aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/videos/videos.ts31
1 files changed, 26 insertions, 5 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index e486887a7..44233b653 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -7,6 +7,7 @@ import { isAbleToUploadVideo } from '@server/lib/user'
7import { getServerActor } from '@server/models/application/application' 7import { getServerActor } from '@server/models/application/application'
8import { ExpressPromiseHandler } from '@server/types/express' 8import { ExpressPromiseHandler } from '@server/types/express'
9import { MUserAccountId, MVideoFullLight } from '@server/types/models' 9import { MUserAccountId, MVideoFullLight } from '@server/types/models'
10import { VideoInclude } from '@shared/models'
10import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' 11import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared'
11import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' 12import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
12import { 13import {
@@ -30,6 +31,7 @@ import {
30 isVideoFileSizeValid, 31 isVideoFileSizeValid,
31 isVideoFilterValid, 32 isVideoFilterValid,
32 isVideoImage, 33 isVideoImage,
34 isVideoIncludeValid,
33 isVideoLanguageValid, 35 isVideoLanguageValid,
34 isVideoLicenceValid, 36 isVideoLicenceValid,
35 isVideoNameValid, 37 isVideoNameValid,
@@ -487,6 +489,13 @@ const commonVideosFiltersValidator = [
487 query('filter') 489 query('filter')
488 .optional() 490 .optional()
489 .custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'), 491 .custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'),
492 query('include')
493 .optional()
494 .custom(isVideoIncludeValid).withMessage('Should have a valid include attribute'),
495 query('isLocal')
496 .optional()
497 .customSanitizer(toBooleanOrNull)
498 .custom(isBooleanValid).withMessage('Should have a valid local boolean'),
490 query('skipCount') 499 query('skipCount')
491 .optional() 500 .optional()
492 .customSanitizer(toBooleanOrNull) 501 .customSanitizer(toBooleanOrNull)
@@ -500,11 +509,23 @@ const commonVideosFiltersValidator = [
500 509
501 if (areValidationErrors(req, res)) return 510 if (areValidationErrors(req, res)) return
502 511
503 const user = res.locals.oauth ? res.locals.oauth.token.User : undefined 512 // FIXME: deprecated in 4.0, to remove
504 if ( 513 {
505 (req.query.filter === 'all-local' || req.query.filter === 'all') && 514 if (req.query.filter === 'all-local') {
506 (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false) 515 req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY
507 ) { 516 req.query.isLocal = true
517 } else if (req.query.filter === 'all') {
518 req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY
519 } else if (req.query.filter === 'local') {
520 req.query.isLocal = true
521 }
522
523 req.query.filter = undefined
524 }
525
526 const user = res.locals.oauth?.token.User
527
528 if (req.query.include && (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) !== true)) {
508 res.fail({ 529 res.fail({
509 status: HttpStatusCode.UNAUTHORIZED_401, 530 status: HttpStatusCode.UNAUTHORIZED_401,
510 message: 'You are not allowed to see all local videos.' 531 message: 'You are not allowed to see all local videos.'