aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/videos.ts19
1 files changed, 15 insertions, 4 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 0c07404c5..e197d4606 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -20,9 +20,10 @@ import {
20 isVideoRatingTypeValid, 20 isVideoRatingTypeValid,
21 getDurationFromVideoFile, 21 getDurationFromVideoFile,
22 checkVideoExists, 22 checkVideoExists,
23 isIdValid 23 isIdValid,
24 isVideoPrivacyValid
24} from '../../helpers' 25} from '../../helpers'
25import { UserRight } from '../../../shared' 26import { UserRight, VideoPrivacy } from '../../../shared'
26 27
27const videosAddValidator = [ 28const videosAddValidator = [
28 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( 29 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
@@ -36,6 +37,7 @@ const videosAddValidator = [
36 body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'), 37 body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
37 body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'), 38 body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
38 body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'), 39 body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'),
40 body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
39 body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'), 41 body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
40 42
41 (req: express.Request, res: express.Response, next: express.NextFunction) => { 43 (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -110,6 +112,7 @@ const videosUpdateValidator = [
110 body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'), 112 body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
111 body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'), 113 body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
112 body('nsfw').optional().custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'), 114 body('nsfw').optional().custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
115 body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
113 body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'), 116 body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
114 body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'), 117 body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
115 118
@@ -118,19 +121,27 @@ const videosUpdateValidator = [
118 121
119 checkErrors(req, res, () => { 122 checkErrors(req, res, () => {
120 checkVideoExists(req.params.id, res, () => { 123 checkVideoExists(req.params.id, res, () => {
124 const video = res.locals.video
125
121 // We need to make additional checks 126 // We need to make additional checks
122 if (res.locals.video.isOwned() === false) { 127 if (video.isOwned() === false) {
123 return res.status(403) 128 return res.status(403)
124 .json({ error: 'Cannot update video of another pod' }) 129 .json({ error: 'Cannot update video of another pod' })
125 .end() 130 .end()
126 } 131 }
127 132
128 if (res.locals.video.VideoChannel.Author.userId !== res.locals.oauth.token.User.id) { 133 if (video.VideoChannel.Author.userId !== res.locals.oauth.token.User.id) {
129 return res.status(403) 134 return res.status(403)
130 .json({ error: 'Cannot update video of another user' }) 135 .json({ error: 'Cannot update video of another user' })
131 .end() 136 .end()
132 } 137 }
133 138
139 if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
140 return res.status(409)
141 .json({ error: 'Cannot set "private" a video that was not private anymore.' })
142 .end()
143 }
144
134 next() 145 next()
135 }) 146 })
136 }) 147 })