diff options
Diffstat (limited to 'server/middlewares/validators/videos/video-rates.ts')
-rw-r--r-- | server/middlewares/validators/videos/video-rates.ts | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 6e0bb0ad1..923bf3eaf 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts | |||
@@ -8,7 +8,7 @@ import { isRatingValid } from '../../../helpers/custom-validators/video-rates' | |||
8 | import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' | 8 | import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' |
9 | import { logger } from '../../../helpers/logger' | 9 | import { logger } from '../../../helpers/logger' |
10 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' | 10 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' |
11 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' | 11 | import { areValidationErrors, checkCanSeeVideoIfPrivate, doesVideoExist, isValidVideoIdParam } from '../shared' |
12 | 12 | ||
13 | const videoUpdateRateValidator = [ | 13 | const videoUpdateRateValidator = [ |
14 | isValidVideoIdParam('id'), | 14 | isValidVideoIdParam('id'), |
@@ -21,6 +21,13 @@ const videoUpdateRateValidator = [ | |||
21 | if (areValidationErrors(req, res)) return | 21 | if (areValidationErrors(req, res)) return |
22 | if (!await doesVideoExist(req.params.id, res)) return | 22 | if (!await doesVideoExist(req.params.id, res)) return |
23 | 23 | ||
24 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) { | ||
25 | return res.fail({ | ||
26 | status: HttpStatusCode.FORBIDDEN_403, | ||
27 | message: 'Cannot access to this ressource' | ||
28 | }) | ||
29 | } | ||
30 | |||
24 | return next() | 31 | return next() |
25 | } | 32 | } |
26 | ] | 33 | ] |