aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/videos/index.ts2
-rw-r--r--server/helpers/custom-validators/videos.ts21
-rw-r--r--server/middlewares/validators/videos.ts8
-rw-r--r--server/tests/api/check-params/videos.ts2
4 files changed, 24 insertions, 9 deletions
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts
index bcf1eaee6..05fd79e67 100644
--- a/server/controllers/api/videos/index.ts
+++ b/server/controllers/api/videos/index.ts
@@ -341,7 +341,7 @@ async function updateVideo (req: express.Request, res: express.Response) {
341 341
342 // Video channel update? 342 // Video channel update?
343 if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) { 343 if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) {
344 await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel) 344 await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t })
345 videoInstance.VideoChannel = res.locals.videoChannel 345 videoInstance.VideoChannel = res.locals.videoChannel
346 346
347 if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t) 347 if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t)
diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts
index 002324fe0..0c268a684 100644
--- a/server/helpers/custom-validators/videos.ts
+++ b/server/helpers/custom-validators/videos.ts
@@ -3,7 +3,7 @@ import 'express-validator'
3import { values } from 'lodash' 3import { values } from 'lodash'
4import 'multer' 4import 'multer'
5import * as validator from 'validator' 5import * as validator from 'validator'
6import { VideoRateType } from '../../../shared' 6import { UserRight, VideoRateType } from '../../../shared'
7import { 7import {
8 CONSTRAINTS_FIELDS, 8 CONSTRAINTS_FIELDS,
9 VIDEO_CATEGORIES, 9 VIDEO_CATEGORIES,
@@ -15,6 +15,7 @@ import {
15import { VideoModel } from '../../models/video/video' 15import { VideoModel } from '../../models/video/video'
16import { exists, isArray, isFileValid } from './misc' 16import { exists, isArray, isFileValid } from './misc'
17import { VideoChannelModel } from '../../models/video/video-channel' 17import { VideoChannelModel } from '../../models/video/video-channel'
18import { UserModel } from '../../models/account/user'
18 19
19const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS 20const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS
20const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES 21const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
@@ -127,8 +128,22 @@ async function isVideoExist (id: string, res: Response) {
127 return true 128 return true
128} 129}
129 130
130async function isVideoChannelOfAccountExist (channelId: number, accountId: number, res: Response) { 131async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
131 const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, accountId) 132 if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
133 const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
134 if (!videoChannel) {
135 res.status(400)
136 .json({ error: 'Unknown video video channel on this instance.' })
137 .end()
138
139 return false
140 }
141
142 res.locals.videoChannel = videoChannel
143 return true
144 }
145
146 const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
132 if (!videoChannel) { 147 if (!videoChannel) {
133 res.status(400) 148 res.status(400)
134 .json({ error: 'Unknown video video channel for this account.' }) 149 .json({ error: 'Unknown video video channel for this account.' })
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index dd0246a63..c5c45fe58 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -90,7 +90,7 @@ const videosAddValidator = [
90 const videoFile: Express.Multer.File = req.files['videofile'][0] 90 const videoFile: Express.Multer.File = req.files['videofile'][0]
91 const user = res.locals.oauth.token.User 91 const user = res.locals.oauth.token.User
92 92
93 if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return 93 if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
94 94
95 const isAble = await user.isAbleToUploadVideo(videoFile) 95 const isAble = await user.isAbleToUploadVideo(videoFile)
96 if (isAble === false) { 96 if (isAble === false) {
@@ -193,7 +193,7 @@ const videosUpdateValidator = [
193 .end() 193 .end()
194 } 194 }
195 195
196 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return 196 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
197 197
198 return next() 198 return next()
199 } 199 }
@@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
332 // Retrieve the user who did the request 332 // Retrieve the user who did the request
333 if (video.isOwned() === false) { 333 if (video.isOwned() === false) {
334 res.status(403) 334 res.status(403)
335 .json({ error: 'Cannot remove video of another server, blacklist it' }) 335 .json({ error: 'Cannot manage a video of another server.' })
336 .end() 336 .end()
337 return false 337 return false
338 } 338 }
@@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
343 const account = video.VideoChannel.Account 343 const account = video.VideoChannel.Account
344 if (user.hasRight(right) === false && account.userId !== user.id) { 344 if (user.hasRight(right) === false && account.userId !== user.id) {
345 res.status(403) 345 res.status(403)
346 .json({ error: 'Cannot remove video of another user' }) 346 .json({ error: 'Cannot manage a video of another user.' })
347 .end() 347 .end()
348 return false 348 return false
349 } 349 }
diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts
index 33e815806..c81e9752e 100644
--- a/server/tests/api/check-params/videos.ts
+++ b/server/tests/api/check-params/videos.ts
@@ -280,7 +280,7 @@ describe('Test videos API validator', function () {
280 const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId }) 280 const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId })
281 const attaches = baseCorrectAttaches 281 const attaches = baseCorrectAttaches
282 282
283 await makeUploadRequest({ url: server.url, path: path + '/upload', token: server.accessToken, fields, attaches }) 283 await makeUploadRequest({ url: server.url, path: path + '/upload', token: userAccessToken, fields, attaches })
284 }) 284 })
285 285
286 it('Should fail with too many tags', async function () { 286 it('Should fail with too many tags', async function () {