From 1cd3facc3de899ac864e979cd6d6a704b712cce3 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 10 Oct 2018 11:46:50 +0200 Subject: Add ability to list all local videos Including private/unlisted for moderators/admins --- server/middlewares/validators/videos/videos.ts | 54 +++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 2 deletions(-) (limited to 'server/middlewares/validators/videos/videos.ts') diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 1d0a64bb1..9dc52a134 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts @@ -1,6 +1,6 @@ import * as express from 'express' import 'express-validator' -import { body, param, ValidationChain } from 'express-validator/check' +import { body, param, query, ValidationChain } from 'express-validator/check' import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared' import { isBooleanValid, @@ -8,6 +8,7 @@ import { isIdOrUUIDValid, isIdValid, isUUIDValid, + toArray, toIntOrNull, toValueOrNull } from '../../../helpers/custom-validators/misc' @@ -19,6 +20,7 @@ import { isVideoDescriptionValid, isVideoExist, isVideoFile, + isVideoFilterValid, isVideoImage, isVideoLanguageValid, isVideoLicenceValid, @@ -42,6 +44,7 @@ import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/vid import { VideoChangeOwnershipModel } from '../../../models/video/video-change-ownership' import { AccountModel } from '../../../models/account/account' import { VideoFetchType } from '../../../helpers/video' +import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' const videosAddValidator = getCommonVideoAttributes().concat([ body('videofile') @@ -359,6 +362,51 @@ function getCommonVideoAttributes () { ] as (ValidationChain | express.Handler)[] } +const commonVideosFiltersValidator = [ + query('categoryOneOf') + .optional() + .customSanitizer(toArray) + .custom(isNumberArray).withMessage('Should have a valid one of category array'), + query('licenceOneOf') + .optional() + .customSanitizer(toArray) + .custom(isNumberArray).withMessage('Should have a valid one of licence array'), + query('languageOneOf') + .optional() + .customSanitizer(toArray) + .custom(isStringArray).withMessage('Should have a valid one of language array'), + query('tagsOneOf') + .optional() + .customSanitizer(toArray) + .custom(isStringArray).withMessage('Should have a valid one of tags array'), + query('tagsAllOf') + .optional() + .customSanitizer(toArray) + .custom(isStringArray).withMessage('Should have a valid all of tags array'), + query('nsfw') + .optional() + .custom(isNSFWQueryValid).withMessage('Should have a valid NSFW attribute'), + query('filter') + .optional() + .custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking commons video filters query', { parameters: req.query }) + + if (areValidationErrors(req, res)) return + + const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : undefined + if (req.query.filter === 'all-local' && (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false)) { + res.status(401) + .json({ error: 'You are not allowed to see all local videos.' }) + + return + } + + return next() + } +] + // --------------------------------------------------------------------------- export { @@ -375,7 +423,9 @@ export { videosTerminateChangeOwnershipValidator, videosAcceptChangeOwnershipValidator, - getCommonVideoAttributes + getCommonVideoAttributes, + + commonVideosFiltersValidator } // --------------------------------------------------------------------------- -- cgit v1.2.3