aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/videos.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r--server/middlewares/validators/videos.ts43
1 files changed, 21 insertions, 22 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 158b475e3..df0eb7b96 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -1,30 +1,30 @@
1import { body, param, query } from 'express-validator/check'
2import * as express from 'express' 1import * as express from 'express'
3 2import { body, param, query } from 'express-validator/check'
4import { database as db } from '../../initializers/database' 3import { UserRight, VideoPrivacy } from '../../../shared'
5import { checkErrors } from './utils' 4import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
6import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'
7import { 5import {
8 logger, 6 checkVideoExists,
9 isVideoDurationValid, 7 isVideoAbuseReasonValid,
10 isVideoFile,
11 isVideoNameValid,
12 isVideoCategoryValid, 8 isVideoCategoryValid,
13 isVideoLicenceValid,
14 isVideoDescriptionValid, 9 isVideoDescriptionValid,
10 isVideoDurationValid,
11 isVideoFile,
15 isVideoLanguageValid, 12 isVideoLanguageValid,
16 isVideoTagsValid, 13 isVideoLicenceValid,
14 isVideoNameValid,
17 isVideoNSFWValid, 15 isVideoNSFWValid,
18 isIdOrUUIDValid, 16 isVideoPrivacyValid,
19 isVideoAbuseReasonValid,
20 isVideoRatingTypeValid, 17 isVideoRatingTypeValid,
21 getDurationFromVideoFile, 18 isVideoTagsValid
22 checkVideoExists, 19} from '../../helpers/custom-validators/videos'
23 isIdValid, 20import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils'
24 isVideoPrivacyValid 21import { logger } from '../../helpers/logger'
25} from '../../helpers' 22import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'
26import { UserRight, VideoPrivacy } from '../../../shared' 23
24import { database as db } from '../../initializers/database'
25import { UserInstance } from '../../models/account/user-interface'
27import { authenticate } from '../oauth' 26import { authenticate } from '../oauth'
27import { checkErrors } from './utils'
28 28
29const videosAddValidator = [ 29const videosAddValidator = [
30 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( 30 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
@@ -185,7 +185,7 @@ const videosRemoveValidator = [
185 checkErrors(req, res, () => { 185 checkErrors(req, res, () => {
186 checkVideoExists(req.params.id, res, () => { 186 checkVideoExists(req.params.id, res, () => {
187 // Check if the user who did the request is able to delete the video 187 // Check if the user who did the request is able to delete the video
188 checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => { 188 checkUserCanDeleteVideo(res.locals.oauth.token.User, res, () => {
189 next() 189 next()
190 }) 190 })
191 }) 191 })
@@ -246,7 +246,7 @@ export {
246 246
247// --------------------------------------------------------------------------- 247// ---------------------------------------------------------------------------
248 248
249function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { 249function checkUserCanDeleteVideo (user: UserInstance, res: express.Response, callback: () => void) {
250 // Retrieve the user who did the request 250 // Retrieve the user who did the request
251 if (res.locals.video.isOwned() === false) { 251 if (res.locals.video.isOwned() === false) {
252 return res.status(403) 252 return res.status(403)
@@ -258,7 +258,6 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac
258 // The user can delete it if s/he is an admin 258 // The user can delete it if s/he is an admin
259 // Or if s/he is the video's account 259 // Or if s/he is the video's account
260 const account = res.locals.video.VideoChannel.Account 260 const account = res.locals.video.VideoChannel.Account
261 const user = res.locals.oauth.token.User
262 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) { 261 if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) {
263 return res.status(403) 262 return res.status(403)
264 .json({ error: 'Cannot remove video of another user' }) 263 .json({ error: 'Cannot remove video of another user' })