diff options
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos.ts | 36 |
1 files changed, 6 insertions, 30 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 59d65d5a4..899def6fc 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -12,6 +12,7 @@ import { | |||
12 | toValueOrNull | 12 | toValueOrNull |
13 | } from '../../helpers/custom-validators/misc' | 13 | } from '../../helpers/custom-validators/misc' |
14 | import { | 14 | import { |
15 | checkUserCanManageVideo, | ||
15 | isScheduleVideoUpdatePrivacyValid, | 16 | isScheduleVideoUpdatePrivacyValid, |
16 | isVideoAbuseReasonValid, | 17 | isVideoAbuseReasonValid, |
17 | isVideoCategoryValid, | 18 | isVideoCategoryValid, |
@@ -31,8 +32,6 @@ import { | |||
31 | import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils' | 32 | import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils' |
32 | import { logger } from '../../helpers/logger' | 33 | import { logger } from '../../helpers/logger' |
33 | import { CONSTRAINTS_FIELDS } from '../../initializers' | 34 | import { CONSTRAINTS_FIELDS } from '../../initializers' |
34 | import { UserModel } from '../../models/account/user' | ||
35 | import { VideoModel } from '../../models/video/video' | ||
36 | import { VideoShareModel } from '../../models/video/video-share' | 35 | import { VideoShareModel } from '../../models/video/video-share' |
37 | import { authenticate } from '../oauth' | 36 | import { authenticate } from '../oauth' |
38 | import { areValidationErrors } from './utils' | 37 | import { areValidationErrors } from './utils' |
@@ -40,17 +39,17 @@ import { areValidationErrors } from './utils' | |||
40 | const videosAddValidator = [ | 39 | const videosAddValidator = [ |
41 | body('videofile') | 40 | body('videofile') |
42 | .custom((value, { req }) => isVideoFile(req.files)).withMessage( | 41 | .custom((value, { req }) => isVideoFile(req.files)).withMessage( |
43 | 'This file is not supported or too large. Please, make sure it is of the following type : ' | 42 | 'This file is not supported or too large. Please, make sure it is of the following type: ' |
44 | + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ') | 43 | + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ') |
45 | ), | 44 | ), |
46 | body('thumbnailfile') | 45 | body('thumbnailfile') |
47 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( | 46 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( |
48 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type : ' | 47 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' |
49 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 48 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
50 | ), | 49 | ), |
51 | body('previewfile') | 50 | body('previewfile') |
52 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( | 51 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( |
53 | 'This preview file is not supported or too large. Please, make sure it is of the following type : ' | 52 | 'This preview file is not supported or too large. Please, make sure it is of the following type: ' |
54 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 53 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
55 | ), | 54 | ), |
56 | body('name').custom(isVideoNameValid).withMessage('Should have a valid name'), | 55 | body('name').custom(isVideoNameValid).withMessage('Should have a valid name'), |
@@ -152,12 +151,12 @@ const videosUpdateValidator = [ | |||
152 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 151 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
153 | body('thumbnailfile') | 152 | body('thumbnailfile') |
154 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( | 153 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( |
155 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type : ' | 154 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' |
156 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 155 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
157 | ), | 156 | ), |
158 | body('previewfile') | 157 | body('previewfile') |
159 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( | 158 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( |
160 | 'This preview file is not supported or too large. Please, make sure it is of the following type : ' | 159 | 'This preview file is not supported or too large. Please, make sure it is of the following type: ' |
161 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 160 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
162 | ), | 161 | ), |
163 | body('name') | 162 | body('name') |
@@ -373,29 +372,6 @@ export { | |||
373 | 372 | ||
374 | // --------------------------------------------------------------------------- | 373 | // --------------------------------------------------------------------------- |
375 | 374 | ||
376 | function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: express.Response) { | ||
377 | // Retrieve the user who did the request | ||
378 | if (video.isOwned() === false) { | ||
379 | res.status(403) | ||
380 | .json({ error: 'Cannot manage a video of another server.' }) | ||
381 | .end() | ||
382 | return false | ||
383 | } | ||
384 | |||
385 | // Check if the user can delete the video | ||
386 | // The user can delete it if he has the right | ||
387 | // Or if s/he is the video's account | ||
388 | const account = video.VideoChannel.Account | ||
389 | if (user.hasRight(right) === false && account.userId !== user.id) { | ||
390 | res.status(403) | ||
391 | .json({ error: 'Cannot manage a video of another user.' }) | ||
392 | .end() | ||
393 | return false | ||
394 | } | ||
395 | |||
396 | return true | ||
397 | } | ||
398 | |||
399 | function areErrorsInVideoImageFiles (req: express.Request, res: express.Response) { | 375 | function areErrorsInVideoImageFiles (req: express.Request, res: express.Response) { |
400 | // Files are optional | 376 | // Files are optional |
401 | if (!req.files) return false | 377 | if (!req.files) return false |