mirror of https://github.com/Chocobozzz/PeerTube
Merge branch 'release/4.0.0' into develop
This commit is contained in:
Chocobozzz
commit
3318147300
|
|
@ -8,7 +8,14 @@ import { logger } from '../../../helpers/logger'
|
|||
import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
|
||||
import { Hooks } from '../../../lib/plugins/hooks'
|
||||
import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
|
||||
import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist, isValidVideoIdParam } from '../shared'
|
||||
import {
|
||||
areValidationErrors,
|
||||
checkCanSeeVideoIfPrivate,
|
||||
doesVideoCommentExist,
|
||||
doesVideoCommentThreadExist,
|
||||
doesVideoExist,
|
||||
isValidVideoIdParam
|
||||
} from '../shared'
|
||||
|
||||
const listVideoCommentsValidator = [
|
||||
query('isLocal')
|
||||
|
|
@ -47,6 +54,13 @@ const listVideoCommentThreadsValidator = [
|
|||
if (areValidationErrors(req, res)) return
|
||||
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
|
||||
|
||||
if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) {
|
||||
return res.fail({
|
||||
status: HttpStatusCode.FORBIDDEN_403,
|
||||
message: 'Cannot list comments of private/internal/blocklisted video'
|
||||
})
|
||||
}
|
||||
|
||||
return next()
|
||||
}
|
||||
]
|
||||
|
|
@ -64,6 +78,13 @@ const listVideoThreadCommentsValidator = [
|
|||
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
|
||||
if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
|
||||
|
||||
if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) {
|
||||
return res.fail({
|
||||
status: HttpStatusCode.FORBIDDEN_403,
|
||||
message: 'Cannot list threads of private/internal/blocklisted video'
|
||||
})
|
||||
}
|
||||
|
||||
return next()
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
import 'mocha'
|
||||
import * as chai from 'chai'
|
||||
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
|
||||
import { HttpStatusCode, VideoCreateResult } from '@shared/models'
|
||||
import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
|
||||
import {
|
||||
cleanupTests,
|
||||
createSingleServer,
|
||||
|
|
@ -24,6 +24,8 @@ describe('Test video comments API validator', function () {
|
|||
let userAccessToken: string
|
||||
let userAccessToken2: string
|
||||
let commentId: number
|
||||
let privateCommentId: number
|
||||
let privateVideo: VideoCreateResult
|
||||
|
||||
// ---------------------------------------------------------------
|
||||
|
||||
|
|
@ -39,12 +41,21 @@ describe('Test video comments API validator', function () {
|
|||
pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
|
||||
}
|
||||
|
||||
{
|
||||
privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
|
||||
}
|
||||
|
||||
{
|
||||
const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
|
||||
commentId = created.id
|
||||
pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
|
||||
}
|
||||
|
||||
{
|
||||
const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
|
||||
privateCommentId = created.id
|
||||
}
|
||||
|
||||
{
|
||||
const user = { username: 'user1', password: 'my super password' }
|
||||
await server.users.create({ username: user.username, password: user.password })
|
||||
|
|
@ -78,6 +89,32 @@ describe('Test video comments API validator', function () {
|
|||
expectedStatus: HttpStatusCode.NOT_FOUND_404
|
||||
})
|
||||
})
|
||||
|
||||
it('Should fail with a private video without token', async function () {
|
||||
await makeGetRequest({
|
||||
url: server.url,
|
||||
path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
|
||||
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
|
||||
})
|
||||
})
|
||||
|
||||
it('Should fail with another user token', async function () {
|
||||
await makeGetRequest({
|
||||
url: server.url,
|
||||
token: userAccessToken,
|
||||
path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
|
||||
expectedStatus: HttpStatusCode.FORBIDDEN_403
|
||||
})
|
||||
})
|
||||
|
||||
it('Should succeed with the correct params', async function () {
|
||||
await makeGetRequest({
|
||||
url: server.url,
|
||||
token: server.accessToken,
|
||||
path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
|
||||
expectedStatus: HttpStatusCode.OK_200
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
describe('When listing comments of a thread', function () {
|
||||
|
|
@ -97,7 +134,31 @@ describe('Test video comments API validator', function () {
|
|||
})
|
||||
})
|
||||
|
||||
it('Should fail with a private video without token', async function () {
|
||||
await makeGetRequest({
|
||||
url: server.url,
|
||||
path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
|
||||
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
|
||||
})
|
||||
})
|
||||
|
||||
it('Should fail with another user token', async function () {
|
||||
await makeGetRequest({
|
||||
url: server.url,
|
||||
token: userAccessToken,
|
||||
path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
|
||||
expectedStatus: HttpStatusCode.FORBIDDEN_403
|
||||
})
|
||||
})
|
||||
|
||||
it('Should success with the correct params', async function () {
|
||||
await makeGetRequest({
|
||||
url: server.url,
|
||||
token: server.accessToken,
|
||||
path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
|
||||
expectedStatus: HttpStatusCode.OK_200
|
||||
})
|
||||
|
||||
await makeGetRequest({
|
||||
url: server.url,
|
||||
path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
|
||||
|
|
|
|||
Loading…
Reference in New Issue