aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/videos.js15
1 files changed, 8 insertions, 7 deletions
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 09a188c76..1b6dbccf0 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -71,15 +71,16 @@ function videosRemove (req, res, next) {
71 logger.debug('Checking videosRemove parameters', { parameters: req.params }) 71 logger.debug('Checking videosRemove parameters', { parameters: req.params })
72 72
73 checkErrors(req, res, function () { 73 checkErrors(req, res, function () {
74 db.Video.loadAndPopulateAuthor(req.params.id, function (err, video) { 74 checkVideoExists(req.params.id, res, function () {
75 if (err) { 75 // We need to make additional checks
76 logger.error('Error in videosRemove request validator.', { error: err }) 76
77 return res.sendStatus(500) 77 if (res.locals.video.isOwned() === false) {
78 return res.status(403).send('Cannot remove video of another pod')
78 } 79 }
79 80
80 if (!video) return res.status(404).send('Video not found') 81 if (res.locals.video.authorId !== res.locals.oauth.token.User.id) {
81 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') 82 return res.status(403).send('Cannot remove video of another user')
82 else if (video.Author.name !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') 83 }
83 84
84 next() 85 next()
85 }) 86 })