4 files changed, 20 insertions, 21 deletions
diff --git a/server/controllers/api/videos.js b/server/controllers/api/videos.js
index 1f7d30eef..0be7d9d83 100644
--- a/server/controllers/api/videos.js
+++ b/server/controllers/api/videos.js
@@ -635,10 +635,11 @@ function reportVideoAbuse (req, res, finalCallback) {
 function addVideoToBlacklist (req, res, next) {
  const videoInstance = res.locals.video
-  db.BlacklistedVideo.create({
+  const toCreate = {
    videoId: videoInstance.id
-  })
+  }
-  .asCallback(function (err) {
+  db.BlacklistedVideo.create(toCreate).asCallback(function (err) {
    if (err) {
      logger.error('Errors when blacklisting video ', { error: err })
      return next(err)
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js
index e6d9dc887..3288f4c6b 100644
--- a/server/middlewares/admin.js
+++ b/server/middlewares/admin.js
@@ -1,6 +1,5 @@
 'use strict'
-const constants = require('../initializers/constants')
 const logger = require('../helpers/logger')
 const adminMiddleware = {
@@ -9,7 +8,7 @@ const adminMiddleware = {
 function ensureIsAdmin (req, res, next) {
  const user = res.locals.oauth.token.user
-  if (user.role !== constants.USER_ROLES.ADMIN) {
+  if (user.isAdmin() === false) {
    logger.info('A non admin user is trying to access to an admin content.')
    return res.sendStatus(403)
  }
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 86a7e39ae..f18ca1597 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -137,6 +137,18 @@ function videoRate (req, res, next) {
  })
 }
+function videosBlacklist (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
+  logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
+  checkErrors(req, res, function () {
+    checkVideoExists(req.params.id, res, function () {
+      checkVideoIsBlacklistable(req, res, next)
+    })
+  })
+}
 // ---------------------------------------------------------------------------
 module.exports = validatorsVideos
@@ -166,8 +178,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
    }
    // Check if the user can delete the video
-    //  The user can delete it if s/he an admin
+    // The user can delete it if s/he is an admin
-    //  Or if s/he is the video's author
+    // Or if s/he is the video's author
    if (user.isAdmin() === false) {
      if (res.locals.video.isOwned() === false) {
        return res.status(403).send('Cannot remove video of another pod')
@@ -185,20 +197,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
 function checkVideoIsBlacklistable (req, res, callback) {
  if (res.locals.video.isOwned() === true) {
-        return res.status(403).send('Cannot blacklist a local video')
+    return res.status(403).send('Cannot blacklist a local video')
  }
  callback()
 }
-function videosBlacklist (req, res, next) {
-  req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
-  logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
-  checkErrors(req, res, function () {
-    checkVideoExists(req.params.id, res, function() {
-      checkVideoIsBlacklistable(req, res, next)
-    })
-  })
-}
diff --git a/server/models/video.js b/server/models/video.js
index 1addfa682..0eef4114c 100644
--- a/server/models/video.js
+++ b/server/models/video.js
@@ -770,7 +770,6 @@ function removeFromBlacklist (video, callback) {
    // If an error occured, stop here
    if (err) {
      logger.error('Error when fetching video from blacklist.', { error: err })
      return callback(err)
    }

diff --git a/server/controllers/api/videos.js b/server/controllers/api/videos.js index 1f7d30eef..0be7d9d83 100644 --- a/server/controllers/api/videos.js +++ b/server/controllers/api/videos.js
@@ -635,10 +635,11 @@ function reportVideoAbuse (req, res, finalCallback) {
635	function addVideoToBlacklist (req, res, next) {	635	function addVideoToBlacklist (req, res, next) {
636	const videoInstance = res.locals.video	636	const videoInstance = res.locals.video
637		637
638	db.BlacklistedVideo.create({	638	const toCreate = {
639	videoId: videoInstance.id	639	videoId: videoInstance.id
640	})	640	}
641	.asCallback(function (err) {	641
		642	db.BlacklistedVideo.create(toCreate).asCallback(function (err) {
642	if (err) {	643	if (err) {
643	logger.error('Errors when blacklisting video ', { error: err })	644	logger.error('Errors when blacklisting video ', { error: err })
644	return next(err)	645	return next(err)


diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js index e6d9dc887..3288f4c6b 100644 --- a/server/middlewares/admin.js +++ b/server/middlewares/admin.js
@@ -1,6 +1,5 @@
1	'use strict'	1	'use strict'
2		2
3	const constants = require('../initializers/constants')
4	const logger = require('../helpers/logger')	3	const logger = require('../helpers/logger')
5		4
6	const adminMiddleware = {	5	const adminMiddleware = {
@@ -9,7 +8,7 @@ const adminMiddleware = {
9		8
10	function ensureIsAdmin (req, res, next) {	9	function ensureIsAdmin (req, res, next) {
11	const user = res.locals.oauth.token.user	10	const user = res.locals.oauth.token.user
12	if (user.role !== constants.USER_ROLES.ADMIN) {	11	if (user.isAdmin() === false) {
13	logger.info('A non admin user is trying to access to an admin content.')	12	logger.info('A non admin user is trying to access to an admin content.')
14	return res.sendStatus(403)	13	return res.sendStatus(403)
15	}	14	}


diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 86a7e39ae..f18ca1597 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js
@@ -137,6 +137,18 @@ function videoRate (req, res, next) {
137	})	137	})
138	}	138	}
139		139
		140	function videosBlacklist (req, res, next) {
		141	req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
		142
		143	logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
		144
		145	checkErrors(req, res, function () {
		146	checkVideoExists(req.params.id, res, function () {
		147	checkVideoIsBlacklistable(req, res, next)
		148	})
		149	})
		150	}
		151
140	// ---------------------------------------------------------------------------	152	// ---------------------------------------------------------------------------
141		153
142	module.exports = validatorsVideos	154	module.exports = validatorsVideos
@@ -166,8 +178,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
166	}	178	}
167		179
168	// Check if the user can delete the video	180	// Check if the user can delete the video
169	// The user can delete it if s/he an admin	181	// The user can delete it if s/he is an admin
170	// Or if s/he is the video's author	182	// Or if s/he is the video's author
171	if (user.isAdmin() === false) {	183	if (user.isAdmin() === false) {
172	if (res.locals.video.isOwned() === false) {	184	if (res.locals.video.isOwned() === false) {
173	return res.status(403).send('Cannot remove video of another pod')	185	return res.status(403).send('Cannot remove video of another pod')
@@ -185,20 +197,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
185		197
186	function checkVideoIsBlacklistable (req, res, callback) {	198	function checkVideoIsBlacklistable (req, res, callback) {
187	if (res.locals.video.isOwned() === true) {	199	if (res.locals.video.isOwned() === true) {
188	return res.status(403).send('Cannot blacklist a local video')	200	return res.status(403).send('Cannot blacklist a local video')
189	}	201	}
190		202
191	callback()	203	callback()
192	}	204	}
193
194	function videosBlacklist (req, res, next) {
195	req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
196
197	logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
198
199	checkErrors(req, res, function () {
200	checkVideoExists(req.params.id, res, function() {
201	checkVideoIsBlacklistable(req, res, next)
202	})
203	})
204	}


diff --git a/server/models/video.js b/server/models/video.js index 1addfa682..0eef4114c 100644 --- a/server/models/video.js +++ b/server/models/video.js
@@ -770,7 +770,6 @@ function removeFromBlacklist (video, callback) {
770	// If an error occured, stop here	770	// If an error occured, stop here
771	if (err) {	771	if (err) {
772	logger.error('Error when fetching video from blacklist.', { error: err })	772	logger.error('Error when fetching video from blacklist.', { error: err })
773
774	return callback(err)	773	return callback(err)
775	}	774	}
776		775