3 files changed, 23 insertions, 20 deletions

diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index ce8df8fee..3ba668460 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -53,6 +53,9 @@ const pluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.PLUGINS)
 const availablePluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.AVAILABLE_PLUGINS)
 const videoRedundanciesSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_REDUNDANCIES)
 
+const accountsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNT_FOLLOWERS)
+const videoChannelsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.CHANNEL_FOLLOWERS)
+
 // ---------------------------------------------------------------------------
 
 export {
@@ -79,5 +82,7 @@ export {
   videoPlaylistsSortValidator,
   videoRedundanciesSortValidator,
   videoPlaylistsSearchSortValidator,
+  accountsFollowersSortValidator,
+  videoChannelsFollowersSortValidator,
   pluginsSortValidator
 }
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index c06b85862..c6eeeaf18 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -3,9 +3,7 @@ import { body, param, query } from 'express-validator'
 import { omit } from 'lodash'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { MUserDefault } from '@server/types/models'
-import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
-import { UserRole } from '../../../shared/models/users'
-import { UserRegister } from '../../../shared/models/users/user-register.model'
+import { HttpStatusCode, UserRegister, UserRole } from '@shared/models'
 import { toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
 import { isThemeNameValid } from '../../helpers/custom-validators/plugins'
 import {
@@ -462,7 +460,22 @@ const ensureAuthUserOwnsAccountValidator = [
     if (res.locals.account.id !== user.Account.id) {
       return res.fail({
         status: HttpStatusCode.FORBIDDEN_403,
-        message: 'Only owner can access ratings list.'
+        message: 'Only owner of this account can access this ressource.'
+      })
+    }
+
+    return next()
+  }
+]
+
+const ensureAuthUserOwnsChannelValidator = [
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const user = res.locals.oauth.token.User
+
+    if (res.locals.videoChannel.Account.userId !== user.id) {
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'Only owner of this video channel can access this ressource'
       })
     }
 
@@ -506,6 +519,7 @@ export {
   usersVerifyEmailValidator,
   userAutocompleteValidator,
   ensureAuthUserOwnsAccountValidator,
+  ensureAuthUserOwnsChannelValidator,
   ensureCanManageUser
 }
 
diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts
index fc717abf6..ec107fa51 100644
--- a/server/middlewares/validators/videos/video-channels.ts
+++ b/server/middlewares/validators/videos/video-channels.ts
@@ -65,22 +65,6 @@ const videoChannelsUpdateValidator = [
     logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
 
     if (areValidationErrors(req, res)) return
-    if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
-
-    // We need to make additional checks
-    if (res.locals.videoChannel.Actor.isOwned() === false) {
-      return res.fail({
-        status: HttpStatusCode.FORBIDDEN_403,
-        message: 'Cannot update video channel of another server'
-      })
-    }
-
-    if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
-      return res.fail({
-        status: HttpStatusCode.FORBIDDEN_403,
-        message: 'Cannot update video channel of another user'
-      })
-    }
 
     return next()
   }