diff options
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos.ts | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 158b475e3..df0eb7b96 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -1,30 +1,30 @@ | |||
1 | import { body, param, query } from 'express-validator/check' | ||
2 | import * as express from 'express' | 1 | import * as express from 'express' |
3 | 2 | import { body, param, query } from 'express-validator/check' | |
4 | import { database as db } from '../../initializers/database' | 3 | import { UserRight, VideoPrivacy } from '../../../shared' |
5 | import { checkErrors } from './utils' | 4 | import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' |
6 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' | ||
7 | import { | 5 | import { |
8 | logger, | 6 | checkVideoExists, |
9 | isVideoDurationValid, | 7 | isVideoAbuseReasonValid, |
10 | isVideoFile, | ||
11 | isVideoNameValid, | ||
12 | isVideoCategoryValid, | 8 | isVideoCategoryValid, |
13 | isVideoLicenceValid, | ||
14 | isVideoDescriptionValid, | 9 | isVideoDescriptionValid, |
10 | isVideoDurationValid, | ||
11 | isVideoFile, | ||
15 | isVideoLanguageValid, | 12 | isVideoLanguageValid, |
16 | isVideoTagsValid, | 13 | isVideoLicenceValid, |
14 | isVideoNameValid, | ||
17 | isVideoNSFWValid, | 15 | isVideoNSFWValid, |
18 | isIdOrUUIDValid, | 16 | isVideoPrivacyValid, |
19 | isVideoAbuseReasonValid, | ||
20 | isVideoRatingTypeValid, | 17 | isVideoRatingTypeValid, |
21 | getDurationFromVideoFile, | 18 | isVideoTagsValid |
22 | checkVideoExists, | 19 | } from '../../helpers/custom-validators/videos' |
23 | isIdValid, | 20 | import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils' |
24 | isVideoPrivacyValid | 21 | import { logger } from '../../helpers/logger' |
25 | } from '../../helpers' | 22 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' |
26 | import { UserRight, VideoPrivacy } from '../../../shared' | 23 | |
24 | import { database as db } from '../../initializers/database' | ||
25 | import { UserInstance } from '../../models/account/user-interface' | ||
27 | import { authenticate } from '../oauth' | 26 | import { authenticate } from '../oauth' |
27 | import { checkErrors } from './utils' | ||
28 | 28 | ||
29 | const videosAddValidator = [ | 29 | const videosAddValidator = [ |
30 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( | 30 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( |
@@ -185,7 +185,7 @@ const videosRemoveValidator = [ | |||
185 | checkErrors(req, res, () => { | 185 | checkErrors(req, res, () => { |
186 | checkVideoExists(req.params.id, res, () => { | 186 | checkVideoExists(req.params.id, res, () => { |
187 | // Check if the user who did the request is able to delete the video | 187 | // Check if the user who did the request is able to delete the video |
188 | checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => { | 188 | checkUserCanDeleteVideo(res.locals.oauth.token.User, res, () => { |
189 | next() | 189 | next() |
190 | }) | 190 | }) |
191 | }) | 191 | }) |
@@ -246,7 +246,7 @@ export { | |||
246 | 246 | ||
247 | // --------------------------------------------------------------------------- | 247 | // --------------------------------------------------------------------------- |
248 | 248 | ||
249 | function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { | 249 | function checkUserCanDeleteVideo (user: UserInstance, res: express.Response, callback: () => void) { |
250 | // Retrieve the user who did the request | 250 | // Retrieve the user who did the request |
251 | if (res.locals.video.isOwned() === false) { | 251 | if (res.locals.video.isOwned() === false) { |
252 | return res.status(403) | 252 | return res.status(403) |
@@ -258,7 +258,6 @@ function checkUserCanDeleteVideo (userId: number, res: express.Response, callbac | |||
258 | // The user can delete it if s/he is an admin | 258 | // The user can delete it if s/he is an admin |
259 | // Or if s/he is the video's account | 259 | // Or if s/he is the video's account |
260 | const account = res.locals.video.VideoChannel.Account | 260 | const account = res.locals.video.VideoChannel.Account |
261 | const user = res.locals.oauth.token.User | ||
262 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) { | 261 | if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) { |
263 | return res.status(403) | 262 | return res.status(403) |
264 | .json({ error: 'Cannot remove video of another user' }) | 263 | .json({ error: 'Cannot remove video of another user' }) |