diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index e486887a7..44233b653 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -7,6 +7,7 @@ import { isAbleToUploadVideo } from '@server/lib/user' | |||
7 | import { getServerActor } from '@server/models/application/application' | 7 | import { getServerActor } from '@server/models/application/application' |
8 | import { ExpressPromiseHandler } from '@server/types/express' | 8 | import { ExpressPromiseHandler } from '@server/types/express' |
9 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' | 9 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' |
10 | import { VideoInclude } from '@shared/models' | ||
10 | import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' | 11 | import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' |
11 | import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' | 12 | import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' |
12 | import { | 13 | import { |
@@ -30,6 +31,7 @@ import { | |||
30 | isVideoFileSizeValid, | 31 | isVideoFileSizeValid, |
31 | isVideoFilterValid, | 32 | isVideoFilterValid, |
32 | isVideoImage, | 33 | isVideoImage, |
34 | isVideoIncludeValid, | ||
33 | isVideoLanguageValid, | 35 | isVideoLanguageValid, |
34 | isVideoLicenceValid, | 36 | isVideoLicenceValid, |
35 | isVideoNameValid, | 37 | isVideoNameValid, |
@@ -487,6 +489,13 @@ const commonVideosFiltersValidator = [ | |||
487 | query('filter') | 489 | query('filter') |
488 | .optional() | 490 | .optional() |
489 | .custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'), | 491 | .custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'), |
492 | query('include') | ||
493 | .optional() | ||
494 | .custom(isVideoIncludeValid).withMessage('Should have a valid include attribute'), | ||
495 | query('isLocal') | ||
496 | .optional() | ||
497 | .customSanitizer(toBooleanOrNull) | ||
498 | .custom(isBooleanValid).withMessage('Should have a valid local boolean'), | ||
490 | query('skipCount') | 499 | query('skipCount') |
491 | .optional() | 500 | .optional() |
492 | .customSanitizer(toBooleanOrNull) | 501 | .customSanitizer(toBooleanOrNull) |
@@ -500,11 +509,23 @@ const commonVideosFiltersValidator = [ | |||
500 | 509 | ||
501 | if (areValidationErrors(req, res)) return | 510 | if (areValidationErrors(req, res)) return |
502 | 511 | ||
503 | const user = res.locals.oauth ? res.locals.oauth.token.User : undefined | 512 | // FIXME: deprecated in 4.0, to remove |
504 | if ( | 513 | { |
505 | (req.query.filter === 'all-local' || req.query.filter === 'all') && | 514 | if (req.query.filter === 'all-local') { |
506 | (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false) | 515 | req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY |
507 | ) { | 516 | req.query.isLocal = true |
517 | } else if (req.query.filter === 'all') { | ||
518 | req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY | ||
519 | } else if (req.query.filter === 'local') { | ||
520 | req.query.isLocal = true | ||
521 | } | ||
522 | |||
523 | req.query.filter = undefined | ||
524 | } | ||
525 | |||
526 | const user = res.locals.oauth?.token.User | ||
527 | |||
528 | if (req.query.include && (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) !== true)) { | ||
508 | res.fail({ | 529 | res.fail({ |
509 | status: HttpStatusCode.UNAUTHORIZED_401, | 530 | status: HttpStatusCode.UNAUTHORIZED_401, |
510 | message: 'You are not allowed to see all local videos.' | 531 | message: 'You are not allowed to see all local videos.' |