Server: fix update right checks

diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 3d7c04b60323cda5d45352c58483c9ad2f8d85ef..4fe6dcd8b3e81cfbae3c5f7f47ca176d2f6419ec 100644 (file)
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -53,15 +53,18 @@ function videosUpdate (req, res, next) {
   logger.debug('Checking videosUpdate parameters', { parameters: req.body })
 
   checkErrors(req, res, function () {
-    if (res.locals.video.isOwned() === false) {
-      return res.status(403).send('Cannot update video of another pod')
-    }
+    checkVideoExists(req.params.id, res, function () {
+      // We need to make additional checks
+      if (res.locals.video.isOwned() === false) {
+        return res.status(403).send('Cannot update video of another pod')
+      }
 
-    if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
-      return res.status(403).send('Cannot update video of another user')
-    }
+      if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
+        return res.status(403).send('Cannot update video of another user')
+      }
 
-    checkVideoExists(req.params.id, res, next)
+      next()
+    })
   })
 }