From 6200d8d91710b03a72a27e35cbe6eed1e6cc8c62 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 16 May 2018 11:33:11 +0200 Subject: Fix video channel update with an admin account --- .../app/videos/+video-edit/video-add.component.ts | 1 - .../videos/+video-edit/video-update.component.ts | 20 ++++++++++++++------ server/controllers/api/videos/index.ts | 2 +- server/helpers/custom-validators/videos.ts | 21 ++++++++++++++++++--- server/middlewares/validators/videos.ts | 8 ++++---- server/tests/api/check-params/videos.ts | 2 +- 6 files changed, 38 insertions(+), 16 deletions(-) diff --git a/client/src/app/videos/+video-edit/video-add.component.ts b/client/src/app/videos/+video-edit/video-add.component.ts index 41d14573c..032504cea 100644 --- a/client/src/app/videos/+video-edit/video-add.component.ts +++ b/client/src/app/videos/+video-edit/video-add.component.ts @@ -219,7 +219,6 @@ export class VideoAddComponent extends FormReactive implements OnInit, OnDestroy const video = new VideoEdit() video.patch(this.form.value) - video.channelId = this.firstStepChannelId video.id = this.videoUploadedIds.id video.uuid = this.videoUploadedIds.uuid diff --git a/client/src/app/videos/+video-edit/video-update.component.ts b/client/src/app/videos/+video-edit/video-update.component.ts index b1d80bcaa..00c2ed3f1 100644 --- a/client/src/app/videos/+video-edit/video-update.component.ts +++ b/client/src/app/videos/+video-edit/video-update.component.ts @@ -11,7 +11,7 @@ import { FormReactive } from '../../shared' import { ValidatorMessage } from '../../shared/forms/form-validators/validator-message' import { VideoEdit } from '../../shared/video/video-edit.model' import { VideoService } from '../../shared/video/video.service' -import { populateAsyncUserVideoChannels } from '@app/shared/misc/utils' +import { VideoChannelService } from '@app/shared/video-channel/video-channel.service' @Component({ selector: 'my-videos-update', @@ -36,7 +36,8 @@ export class VideoUpdateComponent extends FormReactive implements OnInit { private serverService: ServerService, private videoService: VideoService, private authService: AuthService, - private loadingBar: LoadingBarService + private loadingBar: LoadingBarService, + private videoChannelService: VideoChannelService ) { super() } @@ -59,14 +60,21 @@ export class VideoUpdateComponent extends FormReactive implements OnInit { return this.videoService .loadCompleteDescription(video.descriptionPath) .pipe(map(description => Object.assign(video, { description }))) + }), + switchMap(video => { + return this.videoChannelService + .listAccountVideoChannels(video.account.id) + .pipe( + map(result => result.data), + map(videoChannels => videoChannels.map(c => ({ id: c.id, label: c.displayName }))), + map(videoChannels => ({ video, videoChannels })) + ) }) ) .subscribe( - video => { + ({ video, videoChannels }) => { this.video = new VideoEdit(video) - - populateAsyncUserVideoChannels(this.authService, this.userVideoChannels) - .catch(err => console.error(err)) + this.userVideoChannels = videoChannels // We cannot set private a video that was not private if (video.privacy.id !== VideoPrivacy.PRIVATE) { diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index bcf1eaee6..05fd79e67 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts @@ -341,7 +341,7 @@ async function updateVideo (req: express.Request, res: express.Response) { // Video channel update? if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) { - await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel) + await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t }) videoInstance.VideoChannel = res.locals.videoChannel if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t) diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts index 002324fe0..0c268a684 100644 --- a/server/helpers/custom-validators/videos.ts +++ b/server/helpers/custom-validators/videos.ts @@ -3,7 +3,7 @@ import 'express-validator' import { values } from 'lodash' import 'multer' import * as validator from 'validator' -import { VideoRateType } from '../../../shared' +import { UserRight, VideoRateType } from '../../../shared' import { CONSTRAINTS_FIELDS, VIDEO_CATEGORIES, @@ -15,6 +15,7 @@ import { import { VideoModel } from '../../models/video/video' import { exists, isArray, isFileValid } from './misc' import { VideoChannelModel } from '../../models/video/video-channel' +import { UserModel } from '../../models/account/user' const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES @@ -127,8 +128,22 @@ async function isVideoExist (id: string, res: Response) { return true } -async function isVideoChannelOfAccountExist (channelId: number, accountId: number, res: Response) { - const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, accountId) +async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) { + if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) { + const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId) + if (!videoChannel) { + res.status(400) + .json({ error: 'Unknown video video channel on this instance.' }) + .end() + + return false + } + + res.locals.videoChannel = videoChannel + return true + } + + const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id) if (!videoChannel) { res.status(400) .json({ error: 'Unknown video video channel for this account.' }) diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index dd0246a63..c5c45fe58 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts @@ -90,7 +90,7 @@ const videosAddValidator = [ const videoFile: Express.Multer.File = req.files['videofile'][0] const user = res.locals.oauth.token.User - if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return + if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return const isAble = await user.isAbleToUploadVideo(videoFile) if (isAble === false) { @@ -193,7 +193,7 @@ const videosUpdateValidator = [ .end() } - if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return + if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return return next() } @@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use // Retrieve the user who did the request if (video.isOwned() === false) { res.status(403) - .json({ error: 'Cannot remove video of another server, blacklist it' }) + .json({ error: 'Cannot manage a video of another server.' }) .end() return false } @@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use const account = video.VideoChannel.Account if (user.hasRight(right) === false && account.userId !== user.id) { res.status(403) - .json({ error: 'Cannot remove video of another user' }) + .json({ error: 'Cannot manage a video of another user.' }) .end() return false } diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts index 33e815806..c81e9752e 100644 --- a/server/tests/api/check-params/videos.ts +++ b/server/tests/api/check-params/videos.ts @@ -280,7 +280,7 @@ describe('Test videos API validator', function () { const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId }) const attaches = baseCorrectAttaches - await makeUploadRequest({ url: server.url, path: path + '/upload', token: server.accessToken, fields, attaches }) + await makeUploadRequest({ url: server.url, path: path + '/upload', token: userAccessToken, fields, attaches }) }) it('Should fail with too many tags', async function () { -- cgit v1.2.3