aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/videos.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r--server/middlewares/validators/videos.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index a032d14ce..0c07404c5 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -22,6 +22,7 @@ import {
22 checkVideoExists, 22 checkVideoExists,
23 isIdValid 23 isIdValid
24} from '../../helpers' 24} from '../../helpers'
25import { UserRight } from '../../../shared'
25 26
26const videosAddValidator = [ 27const videosAddValidator = [
27 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( 28 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
@@ -231,7 +232,7 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac
231 // Check if the user can delete the video 232 // Check if the user can delete the video
232 // The user can delete it if s/he is an admin 233 // The user can delete it if s/he is an admin
233 // Or if s/he is the video's author 234 // Or if s/he is the video's author
234 if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { 235 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
235 return res.status(403) 236 return res.status(403)
236 .json({ error: 'Cannot remove video of another user' }) 237 .json({ error: 'Cannot remove video of another user' })
237 .end() 238 .end()
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 05:01:28 +0000