2 files changed, 87 insertions, 2 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index a595c39ec..d13c50c84 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -290,6 +290,10 @@ const usersVerifyEmailValidator = [
  }
 ]
+const userAutocompleteValidator = [
+  param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
+]
 // ---------------------------------------------------------------------------
 export {
@@ -307,7 +311,8 @@ export {
  usersAskResetPasswordValidator,
  usersResetPasswordValidator,
  usersAskSendVerifyEmailValidator,
-  usersVerifyEmailValidator
+  usersVerifyEmailValidator,
+  userAutocompleteValidator
 }
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index a2c866152..9befbc9ee 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -1,7 +1,7 @@
 import * as express from 'express'
 import 'express-validator'
 import { body, param, ValidationChain } from 'express-validator/check'
-import { UserRight, VideoPrivacy } from '../../../shared'
+import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../shared'
 import {
  isBooleanValid,
  isDateValid,
@@ -37,6 +37,10 @@ import { areValidationErrors } from './utils'
 import { cleanUpReqFiles } from '../../helpers/express-utils'
 import { VideoModel } from '../../models/video/video'
 import { UserModel } from '../../models/account/user'
+import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../helpers/custom-validators/video-ownership'
+import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'
+import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'
+import { AccountModel } from '../../models/account/account'
 const videosAddValidator = getCommonVideoAttributes().concat([
  body('videofile')
@@ -217,6 +221,78 @@ const videosShareValidator = [
  }
 ]
+const videosChangeOwnershipValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking changeOwnership parameters', { parameters: req.params })
+    if (areValidationErrors(req, res)) return
+    if (!await isVideoExist(req.params.videoId, res)) return
+    // Check if the user who did the request is able to change the ownership of the video
+    if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
+    const nextOwner = await AccountModel.loadLocalByName(req.body.username)
+    if (!nextOwner) {
+      res.status(400)
+        .type('json')
+        .end()
+      return
+    }
+    res.locals.nextOwner = nextOwner
+    return next()
+  }
+]
+const videosTerminateChangeOwnershipValidator = [
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking changeOwnership parameters', { parameters: req.params })
+    if (areValidationErrors(req, res)) return
+    if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
+    // Check if the user who did the request is able to change the ownership of the video
+    if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
+    return next()
+  },
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
+    if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) {
+      return next()
+    } else {
+      res.status(403)
+        .json({ error: 'Ownership already accepted or refused' })
+        .end()
+      return
+    }
+  }
+]
+const videosAcceptChangeOwnershipValidator = [
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const body = req.body as VideoChangeOwnershipAccept
+    if (!await isVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
+    const user = res.locals.oauth.token.User
+    const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
+    const isAble = await user.isAbleToUploadVideo(videoChangeOwnership.Video.getOriginalFile())
+    if (isAble === false) {
+      res.status(403)
+        .json({ error: 'The user video quota is exceeded with this video.' })
+        .end()
+      return
+    }
+    return next()
+  }
+]
 function getCommonVideoAttributes () {
  return [
    body('thumbnailfile')
@@ -295,6 +371,10 @@ export {
  videoRateValidator,
+  videosChangeOwnershipValidator,
+  videosTerminateChangeOwnershipValidator,
+  videosAcceptChangeOwnershipValidator,
  getCommonVideoAttributes
 }

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index a595c39ec..d13c50c84 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -290,6 +290,10 @@ const usersVerifyEmailValidator = [
290	}	290	}
291	]	291	]
292		292
		293	const userAutocompleteValidator = [
		294	param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
		295	]
		296
293	// ---------------------------------------------------------------------------	297	// ---------------------------------------------------------------------------
294		298
295	export {	299	export {
@@ -307,7 +311,8 @@ export {
307	usersAskResetPasswordValidator,	311	usersAskResetPasswordValidator,
308	usersResetPasswordValidator,	312	usersResetPasswordValidator,
309	usersAskSendVerifyEmailValidator,	313	usersAskSendVerifyEmailValidator,
310	usersVerifyEmailValidator	314	usersVerifyEmailValidator,
		315	userAutocompleteValidator
311	}	316	}
312		317
313	// ---------------------------------------------------------------------------	318	// ---------------------------------------------------------------------------


diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index a2c866152..9befbc9ee 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts
@@ -1,7 +1,7 @@
1	import * as express from 'express'	1	import * as express from 'express'
2	import 'express-validator'	2	import 'express-validator'
3	import { body, param, ValidationChain } from 'express-validator/check'	3	import { body, param, ValidationChain } from 'express-validator/check'
4	import { UserRight, VideoPrivacy } from '../../../shared'	4	import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../shared'
5	import {	5	import {
6	isBooleanValid,	6	isBooleanValid,
7	isDateValid,	7	isDateValid,
@@ -37,6 +37,10 @@ import { areValidationErrors } from './utils'
37	import { cleanUpReqFiles } from '../../helpers/express-utils'	37	import { cleanUpReqFiles } from '../../helpers/express-utils'
38	import { VideoModel } from '../../models/video/video'	38	import { VideoModel } from '../../models/video/video'
39	import { UserModel } from '../../models/account/user'	39	import { UserModel } from '../../models/account/user'
		40	import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../helpers/custom-validators/video-ownership'
		41	import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'
		42	import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'
		43	import { AccountModel } from '../../models/account/account'
40		44
41	const videosAddValidator = getCommonVideoAttributes().concat([	45	const videosAddValidator = getCommonVideoAttributes().concat([
42	body('videofile')	46	body('videofile')
@@ -217,6 +221,78 @@ const videosShareValidator = [
217	}	221	}
218	]	222	]
219		223
		224	const videosChangeOwnershipValidator = [
		225	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
		226
		227	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		228	logger.debug('Checking changeOwnership parameters', { parameters: req.params })
		229
		230	if (areValidationErrors(req, res)) return
		231	if (!await isVideoExist(req.params.videoId, res)) return
		232
		233	// Check if the user who did the request is able to change the ownership of the video
		234	if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
		235
		236	const nextOwner = await AccountModel.loadLocalByName(req.body.username)
		237	if (!nextOwner) {
		238	res.status(400)
		239	.type('json')
		240	.end()
		241	return
		242	}
		243	res.locals.nextOwner = nextOwner
		244
		245	return next()
		246	}
		247	]
		248
		249	const videosTerminateChangeOwnershipValidator = [
		250	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
		251
		252	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		253	logger.debug('Checking changeOwnership parameters', { parameters: req.params })
		254
		255	if (areValidationErrors(req, res)) return
		256	if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
		257
		258	// Check if the user who did the request is able to change the ownership of the video
		259	if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
		260
		261	return next()
		262	},
		263	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		264	const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
		265
		266	if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) {
		267	return next()
		268	} else {
		269	res.status(403)
		270	.json({ error: 'Ownership already accepted or refused' })
		271	.end()
		272	return
		273	}
		274	}
		275	]
		276
		277	const videosAcceptChangeOwnershipValidator = [
		278	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		279	const body = req.body as VideoChangeOwnershipAccept
		280	if (!await isVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
		281
		282	const user = res.locals.oauth.token.User
		283	const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
		284	const isAble = await user.isAbleToUploadVideo(videoChangeOwnership.Video.getOriginalFile())
		285	if (isAble === false) {
		286	res.status(403)
		287	.json({ error: 'The user video quota is exceeded with this video.' })
		288	.end()
		289	return
		290	}
		291
		292	return next()
		293	}
		294	]
		295
220	function getCommonVideoAttributes () {	296	function getCommonVideoAttributes () {
221	return [	297	return [
222	body('thumbnailfile')	298	body('thumbnailfile')
@@ -295,6 +371,10 @@ export {
295		371
296	videoRateValidator,	372	videoRateValidator,
297		373
		374	videosChangeOwnershipValidator,
		375	videosTerminateChangeOwnershipValidator,
		376	videosAcceptChangeOwnershipValidator,
		377
298	getCommonVideoAttributes	378	getCommonVideoAttributes
299	}	379	}
300		380