15 files changed, 463 insertions, 64 deletions
diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts
index 7782fc639..59bdf6257 100644
--- a/server/controllers/api/videos/abuse.ts
+++ b/server/controllers/api/videos/abuse.ts
@@ -1,5 +1,5 @@
 import * as express from 'express'
-import { UserRight, VideoAbuseCreate } from '../../../../shared'
+import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
 import { logger } from '../../../helpers/logger'
 import { getFormattedObjects } from '../../../helpers/utils'
 import { sequelizeTypescript } from '../../../initializers'
@@ -12,8 +12,10 @@ import {
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
+  videoAbuseGetValidator,
  videoAbuseReportValidator,
-  videoAbusesSortValidator
+  videoAbusesSortValidator,
+  videoAbuseUpdateValidator
 } from '../../../middlewares'
 import { AccountModel } from '../../../models/account/account'
 import { VideoModel } from '../../../models/video/video'
@@ -32,11 +34,23 @@ abuseVideoRouter.get('/abuse',
  setDefaultPagination,
  asyncMiddleware(listVideoAbuses)
 )
-abuseVideoRouter.post('/:id/abuse',
+abuseVideoRouter.put('/:videoId/abuse/:id',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+  asyncMiddleware(videoAbuseUpdateValidator),
+  asyncRetryTransactionMiddleware(updateVideoAbuse)
+)
+abuseVideoRouter.post('/:videoId/abuse',
  authenticate,
  asyncMiddleware(videoAbuseReportValidator),
  asyncRetryTransactionMiddleware(reportVideoAbuse)
 )
+abuseVideoRouter.delete('/:videoId/abuse/:id',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+  asyncMiddleware(videoAbuseGetValidator),
+  asyncRetryTransactionMiddleware(deleteVideoAbuse)
+)
 // ---------------------------------------------------------------------------
@@ -46,12 +60,39 @@ export {
 // ---------------------------------------------------------------------------
-async function listVideoAbuses (req: express.Request, res: express.Response, next: express.NextFunction) {
+async function listVideoAbuses (req: express.Request, res: express.Response) {
  const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
  return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
+async function updateVideoAbuse (req: express.Request, res: express.Response) {
+  const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
+  if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
+  if (req.body.state !== undefined) videoAbuse.state = req.body.state
+  await sequelizeTypescript.transaction(t => {
+    return videoAbuse.save({ transaction: t })
+  })
+  // Do not send the delete to other instances, we updated OUR copy of this video abuse
+  return res.type('json').status(204).end()
+}
+async function deleteVideoAbuse (req: express.Request, res: express.Response) {
+  const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
+  await sequelizeTypescript.transaction(t => {
+    return videoAbuse.destroy({ transaction: t })
+  })
+  // Do not send the delete to other instances, we delete OUR copy of this video abuse
+  return res.type('json').status(204).end()
+}
 async function reportVideoAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.video as VideoModel
  const reporterAccount = res.locals.oauth.token.User.Account as AccountModel
@@ -60,10 +101,11 @@ async function reportVideoAbuse (req: express.Request, res: express.Response) {
  const abuseToCreate = {
    reporterAccountId: reporterAccount.id,
    reason: body.reason,
-    videoId: videoInstance.id
+    videoId: videoInstance.id,
+    state: VideoAbuseState.PENDING
  }
-  await sequelizeTypescript.transaction(async t => {
+  const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
    const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
    videoAbuseInstance.Video = videoInstance
    videoAbuseInstance.Account = reporterAccount
@@ -74,8 +116,12 @@ async function reportVideoAbuse (req: express.Request, res: express.Response) {
    }
    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
-    logger.info('Abuse report for video %s created.', videoInstance.name)
+    return videoAbuseInstance
  })
-  return res.type('json').status(204).end()
+  logger.info('Abuse report for video %s created.', videoInstance.name)
+  return res.json({
+    videoAbuse: videoAbuse.toFormattedJSON()
+  }).end()
 }
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts
index b8075f3c7..702c09842 100644
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -3,7 +3,6 @@ import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers'
 import { peertubeTruncate } from '../../core-utils'
 import { exists, isBooleanValid, isDateValid, isUUIDValid } from '../misc'
 import {
-  isVideoAbuseReasonValid,
  isVideoDurationValid,
  isVideoNameValid,
  isVideoStateValid,
@@ -13,6 +12,7 @@ import {
 } from '../videos'
 import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
 import { VideoState } from '../../../../shared/models/videos'
+import { isVideoAbuseReasonValid } from '../video-abuses'
 function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) {
  return isBaseActivityValid(activity, 'Create') &&
diff --git a/server/helpers/custom-validators/video-abuses.ts b/server/helpers/custom-validators/video-abuses.ts
new file mode 100644
index 000000000..290efb149
--- /dev/null
+++ b/server/helpers/custom-validators/video-abuses.ts
@@ -0,0 +1,43 @@
+import { Response } from 'express'
+import * as validator from 'validator'
+import { CONSTRAINTS_FIELDS, VIDEO_ABUSE_STATES } from '../../initializers'
+import { exists } from './misc'
+import { VideoAbuseModel } from '../../models/video/video-abuse'
+const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
+function isVideoAbuseReasonValid (value: string) {
+  return exists(value) && validator.isLength(value, VIDEO_ABUSES_CONSTRAINTS_FIELDS.REASON)
+}
+function isVideoAbuseModerationCommentValid (value: string) {
+  return exists(value) && validator.isLength(value, VIDEO_ABUSES_CONSTRAINTS_FIELDS.MODERATION_COMMENT)
+}
+function isVideoAbuseStateValid (value: string) {
+  return exists(value) && VIDEO_ABUSE_STATES[ value ] !== undefined
+}
+async function isVideoAbuseExist (abuseId: number, videoId: number, res: Response) {
+  const videoAbuse = await VideoAbuseModel.loadByIdAndVideoId(abuseId, videoId)
+  if (videoAbuse === null) {
+    res.status(404)
+       .json({ error: 'Video abuse not found' })
+       .end()
+    return false
+  }
+  res.locals.videoAbuse = videoAbuse
+  return true
+}
+// ---------------------------------------------------------------------------
+export {
+  isVideoAbuseExist,
+  isVideoAbuseStateValid,
+  isVideoAbuseReasonValid,
+  isVideoAbuseModerationCommentValid
+}
diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts
index f4c1c8b07..5e6cfe217 100644
--- a/server/helpers/custom-validators/videos.ts
+++ b/server/helpers/custom-validators/videos.ts
@@ -6,6 +6,7 @@ import * as validator from 'validator'
 import { UserRight, VideoPrivacy, VideoRateType } from '../../../shared'
 import {
  CONSTRAINTS_FIELDS,
+  VIDEO_ABUSE_STATES,
  VIDEO_CATEGORIES,
  VIDEO_LICENCES,
  VIDEO_MIMETYPE_EXT,
@@ -18,6 +19,7 @@ import { exists, isArray, isFileValid } from './misc'
 import { VideoChannelModel } from '../../models/video/video-channel'
 import { UserModel } from '../../models/account/user'
 import * as magnetUtil from 'magnet-uri'
+import { VideoAbuseModel } from '../../models/video/video-abuse'
 const VIDEOS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEOS
 const VIDEO_ABUSES_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.VIDEO_ABUSES
@@ -71,10 +73,6 @@ function isVideoTagsValid (tags: string[]) {
  )
 }
-function isVideoAbuseReasonValid (value: string) {
-  return exists(value) && validator.isLength(value, VIDEO_ABUSES_CONSTRAINTS_FIELDS.REASON)
-}
 function isVideoViewsValid (value: string) {
  return exists(value) && validator.isInt(value + '', VIDEOS_CONSTRAINTS_FIELDS.VIEWS)
 }
@@ -220,7 +218,6 @@ export {
  isVideoTagsValid,
  isVideoFPSResolutionValid,
  isScheduleVideoUpdatePrivacyValid,
-  isVideoAbuseReasonValid,
  isVideoFile,
  isVideoMagnetUriValid,
  isVideoStateValid,
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index ea561b686..a008bf4c5 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -3,7 +3,7 @@ import { dirname, join } from 'path'
 import { JobType, VideoRateType, VideoState } from '../../shared/models'
 import { ActivityPubActorType } from '../../shared/models/activitypub'
 import { FollowState } from '../../shared/models/actors'
-import { VideoPrivacy } from '../../shared/models/videos'
+import { VideoPrivacy, VideoAbuseState } from '../../shared/models/videos'
 // Do not use barrels, remain constants as independent as possible
 import { buildPath, isTestInstance, root, sanitizeHost, sanitizeUrl } from '../helpers/core-utils'
 import { NSFWPolicyType } from '../../shared/models/videos/nsfw-policy.type'
@@ -15,7 +15,7 @@ let config: IConfig = require('config')
 // ---------------------------------------------------------------------------
-const LAST_MIGRATION_VERSION = 245
+const LAST_MIGRATION_VERSION = 250
 // ---------------------------------------------------------------------------
@@ -258,7 +258,8 @@ const CONSTRAINTS_FIELDS = {
    BLOCKED_REASON: { min: 3, max: 250 } // Length
  },
  VIDEO_ABUSES: {
-    REASON: { min: 2, max: 300 } // Length
+    REASON: { min: 2, max: 300 }, // Length
+    MODERATION_COMMENT: { min: 2, max: 300 } // Length
  },
  VIDEO_CHANNELS: {
    NAME: { min: 3, max: 120 }, // Length
@@ -409,6 +410,12 @@ const VIDEO_IMPORT_STATES = {
  [VideoImportState.SUCCESS]: 'Success'
 }
+const VIDEO_ABUSE_STATES = {
+  [VideoAbuseState.PENDING]: 'Pending',
+  [VideoAbuseState.REJECTED]: 'Rejected',
+  [VideoAbuseState.ACCEPTED]: 'Accepted'
+}
 const VIDEO_MIMETYPE_EXT = {
  'video/webm': '.webm',
  'video/ogg': '.ogv',
@@ -625,6 +632,7 @@ export {
  VIDEO_MIMETYPE_EXT,
  VIDEO_TRANSCODING_FPS,
  FFMPEG_NICE,
+  VIDEO_ABUSE_STATES,
  JOB_REQUEST_TIMEOUT,
  USER_PASSWORD_RESET_LIFETIME,
  IMAGE_MIMETYPE_EXT,
diff --git a/server/initializers/migrations/0250-video-abuse-state.ts b/server/initializers/migrations/0250-video-abuse-state.ts
new file mode 100644
index 000000000..acb668ae1
--- /dev/null
+++ b/server/initializers/migrations/0250-video-abuse-state.ts
@@ -0,0 +1,47 @@
+import * as Sequelize from 'sequelize'
+import { CONSTRAINTS_FIELDS } from '../constants'
+import { VideoAbuseState } from '../../../shared/models/videos'
+async function up (utils: {
+  transaction: Sequelize.Transaction
+  queryInterface: Sequelize.QueryInterface
+  sequelize: Sequelize.Sequelize
+}): Promise<any> {
+  {
+    const data = {
+      type: Sequelize.INTEGER,
+      allowNull: true,
+      defaultValue: null
+    }
+    await utils.queryInterface.addColumn('videoAbuse', 'state', data)
+  }
+  {
+    const query = 'UPDATE "videoAbuse" SET "state" = ' + VideoAbuseState.PENDING
+    await utils.sequelize.query(query)
+  }
+  {
+    const data = {
+      type: Sequelize.INTEGER,
+      allowNull: false,
+      defaultValue: null
+    }
+    await utils.queryInterface.changeColumn('videoAbuse', 'state', data)
+  }
+  {
+    const data = {
+      type: Sequelize.STRING(CONSTRAINTS_FIELDS.VIDEO_ABUSES.MODERATION_COMMENT.max),
+      allowNull: true,
+      defaultValue: null
+    }
+    await utils.queryInterface.addColumn('videoAbuse', 'moderationComment', data)
+  }
+}
+function down (options) {
+  throw new Error('Not implemented.')
+}
+export { up, down }
diff --git a/server/lib/activitypub/process/process-create.ts b/server/lib/activitypub/process/process-create.ts
index 6364bf135..791148919 100644
--- a/server/lib/activitypub/process/process-create.ts
+++ b/server/lib/activitypub/process/process-create.ts
@@ -1,4 +1,4 @@
-import { ActivityCreate, VideoTorrentObject } from '../../../../shared'
+import { ActivityCreate, VideoAbuseState, VideoTorrentObject } from '../../../../shared'
 import { DislikeObject, VideoAbuseObject, ViewObject } from '../../../../shared/models/activitypub/objects'
 import { VideoCommentObject } from '../../../../shared/models/activitypub/objects/video-comment-object'
 import { retryTransactionWrapper } from '../../../helpers/database-utils'
@@ -112,7 +112,8 @@ async function processCreateVideoAbuse (actor: ActorModel, videoAbuseToCreateDat
    const videoAbuseData = {
      reporterAccountId: account.id,
      reason: videoAbuseToCreateData.content,
-      videoId: video.id
+      videoId: video.id,
+      state: VideoAbuseState.PENDING
    }
    await VideoAbuseModel.create(videoAbuseData)
diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts
index c5400c8f5..ccbedd57d 100644
--- a/server/middlewares/validators/index.ts
+++ b/server/middlewares/validators/index.ts
@@ -7,6 +7,7 @@ export * from './feeds'
 export * from './sort'
 export * from './users'
 export * from './videos'
+export * from './video-abuses'
 export * from './video-blacklist'
 export * from './video-channels'
 export * from './webfinger'
diff --git a/server/middlewares/validators/video-abuses.ts b/server/middlewares/validators/video-abuses.ts
new file mode 100644
index 000000000..f15d55a75
--- /dev/null
+++ b/server/middlewares/validators/video-abuses.ts
@@ -0,0 +1,71 @@
+import * as express from 'express'
+import 'express-validator'
+import { body, param } from 'express-validator/check'
+import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
+import { isVideoExist } from '../../helpers/custom-validators/videos'
+import { logger } from '../../helpers/logger'
+import { areValidationErrors } from './utils'
+import {
+  isVideoAbuseExist,
+  isVideoAbuseModerationCommentValid,
+  isVideoAbuseReasonValid,
+  isVideoAbuseStateValid
+} from '../../helpers/custom-validators/video-abuses'
+const videoAbuseReportValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
+    if (areValidationErrors(req, res)) return
+    if (!await isVideoExist(req.params.videoId, res)) return
+    return next()
+  }
+]
+const videoAbuseGetValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoAbuseGetValidator parameters', { parameters: req.body })
+    if (areValidationErrors(req, res)) return
+    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoAbuseExist(req.params.id, res.locals.video.id, res)) return
+    return next()
+  }
+]
+const videoAbuseUpdateValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
+  body('state')
+    .optional()
+    .custom(isVideoAbuseStateValid).withMessage('Should have a valid video abuse state'),
+  body('moderationComment')
+    .optional()
+    .custom(isVideoAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoAbuseUpdateValidator parameters', { parameters: req.body })
+    if (areValidationErrors(req, res)) return
+    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoAbuseExist(req.params.id, res.locals.video.id, res)) return
+    return next()
+  }
+]
+// ---------------------------------------------------------------------------
+export {
+  videoAbuseReportValidator,
+  videoAbuseGetValidator,
+  videoAbuseUpdateValidator
+}
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index c812d4677..203a00876 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -14,7 +14,6 @@ import {
 import {
  checkUserCanManageVideo,
  isScheduleVideoUpdatePrivacyValid,
-  isVideoAbuseReasonValid,
  isVideoCategoryValid,
  isVideoChannelOfAccountExist,
  isVideoDescriptionValid,
@@ -174,20 +173,6 @@ const videosRemoveValidator = [
  }
 ]
-const videoAbuseReportValidator = [
-  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
-    if (areValidationErrors(req, res)) return
-    if (!await isVideoExist(req.params.id, res)) return
-    return next()
-  }
-]
 const videoRateValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
@@ -299,8 +284,6 @@ export {
  videosRemoveValidator,
  videosShareValidator,
-  videoAbuseReportValidator,
  videoRateValidator,
  getCommonVideoAttributes
diff --git a/server/models/video/video-abuse.ts b/server/models/video/video-abuse.ts
index 39f0c2cb2..10a191372 100644
--- a/server/models/video/video-abuse.ts
+++ b/server/models/video/video-abuse.ts
@@ -1,11 +1,30 @@
-import { AfterCreate, AllowNull, BelongsTo, Column, CreatedAt, ForeignKey, Is, Model, Table, UpdatedAt } from 'sequelize-typescript'
+import {
+  AfterCreate,
+  AllowNull,
+  BelongsTo,
+  Column,
+  CreatedAt,
+  DataType,
+  Default,
+  ForeignKey,
+  Is,
+  Model,
+  Table,
+  UpdatedAt
+} from 'sequelize-typescript'
 import { VideoAbuseObject } from '../../../shared/models/activitypub/objects'
 import { VideoAbuse } from '../../../shared/models/videos'
-import { isVideoAbuseReasonValid } from '../../helpers/custom-validators/videos'
+import {
+  isVideoAbuseModerationCommentValid,
+  isVideoAbuseReasonValid,
+  isVideoAbuseStateValid
+} from '../../helpers/custom-validators/video-abuses'
 import { Emailer } from '../../lib/emailer'
 import { AccountModel } from '../account/account'
 import { getSort, throwIfNotValid } from '../utils'
 import { VideoModel } from './video'
+import { VideoAbuseState } from '../../../shared'
+import { CONSTRAINTS_FIELDS, VIDEO_ABUSE_STATES } from '../../initializers'
 @Table({
  tableName: 'videoAbuse',
@@ -25,6 +44,18 @@ export class VideoAbuseModel extends Model<VideoAbuseModel> {
  @Column
  reason: string
+  @AllowNull(false)
+  @Default(null)
+  @Is('VideoAbuseState', value => throwIfNotValid(value, isVideoAbuseStateValid, 'state'))
+  @Column
+  state: VideoAbuseState
+  @AllowNull(true)
+  @Default(null)
+  @Is('VideoAbuseModerationComment', value => throwIfNotValid(value, isVideoAbuseModerationCommentValid, 'moderationComment'))
+  @Column(DataType.STRING(CONSTRAINTS_FIELDS.VIDEO_ABUSES.MODERATION_COMMENT.max))
+  moderationComment: string
  @CreatedAt
  createdAt: Date
@@ -60,6 +91,16 @@ export class VideoAbuseModel extends Model<VideoAbuseModel> {
    return Emailer.Instance.addVideoAbuseReportJob(instance.videoId)
  }
+  static loadByIdAndVideoId (id: number, videoId: number) {
+    const query = {
+      where: {
+        id,
+        videoId
+      }
+    }
+    return VideoAbuseModel.findOne(query)
+  }
  static listForApi (start: number, count: number, sort: string) {
    const query = {
      offset: start,
@@ -88,6 +129,11 @@ export class VideoAbuseModel extends Model<VideoAbuseModel> {
      id: this.id,
      reason: this.reason,
      reporterAccount: this.Account.toFormattedJSON(),
+      state: {
+        id: this.state,
+        label: VideoAbuseModel.getStateLabel(this.state)
+      },
+      moderationComment: this.moderationComment,
      video: {
        id: this.Video.id,
        uuid: this.Video.uuid,
@@ -105,4 +151,8 @@ export class VideoAbuseModel extends Model<VideoAbuseModel> {
      object: this.Video.url
    }
  }
+  private static getStateLabel (id: number) {
+    return VIDEO_ABUSE_STATES[id] || 'Unknown'
+  }
 }
diff --git a/server/models/video/video-import.ts b/server/models/video/video-import.ts
index b794d8324..9d1f783c7 100644
--- a/server/models/video/video-import.ts
+++ b/server/models/video/video-import.ts
@@ -171,6 +171,7 @@ export class VideoImportModel extends Model<VideoImportModel> {
      video
    }
  }
  private static getStateLabel (id: number) {
    return VIDEO_IMPORT_STATES[id] || 'Unknown'
  }
diff --git a/server/tests/api/check-params/video-abuses.ts b/server/tests/api/check-params/video-abuses.ts
index 68b965bbe..d2bed6a2a 100644
--- a/server/tests/api/check-params/video-abuses.ts
+++ b/server/tests/api/check-params/video-abuses.ts
@@ -3,14 +3,26 @@
 import 'mocha'
 import {
-  createUser, flushTests, killallServers, makeGetRequest, makePostBodyRequest, runServer, ServerInfo, setAccessTokensToServers,
+  createUser,
-  uploadVideo, userLogin
+  deleteVideoAbuse,
+  flushTests,
+  killallServers,
+  makeGetRequest,
+  makePostBodyRequest,
+  runServer,
+  ServerInfo,
+  setAccessTokensToServers,
+  updateVideoAbuse,
+  uploadVideo,
+  userLogin
 } from '../../utils'
 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
+import { VideoAbuseState } from '../../../../shared/models/videos'
 describe('Test video abuses API validators', function () {
  let server: ServerInfo
  let userAccessToken = ''
+  let videoAbuseId: number
  // ---------------------------------------------------------------
@@ -67,44 +79,111 @@ describe('Test video abuses API validators', function () {
  describe('When reporting a video abuse', function () {
    const basePath = '/api/v1/videos/'
+    let path: string
+    before(() => {
+      path = basePath + server.video.id + '/abuse'
+    })
    it('Should fail with nothing', async function () {
-      const path = basePath + server.video.id + '/abuse'
      const fields = {}
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })
    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/abuse'
-      const fields = {
+      const fields = { reason: 'my super reason' }
-        reason: 'my super reason'
-      }
      await makePostBodyRequest({ url: server.url, path: wrongPath, token: server.accessToken, fields })
    })
    it('Should fail with a non authenticated user', async function () {
-      const path = basePath + server.video.id + '/abuse'
+      const fields = { reason: 'my super reason' }
-      const fields = {
-        reason: 'my super reason'
-      }
      await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, statusCodeExpected: 401 })
    })
    it('Should fail with a reason too short', async function () {
-      const path = basePath + server.video.id + '/abuse'
+      const fields = { reason: 'h' }
-      const fields = {
-        reason: 'h'
-      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })
    it('Should fail with a reason too big', async function () {
-      const path = basePath + server.video.id + '/abuse'
+      const fields = { reason: 'super'.repeat(61) }
-      const fields = {
-        reason: 'super'.repeat(61)
-      }
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })
+    it('Should succeed with the correct parameters', async function () {
+      const fields = { reason: 'super reason' }
+      const res = await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 200 })
+      videoAbuseId = res.body.videoAbuse.id
+    })
+  })
+  describe('When updating a video abuse', function () {
+    const basePath = '/api/v1/videos/'
+    let path: string
+    before(() => {
+      path = basePath + server.video.id + '/abuse/' + videoAbuseId
+    })
+    it('Should fail with a non authenticated user', async function () {
+      await updateVideoAbuse(server.url, 'blabla', server.video.uuid, videoAbuseId, {}, 401)
+    })
+    it('Should fail with a non admin user', async function () {
+      await updateVideoAbuse(server.url, userAccessToken, server.video.uuid, videoAbuseId, {}, 403)
+    })
+    it('Should fail with a bad video id or bad video abuse id', async function () {
+      await updateVideoAbuse(server.url, server.accessToken, server.video.uuid, 45, {}, 404)
+      await updateVideoAbuse(server.url, server.accessToken, 52, videoAbuseId, {}, 404)
+    })
+    it('Should fail with a bad state', async function () {
+      const body = { state: 5 }
+      await updateVideoAbuse(server.url, server.accessToken, server.video.uuid, videoAbuseId, body, 400)
+    })
+    it('Should fail with a bad moderation comment', async function () {
+      const body = { moderationComment: 'b'.repeat(305) }
+      await updateVideoAbuse(server.url, server.accessToken, server.video.uuid, videoAbuseId, body, 400)
+    })
+    it('Should succeed with the correct params', async function () {
+      const body = { state: VideoAbuseState.ACCEPTED }
+      await updateVideoAbuse(server.url, server.accessToken, server.video.uuid, videoAbuseId, body)
+    })
+  })
+  describe('When deleting a video abuse', function () {
+    const basePath = '/api/v1/videos/'
+    let path: string
+    before(() => {
+      path = basePath + server.video.id + '/abuse/' + videoAbuseId
+    })
+    it('Should fail with a non authenticated user', async function () {
+      await deleteVideoAbuse(server.url, 'blabla', server.video.uuid, videoAbuseId, 401)
+    })
+    it('Should fail with a non admin user', async function () {
+      await deleteVideoAbuse(server.url, userAccessToken, server.video.uuid, videoAbuseId, 403)
+    })
+    it('Should fail with a bad video id or bad video abuse id', async function () {
+      await deleteVideoAbuse(server.url, server.accessToken, server.video.uuid, 45, 404)
+      await deleteVideoAbuse(server.url, server.accessToken, 52, videoAbuseId, 404)
+    })
+    it('Should succeed with the correct params', async function () {
+      await deleteVideoAbuse(server.url, server.accessToken, server.video.uuid, videoAbuseId)
+    })
  })
  after(async function () {
diff --git a/server/tests/api/videos/video-abuse.ts b/server/tests/api/videos/video-abuse.ts
index dde309b96..a17f3c8de 100644
--- a/server/tests/api/videos/video-abuse.ts
+++ b/server/tests/api/videos/video-abuse.ts
@@ -2,8 +2,9 @@
 import * as chai from 'chai'
 import 'mocha'
-import { VideoAbuse } from '../../../../shared/models/videos'
+import { VideoAbuse, VideoAbuseState } from '../../../../shared/models/videos'
 import {
+  deleteVideoAbuse,
  flushAndRunMultipleServers,
  getVideoAbusesList,
  getVideosList,
@@ -11,6 +12,7 @@ import {
  reportVideoAbuse,
  ServerInfo,
  setAccessTokensToServers,
+  updateVideoAbuse,
  uploadVideo
 } from '../../utils/index'
 import { doubleFollow } from '../../utils/server/follows'
@@ -20,6 +22,7 @@ const expect = chai.expect
 describe('Test video abuses', function () {
  let servers: ServerInfo[] = []
+  let abuseServer2: VideoAbuse
  before(async function () {
    this.timeout(50000)
@@ -105,7 +108,7 @@ describe('Test video abuses', function () {
    await waitJobs(servers)
  })
-  it('Should have 2 video abuse on server 1 and 1 on server 2', async function () {
+  it('Should have 2 video abuses on server 1 and 1 on server 2', async function () {
    const res1 = await getVideoAbusesList(servers[0].url, servers[0].accessToken)
    expect(res1.body.total).to.equal(2)
    expect(res1.body.data).to.be.an('array')
@@ -116,22 +119,57 @@ describe('Test video abuses', function () {
    expect(abuse1.reporterAccount.name).to.equal('root')
    expect(abuse1.reporterAccount.host).to.equal('localhost:9001')
    expect(abuse1.video.id).to.equal(servers[0].video.id)
+    expect(abuse1.state.id).to.equal(VideoAbuseState.PENDING)
+    expect(abuse1.state.label).to.equal('Pending')
+    expect(abuse1.moderationComment).to.be.null
    const abuse2: VideoAbuse = res1.body.data[1]
    expect(abuse2.reason).to.equal('my super bad reason 2')
    expect(abuse2.reporterAccount.name).to.equal('root')
    expect(abuse2.reporterAccount.host).to.equal('localhost:9001')
    expect(abuse2.video.id).to.equal(servers[1].video.id)
+    expect(abuse2.state.id).to.equal(VideoAbuseState.PENDING)
+    expect(abuse2.state.label).to.equal('Pending')
+    expect(abuse2.moderationComment).to.be.null
    const res2 = await getVideoAbusesList(servers[1].url, servers[1].accessToken)
    expect(res2.body.total).to.equal(1)
    expect(res2.body.data).to.be.an('array')
    expect(res2.body.data.length).to.equal(1)
-    const abuse3: VideoAbuse = res2.body.data[0]
+    abuseServer2 = res2.body.data[0]
-    expect(abuse3.reason).to.equal('my super bad reason 2')
+    expect(abuseServer2.reason).to.equal('my super bad reason 2')
-    expect(abuse3.reporterAccount.name).to.equal('root')
+    expect(abuseServer2.reporterAccount.name).to.equal('root')
-    expect(abuse3.reporterAccount.host).to.equal('localhost:9001')
+    expect(abuseServer2.reporterAccount.host).to.equal('localhost:9001')
+    expect(abuseServer2.state.id).to.equal(VideoAbuseState.PENDING)
+    expect(abuseServer2.state.label).to.equal('Pending')
+    expect(abuseServer2.moderationComment).to.be.null
+  })
+  it('Should update the state of a video abuse', async function () {
+    const body = { state: VideoAbuseState.REJECTED }
+    await updateVideoAbuse(servers[1].url, servers[1].accessToken, abuseServer2.video.uuid, abuseServer2.id, body)
+    const res = await getVideoAbusesList(servers[1].url, servers[1].accessToken)
+    expect(res.body.data[0].state.id).to.equal(VideoAbuseState.REJECTED)
+  })
+  it('Should add a moderation comment', async function () {
+    const body = { state: VideoAbuseState.ACCEPTED, moderationComment: 'It is valid' }
+    await updateVideoAbuse(servers[1].url, servers[1].accessToken, abuseServer2.video.uuid, abuseServer2.id, body)
+    const res = await getVideoAbusesList(servers[1].url, servers[1].accessToken)
+    expect(res.body.data[0].state.id).to.equal(VideoAbuseState.ACCEPTED)
+    expect(res.body.data[0].moderationComment).to.equal('It is valid')
+  })
+  it('Should delete the video abuse', async function () {
+    await deleteVideoAbuse(servers[1].url, servers[1].accessToken, abuseServer2.video.uuid, abuseServer2.id)
+    const res = await getVideoAbusesList(servers[1].url, servers[1].accessToken)
+    expect(res.body.total).to.equal(0)
+    expect(res.body.data).to.be.an('array')
+    expect(res.body.data.length).to.equal(0)
  })
  after(async function () {
diff --git a/server/tests/utils/videos/video-abuses.ts b/server/tests/utils/videos/video-abuses.ts
index 0d72bf457..5f138d6b3 100644
--- a/server/tests/utils/videos/video-abuses.ts
+++ b/server/tests/utils/videos/video-abuses.ts
@@ -1,6 +1,8 @@
 import * as request from 'supertest'
+import { VideoAbuseUpdate } from '../../../../shared/models/videos/video-abuse-update.model'
+import { makeDeleteRequest, makePutBodyRequest } from '..'
-function reportVideoAbuse (url: string, token: string, videoId: number | string, reason: string, specialStatus = 204) {
+function reportVideoAbuse (url: string, token: string, videoId: number | string, reason: string, specialStatus = 200) {
  const path = '/api/v1/videos/' + videoId + '/abuse'
  return request(url)
@@ -23,9 +25,41 @@ function getVideoAbusesList (url: string, token: string) {
          .expect('Content-Type', /json/)
 }
+function updateVideoAbuse (
+  url: string,
+  token: string,
+  videoId: string | number,
+  videoAbuseId: number,
+  body: VideoAbuseUpdate,
+  statusCodeExpected = 204
+) {
+  const path = '/api/v1/videos/' + videoId + '/abuse/' + videoAbuseId
+  return makePutBodyRequest({
+    url,
+    token,
+    path,
+    fields: body,
+    statusCodeExpected
+  })
+}
+function deleteVideoAbuse (url: string, token: string, videoId: string | number, videoAbuseId: number, statusCodeExpected = 204) {
+  const path = '/api/v1/videos/' + videoId + '/abuse/' + videoAbuseId
+  return makeDeleteRequest({
+    url,
+    token,
+    path,
+    statusCodeExpected
+  })
+}
 // ---------------------------------------------------------------------------
 export {
  reportVideoAbuse,
-  getVideoAbusesList
+  getVideoAbusesList,
+  updateVideoAbuse,
+  deleteVideoAbuse
 }