diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/api/videos/index.ts | 2 | ||||
-rw-r--r-- | server/helpers/custom-validators/videos.ts | 21 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 8 | ||||
-rw-r--r-- | server/tests/api/check-params/videos.ts | 2 |
4 files changed, 24 insertions, 9 deletions
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index bcf1eaee6..05fd79e67 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts | |||
@@ -341,7 +341,7 @@ async function updateVideo (req: express.Request, res: express.Response) { | |||
341 | 341 | ||
342 | // Video channel update? | 342 | // Video channel update? |
343 | if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) { | 343 | if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) { |
344 | await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel) | 344 | await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t }) |
345 | videoInstance.VideoChannel = res.locals.videoChannel | 345 | videoInstance.VideoChannel = res.locals.videoChannel |
346 | 346 | ||
347 | if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t) | 347 | if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t) |
diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts index 002324fe0..0c268a684 100644 --- a/server/helpers/custom-validators/videos.ts +++ b/server/helpers/custom-validators/videos.ts | |||
@@ -3,7 +3,7 @@ import 'express-validator' | |||
3 | import { values } from 'lodash' | 3 | import { values } from 'lodash' |
4 | import 'multer' | 4 | import 'multer' |
5 | import * as validator from 'validator' | 5 | import * as validator from 'validator' |
6 | import { VideoRateType } from '../../../shared' | 6 | import { UserRight, VideoRateType } from '../../../shared' |
7 | import { | 7 | import { |
8 | CONSTRAINTS_FIELDS, | 8 | CONSTRAINTS_FIELDS, |
9 | VIDEO_CATEGORIES, | 9 | VIDEO_CATEGORIES, |
@@ -15,6 +15,7 @@ import { | |||
15 | import { VideoModel } from '../../models/video/video' | 15 | import { VideoModel } from '../../models/video/video' |
16 | import { exists, isArray, isFileValid } from './misc' | 16 | import { exists, isArray, isFileValid } from './misc' |
17 | import { VideoChannelModel } from '../../models/video/video-channel' | 17 | import { VideoChannelModel } from '../../models/video/video-channel' |
18 | import { UserModel } from '../../models/account/user' | ||
18 | 19 | ||
19 | const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS | 20 | const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS |
20 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES | 21 | const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES |
@@ -127,8 +128,22 @@ async function isVideoExist (id: string, res: Response) { | |||
127 | return true | 128 | return true |
128 | } | 129 | } |
129 | 130 | ||
130 | async function isVideoChannelOfAccountExist (channelId: number, accountId: number, res: Response) { | 131 | async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) { |
131 | const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, accountId) | 132 | if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) { |
133 | const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId) | ||
134 | if (!videoChannel) { | ||
135 | res.status(400) | ||
136 | .json({ error: 'Unknown video video channel on this instance.' }) | ||
137 | .end() | ||
138 | |||
139 | return false | ||
140 | } | ||
141 | |||
142 | res.locals.videoChannel = videoChannel | ||
143 | return true | ||
144 | } | ||
145 | |||
146 | const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id) | ||
132 | if (!videoChannel) { | 147 | if (!videoChannel) { |
133 | res.status(400) | 148 | res.status(400) |
134 | .json({ error: 'Unknown video video channel for this account.' }) | 149 | .json({ error: 'Unknown video video channel for this account.' }) |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index dd0246a63..c5c45fe58 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -90,7 +90,7 @@ const videosAddValidator = [ | |||
90 | const videoFile: Express.Multer.File = req.files['videofile'][0] | 90 | const videoFile: Express.Multer.File = req.files['videofile'][0] |
91 | const user = res.locals.oauth.token.User | 91 | const user = res.locals.oauth.token.User |
92 | 92 | ||
93 | if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return | 93 | if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return |
94 | 94 | ||
95 | const isAble = await user.isAbleToUploadVideo(videoFile) | 95 | const isAble = await user.isAbleToUploadVideo(videoFile) |
96 | if (isAble === false) { | 96 | if (isAble === false) { |
@@ -193,7 +193,7 @@ const videosUpdateValidator = [ | |||
193 | .end() | 193 | .end() |
194 | } | 194 | } |
195 | 195 | ||
196 | if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return | 196 | if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return |
197 | 197 | ||
198 | return next() | 198 | return next() |
199 | } | 199 | } |
@@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use | |||
332 | // Retrieve the user who did the request | 332 | // Retrieve the user who did the request |
333 | if (video.isOwned() === false) { | 333 | if (video.isOwned() === false) { |
334 | res.status(403) | 334 | res.status(403) |
335 | .json({ error: 'Cannot remove video of another server, blacklist it' }) | 335 | .json({ error: 'Cannot manage a video of another server.' }) |
336 | .end() | 336 | .end() |
337 | return false | 337 | return false |
338 | } | 338 | } |
@@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use | |||
343 | const account = video.VideoChannel.Account | 343 | const account = video.VideoChannel.Account |
344 | if (user.hasRight(right) === false && account.userId !== user.id) { | 344 | if (user.hasRight(right) === false && account.userId !== user.id) { |
345 | res.status(403) | 345 | res.status(403) |
346 | .json({ error: 'Cannot remove video of another user' }) | 346 | .json({ error: 'Cannot manage a video of another user.' }) |
347 | .end() | 347 | .end() |
348 | return false | 348 | return false |
349 | } | 349 | } |
diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts index 33e815806..c81e9752e 100644 --- a/server/tests/api/check-params/videos.ts +++ b/server/tests/api/check-params/videos.ts | |||
@@ -280,7 +280,7 @@ describe('Test videos API validator', function () { | |||
280 | const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId }) | 280 | const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId }) |
281 | const attaches = baseCorrectAttaches | 281 | const attaches = baseCorrectAttaches |
282 | 282 | ||
283 | await makeUploadRequest({ url: server.url, path: path + '/upload', token: server.accessToken, fields, attaches }) | 283 | await makeUploadRequest({ url: server.url, path: path + '/upload', token: userAccessToken, fields, attaches }) |
284 | }) | 284 | }) |
285 | 285 | ||
286 | it('Should fail with too many tags', async function () { | 286 | it('Should fail with too many tags', async function () { |