diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/videos.ts | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index b93dccc50..aa2afb068 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -6,6 +6,7 @@ import { isBooleanValid, isIdOrUUIDValid, isIdValid, isUUIDValid, toIntOrNull, t | |||
6 | import { | 6 | import { |
7 | isVideoAbuseReasonValid, | 7 | isVideoAbuseReasonValid, |
8 | isVideoCategoryValid, | 8 | isVideoCategoryValid, |
9 | isVideoChannelOfAccountExist, | ||
9 | isVideoDescriptionValid, | 10 | isVideoDescriptionValid, |
10 | isVideoExist, | 11 | isVideoExist, |
11 | isVideoFile, | 12 | isVideoFile, |
@@ -23,7 +24,6 @@ import { logger } from '../../helpers/logger' | |||
23 | import { CONSTRAINTS_FIELDS } from '../../initializers' | 24 | import { CONSTRAINTS_FIELDS } from '../../initializers' |
24 | import { UserModel } from '../../models/account/user' | 25 | import { UserModel } from '../../models/account/user' |
25 | import { VideoModel } from '../../models/video/video' | 26 | import { VideoModel } from '../../models/video/video' |
26 | import { VideoChannelModel } from '../../models/video/video-channel' | ||
27 | import { VideoShareModel } from '../../models/video/video-share' | 27 | import { VideoShareModel } from '../../models/video/video-share' |
28 | import { authenticate } from '../oauth' | 28 | import { authenticate } from '../oauth' |
29 | import { areValidationErrors } from './utils' | 29 | import { areValidationErrors } from './utils' |
@@ -75,7 +75,10 @@ const videosAddValidator = [ | |||
75 | .optional() | 75 | .optional() |
76 | .toInt() | 76 | .toInt() |
77 | .custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'), | 77 | .custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'), |
78 | body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'), | 78 | body('channelId') |
79 | .toInt() | ||
80 | .custom(isIdValid) | ||
81 | .withMessage('Should have correct video channel id'), | ||
79 | 82 | ||
80 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 83 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
81 | logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) | 84 | logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) |
@@ -86,16 +89,7 @@ const videosAddValidator = [ | |||
86 | const videoFile: Express.Multer.File = req.files['videofile'][0] | 89 | const videoFile: Express.Multer.File = req.files['videofile'][0] |
87 | const user = res.locals.oauth.token.User | 90 | const user = res.locals.oauth.token.User |
88 | 91 | ||
89 | const videoChannel = await VideoChannelModel.loadByIdAndAccount(req.body.channelId, user.Account.id) | 92 | if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return |
90 | if (!videoChannel) { | ||
91 | res.status(400) | ||
92 | .json({ error: 'Unknown video video channel for this account.' }) | ||
93 | .end() | ||
94 | |||
95 | return | ||
96 | } | ||
97 | |||
98 | res.locals.videoChannel = videoChannel | ||
99 | 93 | ||
100 | const isAble = await user.isAbleToUploadVideo(videoFile) | 94 | const isAble = await user.isAbleToUploadVideo(videoFile) |
101 | if (isAble === false) { | 95 | if (isAble === false) { |
@@ -173,6 +167,10 @@ const videosUpdateValidator = [ | |||
173 | .optional() | 167 | .optional() |
174 | .toBoolean() | 168 | .toBoolean() |
175 | .custom(isBooleanValid).withMessage('Should have comments enabled boolean'), | 169 | .custom(isBooleanValid).withMessage('Should have comments enabled boolean'), |
170 | body('channelId') | ||
171 | .optional() | ||
172 | .toInt() | ||
173 | .custom(isIdValid).withMessage('Should have correct video channel id'), | ||
176 | 174 | ||
177 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 175 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
178 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) | 176 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) |
@@ -184,7 +182,8 @@ const videosUpdateValidator = [ | |||
184 | const video = res.locals.video | 182 | const video = res.locals.video |
185 | 183 | ||
186 | // Check if the user who did the request is able to update the video | 184 | // Check if the user who did the request is able to update the video |
187 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return | 185 | const user = res.locals.oauth.token.User |
186 | if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return | ||
188 | 187 | ||
189 | if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) { | 188 | if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) { |
190 | return res.status(409) | 189 | return res.status(409) |
@@ -192,6 +191,8 @@ const videosUpdateValidator = [ | |||
192 | .end() | 191 | .end() |
193 | } | 192 | } |
194 | 193 | ||
194 | if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return | ||
195 | |||
195 | return next() | 196 | return next() |
196 | } | 197 | } |
197 | ] | 198 | ] |