5 files changed, 212 insertions, 21 deletions
diff --git a/server/controllers/api/videos.js b/server/controllers/api/videos.js
index 5e9ff482f..1f7d30eef 100644
--- a/server/controllers/api/videos.js
+++ b/server/controllers/api/videos.js
@@ -93,11 +93,13 @@ router.get('/:id',
  validatorsVideos.videosGet,
  getVideo
 )
 router.delete('/:id',
  oAuth.authenticate,
  validatorsVideos.videosRemove,
  removeVideo
 )
 router.get('/search/:value',
  validatorsVideos.videosSearch,
  validatorsPagination.pagination,
@@ -108,6 +110,13 @@ router.get('/search/:value',
  searchVideos
 )
+router.post('/:id/blacklist',
+  oAuth.authenticate,
+  admin.ensureIsAdmin,
+  validatorsVideos.videosBlacklist,
+  addVideoToBlacklist
+)
 // ---------------------------------------------------------------------------
 module.exports = router
@@ -622,3 +631,19 @@ function reportVideoAbuse (req, res, finalCallback) {
    return finalCallback(null)
  })
 }
+function addVideoToBlacklist (req, res, next) {
+  const videoInstance = res.locals.video
+  db.BlacklistedVideo.create({
+    videoId: videoInstance.id
+  })
+  .asCallback(function (err) {
+    if (err) {
+      logger.error('Errors when blacklisting video ', { error: err })
+      return next(err)
+    }
+    return res.type('json').status(204).end()
+  })
+}
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index c07825e50..86a7e39ae 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -15,7 +15,9 @@ const validatorsVideos = {
  videoAbuseReport,
-  videoRate
+  videoRate,
+  videosBlacklist
 }
 function videosAdd (req, res, next) {
@@ -95,15 +97,10 @@ function videosRemove (req, res, next) {
    checkVideoExists(req.params.id, res, function () {
      // We need to make additional checks
-      if (res.locals.video.isOwned() === false) {
+      // Check if the user who did the request is able to delete the video
-        return res.status(403).send('Cannot remove video of another pod')
+      checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, function () {
-      }
+        next()
+      })
-      if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
-        return res.status(403).send('Cannot remove video of another user')
-      }
-      next()
    })
  })
 }
@@ -159,3 +156,49 @@ function checkVideoExists (id, res, callback) {
    callback()
  })
 }
+function checkUserCanDeleteVideo (userId, res, callback) {
+  // Retrieve the user who did the request
+  db.User.loadById(userId, function (err, user) {
+    if (err) {
+      logger.error('Error in video request validator.', { error: err })
+      return res.sendStatus(500)
+    }
+    // Check if the user can delete the video
+    //  The user can delete it if s/he an admin
+    //  Or if s/he is the video's author
+    if (user.isAdmin() === false) {
+      if (res.locals.video.isOwned() === false) {
+        return res.status(403).send('Cannot remove video of another pod')
+      }
+      if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
+        return res.status(403).send('Cannot remove video of another user')
+      }
+    }
+    // If we reach this comment, we can delete the video
+    callback()
+  })
+}
+function checkVideoIsBlacklistable (req, res, callback) {
+  if (res.locals.video.isOwned() === true) {
+        return res.status(403).send('Cannot blacklist a local video')
+  }
+  callback()
+}
+function videosBlacklist (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
+  logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
+  checkErrors(req, res, function () {
+    checkVideoExists(req.params.id, res, function() {
+      checkVideoIsBlacklistable(req, res, next)
+    })
+  })
+}
diff --git a/server/models/user.js b/server/models/user.js
index e64bab8ab..8f9c2bf65 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -79,7 +79,8 @@ module.exports = function (sequelize, DataTypes) {
      },
      instanceMethods: {
        isPasswordMatch,
-        toFormatedJSON
+        toFormatedJSON,
+        isAdmin
      },
      hooks: {
        beforeCreate: beforeCreateOrUpdate,
@@ -117,6 +118,11 @@ function toFormatedJSON () {
    createdAt: this.createdAt
  }
 }
+function isAdmin () {
+  return this.role === constants.USER_ROLES.ADMIN
+}
 // ------------------------------ STATICS ------------------------------
 function associate (models) {
diff --git a/server/models/video-blacklist.js b/server/models/video-blacklist.js
new file mode 100644
index 000000000..02ea15760
--- /dev/null
+++ b/server/models/video-blacklist.js
@@ -0,0 +1,89 @@
+'use strict'
+const modelUtils = require('./utils')
+// ---------------------------------------------------------------------------
+module.exports = function (sequelize, DataTypes) {
+  const BlacklistedVideo = sequelize.define('BlacklistedVideo',
+    {},
+    {
+      indexes: [
+        {
+          fields: [ 'videoId' ],
+          unique: true
+        }
+      ],
+      classMethods: {
+        associate,
+        countTotal,
+        list,
+        listForApi,
+        loadById,
+        loadByVideoId
+      },
+      instanceMethods: {
+        toFormatedJSON
+      },
+      hooks: {}
+    }
+  )
+  return BlacklistedVideo
+}
+// ------------------------------ METHODS ------------------------------
+function toFormatedJSON () {
+  return {
+    id: this.id,
+    videoId: this.videoId,
+    createdAt: this.createdAt
+  }
+}
+// ------------------------------ STATICS ------------------------------
+function associate (models) {
+  this.belongsTo(models.Video, {
+    foreignKey: 'videoId',
+    onDelete: 'cascade'
+  })
+}
+function countTotal (callback) {
+  return this.count().asCallback(callback)
+}
+function list (callback) {
+  return this.findAll().asCallback(callback)
+}
+function listForApi (start, count, sort, callback) {
+  const query = {
+    offset: start,
+    limit: count,
+    order: [ modelUtils.getSort(sort) ]
+  }
+  return this.findAndCountAll(query).asCallback(function (err, result) {
+    if (err) return callback(err)
+    return callback(null, result.rows, result.count)
+  })
+}
+function loadById (id, callback) {
+  return this.findById(id).asCallback(callback)
+}
+function loadByVideoId (id, callback) {
+  const query = {
+    where: {
+      videoId: id
+    }
+  }
+  return this.find(query).asCallback(callback)
+}
diff --git a/server/models/video.js b/server/models/video.js
index 39eb28ed9..1addfa682 100644
--- a/server/models/video.js
+++ b/server/models/video.js
@@ -16,6 +16,7 @@ const logger = require('../helpers/logger')
 const friends = require('../lib/friends')
 const modelUtils = require('./utils')
 const customVideosValidators = require('../helpers/custom-validators').videos
+const db = require('../initializers/database')
 // ---------------------------------------------------------------------------
@@ -201,7 +202,8 @@ module.exports = function (sequelize, DataTypes) {
        isOwned,
        toFormatedJSON,
        toAddRemoteJSON,
-        toUpdateRemoteJSON
+        toUpdateRemoteJSON,
+        removeFromBlacklist
      },
      hooks: {
        beforeValidate,
@@ -528,6 +530,7 @@ function list (callback) {
 }
 function listForApi (start, count, sort, callback) {
+  // Exclude Blakclisted videos from the list
  const query = {
    offset: start,
    limit: count,
@@ -540,7 +543,12 @@ function listForApi (start, count, sort, callback) {
      },
      this.sequelize.models.Tag
-    ]
+    ],
+    where: {
+      id: { $notIn: this.sequelize.literal(
+        '(SELECT "BlacklistedVideos"."videoId" FROM "BlacklistedVideos")'
+      )}
+    }
  }
  return this.findAndCountAll(query).asCallback(function (err, result) {
@@ -648,7 +656,11 @@ function searchAndPopulateAuthorAndPodAndTags (value, field, start, count, sort,
  }
  const query = {
-    where: {},
+    where: {
+      id: { $notIn: this.sequelize.literal(
+        '(SELECT "BlacklistedVideos"."videoId" FROM "BlacklistedVideos")'
+      )}
+    },
    offset: start,
    limit: count,
    distinct: true, // For the count, a video can have many tags
@@ -661,13 +673,9 @@ function searchAndPopulateAuthorAndPodAndTags (value, field, start, count, sort,
    query.where.infoHash = infoHash
  } else if (field === 'tags') {
    const escapedValue = this.sequelize.escape('%' + value + '%')
-    query.where = {
+    query.where.id.$in = this.sequelize.literal(
-      id: {
+      '(SELECT "VideoTags"."videoId" FROM "Tags" INNER JOIN "VideoTags" ON "Tags"."id" = "VideoTags"."tagId" WHERE name LIKE ' + escapedValue + ')'
-        $in: this.sequelize.literal(
+    )
-          '(SELECT "VideoTags"."videoId" FROM "Tags" INNER JOIN "VideoTags" ON "Tags"."id" = "VideoTags"."tagId" WHERE name LIKE ' + escapedValue + ')'
-        )
-      }
-    }
  } else if (field === 'host') {
    // FIXME: Include our pod? (not stored in the database)
    podInclude.where = {
@@ -755,3 +763,23 @@ function generateImage (video, videoPath, folder, imageName, size, callback) {
    })
    .thumbnail(options)
 }
+function removeFromBlacklist (video, callback) {
+  // Find the blacklisted video
+  db.BlacklistedVideo.loadByVideoId(video.id, function (err, video) {
+    // If an error occured, stop here
+    if (err) {
+      logger.error('Error when fetching video from blacklist.', { error: err })
+      return callback(err)
+    }
+    // If we found the video, remove it from the blacklist
+    if (video) {
+      video.destroy().asCallback(callback)
+    } else {
+      // If haven't found it, simply ignore it and do nothing
+      return callback()
+    }
+  })
+}

diff --git a/server/controllers/api/videos.js b/server/controllers/api/videos.js index 5e9ff482f..1f7d30eef 100644 --- a/server/controllers/api/videos.js +++ b/server/controllers/api/videos.js
@@ -93,11 +93,13 @@ router.get('/:id',
93	validatorsVideos.videosGet,	93	validatorsVideos.videosGet,
94	getVideo	94	getVideo
95	)	95	)
		96
96	router.delete('/:id',	97	router.delete('/:id',
97	oAuth.authenticate,	98	oAuth.authenticate,
98	validatorsVideos.videosRemove,	99	validatorsVideos.videosRemove,
99	removeVideo	100	removeVideo
100	)	101	)
		102
101	router.get('/search/:value',	103	router.get('/search/:value',
102	validatorsVideos.videosSearch,	104	validatorsVideos.videosSearch,
103	validatorsPagination.pagination,	105	validatorsPagination.pagination,
@@ -108,6 +110,13 @@ router.get('/search/:value',
108	searchVideos	110	searchVideos
109	)	111	)
110		112
		113	router.post('/:id/blacklist',
		114	oAuth.authenticate,
		115	admin.ensureIsAdmin,
		116	validatorsVideos.videosBlacklist,
		117	addVideoToBlacklist
		118	)
		119
111	// ---------------------------------------------------------------------------	120	// ---------------------------------------------------------------------------
112		121
113	module.exports = router	122	module.exports = router
@@ -622,3 +631,19 @@ function reportVideoAbuse (req, res, finalCallback) {
622	return finalCallback(null)	631	return finalCallback(null)
623	})	632	})
624	}	633	}
		634
		635	function addVideoToBlacklist (req, res, next) {
		636	const videoInstance = res.locals.video
		637
		638	db.BlacklistedVideo.create({
		639	videoId: videoInstance.id
		640	})
		641	.asCallback(function (err) {
		642	if (err) {
		643	logger.error('Errors when blacklisting video ', { error: err })
		644	return next(err)
		645	}
		646
		647	return res.type('json').status(204).end()
		648	})
		649	}


diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index c07825e50..86a7e39ae 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js
@@ -15,7 +15,9 @@ const validatorsVideos = {
15		15
16	videoAbuseReport,	16	videoAbuseReport,
17		17
18	videoRate	18	videoRate,
		19
		20	videosBlacklist
19	}	21	}
20		22
21	function videosAdd (req, res, next) {	23	function videosAdd (req, res, next) {
@@ -95,15 +97,10 @@ function videosRemove (req, res, next) {
95	checkVideoExists(req.params.id, res, function () {	97	checkVideoExists(req.params.id, res, function () {
96	// We need to make additional checks	98	// We need to make additional checks
97		99
98	if (res.locals.video.isOwned() === false) {	100	// Check if the user who did the request is able to delete the video
99	return res.status(403).send('Cannot remove video of another pod')	101	checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, function () {
100	}	102	next()
101		103	})
102	if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
103	return res.status(403).send('Cannot remove video of another user')
104	}
105
106	next()
107	})	104	})
108	})	105	})
109	}	106	}
@@ -159,3 +156,49 @@ function checkVideoExists (id, res, callback) {
159	callback()	156	callback()
160	})	157	})
161	}	158	}
		159
		160	function checkUserCanDeleteVideo (userId, res, callback) {
		161	// Retrieve the user who did the request
		162	db.User.loadById(userId, function (err, user) {
		163	if (err) {
		164	logger.error('Error in video request validator.', { error: err })
		165	return res.sendStatus(500)
		166	}
		167
		168	// Check if the user can delete the video
		169	// The user can delete it if s/he an admin
		170	// Or if s/he is the video's author
		171	if (user.isAdmin() === false) {
		172	if (res.locals.video.isOwned() === false) {
		173	return res.status(403).send('Cannot remove video of another pod')
		174	}
		175
		176	if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
		177	return res.status(403).send('Cannot remove video of another user')
		178	}
		179	}
		180
		181	// If we reach this comment, we can delete the video
		182	callback()
		183	})
		184	}
		185
		186	function checkVideoIsBlacklistable (req, res, callback) {
		187	if (res.locals.video.isOwned() === true) {
		188	return res.status(403).send('Cannot blacklist a local video')
		189	}
		190
		191	callback()
		192	}
		193
		194	function videosBlacklist (req, res, next) {
		195	req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
		196
		197	logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
		198
		199	checkErrors(req, res, function () {
		200	checkVideoExists(req.params.id, res, function() {
		201	checkVideoIsBlacklistable(req, res, next)
		202	})
		203	})
		204	}


diff --git a/server/models/user.js b/server/models/user.js index e64bab8ab..8f9c2bf65 100644 --- a/server/models/user.js +++ b/server/models/user.js
@@ -79,7 +79,8 @@ module.exports = function (sequelize, DataTypes) {
79	},	79	},
80	instanceMethods: {	80	instanceMethods: {
81	isPasswordMatch,	81	isPasswordMatch,
82	toFormatedJSON	82	toFormatedJSON,
		83	isAdmin
83	},	84	},
84	hooks: {	85	hooks: {
85	beforeCreate: beforeCreateOrUpdate,	86	beforeCreate: beforeCreateOrUpdate,
@@ -117,6 +118,11 @@ function toFormatedJSON () {
117	createdAt: this.createdAt	118	createdAt: this.createdAt
118	}	119	}
119	}	120	}
		121
		122	function isAdmin () {
		123	return this.role === constants.USER_ROLES.ADMIN
		124	}
		125
120	// ------------------------------ STATICS ------------------------------	126	// ------------------------------ STATICS ------------------------------
121		127
122	function associate (models) {	128	function associate (models) {


diff --git a/server/models/video-blacklist.js b/server/models/video-blacklist.js new file mode 100644 index 000000000..02ea15760 --- /dev/null +++ b/server/models/video-blacklist.js
@@ -0,0 +1,89 @@
		1	'use strict'
		2
		3	const modelUtils = require('./utils')
		4
		5	// ---------------------------------------------------------------------------
		6
		7	module.exports = function (sequelize, DataTypes) {
		8	const BlacklistedVideo = sequelize.define('BlacklistedVideo',
		9	{},
		10	{
		11	indexes: [
		12	{
		13	fields: [ 'videoId' ],
		14	unique: true
		15	}
		16	],
		17	classMethods: {
		18	associate,
		19
		20	countTotal,
		21	list,
		22	listForApi,
		23	loadById,
		24	loadByVideoId
		25	},
		26	instanceMethods: {
		27	toFormatedJSON
		28	},
		29	hooks: {}
		30	}
		31	)
		32
		33	return BlacklistedVideo
		34	}
		35
		36	// ------------------------------ METHODS ------------------------------
		37
		38	function toFormatedJSON () {
		39	return {
		40	id: this.id,
		41	videoId: this.videoId,
		42	createdAt: this.createdAt
		43	}
		44	}
		45
		46	// ------------------------------ STATICS ------------------------------
		47
		48	function associate (models) {
		49	this.belongsTo(models.Video, {
		50	foreignKey: 'videoId',
		51	onDelete: 'cascade'
		52	})
		53	}
		54
		55	function countTotal (callback) {
		56	return this.count().asCallback(callback)
		57	}
		58
		59	function list (callback) {
		60	return this.findAll().asCallback(callback)
		61	}
		62
		63	function listForApi (start, count, sort, callback) {
		64	const query = {
		65	offset: start,
		66	limit: count,
		67	order: [ modelUtils.getSort(sort) ]
		68	}
		69
		70	return this.findAndCountAll(query).asCallback(function (err, result) {
		71	if (err) return callback(err)
		72
		73	return callback(null, result.rows, result.count)
		74	})
		75	}
		76
		77	function loadById (id, callback) {
		78	return this.findById(id).asCallback(callback)
		79	}
		80
		81	function loadByVideoId (id, callback) {
		82	const query = {
		83	where: {
		84	videoId: id
		85	}
		86	}
		87
		88	return this.find(query).asCallback(callback)
		89	}


diff --git a/server/models/video.js b/server/models/video.js index 39eb28ed9..1addfa682 100644 --- a/server/models/video.js +++ b/server/models/video.js
@@ -16,6 +16,7 @@ const logger = require('../helpers/logger')
16	const friends = require('../lib/friends')	16	const friends = require('../lib/friends')
17	const modelUtils = require('./utils')	17	const modelUtils = require('./utils')
18	const customVideosValidators = require('../helpers/custom-validators').videos	18	const customVideosValidators = require('../helpers/custom-validators').videos
		19	const db = require('../initializers/database')
19		20
20	// ---------------------------------------------------------------------------	21	// ---------------------------------------------------------------------------
21		22
@@ -201,7 +202,8 @@ module.exports = function (sequelize, DataTypes) {
201	isOwned,	202	isOwned,
202	toFormatedJSON,	203	toFormatedJSON,
203	toAddRemoteJSON,	204	toAddRemoteJSON,
204	toUpdateRemoteJSON	205	toUpdateRemoteJSON,
		206	removeFromBlacklist
205	},	207	},
206	hooks: {	208	hooks: {
207	beforeValidate,	209	beforeValidate,
@@ -528,6 +530,7 @@ function list (callback) {
528	}	530	}
529		531
530	function listForApi (start, count, sort, callback) {	532	function listForApi (start, count, sort, callback) {
		533	// Exclude Blakclisted videos from the list
531	const query = {	534	const query = {
532	offset: start,	535	offset: start,
533	limit: count,	536	limit: count,
@@ -540,7 +543,12 @@ function listForApi (start, count, sort, callback) {
540	},	543	},
541		544
542	this.sequelize.models.Tag	545	this.sequelize.models.Tag
543	]	546	],
		547	where: {
		548	id: { $notIn: this.sequelize.literal(
		549	'(SELECT "BlacklistedVideos"."videoId" FROM "BlacklistedVideos")'
		550	)}
		551	}
544	}	552	}
545		553
546	return this.findAndCountAll(query).asCallback(function (err, result) {	554	return this.findAndCountAll(query).asCallback(function (err, result) {
@@ -648,7 +656,11 @@ function searchAndPopulateAuthorAndPodAndTags (value, field, start, count, sort,
648	}	656	}
649		657
650	const query = {	658	const query = {
651	where: {},	659	where: {
		660	id: { $notIn: this.sequelize.literal(
		661	'(SELECT "BlacklistedVideos"."videoId" FROM "BlacklistedVideos")'
		662	)}
		663	},
652	offset: start,	664	offset: start,
653	limit: count,	665	limit: count,
654	distinct: true, // For the count, a video can have many tags	666	distinct: true, // For the count, a video can have many tags
@@ -661,13 +673,9 @@ function searchAndPopulateAuthorAndPodAndTags (value, field, start, count, sort,
661	query.where.infoHash = infoHash	673	query.where.infoHash = infoHash
662	} else if (field === 'tags') {	674	} else if (field === 'tags') {
663	const escapedValue = this.sequelize.escape('%' + value + '%')	675	const escapedValue = this.sequelize.escape('%' + value + '%')
664	query.where = {	676	query.where.id.$in = this.sequelize.literal(
665	id: {	677	'(SELECT "VideoTags"."videoId" FROM "Tags" INNER JOIN "VideoTags" ON "Tags"."id" = "VideoTags"."tagId" WHERE name LIKE ' + escapedValue + ')'
666	$in: this.sequelize.literal(	678	)
667	'(SELECT "VideoTags"."videoId" FROM "Tags" INNER JOIN "VideoTags" ON "Tags"."id" = "VideoTags"."tagId" WHERE name LIKE ' + escapedValue + ')'
668	)
669	}
670	}
671	} else if (field === 'host') {	679	} else if (field === 'host') {
672	// FIXME: Include our pod? (not stored in the database)	680	// FIXME: Include our pod? (not stored in the database)
673	podInclude.where = {	681	podInclude.where = {
@@ -755,3 +763,23 @@ function generateImage (video, videoPath, folder, imageName, size, callback) {
755	})	763	})
756	.thumbnail(options)	764	.thumbnail(options)
757	}	765	}
		766
		767	function removeFromBlacklist (video, callback) {
		768	// Find the blacklisted video
		769	db.BlacklistedVideo.loadByVideoId(video.id, function (err, video) {
		770	// If an error occured, stop here
		771	if (err) {
		772	logger.error('Error when fetching video from blacklist.', { error: err })
		773
		774	return callback(err)
		775	}
		776
		777	// If we found the video, remove it from the blacklist
		778	if (video) {
		779	video.destroy().asCallback(callback)
		780	} else {
		781	// If haven't found it, simply ignore it and do nothing
		782	return callback()
		783	}
		784	})
		785	}