Forbid public playlists not assigned to a channel

2019-03-14 14:29:44 +01:00 · 2019-03-14 14:29:44 +01:00 · c5e4e36d2a
parent bce47964f6
commit c5e4e36d2a
2 changed files with 62 additions and 13 deletions
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@ -1,6 +1,6 @@
 import * as express from 'express'
 import { body, param, query, ValidationChain } from 'express-validator/check'
-import { UserRight } from '../../../../shared'
+import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
 import { logger } from '../../../helpers/logger'
 import { UserModel } from '../../../models/account/user'
 import { areValidationErrors } from '../utils'
@ -30,7 +30,14 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
-    if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
+    const body: VideoPlaylistCreate = req.body
    if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
    if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }
    return next()
  }
@ -53,19 +60,33 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
      return cleanUpReqFiles(req)
    }
-    if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) {
+    const body: VideoPlaylistUpdate = req.body
    if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) {
      cleanUpReqFiles(req)
-      return res.status(409)
+      return res.status(400)
                .json({ error: 'Cannot set "private" a video playlist that was not private.' })
    }
    const newPrivacy = body.privacy || videoPlaylist.privacy
    if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
      (
        (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
        body.videoChannelId === null
      )
    ) {
      cleanUpReqFiles(req)
      return res.status(400)
                .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
    }
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
      cleanUpReqFiles(req)
-      return res.status(409)
+      return res.status(400)
                .json({ error: 'Cannot update a watch later playlist.' })
    }
-    if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
+    if (body.videoChannelId && !await isVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
    return next()
  }
@ -84,7 +105,7 @@ const videoPlaylistsDeleteValidator = [
    const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
    if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
-      return res.status(409)
+      return res.status(400)
                .json({ error: 'Cannot delete a watch later playlist.' })
    }
--- a/server/tests/api/check-params/video-playlists.ts
+++ b/server/tests/api/check-params/video-playlists.ts
@ -16,7 +16,7 @@ import {
  reorderVideosPlaylist,
  runServer,
  ServerInfo,
-  setAccessTokensToServers,
+  setAccessTokensToServers, setDefaultVideoChannel,
  updateVideoPlaylist,
  updateVideoPlaylistElement,
  uploadVideoAndGetId
@ -33,6 +33,7 @@ describe('Test video playlists API validator', function () {
  let server: ServerInfo
  let userAccessToken: string
  let playlistUUID: string
  let privatePlaylistUUID: string
  let watchLaterPlaylistId: number
  let videoId: number
  let videoId2: number
@ -47,6 +48,7 @@ describe('Test video playlists API validator', function () {
    server = await runServer(1)
    await setAccessTokensToServers([ server ])
    await setDefaultVideoChannel([ server ])
    userAccessToken = await generateUserAccessToken(server, 'user1')
    videoId = (await uploadVideoAndGetId({ server, videoName: 'video 1' })).id
@ -63,11 +65,24 @@ describe('Test video playlists API validator', function () {
        token: server.accessToken,
        playlistAttrs: {
          displayName: 'super playlist',
-          privacy: VideoPlaylistPrivacy.PUBLIC
+          privacy: VideoPlaylistPrivacy.PUBLIC,
          videoChannelId: server.videoChannel.id
        }
      })
      playlistUUID = res.body.videoPlaylist.uuid
    }
    {
      const res = await createVideoPlaylist({
        url: server.url,
        token: server.accessToken,
        playlistAttrs: {
          displayName: 'private',
          privacy: VideoPlaylistPrivacy.PRIVATE
        }
      })
      privatePlaylistUUID = res.body.videoPlaylist.uuid
    }
  })
  describe('When listing playlists', function () {
@ -172,7 +187,8 @@ describe('Test video playlists API validator', function () {
        playlistAttrs: Object.assign({
          displayName: 'display name',
          privacy: VideoPlaylistPrivacy.UNLISTED,
-          thumbnailfile: 'thumbnail.jpg'
+          thumbnailfile: 'thumbnail.jpg',
          videoChannelId: server.videoChannel.id
        }, playlistAttrs)
      }, wrapper)
    }
@ -229,6 +245,18 @@ describe('Test video playlists API validator', function () {
      await updateVideoPlaylist(getUpdate(params, playlistUUID))
    })
    it('Should fail to set "public" a playlist not assigned to a channel', async function () {
      const params = getBase({ privacy: VideoPlaylistPrivacy.PUBLIC, videoChannelId: undefined })
      const params2 = getBase({ privacy: VideoPlaylistPrivacy.PUBLIC, videoChannelId: 'null' })
      const params3 = getBase({ privacy: undefined, videoChannelId: 'null' })
      await createVideoPlaylist(params)
      await createVideoPlaylist(params2)
      await updateVideoPlaylist(getUpdate(params, privatePlaylistUUID))
      await updateVideoPlaylist(getUpdate(params2, playlistUUID))
      await updateVideoPlaylist(getUpdate(params3, playlistUUID))
    })
    it('Should fail with an unknown playlist to update', async function () {
      await updateVideoPlaylist(getUpdate(
        getBase({}, { expectedStatus: 404 }),
@ -249,14 +277,14 @@ describe('Test video playlists API validator', function () {
      const res = await createVideoPlaylist(params)
      const playlist = res.body.videoPlaylist
-      const paramsUpdate = getBase({ privacy: VideoPlaylistPrivacy.PRIVATE }, { expectedStatus: 409 })
+      const paramsUpdate = getBase({ privacy: VideoPlaylistPrivacy.PRIVATE }, { expectedStatus: 400 })
      await updateVideoPlaylist(getUpdate(paramsUpdate, playlist.id))
    })
    it('Should fail to update the watch later playlist', async function () {
      await updateVideoPlaylist(getUpdate(
-        getBase({}, { expectedStatus: 409 }),
+        getBase({}, { expectedStatus: 400 }),
        watchLaterPlaylistId
      ))
    })
@ -634,7 +662,7 @@ describe('Test video playlists API validator', function () {
    })
    it('Should fail with the watch later playlist', async function () {
-      await deleteVideoPlaylist(server.url, server.accessToken, watchLaterPlaylistId, 409)
+      await deleteVideoPlaylist(server.url, server.accessToken, watchLaterPlaylistId, 400)
    })
    it('Should succeed with the correct params', async function () {