aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/videos/videos.ts13
1 files changed, 10 insertions, 3 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 53643635c..4916decbf 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -7,6 +7,7 @@ import { isAbleToUploadVideo } from '@server/lib/user'
7import { getServerActor } from '@server/models/application/application' 7import { getServerActor } from '@server/models/application/application'
8import { ExpressPromiseHandler } from '@server/types/express' 8import { ExpressPromiseHandler } from '@server/types/express'
9import { MUserAccountId, MVideoFullLight } from '@server/types/models' 9import { MUserAccountId, MVideoFullLight } from '@server/types/models'
10import { getAllPrivacies } from '@shared/core-utils'
10import { VideoInclude } from '@shared/models' 11import { VideoInclude } from '@shared/models'
11import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' 12import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared'
12import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' 13import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
@@ -487,6 +488,10 @@ const commonVideosFiltersValidator = [
487 .optional() 488 .optional()
488 .customSanitizer(toArray) 489 .customSanitizer(toArray)
489 .custom(isStringArray).withMessage('Should have a valid one of language array'), 490 .custom(isStringArray).withMessage('Should have a valid one of language array'),
491 query('privacyOneOf')
492 .optional()
493 .customSanitizer(toArray)
494 .custom(isNumberArray).withMessage('Should have a valid one of privacy array'),
490 query('tagsOneOf') 495 query('tagsOneOf')
491 .optional() 496 .optional()
492 .customSanitizer(toArray) 497 .customSanitizer(toArray)
@@ -536,10 +541,12 @@ const commonVideosFiltersValidator = [
536 // FIXME: deprecated in 4.0, to remove 541 // FIXME: deprecated in 4.0, to remove
537 { 542 {
538 if (req.query.filter === 'all-local') { 543 if (req.query.filter === 'all-local') {
539 req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY 544 req.query.include = VideoInclude.NOT_PUBLISHED_STATE
540 req.query.isLocal = true 545 req.query.isLocal = true
546 req.query.privacyOneOf = getAllPrivacies()
541 } else if (req.query.filter === 'all') { 547 } else if (req.query.filter === 'all') {
542 req.query.include = VideoInclude.NOT_PUBLISHED_STATE | VideoInclude.HIDDEN_PRIVACY 548 req.query.include = VideoInclude.NOT_PUBLISHED_STATE
549 req.query.privacyOneOf = getAllPrivacies()
543 } else if (req.query.filter === 'local') { 550 } else if (req.query.filter === 'local') {
544 req.query.isLocal = true 551 req.query.isLocal = true
545 } 552 }
@@ -550,7 +557,7 @@ const commonVideosFiltersValidator = [
550 const user = res.locals.oauth?.token.User 557 const user = res.locals.oauth?.token.User
551 558
552 if ((!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) !== true)) { 559 if ((!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) !== true)) {
553 if (req.query.include) { 560 if (req.query.include || req.query.privacyOneOf) {
554 return res.fail({ 561 return res.fail({
555 status: HttpStatusCode.UNAUTHORIZED_401, 562 status: HttpStatusCode.UNAUTHORIZED_401,
556 message: 'You are not allowed to see all videos.' 563 message: 'You are not allowed to see all videos.'