github.com/coincircle/mattermost-server@v4.8.1-0.20180321182714-9d701c704416+incompatible/api4/channel.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 l4g "github.com/alecthomas/log4go" 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitChannel() { 14 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST") 15 api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST") 16 api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST") 17 api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST") 18 19 api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET") 20 api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET") 21 api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST") 22 api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST") 23 api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET") 24 api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET") 25 26 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET") 27 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT") 28 api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT") 29 api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST") 30 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE") 31 api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET") 32 api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET") 33 34 api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET") 35 36 api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET") 37 api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") 38 39 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET") 40 api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST") 41 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST") 42 api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET") 43 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET") 44 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE") 45 api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") 46 api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT") 47 } 48 49 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 50 channel := model.ChannelFromJson(r.Body) 51 if channel == nil { 52 c.SetInvalidParam("channel") 53 return 54 } 55 56 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 57 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 58 return 59 } 60 61 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 62 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 63 return 64 } 65 66 if sc, err := c.App.CreateChannelWithUser(channel, c.Session.UserId); err != nil { 67 c.Err = err 68 return 69 } else { 70 c.LogAudit("name=" + channel.Name) 71 w.WriteHeader(http.StatusCreated) 72 w.Write([]byte(sc.ToJson())) 73 } 74 } 75 76 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 77 c.RequireChannelId() 78 if c.Err != nil { 79 return 80 } 81 82 channel := model.ChannelFromJson(r.Body) 83 84 if channel == nil { 85 c.SetInvalidParam("channel") 86 return 87 } 88 89 var oldChannel *model.Channel 90 var err *model.AppError 91 if oldChannel, err = c.App.GetChannel(channel.Id); err != nil { 92 c.Err = err 93 return 94 } 95 96 if _, err = c.App.GetChannelMember(channel.Id, c.Session.UserId); err != nil { 97 c.Err = err 98 return 99 } 100 101 if !CanManageChannel(c, channel) { 102 return 103 } 104 105 if oldChannel.DeleteAt > 0 { 106 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 107 return 108 } 109 110 if oldChannel.Name == model.DEFAULT_CHANNEL { 111 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 112 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 113 return 114 } 115 } 116 117 oldChannel.Header = channel.Header 118 oldChannel.Purpose = channel.Purpose 119 120 oldChannelDisplayName := oldChannel.DisplayName 121 122 if len(channel.DisplayName) > 0 { 123 oldChannel.DisplayName = channel.DisplayName 124 } 125 126 if len(channel.Name) > 0 { 127 oldChannel.Name = channel.Name 128 } 129 130 if len(channel.Type) > 0 { 131 oldChannel.Type = channel.Type 132 } 133 134 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 135 c.Err = err 136 return 137 } else { 138 if oldChannelDisplayName != channel.DisplayName { 139 if err := c.App.PostUpdateChannelDisplayNameMessage(c.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 140 l4g.Error(err.Error()) 141 } 142 } 143 c.LogAudit("name=" + channel.Name) 144 w.Write([]byte(oldChannel.ToJson())) 145 } 146 } 147 148 func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { 149 c.RequireChannelId() 150 if c.Err != nil { 151 return 152 } 153 154 patch := model.ChannelPatchFromJson(r.Body) 155 if patch == nil { 156 c.SetInvalidParam("channel") 157 return 158 } 159 160 oldChannel, err := c.App.GetChannel(c.Params.ChannelId) 161 if err != nil { 162 c.Err = err 163 return 164 } 165 166 if !CanManageChannel(c, oldChannel) { 167 return 168 } 169 170 if rchannel, err := c.App.PatchChannel(oldChannel, patch, c.Session.UserId); err != nil { 171 c.Err = err 172 return 173 } else { 174 c.LogAudit("") 175 w.Write([]byte(rchannel.ToJson())) 176 } 177 } 178 179 func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { 180 c.RequireChannelId() 181 if c.Err != nil { 182 return 183 } 184 185 var channel *model.Channel 186 var err *model.AppError 187 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 188 c.Err = err 189 return 190 } 191 teamId := channel.TeamId 192 193 if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) { 194 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 195 return 196 } 197 198 channel, err = c.App.RestoreChannel(channel) 199 if err != nil { 200 c.Err = err 201 return 202 } 203 204 c.LogAudit("name=" + channel.Name) 205 w.Write([]byte(channel.ToJson())) 206 207 } 208 209 func CanManageChannel(c *Context, channel *model.Channel) bool { 210 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 211 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 212 return false 213 } 214 215 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 216 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 217 return false 218 } 219 220 return true 221 } 222 223 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 224 userIds := model.ArrayFromJson(r.Body) 225 allowed := false 226 227 if len(userIds) != 2 { 228 c.SetInvalidParam("user_ids") 229 return 230 } 231 232 for _, id := range userIds { 233 if len(id) != 26 { 234 c.SetInvalidParam("user_id") 235 return 236 } 237 if id == c.Session.UserId { 238 allowed = true 239 } 240 } 241 242 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 243 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 244 return 245 } 246 247 if !allowed && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 248 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 249 return 250 } 251 252 if sc, err := c.App.CreateDirectChannel(userIds[0], userIds[1]); err != nil { 253 c.Err = err 254 return 255 } else { 256 w.WriteHeader(http.StatusCreated) 257 w.Write([]byte(sc.ToJson())) 258 } 259 } 260 261 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 262 userIds := model.ArrayFromJson(r.Body) 263 264 if len(userIds) == 0 { 265 c.SetInvalidParam("user_ids") 266 return 267 } 268 269 found := false 270 for _, id := range userIds { 271 if len(id) != 26 { 272 c.SetInvalidParam("user_id") 273 return 274 } 275 if id == c.Session.UserId { 276 found = true 277 } 278 } 279 280 if !found { 281 userIds = append(userIds, c.Session.UserId) 282 } 283 284 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 285 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 286 return 287 } 288 289 if groupChannel, err := c.App.CreateGroupChannel(userIds, c.Session.UserId); err != nil { 290 c.Err = err 291 return 292 } else { 293 w.WriteHeader(http.StatusCreated) 294 w.Write([]byte(groupChannel.ToJson())) 295 } 296 } 297 298 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 299 c.RequireChannelId() 300 if c.Err != nil { 301 return 302 } 303 304 channel, err := c.App.GetChannel(c.Params.ChannelId) 305 if err != nil { 306 c.Err = err 307 return 308 } 309 310 if channel.Type == model.CHANNEL_OPEN { 311 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 312 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 313 return 314 } 315 } else { 316 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 317 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 318 return 319 } 320 } 321 322 w.Write([]byte(channel.ToJson())) 323 } 324 325 func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { 326 c.RequireChannelId().RequireUserId() 327 if c.Err != nil { 328 return 329 } 330 331 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 332 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 333 return 334 } 335 336 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 337 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 338 return 339 } 340 341 channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId) 342 if err != nil { 343 c.Err = err 344 return 345 } 346 347 w.Write([]byte(channelUnread.ToJson())) 348 } 349 350 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 351 c.RequireChannelId() 352 if c.Err != nil { 353 return 354 } 355 356 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 357 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 358 return 359 } 360 361 memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId) 362 363 if err != nil { 364 c.Err = err 365 return 366 } 367 368 stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount} 369 w.Write([]byte(stats.ToJson())) 370 } 371 372 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 373 c.RequireChannelId() 374 if c.Err != nil { 375 return 376 } 377 378 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 379 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 380 return 381 } 382 383 if posts, err := c.App.GetPinnedPosts(c.Params.ChannelId); err != nil { 384 c.Err = err 385 return 386 } else if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) { 387 return 388 } else { 389 w.Header().Set(model.HEADER_ETAG_SERVER, posts.Etag()) 390 w.Write([]byte(c.App.PostListWithProxyAddedToImageURLs(posts).ToJson())) 391 } 392 } 393 394 func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 395 c.RequireTeamId() 396 if c.Err != nil { 397 return 398 } 399 400 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 401 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 402 return 403 } 404 405 if channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 406 c.Err = err 407 return 408 } else { 409 w.Write([]byte(channels.ToJson())) 410 return 411 } 412 } 413 414 func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 415 c.RequireTeamId() 416 if c.Err != nil { 417 return 418 } 419 420 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 421 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 422 return 423 } 424 425 if channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 426 c.Err = err 427 return 428 } else { 429 w.Write([]byte(channels.ToJson())) 430 return 431 } 432 } 433 434 func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 435 c.RequireTeamId() 436 if c.Err != nil { 437 return 438 } 439 440 channelIds := model.ArrayFromJson(r.Body) 441 if len(channelIds) == 0 { 442 c.SetInvalidParam("channel_ids") 443 return 444 } 445 446 for _, cid := range channelIds { 447 if len(cid) != 26 { 448 c.SetInvalidParam("channel_id") 449 return 450 } 451 } 452 453 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 454 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 455 return 456 } 457 458 if channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds); err != nil { 459 c.Err = err 460 return 461 } else { 462 w.Write([]byte(channels.ToJson())) 463 } 464 } 465 466 func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 467 c.RequireUserId().RequireTeamId() 468 if c.Err != nil { 469 return 470 } 471 472 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 473 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 474 return 475 } 476 477 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 478 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 479 return 480 } 481 482 if channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId); err != nil { 483 c.Err = err 484 return 485 } else if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 486 return 487 } else { 488 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 489 w.Write([]byte(channels.ToJson())) 490 } 491 } 492 493 func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 494 c.RequireTeamId() 495 if c.Err != nil { 496 return 497 } 498 499 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 500 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 501 return 502 } 503 504 name := r.URL.Query().Get("name") 505 506 if channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name); err != nil { 507 c.Err = err 508 return 509 } else { 510 w.Write([]byte(channels.ToJson())) 511 } 512 } 513 514 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 515 c.RequireTeamId() 516 if c.Err != nil { 517 return 518 } 519 520 props := model.ChannelSearchFromJson(r.Body) 521 if props == nil { 522 c.SetInvalidParam("channel_search") 523 return 524 } 525 526 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 527 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 528 return 529 } 530 531 if channels, err := c.App.SearchChannels(c.Params.TeamId, props.Term); err != nil { 532 c.Err = err 533 return 534 } else { 535 w.Write([]byte(channels.ToJson())) 536 } 537 } 538 539 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 540 c.RequireChannelId() 541 if c.Err != nil { 542 return 543 } 544 545 var channel *model.Channel 546 var err *model.AppError 547 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 548 c.Err = err 549 return 550 } 551 552 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 553 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 554 return 555 } 556 557 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 558 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 559 return 560 } 561 562 err = c.App.DeleteChannel(channel, c.Session.UserId) 563 if err != nil { 564 c.Err = err 565 return 566 } 567 568 c.LogAudit("name=" + channel.Name) 569 570 ReturnStatusOK(w) 571 } 572 573 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 574 c.RequireTeamId().RequireChannelName() 575 if c.Err != nil { 576 return 577 } 578 579 var channel *model.Channel 580 var err *model.AppError 581 582 if channel, err = c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId); err != nil { 583 c.Err = err 584 return 585 } 586 587 if channel.Type == model.CHANNEL_OPEN { 588 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 589 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 590 return 591 } 592 } else { 593 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 594 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 595 return 596 } 597 } 598 599 w.Write([]byte(channel.ToJson())) 600 } 601 602 func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { 603 c.RequireTeamName().RequireChannelName() 604 if c.Err != nil { 605 return 606 } 607 608 var channel *model.Channel 609 var err *model.AppError 610 611 if channel, err = c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName); err != nil { 612 c.Err = err 613 return 614 } 615 616 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 617 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 618 return 619 } 620 621 w.Write([]byte(channel.ToJson())) 622 } 623 624 func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 625 c.RequireChannelId() 626 if c.Err != nil { 627 return 628 } 629 630 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 631 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 632 return 633 } 634 635 if members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage); err != nil { 636 c.Err = err 637 return 638 } else { 639 w.Write([]byte(members.ToJson())) 640 } 641 } 642 643 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 644 c.RequireChannelId() 645 if c.Err != nil { 646 return 647 } 648 649 userIds := model.ArrayFromJson(r.Body) 650 if len(userIds) == 0 { 651 c.SetInvalidParam("user_ids") 652 return 653 } 654 655 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 656 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 657 return 658 } 659 660 if members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds); err != nil { 661 c.Err = err 662 return 663 } else { 664 w.Write([]byte(members.ToJson())) 665 } 666 } 667 668 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 669 c.RequireChannelId().RequireUserId() 670 if c.Err != nil { 671 return 672 } 673 674 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 675 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 676 return 677 } 678 679 if member, err := c.App.GetChannelMember(c.Params.ChannelId, c.Params.UserId); err != nil { 680 c.Err = err 681 return 682 } else { 683 w.Write([]byte(member.ToJson())) 684 } 685 } 686 687 func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 688 c.RequireUserId().RequireTeamId() 689 if c.Err != nil { 690 return 691 } 692 693 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 694 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 695 return 696 } 697 698 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { 699 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 700 return 701 } 702 703 if members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId); err != nil { 704 c.Err = err 705 return 706 } else { 707 w.Write([]byte(members.ToJson())) 708 } 709 } 710 711 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 712 c.RequireUserId() 713 if c.Err != nil { 714 return 715 } 716 717 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 718 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 719 return 720 } 721 722 view := model.ChannelViewFromJson(r.Body) 723 if view == nil { 724 c.SetInvalidParam("channel_view") 725 return 726 } 727 728 times, err := c.App.ViewChannel(view, c.Params.UserId, !c.Session.IsMobileApp()) 729 730 if err != nil { 731 c.Err = err 732 return 733 } 734 735 c.App.UpdateLastActivityAtIfNeeded(c.Session) 736 737 // Returning {"status": "OK", ...} for backwards compatability 738 resp := &model.ChannelViewResponse{ 739 Status: "OK", 740 LastViewedAtTimes: times, 741 } 742 743 w.Write([]byte(resp.ToJson())) 744 } 745 746 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 747 c.RequireChannelId().RequireUserId() 748 if c.Err != nil { 749 return 750 } 751 752 props := model.MapFromJson(r.Body) 753 754 newRoles := props["roles"] 755 if !(model.IsValidUserRoles(newRoles)) { 756 c.SetInvalidParam("roles") 757 return 758 } 759 760 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 761 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 762 return 763 } 764 765 if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { 766 c.Err = err 767 return 768 } 769 770 ReturnStatusOK(w) 771 } 772 773 func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 774 c.RequireChannelId().RequireUserId() 775 if c.Err != nil { 776 return 777 } 778 779 props := model.MapFromJson(r.Body) 780 if props == nil { 781 c.SetInvalidParam("notify_props") 782 return 783 } 784 785 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 786 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 787 return 788 } 789 790 _, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId) 791 if err != nil { 792 c.Err = err 793 return 794 } 795 796 ReturnStatusOK(w) 797 } 798 799 func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 800 c.RequireChannelId() 801 if c.Err != nil { 802 return 803 } 804 805 props := model.StringInterfaceFromJson(r.Body) 806 userId, ok := props["user_id"].(string) 807 if !ok || len(userId) != 26 { 808 c.SetInvalidParam("user_id") 809 return 810 } 811 812 member := &model.ChannelMember{ 813 ChannelId: c.Params.ChannelId, 814 UserId: userId, 815 } 816 817 postRootId, ok := props["post_root_id"].(string) 818 if ok && len(postRootId) != 0 && len(postRootId) != 26 { 819 c.SetInvalidParam("post_root_id") 820 return 821 } 822 823 var err *model.AppError 824 if ok && len(postRootId) == 26 { 825 if rootPost, err := c.App.GetSinglePost(postRootId); err != nil { 826 c.Err = err 827 return 828 } else if rootPost.ChannelId != member.ChannelId { 829 c.SetInvalidParam("post_root_id") 830 return 831 } 832 } 833 834 var channel *model.Channel 835 if channel, err = c.App.GetChannel(member.ChannelId); err != nil { 836 c.Err = err 837 return 838 } 839 840 // Check join permission if adding yourself, otherwise check manage permission 841 if channel.Type == model.CHANNEL_OPEN { 842 if member.UserId == c.Session.UserId { 843 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 844 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 845 return 846 } 847 } else { 848 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 849 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 850 return 851 } 852 } 853 } 854 855 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 856 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 857 return 858 } 859 860 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 861 c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) 862 return 863 } 864 865 if cm, err := c.App.AddChannelMember(member.UserId, channel, c.Session.UserId, postRootId); err != nil { 866 c.Err = err 867 return 868 } else { 869 c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId) 870 w.WriteHeader(http.StatusCreated) 871 w.Write([]byte(cm.ToJson())) 872 } 873 } 874 875 func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 876 c.RequireChannelId().RequireUserId() 877 if c.Err != nil { 878 return 879 } 880 881 var channel *model.Channel 882 var err *model.AppError 883 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 884 c.Err = err 885 return 886 } 887 888 if c.Params.UserId != c.Session.UserId { 889 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 890 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 891 return 892 } 893 894 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 895 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 896 return 897 } 898 } 899 900 if err = c.App.RemoveUserFromChannel(c.Params.UserId, c.Session.UserId, channel); err != nil { 901 c.Err = err 902 return 903 } 904 905 c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) 906 907 ReturnStatusOK(w) 908 }