OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Server: fix update right checks

pull/30/head
Chocobozzz 2017-01-11 19:15:23 +01:00
parent edc5e86006
commit 63d00f5ded
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
server/middlewares/validators/videos.js
View File

@ -53,15 +53,18 @@ function videosUpdate (req, res, next) {
logger.debug('Checking videosUpdate parameters', { parameters: req.body })
checkErrors(req, res, function () {
if (res.locals.video.isOwned() === false) {
return res.status(403).send('Cannot update video of another pod')
}
checkVideoExists(req.params.id, res, function () {
// We need to make additional checks
if (res.locals.video.isOwned() === false) {
return res.status(403).send('Cannot update video of another pod')
}
if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
return res.status(403).send('Cannot update video of another user')
}
if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
return res.status(403).send('Cannot update video of another user')
}
checkVideoExists(req.params.id, res, next)
next()
})
})
}