diff options
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 53643635c..4916decbf 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -7,6 +7,7 @@ import { isAbleToUploadVideo } from '@server/lib/user' | |||
7 | import { getServerActor } from '@server/models/application/application' | 7 | import { getServerActor } from '@server/models/application/application' |
8 | import { ExpressPromiseHandler } from '@server/types/express' | 8 | import { ExpressPromiseHandler } from '@server/types/express' |
9 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' | 9 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' |
10 | import { getAllPrivacies } from '@shared/core-utils' | ||
10 | import { VideoInclude } from '@shared/models' | 11 | import { VideoInclude } from '@shared/models' |
11 | import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' | 12 | import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' |
12 | import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' | 13 | import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' |
@@ -487,6 +488,10 @@ const commonVideosFiltersValidator = [ | |||
487 | .optional() | 488 | .optional() |
488 | .customSanitizer(toArray) | 489 | .customSanitizer(toArray) |
489 | .custom(isStringArray).withMessage('Should have a valid one of language array'), | 490 | .custom(isStringArray).withMessage('Should have a valid one of language array'), |
491 | query('privacyOneOf') | ||
492 | .optional() | ||
493 | .customSanitizer(toArray) | ||
494 | .custom(isNumberArray).withMessage('Should have a valid one of privacy array'), | ||
490 | query('tagsOneOf') | 495 | query('tagsOneOf') |
491 | .optional() | 496 | .optional() |
492 | .customSanitizer(toArray) | 497 | .customSanitizer(toArray) |
@@ -536,10 +541,12 @@ const commonVideosFiltersValidator = [ | |||
536 | // FIXME: deprecated in 4.0, to remove | 541 | // FIXME: deprecated in 4.0, to remove |
537 | { | 542 | { |
538 | if (req.query.filter === 'all-local') { | 543 | if (req.query.filter === 'all-local') { |
539 | req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY | 544 | req.query.include = VideoInclude.NOT_PUBLISHED_STATE |
540 | req.query.isLocal = true | 545 | req.query.isLocal = true |
546 | req.query.privacyOneOf = getAllPrivacies() | ||
541 | } else if (req.query.filter === 'all') { | 547 | } else if (req.query.filter === 'all') { |
542 | req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY | 548 | req.query.include = VideoInclude.NOT_PUBLISHED_STATE |
549 | req.query.privacyOneOf = getAllPrivacies() | ||
543 | } else if (req.query.filter === 'local') { | 550 | } else if (req.query.filter === 'local') { |
544 | req.query.isLocal = true | 551 | req.query.isLocal = true |
545 | } | 552 | } |
@@ -550,7 +557,7 @@ const commonVideosFiltersValidator = [ | |||
550 | const user = res.locals.oauth?.token.User | 557 | const user = res.locals.oauth?.token.User |
551 | 558 | ||
552 | if ((!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) !== true)) { | 559 | if ((!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) !== true)) { |
553 | if (req.query.include) { | 560 | if (req.query.include || req.query.privacyOneOf) { |
554 | return res.fail({ | 561 | return res.fail({ |
555 | status: HttpStatusCode.UNAUTHORIZED_401, | 562 | status: HttpStatusCode.UNAUTHORIZED_401, |
556 | message: 'You are not allowed to see all videos.' | 563 | message: 'You are not allowed to see all videos.' |