OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Server: do not allow a user to remove a video of another user

pull/10/head
Chocobozzz 2016-08-05 21:41:28 +02:00
parent f3391f9237
commit 58b2ba55a9
3 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/tsconfig.json
View File

@ -49,8 +49,6 @@
"src/app/shared/search/search.component.ts", "src/app/shared/search/search.component.ts",
"src/app/shared/search/search.model.ts", "src/app/shared/search/search.model.ts",
"src/app/shared/search/search.service.ts", "src/app/shared/search/search.service.ts",
"src/app/shared/user/index.ts",
"src/app/shared/user/user.service.ts",
"src/app/videos/index.ts", "src/app/videos/index.ts",
"src/app/videos/shared/index.ts", "src/app/videos/shared/index.ts",
"src/app/videos/shared/loader/index.ts", "src/app/videos/shared/loader/index.ts",

1
server/middlewares/validators/videos.js
View File

@ -77,6 +77,7 @@ function videosRemove (req, res, next) {
if (!video) return res.status(404).send('Video not found') if (!video) return res.status(404).send('Video not found')
else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
next() next()
}) })

2
server/tests/api/checkParams.js
View File

@ -496,6 +496,8 @@ describe('Test parameters validator', function () {
.expect(404, done) .expect(404, done)
}) })
it('Should fail with a video of another user')
it('Should fail with a video of another pod') it('Should fail with a video of another pod')
it('Should succeed with the correct parameters') it('Should succeed with the correct parameters')