Fix separate SQL query for video get
This commit is contained in:
parent
24d3352ce4
commit
d7df188f23
|
@ -3,7 +3,7 @@ import { body, param, query, ValidationChain } from 'express-validator'
|
|||
import { isAbleToUploadVideo } from '@server/lib/user'
|
||||
import { getServerActor } from '@server/models/application/application'
|
||||
import { ExpressPromiseHandler } from '@server/types/express'
|
||||
import { MVideoFullLight } from '@server/types/models'
|
||||
import { MVideoFullLight, MVideoWithRights } from '@server/types/models'
|
||||
import { ServerErrorCode, UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared'
|
||||
import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
|
||||
import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model'
|
||||
|
@ -197,17 +197,16 @@ const videosCustomGetValidator = (
|
|||
// Controllers does not need to check video rights
|
||||
if (fetchType === 'only-immutable-attributes') return next()
|
||||
|
||||
const video = getVideoWithAttributes(res)
|
||||
const videoAll = video as MVideoFullLight
|
||||
const video = getVideoWithAttributes(res) as MVideoWithRights
|
||||
|
||||
// Video private or blacklisted
|
||||
if (videoAll.requiresAuth()) {
|
||||
if (video.requiresAuth()) {
|
||||
await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
|
||||
|
||||
const user = res.locals.oauth ? res.locals.oauth.token.User : null
|
||||
|
||||
// Only the owner or a user that have blacklist rights can see the video
|
||||
if (!user || !user.canGetVideo(videoAll)) {
|
||||
if (!user || !user.canGetVideo(video)) {
|
||||
return res.status(HttpStatusCode.FORBIDDEN_403)
|
||||
.json({ error: 'Cannot get this private/internal or blacklisted video.' })
|
||||
}
|
||||
|
|
|
@ -28,7 +28,8 @@ import {
|
|||
MUserFormattable,
|
||||
MUserNotifSettingChannelDefault,
|
||||
MUserWithNotificationSetting,
|
||||
MVideoFullLight
|
||||
MVideoFullLight,
|
||||
MVideoWithRights
|
||||
} from '@server/types/models'
|
||||
import { hasUserRight, USER_ROLE_LABELS } from '../../../shared/core-utils/users'
|
||||
import { AbuseState, MyUser, UserRight, VideoPlaylistType, VideoPrivacy } from '../../../shared/models'
|
||||
|
@ -819,7 +820,7 @@ export class UserModel extends Model {
|
|||
.then(u => u.map(u => u.username))
|
||||
}
|
||||
|
||||
canGetVideo (video: MVideoFullLight) {
|
||||
canGetVideo (video: MVideoWithRights) {
|
||||
const videoUserId = video.VideoChannel.Account.userId
|
||||
|
||||
if (video.isBlacklisted()) {
|
||||
|
|
|
@ -356,6 +356,7 @@ export type AvailableForListIDsOptions = {
|
|||
include: [
|
||||
{
|
||||
model: VideoFileModel,
|
||||
separate: true,
|
||||
required: false,
|
||||
include: subInclude
|
||||
}
|
||||
|
@ -383,6 +384,7 @@ export type AvailableForListIDsOptions = {
|
|||
{
|
||||
model: VideoStreamingPlaylistModel.unscoped(),
|
||||
required: false,
|
||||
separate: true,
|
||||
include: subInclude
|
||||
}
|
||||
]
|
||||
|
@ -1312,8 +1314,7 @@ export class VideoModel extends Model {
|
|||
|
||||
return VideoModel.scope([
|
||||
ScopeNames.WITH_BLACKLISTED,
|
||||
ScopeNames.WITH_USER_ID,
|
||||
ScopeNames.WITH_THUMBNAILS
|
||||
ScopeNames.WITH_USER_ID
|
||||
]).findOne(options)
|
||||
}
|
||||
|
||||
|
|
|
@ -107,7 +107,6 @@ export type MVideoAccountLight =
|
|||
export type MVideoWithRights =
|
||||
MVideo &
|
||||
Use<'VideoBlacklist', MVideoBlacklistLight> &
|
||||
Use<'Thumbnails', MThumbnail[]> &
|
||||
Use<'VideoChannel', MChannelUserId>
|
||||
|
||||
// ############################################################################
|
||||
|
|
Loading…
Reference in New Issue