fix: some playlist actions were missing checks to see if user was allowed to perform action

backend/logic/actions/playlists.js

@@ -846,7 +846,18 @@ export default {
 			[
 				next => {
 					if (!playlistId) return next("No playlist id.");
-					return playlistModel.findById(playlistId, next);
+					return next();
+				},
+
+				next => {
+					PlaylistsModule.runJob("GET_PLAYLIST", { playlistId }, this)
+						.then(playlist => {
+							if (!playlist || playlist.createdBy !== session.userId)
+								return next("Something went wrong when trying to get the playlist");
+
+							next(null, playlist);
+						})
+						.catch(next);
 				},
 
 				(playlist, next) => {
@@ -915,6 +926,17 @@ export default {
 					return next();
 				},
 
+				next => {
+					PlaylistsModule.runJob("GET_PLAYLIST", { playlistId }, this)
+						.then(playlist => {
+							if (!playlist || playlist.createdBy !== session.userId)
+								return next("Something went wrong when trying to get the playlist");
+
+							next();
+						})
+						.catch(next);
+				},
+
 				// remove song from playlist
 				next => {
 					playlistModel.updateOne(
@@ -1376,6 +1398,17 @@ export default {
 					return next();
 				},
 
+				next => {
+					PlaylistsModule.runJob("GET_PLAYLIST", { playlistId }, this)
+						.then(playlist => {
+							if (!playlist || playlist.createdBy !== session.userId)
+								return next("Something went wrong when trying to get the playlist");
+							
+							next();
+						})
+						.catch(next);
+				},
+
 				// remove song from playlist
 				next => playlistModel.updateOne({ _id: playlistId }, { $pull: { songs: { youtubeId } } }, next),