diff options
Diffstat (limited to 'server/middlewares')
| -rw-r--r-- | server/middlewares/validators/videos.ts | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 0c07404c5..e197d4606 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
| @@ -20,9 +20,10 @@ import { | |||
| 20 | isVideoRatingTypeValid, | 20 | isVideoRatingTypeValid, |
| 21 | getDurationFromVideoFile, | 21 | getDurationFromVideoFile, |
| 22 | checkVideoExists, | 22 | checkVideoExists, |
| 23 | isIdValid | 23 | isIdValid, |
| 24 | isVideoPrivacyValid | ||
| 24 | } from '../../helpers' | 25 | } from '../../helpers' |
| 25 | import { UserRight } from '../../../shared' | 26 | import { UserRight, VideoPrivacy } from '../../../shared' |
| 26 | 27 | ||
| 27 | const videosAddValidator = [ | 28 | const videosAddValidator = [ |
| 28 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( | 29 | body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage( |
| @@ -36,6 +37,7 @@ const videosAddValidator = [ | |||
| 36 | body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'), | 37 | body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'), |
| 37 | body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'), | 38 | body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'), |
| 38 | body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'), | 39 | body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'), |
| 40 | body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'), | ||
| 39 | body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'), | 41 | body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'), |
| 40 | 42 | ||
| 41 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 43 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| @@ -110,6 +112,7 @@ const videosUpdateValidator = [ | |||
| 110 | body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'), | 112 | body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'), |
| 111 | body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'), | 113 | body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'), |
| 112 | body('nsfw').optional().custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'), | 114 | body('nsfw').optional().custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'), |
| 115 | body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'), | ||
| 113 | body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'), | 116 | body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'), |
| 114 | body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'), | 117 | body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'), |
| 115 | 118 | ||
| @@ -118,19 +121,27 @@ const videosUpdateValidator = [ | |||
| 118 | 121 | ||
| 119 | checkErrors(req, res, () => { | 122 | checkErrors(req, res, () => { |
| 120 | checkVideoExists(req.params.id, res, () => { | 123 | checkVideoExists(req.params.id, res, () => { |
| 124 | const video = res.locals.video | ||
| 125 | |||
| 121 | // We need to make additional checks | 126 | // We need to make additional checks |
| 122 | if (res.locals.video.isOwned() === false) { | 127 | if (video.isOwned() === false) { |
| 123 | return res.status(403) | 128 | return res.status(403) |
| 124 | .json({ error: 'Cannot update video of another pod' }) | 129 | .json({ error: 'Cannot update video of another pod' }) |
| 125 | .end() | 130 | .end() |
| 126 | } | 131 | } |
| 127 | 132 | ||
| 128 | if (res.locals.video.VideoChannel.Author.userId !== res.locals.oauth.token.User.id) { | 133 | if (video.VideoChannel.Author.userId !== res.locals.oauth.token.User.id) { |
| 129 | return res.status(403) | 134 | return res.status(403) |
| 130 | .json({ error: 'Cannot update video of another user' }) | 135 | .json({ error: 'Cannot update video of another user' }) |
| 131 | .end() | 136 | .end() |
| 132 | } | 137 | } |
| 133 | 138 | ||
| 139 | if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) { | ||
| 140 | return res.status(409) | ||
| 141 | .json({ error: 'Cannot set "private" a video that was not private anymore.' }) | ||
| 142 | .end() | ||
| 143 | } | ||
| 144 | |||
| 134 | next() | 145 | next() |
| 135 | }) | 146 | }) |
| 136 | }) | 147 | }) |