2 files changed, 236 insertions, 186 deletions
diff --git a/server/tests/api/videos/video-playlists.ts b/server/tests/api/videos/video-playlists.ts
index 9dad58c8c..da8de054b 100644
--- a/server/tests/api/videos/video-playlists.ts
+++ b/server/tests/api/videos/video-playlists.ts
@@ -56,7 +56,7 @@ import {
  removeServerFromServerBlocklist
 } from '../../../../shared/extra-utils/users/blocklist'
 import { User } from '../../../../shared/models/users'
-import { VideoPrivacy } from '../../../../shared/models/videos'
+import { VideoPlaylistCreateResult, VideoPrivacy } from '../../../../shared/models/videos'
 import { VideoExistInPlaylist } from '../../../../shared/models/videos/playlist/video-exist-in-playlist.model'
 import { VideoPlaylistElement, VideoPlaylistElementType } from '../../../../shared/models/videos/playlist/video-playlist-element.model'
 import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
@@ -427,31 +427,45 @@ describe('Test video playlists', function () {
        expect(data).to.have.lengthOf(0)
      }
    })
+  })
-    it('Should not list unlisted or private playlists', async function () {
+  describe('Playlist rights', function () {
+    let unlistedPlaylist: VideoPlaylistCreateResult
+    let privatePlaylist: VideoPlaylistCreateResult
+    before(async function () {
      this.timeout(30000)
-      await createVideoPlaylist({
+      {
-        url: servers[1].url,
+        const res = await createVideoPlaylist({
-        token: servers[1].accessToken,
+          url: servers[1].url,
-        playlistAttrs: {
+          token: servers[1].accessToken,
-          displayName: 'playlist unlisted',
+          playlistAttrs: {
-          privacy: VideoPlaylistPrivacy.UNLISTED
+            displayName: 'playlist unlisted',
-        }
+            privacy: VideoPlaylistPrivacy.UNLISTED,
-      })
+            videoChannelId: servers[1].videoChannel.id
+          }
+        })
+        unlistedPlaylist = res.body.videoPlaylist
+      }
-      await createVideoPlaylist({
+      {
-        url: servers[1].url,
+        const res = await createVideoPlaylist({
-        token: servers[1].accessToken,
+          url: servers[1].url,
-        playlistAttrs: {
+          token: servers[1].accessToken,
-          displayName: 'playlist private',
+          playlistAttrs: {
-          privacy: VideoPlaylistPrivacy.PRIVATE
+            displayName: 'playlist private',
-        }
+            privacy: VideoPlaylistPrivacy.PRIVATE
-      })
+          }
+        })
+        privatePlaylist = res.body.videoPlaylist
+      }
      await waitJobs(servers)
      await wait(3000)
+    })
+    it('Should not list unlisted or private playlists', async function () {
      for (const server of servers) {
        const results = [
          await getAccountPlaylistsList(server.url, 'root@localhost:' + servers[1].port, 0, 5, '-createdAt'),
@@ -469,6 +483,27 @@ describe('Test video playlists', function () {
        }
      }
    })
+    it('Should not get unlisted playlist using only the id', async function () {
+      await getVideoPlaylist(servers[1].url, unlistedPlaylist.id, 404)
+    })
+    it('Should get unlisted plyaylist using uuid or shortUUID', async function () {
+      await getVideoPlaylist(servers[1].url, unlistedPlaylist.uuid)
+      await getVideoPlaylist(servers[1].url, unlistedPlaylist.shortUUID)
+    })
+    it('Should not get private playlist without token', async function () {
+      for (const id of [ privatePlaylist.id, privatePlaylist.uuid, privatePlaylist.shortUUID ]) {
+        await getVideoPlaylist(servers[1].url, id, 401)
+      }
+    })
+    it('Should get private playlist with a token', async function () {
+      for (const id of [ privatePlaylist.id, privatePlaylist.uuid, privatePlaylist.shortUUID ]) {
+        await getVideoPlaylistWithToken(servers[1].url, servers[1].accessToken, id)
+      }
+    })
  })
  describe('Update playlists', function () {
diff --git a/server/tests/api/videos/video-privacy.ts b/server/tests/api/videos/video-privacy.ts
index fed6ca0e0..950aeb7cf 100644
--- a/server/tests/api/videos/video-privacy.ts
+++ b/server/tests/api/videos/video-privacy.ts
@@ -1,8 +1,9 @@
 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
-import * as chai from 'chai'
 import 'mocha'
-import { VideoPrivacy } from '../../../../shared/models/videos/video-privacy.enum'
+import * as chai from 'chai'
+import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
+import { Video, VideoCreateResult } from '@shared/models'
 import {
  cleanupTests,
  flushAndRunServer,
@@ -13,12 +14,11 @@ import {
  uploadVideo
 } from '../../../../shared/extra-utils/index'
 import { doubleFollow } from '../../../../shared/extra-utils/server/follows'
+import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
 import { userLogin } from '../../../../shared/extra-utils/users/login'
 import { createUser } from '../../../../shared/extra-utils/users/users'
 import { getMyVideos, getVideo, getVideoWithToken, updateVideo } from '../../../../shared/extra-utils/videos/videos'
-import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
+import { VideoPrivacy } from '../../../../shared/models/videos/video-privacy.enum'
-import { Video } from '@shared/models'
-import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
 const expect = chai.expect
@@ -32,7 +32,7 @@ describe('Test video privacy', function () {
  let internalVideoId: number
  let internalVideoUUID: string
-  let unlistedVideoUUID: string
+  let unlistedVideo: VideoCreateResult
  let nonFederatedUnlistedVideoUUID: string
  let now: number
@@ -59,231 +59,246 @@ describe('Test video privacy', function () {
    await doubleFollow(servers[0], servers[1])
  })
-  it('Should upload a private and internal videos on server 1', async function () {
+  describe('Private and internal videos', function () {
-    this.timeout(10000)
-    for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
+    it('Should upload a private and internal videos on server 1', async function () {
-      const attributes = { privacy }
+      this.timeout(10000)
-      await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
-    }
-    await waitJobs(servers)
+      for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
-  })
+        const attributes = { privacy }
+        await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
+      }
-  it('Should not have these private and internal videos on server 2', async function () {
+      await waitJobs(servers)
-    const res = await getVideosList(servers[1].url)
+    })
-    expect(res.body.total).to.equal(0)
+    it('Should not have these private and internal videos on server 2', async function () {
-    expect(res.body.data).to.have.lengthOf(0)
+      const res = await getVideosList(servers[1].url)
-  })
-  it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
+      expect(res.body.total).to.equal(0)
-    const res = await getVideosList(servers[0].url)
+      expect(res.body.data).to.have.lengthOf(0)
+    })
-    expect(res.body.total).to.equal(0)
+    it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
-    expect(res.body.data).to.have.lengthOf(0)
+      const res = await getVideosList(servers[0].url)
-  })
+      expect(res.body.total).to.equal(0)
+      expect(res.body.data).to.have.lengthOf(0)
+    })
-  it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
+    it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
-    const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
+      const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
-    expect(res.body.total).to.equal(1)
+      expect(res.body.total).to.equal(1)
-    expect(res.body.data).to.have.lengthOf(1)
+      expect(res.body.data).to.have.lengthOf(1)
-    expect(res.body.data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
+      expect(res.body.data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
-  })
+    })
-  it('Should list my (private and internal) videos', async function () {
+    it('Should list my (private and internal) videos', async function () {
-    const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 10)
+      const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 10)
-    expect(res.body.total).to.equal(2)
+      expect(res.body.total).to.equal(2)
-    expect(res.body.data).to.have.lengthOf(2)
+      expect(res.body.data).to.have.lengthOf(2)
-    const videos: Video[] = res.body.data
+      const videos: Video[] = res.body.data
-    const privateVideo = videos.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
+      const privateVideo = videos.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
-    privateVideoId = privateVideo.id
+      privateVideoId = privateVideo.id
-    privateVideoUUID = privateVideo.uuid
+      privateVideoUUID = privateVideo.uuid
-    const internalVideo = videos.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
+      const internalVideo = videos.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
-    internalVideoId = internalVideo.id
+      internalVideoId = internalVideo.id
-    internalVideoUUID = internalVideo.uuid
+      internalVideoUUID = internalVideo.uuid
-  })
+    })
-  it('Should not be able to watch the private/internal video with non authenticated user', async function () {
+    it('Should not be able to watch the private/internal video with non authenticated user', async function () {
-    await getVideo(servers[0].url, privateVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
+      await getVideo(servers[0].url, privateVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
-    await getVideo(servers[0].url, internalVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
+      await getVideo(servers[0].url, internalVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
-  })
+    })
-  it('Should not be able to watch the private video with another user', async function () {
+    it('Should not be able to watch the private video with another user', async function () {
-    this.timeout(10000)
+      this.timeout(10000)
-    const user = {
+      const user = {
-      username: 'hello',
+        username: 'hello',
-      password: 'super password'
+        password: 'super password'
-    }
+      }
-    await createUser({ url: servers[0].url, accessToken: servers[0].accessToken, username: user.username, password: user.password })
+      await createUser({ url: servers[0].url, accessToken: servers[0].accessToken, username: user.username, password: user.password })
-    anotherUserToken = await userLogin(servers[0], user)
+      anotherUserToken = await userLogin(servers[0], user)
-    await getVideoWithToken(servers[0].url, anotherUserToken, privateVideoUUID, HttpStatusCode.FORBIDDEN_403)
+      await getVideoWithToken(servers[0].url, anotherUserToken, privateVideoUUID, HttpStatusCode.FORBIDDEN_403)
-  })
+    })
-  it('Should be able to watch the internal video with another user', async function () {
+    it('Should be able to watch the internal video with another user', async function () {
-    await getVideoWithToken(servers[0].url, anotherUserToken, internalVideoUUID, HttpStatusCode.OK_200)
+      await getVideoWithToken(servers[0].url, anotherUserToken, internalVideoUUID, HttpStatusCode.OK_200)
-  })
+    })
-  it('Should be able to watch the private video with the correct user', async function () {
+    it('Should be able to watch the private video with the correct user', async function () {
-    await getVideoWithToken(servers[0].url, servers[0].accessToken, privateVideoUUID, HttpStatusCode.OK_200)
+      await getVideoWithToken(servers[0].url, servers[0].accessToken, privateVideoUUID, HttpStatusCode.OK_200)
+    })
  })
-  it('Should upload an unlisted video on server 2', async function () {
+  describe('Unlisted videos', function () {
-    this.timeout(60000)
-    const attributes = {
+    it('Should upload an unlisted video on server 2', async function () {
-      name: 'unlisted video',
+      this.timeout(60000)
-      privacy: VideoPrivacy.UNLISTED
-    }
-    await uploadVideo(servers[1].url, servers[1].accessToken, attributes)
-    // Server 2 has transcoding enabled
+      const attributes = {
-    await waitJobs(servers)
+        name: 'unlisted video',
-  })
+        privacy: VideoPrivacy.UNLISTED
+      }
+      await uploadVideo(servers[1].url, servers[1].accessToken, attributes)
-  it('Should not have this unlisted video listed on server 1 and 2', async function () {
+      // Server 2 has transcoding enabled
-    for (const server of servers) {
+      await waitJobs(servers)
-      const res = await getVideosList(server.url)
+    })
-      expect(res.body.total).to.equal(0)
+    it('Should not have this unlisted video listed on server 1 and 2', async function () {
-      expect(res.body.data).to.have.lengthOf(0)
+      for (const server of servers) {
-    }
+        const res = await getVideosList(server.url)
-  })
-  it('Should list my (unlisted) videos', async function () {
+        expect(res.body.total).to.equal(0)
-    const res = await getMyVideos(servers[1].url, servers[1].accessToken, 0, 1)
+        expect(res.body.data).to.have.lengthOf(0)
+      }
+    })
-    expect(res.body.total).to.equal(1)
+    it('Should list my (unlisted) videos', async function () {
-    expect(res.body.data).to.have.lengthOf(1)
+      const res = await getMyVideos(servers[1].url, servers[1].accessToken, 0, 1)
-    unlistedVideoUUID = res.body.data[0].uuid
+      expect(res.body.total).to.equal(1)
-  })
+      expect(res.body.data).to.have.lengthOf(1)
-  it('Should be able to get this unlisted video', async function () {
+      unlistedVideo = res.body.data[0]
-    for (const server of servers) {
+    })
-      const res = await getVideo(server.url, unlistedVideoUUID)
-      expect(res.body.name).to.equal('unlisted video')
+    it('Should not be able to get this unlisted video using its id', async function () {
-    }
+      await getVideo(servers[1].url, unlistedVideo.id, 404)
-  })
+    })
-  it('Should upload a non-federating unlisted video to server 1', async function () {
+    it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
-    this.timeout(30000)
+      for (const server of servers) {
+        for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
+          const res = await getVideo(server.url, id)
-    const attributes = {
+          expect(res.body.name).to.equal('unlisted video')
-      name: 'unlisted video',
+        }
-      privacy: VideoPrivacy.UNLISTED
+      }
-    }
+    })
-    await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
-    await waitJobs(servers)
+    it('Should upload a non-federating unlisted video to server 1', async function () {
-  })
+      this.timeout(30000)
+      const attributes = {
+        name: 'unlisted video',
+        privacy: VideoPrivacy.UNLISTED
+      }
+      await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
-  it('Should list my new unlisted video', async function () {
+      await waitJobs(servers)
-    const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 3)
+    })
-    expect(res.body.total).to.equal(3)
+    it('Should list my new unlisted video', async function () {
-    expect(res.body.data).to.have.lengthOf(3)
+      const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 3)
-    nonFederatedUnlistedVideoUUID = res.body.data[0].uuid
+      expect(res.body.total).to.equal(3)
-  })
+      expect(res.body.data).to.have.lengthOf(3)
-  it('Should be able to get non-federated unlisted video from origin', async function () {
+      nonFederatedUnlistedVideoUUID = res.body.data[0].uuid
-    const res = await getVideo(servers[0].url, nonFederatedUnlistedVideoUUID)
+    })
-    expect(res.body.name).to.equal('unlisted video')
+    it('Should be able to get non-federated unlisted video from origin', async function () {
-  })
+      const res = await getVideo(servers[0].url, nonFederatedUnlistedVideoUUID)
-  it('Should not be able to get non-federated unlisted video from federated server', async function () {
+      expect(res.body.name).to.equal('unlisted video')
-    await getVideo(servers[1].url, nonFederatedUnlistedVideoUUID, HttpStatusCode.NOT_FOUND_404)
+    })
+    it('Should not be able to get non-federated unlisted video from federated server', async function () {
+      await getVideo(servers[1].url, nonFederatedUnlistedVideoUUID, HttpStatusCode.NOT_FOUND_404)
+    })
  })
-  it('Should update the private and internal videos to public on server 1', async function () {
+  describe('Privacy update', function () {
-    this.timeout(10000)
-    now = Date.now()
+    it('Should update the private and internal videos to public on server 1', async function () {
+      this.timeout(10000)
-    {
+      now = Date.now()
-      const attribute = {
-        name: 'private video becomes public',
-        privacy: VideoPrivacy.PUBLIC
-      }
-      await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, attribute)
+      {
-    }
+        const attribute = {
+          name: 'private video becomes public',
+          privacy: VideoPrivacy.PUBLIC
+        }
-    {
+        await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, attribute)
-      const attribute = {
-        name: 'internal video becomes public',
-        privacy: VideoPrivacy.PUBLIC
      }
-      await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, attribute)
-    }
-    await waitJobs(servers)
+      {
-  })
+        const attribute = {
+          name: 'internal video becomes public',
+          privacy: VideoPrivacy.PUBLIC
+        }
+        await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, attribute)
+      }
-  it('Should have this new public video listed on server 1 and 2', async function () {
+      await waitJobs(servers)
-    for (const server of servers) {
+    })
-      const res = await getVideosList(server.url)
-      expect(res.body.total).to.equal(2)
-      expect(res.body.data).to.have.lengthOf(2)
-      const videos: Video[] = res.body.data
+    it('Should have this new public video listed on server 1 and 2', async function () {
-      const privateVideo = videos.find(v => v.name === 'private video becomes public')
+      for (const server of servers) {
-      const internalVideo = videos.find(v => v.name === 'internal video becomes public')
+        const res = await getVideosList(server.url)
+        expect(res.body.total).to.equal(2)
+        expect(res.body.data).to.have.lengthOf(2)
-      expect(privateVideo).to.not.be.undefined
+        const videos: Video[] = res.body.data
-      expect(internalVideo).to.not.be.undefined
+        const privateVideo = videos.find(v => v.name === 'private video becomes public')
+        const internalVideo = videos.find(v => v.name === 'internal video becomes public')
-      expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
+        expect(privateVideo).to.not.be.undefined
-      // We don't change the publish date of internal videos
+        expect(internalVideo).to.not.be.undefined
-      expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
-      expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
+        expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
-      expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
+        // We don't change the publish date of internal videos
-    }
+        expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
-  })
-  it('Should set these videos as private and internal', async function () {
+        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
-    this.timeout(10000)
+        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
+      }
+    })
-    await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, { privacy: VideoPrivacy.PRIVATE })
+    it('Should set these videos as private and internal', async function () {
-    await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, { privacy: VideoPrivacy.INTERNAL })
+      this.timeout(10000)
-    await waitJobs(servers)
+      await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, { privacy: VideoPrivacy.PRIVATE })
+      await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, { privacy: VideoPrivacy.INTERNAL })
-    for (const server of servers) {
+      await waitJobs(servers)
-      const res = await getVideosList(server.url)
-      expect(res.body.total).to.equal(0)
+      for (const server of servers) {
-      expect(res.body.data).to.have.lengthOf(0)
+        const res = await getVideosList(server.url)
-    }
+        expect(res.body.total).to.equal(0)
+        expect(res.body.data).to.have.lengthOf(0)
+      }
-    {
+      {
-      const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 5)
+        const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 5)
-      const videos = res.body.data
+        const videos = res.body.data
-      expect(res.body.total).to.equal(3)
+        expect(res.body.total).to.equal(3)
-      expect(videos).to.have.lengthOf(3)
+        expect(videos).to.have.lengthOf(3)
-      const privateVideo = videos.find(v => v.name === 'private video becomes public')
+        const privateVideo = videos.find(v => v.name === 'private video becomes public')
-      const internalVideo = videos.find(v => v.name === 'internal video becomes public')
+        const internalVideo = videos.find(v => v.name === 'internal video becomes public')
-      expect(privateVideo).to.not.be.undefined
+        expect(privateVideo).to.not.be.undefined
-      expect(internalVideo).to.not.be.undefined
+        expect(internalVideo).to.not.be.undefined
-      expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
+        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
-      expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
+        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
-    }
+      }
+    })
  })
  after(async function () {