValid,	206	isVideoLicenceValid,
183	isVideoLanguageValid,	207	isVideoLanguageValid,
184	isVideoTruncatedDescriptionValid,	208	isVideoTruncatedDescriptionValid,