aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/videos.js7
-rw-r--r--server/middlewares/admin.js3
-rw-r--r--server/middlewares/validators/videos.js30
-rw-r--r--server/models/video.js1
4 files changed, 20 insertions, 21 deletions
diff --git a/server/controllers/api/videos.js b/server/controllers/api/videos.js
index 1f7d30eef..0be7d9d83 100644
--- a/server/controllers/api/videos.js
+++ b/server/controllers/api/videos.js
@@ -635,10 +635,11 @@ function reportVideoAbuse (req, res, finalCallback) {
635function addVideoToBlacklist (req, res, next) { 635function addVideoToBlacklist (req, res, next) {
636 const videoInstance = res.locals.video 636 const videoInstance = res.locals.video
637 637
638 db.BlacklistedVideo.create({ 638 const toCreate = {
639 videoId: videoInstance.id 639 videoId: videoInstance.id
640 }) 640 }
641 .asCallback(function (err) { 641
642 db.BlacklistedVideo.create(toCreate).asCallback(function (err) {
642 if (err) { 643 if (err) {
643 logger.error('Errors when blacklisting video ', { error: err }) 644 logger.error('Errors when blacklisting video ', { error: err })
644 return next(err) 645 return next(err)
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js
index e6d9dc887..3288f4c6b 100644
--- a/server/middlewares/admin.js
+++ b/server/middlewares/admin.js
@@ -1,6 +1,5 @@
1'use strict' 1'use strict'
2 2
3const constants = require('../initializers/constants')
4const logger = require('../helpers/logger') 3const logger = require('../helpers/logger')
5 4
6const adminMiddleware = { 5const adminMiddleware = {
@@ -9,7 +8,7 @@ const adminMiddleware = {
9 8
10function ensureIsAdmin (req, res, next) { 9function ensureIsAdmin (req, res, next) {
11 const user = res.locals.oauth.token.user 10 const user = res.locals.oauth.token.user
12 if (user.role !== constants.USER_ROLES.ADMIN) { 11 if (user.isAdmin() === false) {
13 logger.info('A non admin user is trying to access to an admin content.') 12 logger.info('A non admin user is trying to access to an admin content.')
14 return res.sendStatus(403) 13 return res.sendStatus(403)
15 } 14 }
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 86a7e39ae..f18ca1597 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -137,6 +137,18 @@ function videoRate (req, res, next) {
137 }) 137 })
138} 138}
139 139
140function videosBlacklist (req, res, next) {
141 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
142
143 logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
144
145 checkErrors(req, res, function () {
146 checkVideoExists(req.params.id, res, function () {
147 checkVideoIsBlacklistable(req, res, next)
148 })
149 })
150}
151
140// --------------------------------------------------------------------------- 152// ---------------------------------------------------------------------------
141 153
142module.exports = validatorsVideos 154module.exports = validatorsVideos
@@ -166,8 +178,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
166 } 178 }
167 179
168 // Check if the user can delete the video 180 // Check if the user can delete the video
169 // The user can delete it if s/he an admin 181 // The user can delete it if s/he is an admin
170 // Or if s/he is the video's author 182 // Or if s/he is the video's author
171 if (user.isAdmin() === false) { 183 if (user.isAdmin() === false) {
172 if (res.locals.video.isOwned() === false) { 184 if (res.locals.video.isOwned() === false) {
173 return res.status(403).send('Cannot remove video of another pod') 185 return res.status(403).send('Cannot remove video of another pod')
@@ -185,20 +197,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
185 197
186function checkVideoIsBlacklistable (req, res, callback) { 198function checkVideoIsBlacklistable (req, res, callback) {
187 if (res.locals.video.isOwned() === true) { 199 if (res.locals.video.isOwned() === true) {
188 return res.status(403).send('Cannot blacklist a local video') 200 return res.status(403).send('Cannot blacklist a local video')
189 } 201 }
190 202
191 callback() 203 callback()
192} 204}
193
194function videosBlacklist (req, res, next) {
195 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
196
197 logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
198
199 checkErrors(req, res, function () {
200 checkVideoExists(req.params.id, res, function() {
201 checkVideoIsBlacklistable(req, res, next)
202 })
203 })
204}
diff --git a/server/models/video.js b/server/models/video.js
index 1addfa682..0eef4114c 100644
--- a/server/models/video.js
+++ b/server/models/video.js
@@ -770,7 +770,6 @@ function removeFromBlacklist (video, callback) {
770 // If an error occured, stop here 770 // If an error occured, stop here
771 if (err) { 771 if (err) {
772 logger.error('Error when fetching video from blacklist.', { error: err }) 772 logger.error('Error when fetching video from blacklist.', { error: err })
773
774 return callback(err) 773 return callback(err)
775 } 774 }
776 775