1 files changed, 48 insertions, 0 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 3d2586c3a..8f429d0b5 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -32,6 +32,7 @@ import {
 import {
  deleteMeValidator,
  usersAskResetPasswordValidator,
+  usersBlockingValidator,
  usersResetPasswordValidator,
  videoImportsSortValidator,
  videosSortValidator
@@ -108,6 +109,19 @@ usersRouter.get('/',
  asyncMiddleware(listUsers)
 )
+usersRouter.post('/:id/block',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_USERS),
+  asyncMiddleware(usersBlockingValidator),
+  asyncMiddleware(blockUser)
+)
+usersRouter.post('/:id/unblock',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_USERS),
+  asyncMiddleware(usersBlockingValidator),
+  asyncMiddleware(unblockUser)
+)
 usersRouter.get('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
@@ -278,6 +292,22 @@ async function getUserVideoQuotaUsed (req: express.Request, res: express.Respons
  return res.json(data)
 }
+async function unblockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const user: UserModel = res.locals.user
+  await changeUserBlock(res, user, false)
+  return res.status(204).end()
+}
+async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const user: UserModel = res.locals.user
+  await changeUserBlock(res, user, true)
+  return res.status(204).end()
+}
 function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
  return res.json((res.locals.user as UserModel).toFormattedJSON())
 }
@@ -423,3 +453,21 @@ async function resetUserPassword (req: express.Request, res: express.Response, n
 function success (req: express.Request, res: express.Response, next: express.NextFunction) {
  res.end()
 }
+async function changeUserBlock (res: express.Response, user: UserModel, block: boolean) {
+  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
+  user.blocked = block
+  await sequelizeTypescript.transaction(async t => {
+    await OAuthTokenModel.deleteUserToken(user.id, t)
+    await user.save({ transaction: t })
+  })
+  auditLogger.update(
+    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+    new UserAuditView(user.toFormattedJSON()),
+    oldUserAuditView
+  )
+}

diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 3d2586c3a..8f429d0b5 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts
@@ -32,6 +32,7 @@ import {
32	import {	32	import {
33	deleteMeValidator,	33	deleteMeValidator,
34	usersAskResetPasswordValidator,	34	usersAskResetPasswordValidator,
		35	usersBlockingValidator,
35	usersResetPasswordValidator,	36	usersResetPasswordValidator,
36	videoImportsSortValidator,	37	videoImportsSortValidator,
37	videosSortValidator	38	videosSortValidator
@@ -108,6 +109,19 @@ usersRouter.get('/',
108	asyncMiddleware(listUsers)	109	asyncMiddleware(listUsers)
109	)	110	)
110		111
		112	usersRouter.post('/:id/block',
		113	authenticate,
		114	ensureUserHasRight(UserRight.MANAGE_USERS),
		115	asyncMiddleware(usersBlockingValidator),
		116	asyncMiddleware(blockUser)
		117	)
		118	usersRouter.post('/:id/unblock',
		119	authenticate,
		120	ensureUserHasRight(UserRight.MANAGE_USERS),
		121	asyncMiddleware(usersBlockingValidator),
		122	asyncMiddleware(unblockUser)
		123	)
		124
111	usersRouter.get('/:id',	125	usersRouter.get('/:id',
112	authenticate,	126	authenticate,
113	ensureUserHasRight(UserRight.MANAGE_USERS),	127	ensureUserHasRight(UserRight.MANAGE_USERS),
@@ -278,6 +292,22 @@ async function getUserVideoQuotaUsed (req: express.Request, res: express.Respons
278	return res.json(data)	292	return res.json(data)
279	}	293	}
280		294
		295	async function unblockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
		296	const user: UserModel = res.locals.user
		297
		298	await changeUserBlock(res, user, false)
		299
		300	return res.status(204).end()
		301	}
		302
		303	async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
		304	const user: UserModel = res.locals.user
		305
		306	await changeUserBlock(res, user, true)
		307
		308	return res.status(204).end()
		309	}
		310
281	function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {	311	function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
282	return res.json((res.locals.user as UserModel).toFormattedJSON())	312	return res.json((res.locals.user as UserModel).toFormattedJSON())
283	}	313	}
@@ -423,3 +453,21 @@ async function resetUserPassword (req: express.Request, res: express.Response, n
423	function success (req: express.Request, res: express.Response, next: express.NextFunction) {	453	function success (req: express.Request, res: express.Response, next: express.NextFunction) {
424	res.end()	454	res.end()
425	}	455	}
		456
		457	async function changeUserBlock (res: express.Response, user: UserModel, block: boolean) {
		458	const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
		459
		460	user.blocked = block
		461
		462	await sequelizeTypescript.transaction(async t => {
		463	await OAuthTokenModel.deleteUserToken(user.id, t)
		464
		465	await user.save({ transaction: t })
		466	})
		467
		468	auditLogger.update(
		469	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
		470	new UserAuditView(user.toFormattedJSON()),
		471	oldUserAuditView
		472	)
		473	}