Server: do not allow a user to remove a video of another user
This commit is contained in:
parent
f3391f9237
commit
58b2ba55a9
|
@ -49,8 +49,6 @@
|
||||||
"src/app/shared/search/search.component.ts",
|
"src/app/shared/search/search.component.ts",
|
||||||
"src/app/shared/search/search.model.ts",
|
"src/app/shared/search/search.model.ts",
|
||||||
"src/app/shared/search/search.service.ts",
|
"src/app/shared/search/search.service.ts",
|
||||||
"src/app/shared/user/index.ts",
|
|
||||||
"src/app/shared/user/user.service.ts",
|
|
||||||
"src/app/videos/index.ts",
|
"src/app/videos/index.ts",
|
||||||
"src/app/videos/shared/index.ts",
|
"src/app/videos/shared/index.ts",
|
||||||
"src/app/videos/shared/loader/index.ts",
|
"src/app/videos/shared/loader/index.ts",
|
||||||
|
|
|
@ -77,6 +77,7 @@ function videosRemove (req, res, next) {
|
||||||
|
|
||||||
if (!video) return res.status(404).send('Video not found')
|
if (!video) return res.status(404).send('Video not found')
|
||||||
else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
|
else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
|
||||||
|
else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
|
||||||
|
|
||||||
next()
|
next()
|
||||||
})
|
})
|
||||||
|
|
|
@ -496,6 +496,8 @@ describe('Test parameters validator', function () {
|
||||||
.expect(404, done)
|
.expect(404, done)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('Should fail with a video of another user')
|
||||||
|
|
||||||
it('Should fail with a video of another pod')
|
it('Should fail with a video of another pod')
|
||||||
|
|
||||||
it('Should succeed with the correct parameters')
|
it('Should succeed with the correct parameters')
|
||||||
|
|
Loading…
Reference in New Issue