Fix video channel update with an admin account

2024-11-10 12:26:35 +03:00 · 2018-05-16 11:33:11 +02:00 · 2018-05-16 11:33:11 +02:00 · 6200d8d917
commit 6200d8d917
parent a14d3b6b23
6 changed files with 38 additions and 16 deletions
--- a/client/src/app/videos/+video-edit/video-add.component.ts
+++ b/client/src/app/videos/+video-edit/video-add.component.ts
@ -219,7 +219,6 @@ export class VideoAddComponent extends FormReactive implements OnInit, OnDestroy

    const video = new VideoEdit()
    video.patch(this.form.value)
-    video.channelId = this.firstStepChannelId
    video.id = this.videoUploadedIds.id
    video.uuid = this.videoUploadedIds.uuid

--- a/client/src/app/videos/+video-edit/video-update.component.ts
+++ b/client/src/app/videos/+video-edit/video-update.component.ts
@ -11,7 +11,7 @@ import { FormReactive } from '../../shared'
 import { ValidatorMessage } from '../../shared/forms/form-validators/validator-message'
 import { VideoEdit } from '../../shared/video/video-edit.model'
 import { VideoService } from '../../shared/video/video.service'
-import { populateAsyncUserVideoChannels } from '@app/shared/misc/utils'
+import { VideoChannelService } from '@app/shared/video-channel/video-channel.service'

@Component({
  selector: 'my-videos-update',
@ -36,7 +36,8 @@ export class VideoUpdateComponent extends FormReactive implements OnInit {
    private serverService: ServerService,
    private videoService: VideoService,
    private authService: AuthService,
-    private loadingBar: LoadingBarService
+    private loadingBar: LoadingBarService,
+    private videoChannelService: VideoChannelService
  ) {
    super()
  }
@ -59,14 +60,21 @@ export class VideoUpdateComponent extends FormReactive implements OnInit {
            return this.videoService
                       .loadCompleteDescription(video.descriptionPath)
                       .pipe(map(description => Object.assign(video, { description })))
+          }),
+          switchMap(video => {
+            return this.videoChannelService
+                       .listAccountVideoChannels(video.account.id)
+                       .pipe(
+                         map(result => result.data),
+                         map(videoChannels => videoChannels.map(c => ({ id: c.id, label: c.displayName }))),
+                         map(videoChannels => ({ video, videoChannels }))
+                       )
          })
        )
        .subscribe(
-          video => {
+          ({ video, videoChannels }) => {
            this.video = new VideoEdit(video)
-
-            populateAsyncUserVideoChannels(this.authService, this.userVideoChannels)
-              .catch(err => console.error(err))
+            this.userVideoChannels = videoChannels

            // We cannot set private a video that was not private
            if (video.privacy.id !== VideoPrivacy.PRIVATE) {
--- a/server/controllers/api/videos/index.ts
+++ b/server/controllers/api/videos/index.ts
@ -341,7 +341,7 @@ async function updateVideo (req: express.Request, res: express.Response) {

      // Video channel update?
      if (res.locals.videoChannel && videoInstanceUpdated.channelId !== res.locals.videoChannel.id) {
-        await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel)
+        await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t })
        videoInstance.VideoChannel = res.locals.videoChannel

        if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t)
--- a/server/helpers/custom-validators/videos.ts
+++ b/server/helpers/custom-validators/videos.ts
@ -3,7 +3,7 @@ import 'express-validator'
 import { values } from 'lodash'
 import 'multer'
 import * as validator from 'validator'
-import { VideoRateType } from '../../../shared'
+import { UserRight, VideoRateType } from '../../../shared'
 import {
  CONSTRAINTS_FIELDS,
  VIDEO_CATEGORIES,
@ -15,6 +15,7 @@ import {
 import { VideoModel } from '../../models/video/video'
 import { exists, isArray, isFileValid } from './misc'
 import { VideoChannelModel } from '../../models/video/video-channel'
+import { UserModel } from '../../models/account/user'

 const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS
 const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
@ -127,8 +128,22 @@ async function isVideoExist (id: string, res: Response) {
  return true
 }

-async function isVideoChannelOfAccountExist (channelId: number, accountId: number, res: Response) {
-  const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, accountId)
+async function isVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
+  if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
+    const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
+    if (!videoChannel) {
+      res.status(400)
+         .json({ error: 'Unknown video video channel on this instance.' })
+         .end()
+
+      return false
+    }
+
+    res.locals.videoChannel = videoChannel
+    return true
+  }
+
+  const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
  if (!videoChannel) {
    res.status(400)
       .json({ error: 'Unknown video video channel for this account.' })
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@ -90,7 +90,7 @@ const videosAddValidator = [
    const videoFile: Express.Multer.File = req.files['videofile'][0]
    const user = res.locals.oauth.token.User

-    if (!await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return
+    if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return

    const isAble = await user.isAbleToUploadVideo(videoFile)
    if (isAble === false) {
@ -193,7 +193,7 @@ const videosUpdateValidator = [
        .end()
    }

-    if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user.Account.id, res)) return
+    if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return

    return next()
  }
@ -332,7 +332,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
  // Retrieve the user who did the request
  if (video.isOwned() === false) {
    res.status(403)
-              .json({ error: 'Cannot remove video of another server, blacklist it' })
+              .json({ error: 'Cannot manage a video of another server.' })
              .end()
    return false
  }
@ -343,7 +343,7 @@ function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: Use
  const account = video.VideoChannel.Account
  if (user.hasRight(right) === false && account.userId !== user.id) {
    res.status(403)
-              .json({ error: 'Cannot remove video of another user' })
+              .json({ error: 'Cannot manage a video of another user.' })
              .end()
    return false
  }
--- a/server/tests/api/check-params/videos.ts
+++ b/server/tests/api/check-params/videos.ts
@ -280,7 +280,7 @@ describe('Test videos API validator', function () {
      const fields = immutableAssign(baseCorrectParams, { channelId: customChannelId })
      const attaches = baseCorrectAttaches

-      await makeUploadRequest({ url: server.url, path: path + '/upload', token: server.accessToken, fields, attaches })
+      await makeUploadRequest({ url: server.url, path: path + '/upload', token: userAccessToken, fields, attaches })
    })

    it('Should fail with too many tags', async function () {