Add ability for video owners to delete comments
This commit is contained in:
parent
298b3fd315
commit
fde37dc99c
|
@ -98,6 +98,7 @@ export class VideoCommentComponent implements OnInit, OnChanges {
|
|||
return this.comment.account && this.isUserLoggedIn() &&
|
||||
(
|
||||
this.user.account.id === this.comment.account.id ||
|
||||
this.user.account.id === this.video.account.id ||
|
||||
this.user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT)
|
||||
)
|
||||
}
|
||||
|
|
|
@ -9,8 +9,8 @@ import { areValidationErrors } from '../utils'
|
|||
import { Hooks } from '../../../lib/plugins/hooks'
|
||||
import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
|
||||
import { doesVideoExist } from '../../../helpers/middlewares'
|
||||
import { MCommentOwner, MVideo, MVideoFullLight, MVideoId } from '../../../typings/models/video'
|
||||
import { MUser } from '@server/typings/models'
|
||||
import { MCommentOwner, MVideo, MVideoFullLight, MVideoId, MCommentOwnerVideoReply } from '../../../typings/models/video'
|
||||
import { MUser, MUserAccountUrl } from '@server/typings/models'
|
||||
|
||||
const listVideoCommentThreadsValidator = [
|
||||
param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
|
||||
|
@ -188,7 +188,7 @@ function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
|
|||
return true
|
||||
}
|
||||
|
||||
function checkUserCanDeleteVideoComment (user: MUser, videoComment: MCommentOwner, res: express.Response) {
|
||||
function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) {
|
||||
if (videoComment.isDeleted()) {
|
||||
res.status(409)
|
||||
.json({ error: 'This comment is already deleted' })
|
||||
|
@ -196,11 +196,16 @@ function checkUserCanDeleteVideoComment (user: MUser, videoComment: MCommentOwne
|
|||
return false
|
||||
}
|
||||
|
||||
const account = videoComment.Account
|
||||
if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) {
|
||||
const userAccount = user.Account
|
||||
|
||||
if (
|
||||
user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator
|
||||
videoComment.accountId !== userAccount.id && // Not the comment owner
|
||||
videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner
|
||||
) {
|
||||
res.status(403)
|
||||
.json({ error: 'Cannot remove video comment of another user' })
|
||||
.end()
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
|
@ -29,6 +29,7 @@ describe('Test video comments API validator', function () {
|
|||
let server: ServerInfo
|
||||
let videoUUID: string
|
||||
let userAccessToken: string
|
||||
let userAccessToken2: string
|
||||
let commentId: number
|
||||
|
||||
// ---------------------------------------------------------------
|
||||
|
@ -53,13 +54,16 @@ describe('Test video comments API validator', function () {
|
|||
}
|
||||
|
||||
{
|
||||
const user = {
|
||||
username: 'user1',
|
||||
password: 'my super password'
|
||||
}
|
||||
const user = { username: 'user1', password: 'my super password' }
|
||||
await createUser({ url: server.url, accessToken: server.accessToken, username: user.username, password: user.password })
|
||||
userAccessToken = await userLogin(server, user)
|
||||
}
|
||||
|
||||
{
|
||||
const user = { username: 'user2', password: 'my super password' }
|
||||
await createUser({ url: server.url, accessToken: server.accessToken, username: user.username, password: user.password })
|
||||
userAccessToken2 = await userLogin(server, user)
|
||||
}
|
||||
})
|
||||
|
||||
describe('When listing video comment threads', function () {
|
||||
|
@ -224,6 +228,40 @@ describe('Test video comments API validator', function () {
|
|||
await makeDeleteRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 404 })
|
||||
})
|
||||
|
||||
it('Should succeed with the same user', async function () {
|
||||
let commentToDelete: number
|
||||
|
||||
{
|
||||
const res = await addVideoCommentThread(server.url, userAccessToken, videoUUID, 'hello')
|
||||
commentToDelete = res.body.comment.id
|
||||
}
|
||||
|
||||
const path = '/api/v1/videos/' + videoUUID + '/comments/' + commentToDelete
|
||||
|
||||
await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, statusCodeExpected: 403 })
|
||||
await makeDeleteRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 204 })
|
||||
})
|
||||
|
||||
it('Should succeed with the owner of the video', async function () {
|
||||
let commentToDelete: number
|
||||
let anotherVideoUUID: string
|
||||
|
||||
{
|
||||
const res = await uploadVideo(server.url, userAccessToken, { name: 'video' })
|
||||
anotherVideoUUID = res.body.video.uuid
|
||||
}
|
||||
|
||||
{
|
||||
const res = await addVideoCommentThread(server.url, server.accessToken, anotherVideoUUID, 'hello')
|
||||
commentToDelete = res.body.comment.id
|
||||
}
|
||||
|
||||
const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
|
||||
|
||||
await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, statusCodeExpected: 403 })
|
||||
await makeDeleteRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 204 })
|
||||
})
|
||||
|
||||
it('Should succeed with the correct parameters', async function () {
|
||||
await makeDeleteRequest({ url: server.url, path: pathComment, token: server.accessToken, statusCodeExpected: 204 })
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue