X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=server%2Fcontrollers%2Fapi%2Fabuse.ts;h=d6211cc83e807a0c7591b61564f841c9fbf062ee;hb=cb0eda5602a21d1626a7face32de6153ed07b5f9;hp=50d068157a5734b84ab82d78c8e062ad1d77a8fd;hpb=edbc9325462ddf4536775871ebc25e06f46612d1;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/controllers/api/abuse.ts b/server/controllers/api/abuse.ts
index 50d068157..d6211cc83 100644
--- a/server/controllers/api/abuse.ts
+++ b/server/controllers/api/abuse.ts
@@ -1,9 +1,12 @@
-import * as express from 'express'
+import express from 'express'
+import { logger } from '@server/helpers/logger'
 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
+import { Notifier } from '@server/lib/notifier'
 import { AbuseModel } from '@server/models/abuse/abuse'
 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
 import { getServerActor } from '@server/models/application/application'
-import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
+import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
+import { AbuseCreate, AbuseState, HttpStatusCode, UserRight } from '@shared/models'
 import { getFormattedObjects } from '../../helpers/utils'
 import { sequelizeTypescript } from '../../initializers/database'
 import {
@@ -16,9 +19,11 @@ import {
   asyncMiddleware,
   asyncRetryTransactionMiddleware,
   authenticate,
+  checkAbuseValidForMessagesValidator,
   deleteAbuseMessageValidator,
   ensureUserHasRight,
   getAbuseValidator,
+  openapiOperationDoc,
   paginationValidator,
   setDefaultPagination,
   setDefaultSort
@@ -28,6 +33,7 @@ import { AccountModel } from '../../models/account/account'
 const abuseRouter = express.Router()
 
 abuseRouter.get('/',
+  openapiOperationDoc({ operationId: 'getAbuses' }),
   authenticate,
   ensureUserHasRight(UserRight.MANAGE_ABUSES),
   paginationValidator,
@@ -58,12 +64,14 @@ abuseRouter.delete('/:id',
 abuseRouter.get('/:id/messages',
   authenticate,
   asyncMiddleware(getAbuseValidator),
+  checkAbuseValidForMessagesValidator,
   asyncRetryTransactionMiddleware(listAbuseMessages)
 )
 
 abuseRouter.post('/:id/messages',
   authenticate,
   asyncMiddleware(getAbuseValidator),
+  checkAbuseValidForMessagesValidator,
   addAbuseMessageValidator,
   asyncRetryTransactionMiddleware(addAbuseMessage)
 )
@@ -71,6 +79,7 @@ abuseRouter.post('/:id/messages',
 abuseRouter.delete('/:id/messages/:messageId',
   authenticate,
   asyncMiddleware(getAbuseValidator),
+  checkAbuseValidForMessagesValidator,
   asyncMiddleware(deleteAbuseMessageValidator),
   asyncRetryTransactionMiddleware(deleteAbuseMessage)
 )
@@ -78,13 +87,7 @@ abuseRouter.delete('/:id/messages/:messageId',
 // ---------------------------------------------------------------------------
 
 export {
-  abuseRouter,
-
-  // FIXME: deprecated in 2.3. Remove these exports
-  listAbusesForAdmins,
-  updateAbuse,
-  deleteAbuse,
-  reportAbuse
+  abuseRouter
 }
 
 // ---------------------------------------------------------------------------
@@ -119,19 +122,28 @@ async function listAbusesForAdmins (req: express.Request, res: express.Response)
 
 async function updateAbuse (req: express.Request, res: express.Response) {
   const abuse = res.locals.abuse
+  let stateUpdated = false
 
   if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
-  if (req.body.state !== undefined) abuse.state = req.body.state
+
+  if (req.body.state !== undefined) {
+    abuse.state = req.body.state
+    stateUpdated = true
+  }
 
   await sequelizeTypescript.transaction(t => {
     return abuse.save({ transaction: t })
   })
 
-  // TODO: Notification
+  if (stateUpdated === true) {
+    AbuseModel.loadFull(abuse.id)
+      .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
+      .catch(err => logger.error('Cannot notify on abuse state change', { err }))
+  }
 
   // Do not send the delete to other instances, we updated OUR copy of this abuse
 
-  return res.type('json').status(204).end()
+  return res.status(HttpStatusCode.NO_CONTENT_204).end()
 }
 
 async function deleteAbuse (req: express.Request, res: express.Response) {
@@ -143,7 +155,7 @@ async function deleteAbuse (req: express.Request, res: express.Response) {
 
   // Do not send the delete to other instances, we delete OUR copy of this abuse
 
-  return res.type('json').status(204).end()
+  return res.status(HttpStatusCode.NO_CONTENT_204).end()
 }
 
 async function reportAbuse (req: express.Request, res: express.Response) {
@@ -154,7 +166,11 @@ async function reportAbuse (req: express.Request, res: express.Response) {
   const body: AbuseCreate = req.body
 
   const { id } = await sequelizeTypescript.transaction(async t => {
-    const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
+    const user = res.locals.oauth.token.User
+    // Don't send abuse notification if reporter is an admin/moderator
+    const skipNotification = user.hasRight(UserRight.MANAGE_ABUSES)
+
+    const reporterAccount = await AccountModel.load(user.Account.id, t)
     const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
 
     const baseAbuse = {
@@ -171,7 +187,8 @@ async function reportAbuse (req: express.Request, res: express.Response) {
         reporterAccount,
         transaction: t,
         startAt: body.video.startAt,
-        endAt: body.video.endAt
+        endAt: body.video.endAt,
+        skipNotification
       })
     }
 
@@ -180,7 +197,8 @@ async function reportAbuse (req: express.Request, res: express.Response) {
         baseAbuse,
         commentInstance,
         reporterAccount,
-        transaction: t
+        transaction: t,
+        skipNotification
       })
     }
 
@@ -189,7 +207,8 @@ async function reportAbuse (req: express.Request, res: express.Response) {
       baseAbuse,
       accountInstance,
       reporterAccount,
-      transaction: t
+      transaction: t,
+      skipNotification
     })
   })
 
@@ -215,7 +234,9 @@ async function addAbuseMessage (req: express.Request, res: express.Response) {
     abuseId: abuse.id
   })
 
-  // TODO: Notification
+  AbuseModel.loadFull(abuse.id)
+    .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
+    .catch(err => logger.error('Cannot notify on new abuse message', { err }))
 
   return res.json({
     abuseMessage: {
@@ -231,5 +252,5 @@ async function deleteAbuseMessage (req: express.Request, res: express.Response)
     return abuseMessage.destroy({ transaction: t })
   })
 
-  return res.sendStatus(204)
+  return res.status(HttpStatusCode.NO_CONTENT_204).end()
 }