Argus: screen censored content

[bedeho]

Dependency

This depends on having authentication working, as is described in this issue #basic

Background

Currently the curators can call the following two extrinsics

/// Extrinsic for setting channel visibility status (hidden/visible) by moderator
///
/// <weight>
///
/// ## Weight
/// `O (A)` where:
/// - `A` is the length of `rationale`
/// - DB:
///    - O(1) doesn't depend on the state or parameters
/// # </weight>
#[weight = Module::<T>::set_channel_visibility_as_moderator_weight(rationale)]
pub fn set_channel_visibility_as_moderator(
    origin,
    actor: ContentActor<T::CuratorGroupId, T::CuratorId, T::MemberId>,
    channel_id: T::ChannelId,
    is_hidden: bool,
    rationale: Vec<u8>,
) -> DispatchResult;

  /// Extrinsic for video visibility status (hidden/visible) setting by moderator
  ///
  /// <weight>
  ///
  /// ## Weight
  /// `O (A)` where:
  /// - `A` is the length of `rationale`
  /// - DB:
  ///    - O(1) doesn't depend on the state or parameters
  /// # </weight>
  #[weight = Module::<T>::set_video_visibility_as_moderator_weight(rationale)]
  pub fn set_video_visibility_as_moderator(
      origin,
      actor: ContentActor<T::CuratorGroupId, T::CuratorId, T::MemberId>,
      video_id: T::VideoId,
      is_hidden: bool,
      rationale: Vec<u8>,
  ) -> DispatchResult;

these result in setting properties in the query node video and channel schemas

"Flag signaling whether a channel is censored."
isCensored: Boolean!

...

"Flag signaling whether a video is censored."
isCensored: Boolean!

However, Argus is not sensitive to these and serves the content to anyone!

Proposal

Prevent anyone except (called insiders)

• channel collaborators
• channel owner (including WG workers+lead if owned by curator group)
• lead
• council member
• curators in group which can mutate this status

to fetch

1. any asset used by a censored video.
2. any asset used by a video in a censored channel.
3. any asset used by a censored channel

┆Issue is synchronized with this Asana task by Unito

[bedeho]

Addendum

We have to ensure that Argus is able to read the censorship status of an entity published under a channel, even if that entity has corrupt metadata which prevents it from being decoded as a video. Right now, it's not clear to me that this is ensured, and this allows a malicious user to basically sidestep curators by breaking the QN decoding, making it seem as if the video does not exist in the channel as viewed through the QN API, but the corresponding asset data objects, which may be malicious, are still served. Fixing this properly, so that curators can act on any channel entity, may require updating the schema.