1 files changed, 45 insertions, 39 deletions
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 5823795be..ca36d419a 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -2,7 +2,6 @@ import * as express from 'express'
 import { body, param, query, ValidationChain } from 'express-validator'
 import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
 import { logger } from '../../../helpers/logger'
-import { UserModel } from '../../../models/account/user'
 import { areValidationErrors } from '../utils'
 import { isVideoImage } from '../../../helpers/custom-validators/videos'
 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
@@ -22,13 +21,14 @@ import {
  isVideoPlaylistTimestampValid,
  isVideoPlaylistTypeValid
 } from '../../../helpers/custom-validators/video-playlists'
-import { VideoPlaylistModel } from '../../../models/video/video-playlist'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
 import { authenticatePromiseIfNeeded } from '../../oauth'
 import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
 import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
-import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist } from '../../../helpers/middlewares'
+import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares'
+import { MVideoPlaylist } from '../../../typings/models/video/video-playlist'
+import { MUserAccountId } from '@server/typings/models'
 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  body('displayName')
@@ -67,9 +67,9 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
-    const videoPlaylist = res.locals.videoPlaylist
+    const videoPlaylist = getPlaylist(res)
-    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
+    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return cleanUpReqFiles(req)
    }
@@ -110,13 +110,13 @@ const videoPlaylistsDeleteValidator = [
    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
-    const videoPlaylist = res.locals.videoPlaylist
+    const videoPlaylist = getPlaylist(res)
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      return res.status(400)
                .json({ error: 'Cannot delete a watch later playlist.' })
    }
-    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
+    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }
@@ -124,45 +124,47 @@ const videoPlaylistsDeleteValidator = [
  }
 ]
-const videoPlaylistsGetValidator = [
+const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
-  param('playlistId')
+  return [
-    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
+    param('playlistId')
+      .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
+      logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
-    if (areValidationErrors(req, res)) return
+      if (areValidationErrors(req, res)) return
-    if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
+      if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
-    const videoPlaylist = res.locals.videoPlaylist
+      const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
-    // Video is unlisted, check we used the uuid to fetch it
+      // Video is unlisted, check we used the uuid to fetch it
-    if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
+      if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
-      if (isUUIDValid(req.params.playlistId)) return next()
+        if (isUUIDValid(req.params.playlistId)) return next()
-      return res.status(404).end()
+        return res.status(404).end()
-    }
+      }
-    if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
+      if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
-      await authenticatePromiseIfNeeded(req, res)
+        await authenticatePromiseIfNeeded(req, res)
-      const user = res.locals.oauth ? res.locals.oauth.token.User : null
+        const user = res.locals.oauth ? res.locals.oauth.token.User : null
-      if (
+        if (
-        !user ||
+          !user ||
-        (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
+          (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
-      ) {
+        ) {
-        return res.status(403)
+          return res.status(403)
-                  .json({ error: 'Cannot get this private video playlist.' })
+                    .json({ error: 'Cannot get this private video playlist.' })
+        }
+        return next()
      }
      return next()
    }
+  ]
-    return next()
+}
-  }
-]
 const videoPlaylistsAddVideoValidator = [
  param('playlistId')
@@ -184,8 +186,8 @@ const videoPlaylistsAddVideoValidator = [
    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
    if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
-    const videoPlaylist = res.locals.videoPlaylist
+    const videoPlaylist = getPlaylist(res)
-    const video = res.locals.video
+    const video = res.locals.onlyVideo
    const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
    if (videoPlaylistElement) {
@@ -196,7 +198,7 @@ const videoPlaylistsAddVideoValidator = [
      return
    }
-    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
+    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
      return
    }
@@ -223,7 +225,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [
    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
-    const videoPlaylist = res.locals.videoPlaylist
+    const videoPlaylist = getPlaylist(res)
    const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
    if (!videoPlaylistElement) {
@@ -289,7 +291,7 @@ const videoPlaylistsReorderVideosValidator = [
    if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
-    const videoPlaylist = res.locals.videoPlaylist
+    const videoPlaylist = getPlaylist(res)
    if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
    const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
@@ -388,7 +390,7 @@ function getCommonPlaylistEditAttributes () {
  ] as (ValidationChain | express.Handler)[]
 }
-function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
+function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
  if (videoPlaylist.isOwned() === false) {
    res.status(403)
       .json({ error: 'Cannot manage video playlist of another server.' })
@@ -410,3 +412,7 @@ function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoP
  return true
 }
+function getPlaylist (res: express.Response) {
+  return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
+}

diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 5823795be..ca36d419a 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -2,7 +2,6 @@ import * as express from 'express'
2	import { body, param, query, ValidationChain } from 'express-validator'	2	import { body, param, query, ValidationChain } from 'express-validator'
3	import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'	3	import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
4	import { logger } from '../../../helpers/logger'	4	import { logger } from '../../../helpers/logger'
5	import { UserModel } from '../../../models/account/user'
6	import { areValidationErrors } from '../utils'	5	import { areValidationErrors } from '../utils'
7	import { isVideoImage } from '../../../helpers/custom-validators/videos'	6	import { isVideoImage } from '../../../helpers/custom-validators/videos'
8	import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'	7	import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
@@ -22,13 +21,14 @@ import {
22	isVideoPlaylistTimestampValid,	21	isVideoPlaylistTimestampValid,
23	isVideoPlaylistTypeValid	22	isVideoPlaylistTypeValid
24	} from '../../../helpers/custom-validators/video-playlists'	23	} from '../../../helpers/custom-validators/video-playlists'
25	import { VideoPlaylistModel } from '../../../models/video/video-playlist'
26	import { cleanUpReqFiles } from '../../../helpers/express-utils'	24	import { cleanUpReqFiles } from '../../../helpers/express-utils'
27	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'	25	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
28	import { authenticatePromiseIfNeeded } from '../../oauth'	26	import { authenticatePromiseIfNeeded } from '../../oauth'
29	import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'	27	import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
30	import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'	28	import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
31	import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist } from '../../../helpers/middlewares'	29	import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares'
		30	import { MVideoPlaylist } from '../../../typings/models/video/video-playlist'
		31	import { MUserAccountId } from '@server/typings/models'
32		32
33	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([	33	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
34	body('displayName')	34	body('displayName')
@@ -67,9 +67,9 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
67		67
68	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)	68	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
69		69
70	const videoPlaylist = res.locals.videoPlaylist	70	const videoPlaylist = getPlaylist(res)
71		71
72	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {	72	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
73	return cleanUpReqFiles(req)	73	return cleanUpReqFiles(req)
74	}	74	}
75		75
@@ -110,13 +110,13 @@ const videoPlaylistsDeleteValidator = [
110		110
111	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return	111	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
112		112
113	const videoPlaylist = res.locals.videoPlaylist	113	const videoPlaylist = getPlaylist(res)
114	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {	114	if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
115	return res.status(400)	115	return res.status(400)
116	.json({ error: 'Cannot delete a watch later playlist.' })	116	.json({ error: 'Cannot delete a watch later playlist.' })
117	}	117	}
118		118
119	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {	119	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
120	return	120	return
121	}	121	}
122		122
@@ -124,45 +124,47 @@ const videoPlaylistsDeleteValidator = [
124	}	124	}
125	]	125	]
126		126
127	const videoPlaylistsGetValidator = [	127	const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
128	param('playlistId')	128	return [
129	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),	129	param('playlistId')
		130	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
130		131
131	async (req: express.Request, res: express.Response, next: express.NextFunction) => {	132	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
132	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })	133	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
133		134
134	if (areValidationErrors(req, res)) return	135	if (areValidationErrors(req, res)) return
135		136
136	if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return	137	if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
137		138
138	const videoPlaylist = res.locals.videoPlaylist	139	const videoPlaylist = res.locals.videoPlaylistFull \|\| res.locals.videoPlaylistSummary
139		140
140	// Video is unlisted, check we used the uuid to fetch it	141	// Video is unlisted, check we used the uuid to fetch it
141	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {	142	if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
142	if (isUUIDValid(req.params.playlistId)) return next()	143	if (isUUIDValid(req.params.playlistId)) return next()
143		144
144	return res.status(404).end()	145	return res.status(404).end()
145	}	146	}
146		147
147	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {	148	if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
148	await authenticatePromiseIfNeeded(req, res)	149	await authenticatePromiseIfNeeded(req, res)
149		150
150	const user = res.locals.oauth ? res.locals.oauth.token.User : null	151	const user = res.locals.oauth ? res.locals.oauth.token.User : null
151		152
152	if (	153	if (
153	!user \|\|	154	!user \|\|
154	(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))	155	(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
155	) {	156	) {
156	return res.status(403)	157	return res.status(403)
157	.json({ error: 'Cannot get this private video playlist.' })	158	.json({ error: 'Cannot get this private video playlist.' })
		159	}
		160
		161	return next()
158	}	162	}
159		163
160	return next()	164	return next()
161	}	165	}
162		166	]
163	return next()	167	}
164	}
165	]
166		168
167	const videoPlaylistsAddVideoValidator = [	169	const videoPlaylistsAddVideoValidator = [
168	param('playlistId')	170	param('playlistId')
@@ -184,8 +186,8 @@ const videoPlaylistsAddVideoValidator = [
184	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return	186	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
185	if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return	187	if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
186		188
187	const videoPlaylist = res.locals.videoPlaylist	189	const videoPlaylist = getPlaylist(res)
188	const video = res.locals.video	190	const video = res.locals.onlyVideo
189		191
190	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)	192	const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
191	if (videoPlaylistElement) {	193	if (videoPlaylistElement) {
@@ -196,7 +198,7 @@ const videoPlaylistsAddVideoValidator = [
196	return	198	return
197	}	199	}
198		200
199	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {	201	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
200	return	202	return
201	}	203	}
202		204
@@ -223,7 +225,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [
223		225
224	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return	226	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
225		227
226	const videoPlaylist = res.locals.videoPlaylist	228	const videoPlaylist = getPlaylist(res)
227		229
228	const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)	230	const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
229	if (!videoPlaylistElement) {	231	if (!videoPlaylistElement) {
@@ -289,7 +291,7 @@ const videoPlaylistsReorderVideosValidator = [
289		291
290	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return	292	if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
291		293
292	const videoPlaylist = res.locals.videoPlaylist	294	const videoPlaylist = getPlaylist(res)
293	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return	295	if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
294		296
295	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)	297	const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
@@ -388,7 +390,7 @@ function getCommonPlaylistEditAttributes () {
388	] as (ValidationChain \| express.Handler)[]	390	] as (ValidationChain \| express.Handler)[]
389	}	391	}
390		392
391	function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {	393	function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
392	if (videoPlaylist.isOwned() === false) {	394	if (videoPlaylist.isOwned() === false) {
393	res.status(403)	395	res.status(403)
394	.json({ error: 'Cannot manage video playlist of another server.' })	396	.json({ error: 'Cannot manage video playlist of another server.' })
@@ -410,3 +412,7 @@ function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoP
410		412
411	return true	413	return true
412	}	414	}
		415
		416	function getPlaylist (res: express.Response) {
		417	return res.locals.videoPlaylistFull \|\| res.locals.videoPlaylistSummary
		418	}