diff options
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/videos.js | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 09a188c76..1b6dbccf0 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js | |||
@@ -71,15 +71,16 @@ function videosRemove (req, res, next) { | |||
71 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) | 71 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) |
72 | 72 | ||
73 | checkErrors(req, res, function () { | 73 | checkErrors(req, res, function () { |
74 | db.Video.loadAndPopulateAuthor(req.params.id, function (err, video) { | 74 | checkVideoExists(req.params.id, res, function () { |
75 | if (err) { | 75 | // We need to make additional checks |
76 | logger.error('Error in videosRemove request validator.', { error: err }) | 76 | |
77 | return res.sendStatus(500) | 77 | if (res.locals.video.isOwned() === false) { |
78 | return res.status(403).send('Cannot remove video of another pod') | ||
78 | } | 79 | } |
79 | 80 | ||
80 | if (!video) return res.status(404).send('Video not found') | 81 | if (res.locals.video.authorId !== res.locals.oauth.token.User.id) { |
81 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') | 82 | return res.status(403).send('Cannot remove video of another user') |
82 | else if (video.Author.name !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') | 83 | } |
83 | 84 | ||
84 | next() | 85 | next() |
85 | }) | 86 | }) |