diff options
Diffstat (limited to 'server/middlewares/validators/videos/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index af06f3c62..1449903b7 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -37,13 +37,14 @@ import { VideoModel } from '../../../models/video/video' | |||
37 | import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../../helpers/custom-validators/video-ownership' | 37 | import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../../helpers/custom-validators/video-ownership' |
38 | import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model' | 38 | import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model' |
39 | import { AccountModel } from '../../../models/account/account' | 39 | import { AccountModel } from '../../../models/account/account' |
40 | import { VideoFetchType } from '../../../helpers/video' | ||
41 | import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' | 40 | import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' |
42 | import { getServerActor } from '../../../helpers/utils' | 41 | import { getServerActor } from '../../../helpers/utils' |
43 | import { CONFIG } from '../../../initializers/config' | 42 | import { CONFIG } from '../../../initializers/config' |
44 | import { isLocalVideoAccepted } from '../../../lib/moderation' | 43 | import { isLocalVideoAccepted } from '../../../lib/moderation' |
45 | import { Hooks } from '../../../lib/plugins/hooks' | 44 | import { Hooks } from '../../../lib/plugins/hooks' |
46 | import { checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist } from '../../../helpers/middlewares' | 45 | import { checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist } from '../../../helpers/middlewares' |
46 | import { MVideoFullLight } from '@server/typings/models' | ||
47 | import { getVideoWithAttributes } from '../../../helpers/video' | ||
47 | 48 | ||
48 | const videosAddValidator = getCommonVideoEditAttributes().concat([ | 49 | const videosAddValidator = getCommonVideoEditAttributes().concat([ |
49 | body('videofile') | 50 | body('videofile') |
@@ -113,7 +114,7 @@ const videosUpdateValidator = getCommonVideoEditAttributes().concat([ | |||
113 | 114 | ||
114 | // Check if the user who did the request is able to update the video | 115 | // Check if the user who did the request is able to update the video |
115 | const user = res.locals.oauth.token.User | 116 | const user = res.locals.oauth.token.User |
116 | if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req) | 117 | if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req) |
117 | 118 | ||
118 | if (req.body.channelId && !await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) | 119 | if (req.body.channelId && !await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) |
119 | 120 | ||
@@ -122,7 +123,7 @@ const videosUpdateValidator = getCommonVideoEditAttributes().concat([ | |||
122 | ]) | 123 | ]) |
123 | 124 | ||
124 | async function checkVideoFollowConstraints (req: express.Request, res: express.Response, next: express.NextFunction) { | 125 | async function checkVideoFollowConstraints (req: express.Request, res: express.Response, next: express.NextFunction) { |
125 | const video = res.locals.video | 126 | const video = getVideoWithAttributes(res) |
126 | 127 | ||
127 | // Anybody can watch local videos | 128 | // Anybody can watch local videos |
128 | if (video.isOwned() === true) return next() | 129 | if (video.isOwned() === true) return next() |
@@ -146,7 +147,7 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R | |||
146 | }) | 147 | }) |
147 | } | 148 | } |
148 | 149 | ||
149 | const videosCustomGetValidator = (fetchType: VideoFetchType) => { | 150 | const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights') => { |
150 | return [ | 151 | return [ |
151 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 152 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
152 | 153 | ||
@@ -156,10 +157,11 @@ const videosCustomGetValidator = (fetchType: VideoFetchType) => { | |||
156 | if (areValidationErrors(req, res)) return | 157 | if (areValidationErrors(req, res)) return |
157 | if (!await doesVideoExist(req.params.id, res, fetchType)) return | 158 | if (!await doesVideoExist(req.params.id, res, fetchType)) return |
158 | 159 | ||
159 | const video = res.locals.video | 160 | const video = getVideoWithAttributes(res) |
161 | const videoAll = video as MVideoFullLight | ||
160 | 162 | ||
161 | // Video private or blacklisted | 163 | // Video private or blacklisted |
162 | if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) { | 164 | if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) { |
163 | await authenticatePromiseIfNeeded(req, res) | 165 | await authenticatePromiseIfNeeded(req, res) |
164 | 166 | ||
165 | const user = res.locals.oauth ? res.locals.oauth.token.User : null | 167 | const user = res.locals.oauth ? res.locals.oauth.token.User : null |
@@ -167,7 +169,7 @@ const videosCustomGetValidator = (fetchType: VideoFetchType) => { | |||
167 | // Only the owner or a user that have blacklist rights can see the video | 169 | // Only the owner or a user that have blacklist rights can see the video |
168 | if ( | 170 | if ( |
169 | !user || | 171 | !user || |
170 | (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) | 172 | (videoAll.VideoChannel && videoAll.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) |
171 | ) { | 173 | ) { |
172 | return res.status(403) | 174 | return res.status(403) |
173 | .json({ error: 'Cannot get this private or blacklisted video.' }) | 175 | .json({ error: 'Cannot get this private or blacklisted video.' }) |
@@ -202,7 +204,7 @@ const videosRemoveValidator = [ | |||
202 | if (!await doesVideoExist(req.params.id, res)) return | 204 | if (!await doesVideoExist(req.params.id, res)) return |
203 | 205 | ||
204 | // Check if the user who did the request is able to delete the video | 206 | // Check if the user who did the request is able to delete the video |
205 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.REMOVE_ANY_VIDEO, res)) return | 207 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.REMOVE_ANY_VIDEO, res)) return |
206 | 208 | ||
207 | return next() | 209 | return next() |
208 | } | 210 | } |
@@ -218,7 +220,7 @@ const videosChangeOwnershipValidator = [ | |||
218 | if (!await doesVideoExist(req.params.videoId, res)) return | 220 | if (!await doesVideoExist(req.params.videoId, res)) return |
219 | 221 | ||
220 | // Check if the user who did the request is able to change the ownership of the video | 222 | // Check if the user who did the request is able to change the ownership of the video |
221 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return | 223 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return |
222 | 224 | ||
223 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) | 225 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) |
224 | if (!nextOwner) { | 226 | if (!nextOwner) { |