return
}
- const suffix = this.video.privacy.id === VideoPrivacy.PRIVATE
+ const suffix = this.video.privacy.id === VideoPrivacy.PRIVATE || this.video.privacy.id === VideoPrivacy.INTERNAL
? '?access_token=' + this.auth.getAccessToken()
: ''
}
explainedPrivacyLabels (privacies: VideoConstant<VideoPrivacy>[]) {
- const newPrivacies = privacies.slice()
-
- const privatePrivacy = newPrivacies.find(p => p.id === VideoPrivacy.PRIVATE)
- if (privatePrivacy) privatePrivacy.label = this.i18n('Only I can see this video')
-
- const unlistedPrivacy = newPrivacies.find(p => p.id === VideoPrivacy.UNLISTED)
- if (unlistedPrivacy) unlistedPrivacy.label = this.i18n('Only people with the private link can see this video')
-
- const publicPrivacy = newPrivacies.find(p => p.id === VideoPrivacy.PUBLIC)
- if (publicPrivacy) publicPrivacy.label = this.i18n('Anyone can see this video')
+ const base = [
+ {
+ id: VideoPrivacy.PRIVATE,
+ label: this.i18n('Only I can see this video')
+ },
+ {
+ id: VideoPrivacy.UNLISTED,
+ label: this.i18n('Only people with the private link can see this video')
+ },
+ {
+ id: VideoPrivacy.PUBLIC,
+ label: this.i18n('Anyone can see this video')
+ },
+ {
+ id: VideoPrivacy.INTERNAL,
+ label: this.i18n('Only users of this instance can see this video')
+ }
+ ]
- return privacies
+ return base.filter(o => !!privacies.find(p => p.id === o.id))
}
private setVideoRate (id: number, rateType: UserVideoRateType) {
const oldVideoAuditView = new VideoAuditView(videoInstance.toFormattedDetailsJSON())
const videoInfoToUpdate: VideoUpdate = req.body
- const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE
- const wasNotPrivateVideo = videoInstance.privacy !== VideoPrivacy.PRIVATE
- const wasUnlistedVideo = videoInstance.privacy === VideoPrivacy.UNLISTED
+ const wasConfidentialVideo = videoInstance.isConfidential()
+ const hadPrivacyForFederation = videoInstance.hasPrivacyForFederation()
// Process thumbnail or create it from the video
const thumbnailModel = req.files && req.files['thumbnailfile']
videoInstance.originallyPublishedAt = new Date(videoInfoToUpdate.originallyPublishedAt)
}
+ let isNewVideo = false
if (videoInfoToUpdate.privacy !== undefined) {
- const newPrivacy = parseInt(videoInfoToUpdate.privacy.toString(), 10)
- videoInstance.privacy = newPrivacy
+ isNewVideo = videoInstance.isNewVideo(videoInfoToUpdate.privacy)
- // The video was private, and is not anymore -> publish it
- if (wasPrivateVideo === true && newPrivacy !== VideoPrivacy.PRIVATE) {
- videoInstance.publishedAt = new Date()
- }
+ const newPrivacy = parseInt(videoInfoToUpdate.privacy.toString(), 10)
+ videoInstance.setPrivacy(newPrivacy)
- // The video was not private, but now it is -> we need to unfederate it
- if (wasNotPrivateVideo === true && newPrivacy === VideoPrivacy.PRIVATE) {
+ // Unfederate the video if the new privacy is not compatible with federation
+ if (hadPrivacyForFederation && !videoInstance.hasPrivacyForFederation()) {
await VideoModel.sendDelete(videoInstance, { transaction: t })
}
}
await videoInstanceUpdated.$set('VideoChannel', res.locals.videoChannel, { transaction: t })
videoInstanceUpdated.VideoChannel = res.locals.videoChannel
- if (wasPrivateVideo === false) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t)
+ if (hadPrivacyForFederation === true) await changeVideoChannelShare(videoInstanceUpdated, oldVideoChannel, t)
}
// Schedule an update in the future?
transaction: t
})
- const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE
await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t)
auditLogger.update(
return videoInstanceUpdated
})
- if (wasUnlistedVideo || wasPrivateVideo) {
+ if (wasConfidentialVideo) {
Notifier.Instance.notifyOnNewVideoIfNeeded(videoInstanceUpdated)
}
videosTerminateChangeOwnershipValidator
} from '../../../middlewares'
import { VideoChangeOwnershipModel } from '../../../models/video/video-change-ownership'
-import { VideoChangeOwnershipStatus, VideoPrivacy, VideoState } from '../../../../shared/models/videos'
+import { VideoChangeOwnershipStatus, VideoState } from '../../../../shared/models/videos'
import { VideoChannelModel } from '../../../models/video/video-channel'
import { getFormattedObjects } from '../../../helpers/utils'
import { changeVideoChannelShare } from '../../../lib/activitypub'
const targetVideoUpdated = await targetVideo.save({ transaction: t }) as MVideoFullLight
targetVideoUpdated.VideoChannel = channel
- if (targetVideoUpdated.privacy !== VideoPrivacy.PRIVATE && targetVideoUpdated.state === VideoState.PUBLISHED) {
+ if (targetVideoUpdated.hasPrivacyForFederation() && targetVideoUpdated.state === VideoState.PUBLISHED) {
await changeVideoChannelShare(targetVideoUpdated, oldVideoChannel, t)
await sendUpdateVideo(targetVideoUpdated, t, oldVideoChannel.Account.Actor)
}
}
function isScheduleVideoUpdatePrivacyValid (value: number) {
- return value === VideoPrivacy.UNLISTED || value === VideoPrivacy.PUBLIC
+ return value === VideoPrivacy.UNLISTED || value === VideoPrivacy.PUBLIC || value === VideoPrivacy.INTERNAL
}
function isVideoOriginallyPublishedAtValid (value: string | null) {
const VIDEO_PRIVACIES = {
[ VideoPrivacy.PUBLIC ]: 'Public',
[ VideoPrivacy.UNLISTED ]: 'Unlisted',
- [ VideoPrivacy.PRIVATE ]: 'Private'
+ [ VideoPrivacy.PRIVATE ]: 'Private',
+ [ VideoPrivacy.INTERNAL ]: 'Internal'
}
const VIDEO_STATES = {
} from '../../../typings/models'
async function sendCreateVideo (video: MVideoAP, t: Transaction) {
- if (video.privacy === VideoPrivacy.PRIVATE) return undefined
+ if (!video.hasPrivacyForFederation()) return undefined
logger.info('Creating job to send video creation of %s.', video.url)
async function sendUpdateVideo (videoArg: MVideoAPWithoutCaption, t: Transaction, overrodeByActor?: MActor) {
const video = videoArg as MVideoAP
- if (video.privacy === VideoPrivacy.PRIVATE) return undefined
+ if (!video.hasPrivacyForFederation()) return undefined
logger.info('Creating job to update video %s.', video.url)
import { Transaction } from 'sequelize'
-import { VideoPrivacy } from '../../../shared/models/videos'
import { getServerActor } from '../../helpers/utils'
import { VideoShareModel } from '../../models/video/video-share'
import { sendUndoAnnounce, sendVideoAnnounce } from './send'
import { logger } from '../../helpers/logger'
import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
-import { MChannelActor, MChannelActorLight, MVideo, MVideoAccountLight, MVideoId } from '../../typings/models/video'
+import { MChannelActorLight, MVideo, MVideoAccountLight, MVideoId } from '../../typings/models/video'
async function shareVideoByServerAndChannel (video: MVideoAccountLight, t: Transaction) {
- if (video.privacy === VideoPrivacy.PRIVATE) return undefined
+ if (!video.hasPrivacyForFederation()) return undefined
return Promise.all([
shareByServer(video, t),
// Check this is not a blacklisted video, or unfederated blacklisted video
(video.isBlacklisted() === false || (isNewVideo === false && video.VideoBlacklist.unfederated === false)) &&
// Check the video is public/unlisted and published
- video.privacy !== VideoPrivacy.PRIVATE && video.state === VideoState.PUBLISHED
+ video.hasPrivacyForFederation() && video.state === VideoState.PUBLISHED
) {
// Fetch more attributes that we will need to serialize in AP object
if (isArray(video.VideoCaptions) === false) {
])
// Let Angular application handle errors
- if (!video || video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
+ if (!video || video.privacy === VideoPrivacy.PRIVATE || video.privacy === VideoPrivacy.INTERNAL || video.VideoBlacklist) {
return ClientHtml.getIndexHTML(req, res)
}
logger.info('Executing scheduled video update on %s.', video.uuid)
if (schedule.privacy) {
- const oldPrivacy = video.privacy
- const isNewVideo = oldPrivacy === VideoPrivacy.PRIVATE
-
- video.privacy = schedule.privacy
- if (isNewVideo === true) video.publishedAt = new Date()
+ const wasConfidentialVideo = video.isConfidential()
+ const isNewVideo = video.isNewVideo(schedule.privacy)
+ video.setPrivacy(schedule.privacy)
await video.save({ transaction: t })
await federateVideoIfNeeded(video, isNewVideo, t)
- if (oldPrivacy === VideoPrivacy.UNLISTED || oldPrivacy === VideoPrivacy.PRIVATE) {
+ if (wasConfidentialVideo) {
const videoToPublish: MVideoFullLight = Object.assign(video, { ScheduleVideoUpdate: schedule, UserVideoHistories: [] })
publishedVideos.push(videoToPublish)
}
const videoAll = video as MVideoFullLight
// Video private or blacklisted
- if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) {
+ if (videoAll.requiresAuth()) {
await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
const user = res.locals.oauth ? res.locals.oauth.token.User : null
// Only the owner or a user that have blacklist rights can see the video
- if (
- !user ||
- (videoAll.VideoChannel && videoAll.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST))
- ) {
+ if (!user || !user.canGetVideo(videoAll)) {
return res.status(403)
- .json({ error: 'Cannot get this private or blacklisted video.' })
+ .json({ error: 'Cannot get this private/internal or blacklisted video.' })
}
return next()
Table,
UpdatedAt
} from 'sequelize-typescript'
-import { hasUserRight, USER_ROLE_LABELS, UserRight } from '../../../shared'
+import { hasUserRight, USER_ROLE_LABELS, UserRight, VideoPrivacy } from '../../../shared'
import { User, UserRole } from '../../../shared/models/users'
import {
isNoInstanceConfigWarningModal,
MUserFormattable,
MUserId,
MUserNotifSettingChannelDefault,
- MUserWithNotificationSetting
+ MUserWithNotificationSetting, MVideoFullLight
} from '@server/typings/models'
enum ScopeNames {
.then(u => u.map(u => u.username))
}
+ canGetVideo (video: MVideoFullLight) {
+ if (video.privacy === VideoPrivacy.INTERNAL) return true
+
+ if (video.privacy === VideoPrivacy.PRIVATE) {
+ return video.VideoChannel && video.VideoChannel.Account.userId === this.id
+ }
+
+ if (video.isBlacklisted()) {
+ return this.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)
+ }
+
+ return false
+ }
+
hasRight (right: UserRight) {
return hasUserRight(this.role, right)
}
@AllowNull(true)
@Default(null)
@Column
- privacy: VideoPrivacy.PUBLIC | VideoPrivacy.UNLISTED
+ privacy: VideoPrivacy.PUBLIC | VideoPrivacy.UNLISTED | VideoPrivacy.INTERNAL
@CreatedAt
createdAt: Date
// Only list public/published videos
if (!options.filter || options.filter !== 'all-local') {
- const privacyWhere = {
- // Always list public videos
- privacy: VideoPrivacy.PUBLIC,
+
+ const publishWhere = {
// Always list published videos, or videos that are being transcoded but on which we don't want to wait for transcoding
[ Op.or ]: [
{
}
]
}
+ whereAnd.push(publishWhere)
- whereAnd.push(privacyWhere)
+ // List internal videos if the user is logged in
+ if (options.user) {
+ const privacyWhere = {
+ [Op.or]: [
+ {
+ privacy: VideoPrivacy.INTERNAL
+ },
+ {
+ privacy: VideoPrivacy.PUBLIC
+ }
+ ]
+ }
+
+ whereAnd.push(privacyWhere)
+ } else { // Or only public videos
+ const privacyWhere = { privacy: VideoPrivacy.PUBLIC }
+ whereAnd.push(privacyWhere)
+ }
}
if (options.videoPlaylistId) {
}
}
+ private static isPrivacyForFederation (privacy: VideoPrivacy) {
+ return privacy === VideoPrivacy.PUBLIC || privacy === VideoPrivacy.UNLISTED
+ }
+
static getCategoryLabel (id: number) {
return VIDEO_CATEGORIES[ id ] || 'Misc'
}
return isOutdated(this, ACTIVITY_PUB.VIDEO_REFRESH_INTERVAL)
}
+ hasPrivacyForFederation () {
+ return VideoModel.isPrivacyForFederation(this.privacy)
+ }
+
+ isNewVideo (newPrivacy: VideoPrivacy) {
+ return this.hasPrivacyForFederation() === false && VideoModel.isPrivacyForFederation(newPrivacy) === true
+ }
+
setAsRefreshed () {
this.changed('updatedAt', true)
return this.save()
}
+ requiresAuth () {
+ return this.privacy === VideoPrivacy.PRIVATE || this.privacy === VideoPrivacy.INTERNAL || !!this.VideoBlacklist
+ }
+
+ setPrivacy (newPrivacy: VideoPrivacy) {
+ if (this.privacy === VideoPrivacy.PRIVATE && newPrivacy !== VideoPrivacy.PRIVATE) {
+ this.publishedAt = new Date()
+ }
+
+ this.privacy = newPrivacy
+ }
+
+ isConfidential () {
+ return this.privacy === VideoPrivacy.PRIVATE ||
+ this.privacy === VideoPrivacy.UNLISTED ||
+ this.privacy === VideoPrivacy.INTERNAL
+ }
+
async publishIfNeededAndSave (t: Transaction) {
if (this.state !== VideoState.PUBLISHED) {
this.state = VideoState.PUBLISHED
import { createUser } from '../../../../shared/extra-utils/users/users'
import { getMyVideos, getVideo, getVideoWithToken, updateVideo } from '../../../../shared/extra-utils/videos/videos'
import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
+import { Video } from '@shared/models'
const expect = chai.expect
describe('Test video privacy', function () {
let servers: ServerInfo[] = []
+ let anotherUserToken: string
+
let privateVideoId: number
let privateVideoUUID: string
+
+ let internalVideoId: number
+ let internalVideoUUID: string
+
let unlistedVideoUUID: string
+
let now: number
before(async function () {
await doubleFollow(servers[0], servers[1])
})
- it('Should upload a private video on server 1', async function () {
+ it('Should upload a private and internal videos on server 1', async function () {
this.timeout(10000)
- const attributes = {
- privacy: VideoPrivacy.PRIVATE
+ for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
+ const attributes = { privacy }
+ await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
}
- await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
await waitJobs(servers)
})
- it('Should not have this private video on server 2', async function () {
+ it('Should not have these private and internal videos on server 2', async function () {
const res = await getVideosList(servers[1].url)
expect(res.body.total).to.equal(0)
expect(res.body.data).to.have.lengthOf(0)
})
- it('Should list my (private) videos', async function () {
- const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 1)
+ it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
+ const res = await getVideosList(servers[0].url)
+
+ expect(res.body.total).to.equal(0)
+ expect(res.body.data).to.have.lengthOf(0)
+ })
+
+ it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
+ const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
expect(res.body.total).to.equal(1)
expect(res.body.data).to.have.lengthOf(1)
- privateVideoId = res.body.data[0].id
- privateVideoUUID = res.body.data[0].uuid
+ expect(res.body.data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
+ })
+
+ it('Should list my (private and internal) videos', async function () {
+ const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 10)
+
+ expect(res.body.total).to.equal(2)
+ expect(res.body.data).to.have.lengthOf(2)
+
+ const videos: Video[] = res.body.data
+
+ const privateVideo = videos.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
+ privateVideoId = privateVideo.id
+ privateVideoUUID = privateVideo.uuid
+
+ const internalVideo = videos.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
+ internalVideoId = internalVideo.id
+ internalVideoUUID = internalVideo.uuid
})
- it('Should not be able to watch this video with non authenticated user', async function () {
+ it('Should not be able to watch the private/internal video with non authenticated user', async function () {
await getVideo(servers[0].url, privateVideoUUID, 401)
+ await getVideo(servers[0].url, internalVideoUUID, 401)
})
- it('Should not be able to watch this private video with another user', async function () {
+ it('Should not be able to watch the private video with another user', async function () {
this.timeout(10000)
const user = {
}
await createUser({ url: servers[ 0 ].url, accessToken: servers[ 0 ].accessToken, username: user.username, password: user.password })
- const token = await userLogin(servers[0], user)
- await getVideoWithToken(servers[0].url, token, privateVideoUUID, 403)
+ anotherUserToken = await userLogin(servers[0], user)
+ await getVideoWithToken(servers[0].url, anotherUserToken, privateVideoUUID, 403)
})
- it('Should be able to watch this video with the correct user', async function () {
- await getVideoWithToken(servers[0].url, servers[0].accessToken, privateVideoUUID)
+ it('Should be able to watch the internal video with another user', async function () {
+ await getVideoWithToken(servers[0].url, anotherUserToken, internalVideoUUID, 200)
+ })
+
+ it('Should be able to watch the private video with the correct user', async function () {
+ await getVideoWithToken(servers[0].url, servers[0].accessToken, privateVideoUUID, 200)
})
it('Should upload an unlisted video on server 2', async function () {
}
})
- it('Should update the private video to public on server 1', async function () {
+ it('Should update the private and internal videos to public on server 1', async function () {
this.timeout(10000)
- const attribute = {
- name: 'super video public',
- privacy: VideoPrivacy.PUBLIC
+ now = Date.now()
+
+ {
+ const attribute = {
+ name: 'private video becomes public',
+ privacy: VideoPrivacy.PUBLIC
+ }
+
+ await updateVideo(servers[ 0 ].url, servers[ 0 ].accessToken, privateVideoId, attribute)
}
- now = Date.now()
- await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, attribute)
+ {
+ const attribute = {
+ name: 'internal video becomes public',
+ privacy: VideoPrivacy.PUBLIC
+ }
+ await updateVideo(servers[ 0 ].url, servers[ 0 ].accessToken, internalVideoId, attribute)
+ }
await waitJobs(servers)
})
it('Should have this new public video listed on server 1 and 2', async function () {
for (const server of servers) {
const res = await getVideosList(server.url)
+ expect(res.body.total).to.equal(2)
+ expect(res.body.data).to.have.lengthOf(2)
+
+ const videos: Video[] = res.body.data
+ const privateVideo = videos.find(v => v.name === 'private video becomes public')
+ const internalVideo = videos.find(v => v.name === 'internal video becomes public')
+
+ expect(privateVideo).to.not.be.undefined
+ expect(internalVideo).to.not.be.undefined
+
+ expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
+ // We don't change the publish date of internal videos
+ expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
- expect(res.body.total).to.equal(1)
- expect(res.body.data).to.have.lengthOf(1)
- expect(res.body.data[0].name).to.equal('super video public')
- expect(new Date(res.body.data[0].publishedAt).getTime()).to.be.at.least(now)
+ expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
+ expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
}
})
- it('Should set this new video as private', async function () {
+ it('Should set these videos as private and internal', async function () {
this.timeout(10000)
- await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, { privacy: VideoPrivacy.PRIVATE })
+ await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, { privacy: VideoPrivacy.PRIVATE })
+ await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, { privacy: VideoPrivacy.INTERNAL })
await waitJobs(servers)
{
const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 5)
+ const videos = res.body.data
+
+ expect(res.body.total).to.equal(2)
+ expect(videos).to.have.lengthOf(2)
+
+ const privateVideo = videos.find(v => v.name === 'private video becomes public')
+ const internalVideo = videos.find(v => v.name === 'internal video becomes public')
+
+ expect(privateVideo).to.not.be.undefined
+ expect(internalVideo).to.not.be.undefined
- expect(res.body.total).to.equal(1)
- expect(res.body.data).to.have.lengthOf(1)
- expect(res.body.data[0].name).to.equal('super video public')
+ expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
+ expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
}
})
export enum VideoPrivacy {
PUBLIC = 1,
UNLISTED = 2,
- PRIVATE = 3
+ PRIVATE = 3,
+ INTERNAL = 4
}
export interface VideoScheduleUpdate {
updateAt: Date | string
- privacy?: VideoPrivacy.PUBLIC | VideoPrivacy.UNLISTED // Cannot schedule an update to PRIVATE
+ privacy?: VideoPrivacy.PUBLIC | VideoPrivacy.UNLISTED | VideoPrivacy.INTERNAL // Cannot schedule an update to PRIVATE
}
projects / oweals / peertube.git / commitdiff