Fix video channel update with an admin account

pull/581/head
Chocobozzz 2018-05-16 11:33:11 +02:00
parent a14d3b6b23
commit 6200d8d917
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
6 changed files with 38 additions and 16 deletions

View File

@ -219,7 +219,6 @@ export class VideoAddComponent extends FormReactive implements OnInit, OnDestroy
const video = new VideoEdit()
video.patch(this.form.value)
video.channelId = this.firstStepChannelId
video.id = this.videoUploadedIds.id
video.uuid = this.videoUploadedIds.uuid

View File

@ -11,7 +11,7 @@ import { FormReactive } from '../../shared'
import { ValidatorMessage } from '../../shared/forms/form-validators/validator-message'
import { VideoEdit } from '../../shared/video/video-edit.model'
import { VideoService } from '../../shared/video/video.service'
import { populateAsyncUserVideoChannels } from '@app/shared/misc/utils'
import { VideoChannelService } from '@app/shared/video-channel/video-channel.service'
@Component({
selector: 'my-videos-update',
@ -36,7 +36,8 @@ export class VideoUpdateComponent extends FormReactive implements OnInit {
private serverService: ServerService,
private videoService: VideoService,
private authService: AuthService,
private loadingBar: LoadingBarService
private loadingBar: LoadingBarService,
private videoChannelService: VideoChannelService
) {
super()
}
@ -59,14 +60,21 @@ export class VideoUpdateComponent extends FormReactive implements OnInit {
return this.videoService
.loadCompleteDescription(video.descriptionPath)
.pipe(map(description => Object.assign(video, { description })))
}),
switchMap(video => {
return this.videoChannelService
.listAccountVideoChannels(video.account.id)
.pipe(
map(result => result.data),
map(videoChannels => videoChannels.map(c => ({ id: c.id, label: c.displayName }))),
map(videoChannels => ({ video, videoChannels }))
)
})
)
.subscribe(
video => {
({ video, videoChannels }) => {
this.video = new VideoEdit(video)
populateAsyncUserVideoChannels(this.authService, this.userVideoChannels)
.catch(err => console.error(err))
this.userVideoChannels = videoChannels
// We cannot set private a video that was not private
if (video.privacy.id !== VideoPrivacy.PRIVATE) {

View File

@ -341,7 +341,7 @@ async function updateVideo (req: express.Request, res: express.Response) {
// Video channel update?
if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) {
await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel)
await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t })
videoInstance.VideoChannel = res.locals.videoChannel
if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t)

View File

@ -3,7 +3,7 @@ import 'express-validator'
import { values } from 'lodash'
import 'multer'
import * as validator from 'validator'
import { VideoRateType } from '../../../shared'
import { UserRight, VideoRateType } from '../../../shared'
import {
CONSTRAINTS_FIELDS,
VIDEO_CATEGORIES,
@ -15,6 +15,7 @@ import {
import { VideoModel } from '../../models/video/video'
import { exists, isArray, isFileValid } from './misc'
import { VideoChannelModel } from '../../models/video/video-channel'
import { UserModel } from '../../models/account/user'
const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS
const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
@ -127,8 +128,22 @@ async function isVideoExist (id: string, res: Response) {
return true
}
async function isVideoChannelOfAccountExist (channelId: number, accountId: number, res: Response) {
const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, accountId)
async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
if (!videoChannel) {
res.status(400)
.json({ error: 'Unknown video video channel on this instance.' })
.end()
return false
}
res.locals.videoChannel = videoChannel
return true
}
const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
if (!videoChannel) {
res.status(400)
.json({ error: 'Unknown video video channel for this account.' })

View File

@ -90,7 +90,7 @@ const videosAddValidator = [
const videoFile: Express.Multer.File = req.files['videofile'][0]
const user = res.locals.oauth.token.User
if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return
if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
const isAble = await user.isAbleToUploadVideo(videoFile)
if (isAble === false) {
@ -193,7 +193,7 @@ const videosUpdateValidator = [
.end()
}
if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return
if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return
return next()
}
@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
// Retrieve the user who did the request
if (video.isOwned() === false) {
res.status(403)
.json({ error: 'Cannot remove video of another server, blacklist it' })
.json({ error: 'Cannot manage a video of another server.' })
.end()
return false
}
@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
const account = video.VideoChannel.Account
if (user.hasRight(right) === false && account.userId !== user.id) {
res.status(403)
.json({ error: 'Cannot remove video of another user' })
.json({ error: 'Cannot manage a video of another user.' })
.end()
return false
}

View File

@ -280,7 +280,7 @@ describe('Test videos API validator', function () {
const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId })
const attaches = baseCorrectAttaches
await makeUploadRequest({ url: server.url, path: path + '/upload', token: server.accessToken, fields, attaches })
await makeUploadRequest({ url: server.url, path: path + '/upload', token: userAccessToken, fields, attaches })
})
it('Should fail with too many tags', async function () {