Server: do not allow a user to remove a video of another user
This commit is contained in:
parent
f3391f9237
commit
58b2ba55a9
|
@ -49,8 +49,6 @@
|
|||
"src/app/shared/search/search.component.ts",
|
||||
"src/app/shared/search/search.model.ts",
|
||||
"src/app/shared/search/search.service.ts",
|
||||
"src/app/shared/user/index.ts",
|
||||
"src/app/shared/user/user.service.ts",
|
||||
"src/app/videos/index.ts",
|
||||
"src/app/videos/shared/index.ts",
|
||||
"src/app/videos/shared/loader/index.ts",
|
||||
|
|
|
@ -77,6 +77,7 @@ function videosRemove (req, res, next) {
|
|||
|
||||
if (!video) return res.status(404).send('Video not found')
|
||||
else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
|
||||
else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
|
||||
|
||||
next()
|
||||
})
|
||||
|
|
|
@ -496,6 +496,8 @@ describe('Test parameters validator', function () {
|
|||
.expect(404, done)
|
||||
})
|
||||
|
||||
it('Should fail with a video of another user')
|
||||
|
||||
it('Should fail with a video of another pod')
|
||||
|
||||
it('Should succeed with the correct parameters')
|
||||
|
|
Loading…
Reference in New Issue