2 files changed, 13 insertions, 30 deletions
diff --git a/server/controllers/api/videos.js b/server/controllers/api/videos.js
index e5c52a87b..35d6979e5 100644
--- a/server/controllers/api/videos.js
+++ b/server/controllers/api/videos.js
@@ -200,7 +200,7 @@ function addVideo (req, res, next) {
 }
 function updateVideo (req, res, next) {
-  let videoInstance = res.locals.video
+  const videoInstance = res.locals.video
  const videoInfosToUpdate = req.body
  waterfall([
@@ -275,15 +275,8 @@ function updateVideo (req, res, next) {
 }
 function getVideo (req, res, next) {
-  db.Video.loadAndPopulateAuthorAndPodAndTags(req.params.id, function (err, video) {
+  const videoInstance = res.locals.video
-    if (err) return next(err)
+  res.json(videoInstance.toFormatedJSON())
-    if (!video) {
-      return res.type('json').status(204).end()
-    }
-    res.json(video.toFormatedJSON())
-  })
 }
 function listVideos (req, res, next) {
@@ -295,20 +288,9 @@ function listVideos (req, res, next) {
 }
 function removeVideo (req, res, next) {
-  const videoId = req.params.id
+  const videoInstance = res.locals.video
-  waterfall([
+  videoInstance.destroy().asCallback(function (err) {
-    function loadVideo (callback) {
-      db.Video.load(videoId, function (err, video) {
-        return callback(err, video)
-      })
-    },
-    function deleteVideo (video, callback) {
-      // Informations to other pods will be sent by the afterDestroy video hook
-      video.destroy().asCallback(callback)
-    }
-  ], function andFinally (err) {
    if (err) {
      logger.error('Errors when removed the video.', { error: err })
      return next(err)
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 09a188c76..1b6dbccf0 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -71,15 +71,16 @@ function videosRemove (req, res, next) {
  logger.debug('Checking videosRemove parameters', { parameters: req.params })
  checkErrors(req, res, function () {
-    db.Video.loadAndPopulateAuthor(req.params.id, function (err, video) {
+    checkVideoExists(req.params.id, res, function () {
-      if (err) {
+      // We need to make additional checks
-        logger.error('Error in videosRemove request validator.', { error: err })
-        return res.sendStatus(500)
+      if (res.locals.video.isOwned() === false) {
+        return res.status(403).send('Cannot remove video of another pod')
      }
-      if (!video) return res.status(404).send('Video not found')
+      if (res.locals.video.authorId !== res.locals.oauth.token.User.id) {
-      else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
+        return res.status(403).send('Cannot remove video of another user')
-      else if (video.Author.name !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
+      }
      next()
    })

diff --git a/server/controllers/api/videos.js b/server/controllers/api/videos.js index e5c52a87b..35d6979e5 100644 --- a/server/controllers/api/videos.js +++ b/server/controllers/api/videos.js
@@ -200,7 +200,7 @@ function addVideo (req, res, next) {
200	}	200	}
201		201
202	function updateVideo (req, res, next) {	202	function updateVideo (req, res, next) {
203	let videoInstance = res.locals.video	203	const videoInstance = res.locals.video
204	const videoInfosToUpdate = req.body	204	const videoInfosToUpdate = req.body
205		205
206	waterfall([	206	waterfall([
@@ -275,15 +275,8 @@ function updateVideo (req, res, next) {
275	}	275	}
276		276
277	function getVideo (req, res, next) {	277	function getVideo (req, res, next) {
278	db.Video.loadAndPopulateAuthorAndPodAndTags(req.params.id, function (err, video) {	278	const videoInstance = res.locals.video
279	if (err) return next(err)	279	res.json(videoInstance.toFormatedJSON())
280
281	if (!video) {
282	return res.type('json').status(204).end()
283	}
284
285	res.json(video.toFormatedJSON())
286	})
287	}	280	}
288		281
289	function listVideos (req, res, next) {	282	function listVideos (req, res, next) {
@@ -295,20 +288,9 @@ function listVideos (req, res, next) {
295	}	288	}
296		289
297	function removeVideo (req, res, next) {	290	function removeVideo (req, res, next) {
298	const videoId = req.params.id	291	const videoInstance = res.locals.video
299		292
300	waterfall([	293	videoInstance.destroy().asCallback(function (err) {
301	function loadVideo (callback) {
302	db.Video.load(videoId, function (err, video) {
303	return callback(err, video)
304	})
305	},
306
307	function deleteVideo (video, callback) {
308	// Informations to other pods will be sent by the afterDestroy video hook
309	video.destroy().asCallback(callback)
310	}
311	], function andFinally (err) {
312	if (err) {	294	if (err) {
313	logger.error('Errors when removed the video.', { error: err })	295	logger.error('Errors when removed the video.', { error: err })
314	return next(err)	296	return next(err)


diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 09a188c76..1b6dbccf0 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js
@@ -71,15 +71,16 @@ function videosRemove (req, res, next) {
71	logger.debug('Checking videosRemove parameters', { parameters: req.params })	71	logger.debug('Checking videosRemove parameters', { parameters: req.params })
72		72
73	checkErrors(req, res, function () {	73	checkErrors(req, res, function () {
74	db.Video.loadAndPopulateAuthor(req.params.id, function (err, video) {	74	checkVideoExists(req.params.id, res, function () {
75	if (err) {	75	// We need to make additional checks
76	logger.error('Error in videosRemove request validator.', { error: err })	76
77	return res.sendStatus(500)	77	if (res.locals.video.isOwned() === false) {
		78	return res.status(403).send('Cannot remove video of another pod')
78	}	79	}
79		80
80	if (!video) return res.status(404).send('Video not found')	81	if (res.locals.video.authorId !== res.locals.oauth.token.User.id) {
81	else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')	82	return res.status(403).send('Cannot remove video of another user')
82	else if (video.Author.name !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')	83	}
83		84
84	next()	85	next()
85	})	86	})