NW
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Server: fix update right checks

This commit is contained in:
Chocobozzz 2017-01-11 19:15:23 +01:00
parent edc5e86006
commit 63d00f5ded
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
server/middlewares/validators/videos.js
View File

@ -53,15 +53,18 @@ function videosUpdate (req, res, next) {
logger.debug('Checking videosUpdate parameters', { parameters: req.body }) logger.debug('Checking videosUpdate parameters', { parameters: req.body })
checkErrors(req, res, function () { checkErrors(req, res, function () {
if (res.locals.video.isOwned() === false) { checkVideoExists(req.params.id, res, function () {
return res.status(403).send('Cannot update video of another pod') // We need to make additional checks
} if (res.locals.video.isOwned() === false) {
return res.status(403).send('Cannot update video of another pod')
}
if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
return res.status(403).send('Cannot update video of another user') return res.status(403).send('Cannot update video of another user')
} }
checkVideoExists(req.params.id, res, next) next()
})
}) })
} }