Don't allow votes on locked videos

2024-11-10 09:07:47 +01:00 · 2020-12-16 22:53:49 -05:00 · 2020-12-16 22:53:49 -05:00 · cd373f4bca
commit cd373f4bca
parent 9797d7450c
2 changed files with 69 additions and 0 deletions
--- a/src/routes/voteOnSponsorTime.ts
+++ b/src/routes/voteOnSponsorTime.ts
@ -234,6 +234,18 @@ async function voteOnSponsorTime(req: Request, res: Response) {
    //check if user voting on own submission
    const isOwnSubmission = db.prepare("get", "SELECT UUID as submissionCount FROM sponsorTimes where userID = ? AND UUID = ?", [nonAnonUserID, UUID]) !== undefined;

+    
+    if (!isVIP) {
+        const isVideoLocked = !!db.prepare('get', 'SELECT noSegments.category from noSegments left join sponsorTimes' + 
+                                ' on (noSegments.videoID = sponsorTimes.videoID and noSegments.category = sponsorTimes.category)' + 
+                                    ' where UUID = ?', [UUID]);
+
+        if (isVideoLocked) {
+            res.status(403).send("Not allowed to vote on video that has been locked by a VIP.");
+            return;
+        }
+    }
+
    if (type === undefined && category !== undefined) {
        return categoryVote(UUID, nonAnonUserID, isVIP, category, hashedIP, res);
    }
--- a/test/cases/voteOnSponsorTime.ts
+++ b/test/cases/voteOnSponsorTime.ts
@ -41,6 +41,8 @@ describe('voteOnSponsorTime', () => {
        db.exec(startOfQuery + "('incorrect-category', 1, 11, 500, 'incorrect-category', '" + getHash('somebody-else-id') + "', 0, 50, 'sponsor', 0, '" + getHash('incorrect-category', 1) + "')");
        db.exec(startOfQuery + "('incorrect-category-change', 1, 11, 500, 'incorrect-category-change', '" + getHash('somebody-else-id') + "', 0, 50, 'sponsor', 0, '" + getHash('incorrect-category-change', 1) + "')");
        db.exec(startOfQuery + "('vote-testtesttest', 1, 11, 2, 'warnvote-uuid-0', 'testman', 0, 50, 'sponsor', 0, '" + getHash('vote-testtesttest', 1) + "')");
+        db.exec(startOfQuery + "('no-sponsor-segments-video', 1, 11, 2, 'no-sponsor-segments-uuid-0', 'no-sponsor-segments', 0, 50, 'sponsor', 0, '" + getHash('no-sponsor-segments-video', 1) + "')");
+        db.exec(startOfQuery + "('no-sponsor-segments-video', 1, 11, 2, 'no-sponsor-segments-uuid-1', 'no-sponsor-segments', 0, 50, 'intro', 0, '" + getHash('no-sponsor-segments-video', 1) + "')");

        db.exec(startOfWarningQuery + "('" + warnUser01Hash + "', '" + now + "', '" + warnVip01Hash + "')");
        db.exec(startOfWarningQuery + "('" + warnUser01Hash + "', '" + (now - 1000) + "', '" + warnVip01Hash + "')");
@ -54,6 +56,9 @@ describe('voteOnSponsorTime', () => {

        db.exec("INSERT INTO vipUsers (userID) VALUES ('" + getHash("VIPUser") + "')");
        privateDB.exec("INSERT INTO shadowBannedUsers (userID) VALUES ('" + getHash("randomID4") + "')");
+
+        db.exec("INSERT INTO noSegments (videoID, userID, category) VALUES ('no-sponsor-segments-video', 'someUser', 'sponsor')");
+
    });

    it('Should be able to upvote a segment', (done: Done) => {
@ -375,4 +380,56 @@ describe('voteOnSponsorTime', () => {
            });
    });

+    it('Non-VIP should not be able to vote on a segment with no-segments category', (done: Done) => {
+        request.get(getbaseURL()
+            + "/api/voteOnSponsorTime?userID=no-segments-voter&UUID=no-sponsor-segments-uuid-0&type=1", null,
+            (err, res) => {
+                if (err) done(err);
+                else if (res.statusCode === 403) {
+                    done();
+                } else {
+                    done("Status code was " + res.statusCode + " instead of 403");
+                }
+            });
+    });
+
+    it('Non-VIP should not be able to category vote on a segment with no-segments category', (done: Done) => {
+        request.get(getbaseURL()
+            + "/api/voteOnSponsorTime?userID=no-segments-voter&UUID=no-sponsor-segments-uuid-0&category=outro", null,
+            (err, res) => {
+                if (err) done(err);
+                else if (res.statusCode === 403) {
+                    done();
+                } else {
+                    done("Status code was " + res.statusCode + " instead of 403");
+                }
+            });
+    });
+
+    it('VIP should able to vote on a segment with no-segments category', (done: Done) => {
+        request.get(getbaseURL()
+            + "/api/voteOnSponsorTime?userID=VIPUser&UUID=no-sponsor-segments-uuid-0&type=1", null,
+            (err, res) => {
+                if (err) done(err);
+                else if (res.statusCode === 200) {
+                    done();
+                } else {
+                    done("Status code was " + res.statusCode + " instead of 200");
+                }
+            });
+    });
+
+    it('Non-VIP should be able to vote on a segment on a no-segments video with a category that doesn\'t have no-segments', (done: Done) => {
+        request.get(getbaseURL()
+            + "/api/voteOnSponsorTime?userID=no-segments-voter&UUID=no-sponsor-segments-uuid-1&type=1", null,
+            (err, res) => {
+                if (err) done(err);
+                else if (res.statusCode === 200) {
+                    done();
+                } else {
+                    done("Status code was " + res.statusCode + " instead of 200");
+                }
+            });
+    });
+
 });