github.com/coincircle/mattermost-server@v4.8.1-0.20180321182714-9d701c704416+incompatible/api4/team.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "bytes" 8 "encoding/base64" 9 "fmt" 10 "net/http" 11 "strconv" 12 13 "github.com/mattermost/mattermost-server/model" 14 ) 15 16 const ( 17 MAX_ADD_MEMBERS_BATCH = 20 18 ) 19 20 func (api *API) InitTeam() { 21 api.BaseRoutes.Teams.Handle("", api.ApiSessionRequired(createTeam)).Methods("POST") 22 api.BaseRoutes.Teams.Handle("", api.ApiSessionRequired(getAllTeams)).Methods("GET") 23 api.BaseRoutes.Teams.Handle("/search", api.ApiSessionRequired(searchTeams)).Methods("POST") 24 api.BaseRoutes.TeamsForUser.Handle("", api.ApiSessionRequired(getTeamsForUser)).Methods("GET") 25 api.BaseRoutes.TeamsForUser.Handle("/unread", api.ApiSessionRequired(getTeamsUnreadForUser)).Methods("GET") 26 27 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(getTeam)).Methods("GET") 28 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(updateTeam)).Methods("PUT") 29 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(deleteTeam)).Methods("DELETE") 30 api.BaseRoutes.Team.Handle("/patch", api.ApiSessionRequired(patchTeam)).Methods("PUT") 31 api.BaseRoutes.Team.Handle("/stats", api.ApiSessionRequired(getTeamStats)).Methods("GET") 32 33 api.BaseRoutes.Team.Handle("/image", api.ApiSessionRequiredTrustRequester(getTeamIcon)).Methods("GET") 34 api.BaseRoutes.Team.Handle("/image", api.ApiSessionRequired(setTeamIcon)).Methods("POST") 35 36 api.BaseRoutes.TeamMembers.Handle("", api.ApiSessionRequired(getTeamMembers)).Methods("GET") 37 api.BaseRoutes.TeamMembers.Handle("/ids", api.ApiSessionRequired(getTeamMembersByIds)).Methods("POST") 38 api.BaseRoutes.TeamMembersForUser.Handle("", api.ApiSessionRequired(getTeamMembersForUser)).Methods("GET") 39 api.BaseRoutes.TeamMembers.Handle("", api.ApiSessionRequired(addTeamMember)).Methods("POST") 40 api.BaseRoutes.Teams.Handle("/members/invite", api.ApiSessionRequired(addUserToTeamFromInvite)).Methods("POST") 41 api.BaseRoutes.TeamMembers.Handle("/batch", api.ApiSessionRequired(addTeamMembers)).Methods("POST") 42 api.BaseRoutes.TeamMember.Handle("", api.ApiSessionRequired(removeTeamMember)).Methods("DELETE") 43 44 api.BaseRoutes.TeamForUser.Handle("/unread", api.ApiSessionRequired(getTeamUnread)).Methods("GET") 45 46 api.BaseRoutes.TeamByName.Handle("", api.ApiSessionRequired(getTeamByName)).Methods("GET") 47 api.BaseRoutes.TeamMember.Handle("", api.ApiSessionRequired(getTeamMember)).Methods("GET") 48 api.BaseRoutes.TeamByName.Handle("/exists", api.ApiSessionRequired(teamExists)).Methods("GET") 49 api.BaseRoutes.TeamMember.Handle("/roles", api.ApiSessionRequired(updateTeamMemberRoles)).Methods("PUT") 50 51 api.BaseRoutes.Team.Handle("/import", api.ApiSessionRequired(importTeam)).Methods("POST") 52 api.BaseRoutes.Team.Handle("/invite/email", api.ApiSessionRequired(inviteUsersToTeam)).Methods("POST") 53 api.BaseRoutes.Teams.Handle("/invite/{invite_id:[A-Za-z0-9]+}", api.ApiHandler(getInviteInfo)).Methods("GET") 54 } 55 56 func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { 57 team := model.TeamFromJson(r.Body) 58 if team == nil { 59 c.SetInvalidParam("team") 60 return 61 } 62 63 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) { 64 c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden) 65 return 66 } 67 68 rteam, err := c.App.CreateTeamWithUser(team, c.Session.UserId) 69 if err != nil { 70 c.Err = err 71 return 72 } 73 74 // Don't sanitize the team here since the user will be a team admin and their session won't reflect that yet 75 76 w.WriteHeader(http.StatusCreated) 77 w.Write([]byte(rteam.ToJson())) 78 } 79 80 func getTeam(c *Context, w http.ResponseWriter, r *http.Request) { 81 c.RequireTeamId() 82 if c.Err != nil { 83 return 84 } 85 86 if team, err := c.App.GetTeam(c.Params.TeamId); err != nil { 87 c.Err = err 88 return 89 } else { 90 if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { 91 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 92 return 93 } 94 95 c.App.SanitizeTeam(c.Session, team) 96 97 w.Write([]byte(team.ToJson())) 98 return 99 } 100 } 101 102 func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { 103 c.RequireTeamName() 104 if c.Err != nil { 105 return 106 } 107 108 if team, err := c.App.GetTeamByName(c.Params.TeamName); err != nil { 109 c.Err = err 110 return 111 } else { 112 if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { 113 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 114 return 115 } 116 117 c.App.SanitizeTeam(c.Session, team) 118 119 w.Write([]byte(team.ToJson())) 120 return 121 } 122 } 123 124 func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) { 125 c.RequireTeamId() 126 if c.Err != nil { 127 return 128 } 129 130 team := model.TeamFromJson(r.Body) 131 132 if team == nil { 133 c.SetInvalidParam("team") 134 return 135 } 136 137 team.Id = c.Params.TeamId 138 139 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 140 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 141 return 142 } 143 144 updatedTeam, err := c.App.UpdateTeam(team) 145 146 if err != nil { 147 c.Err = err 148 return 149 } 150 151 c.App.SanitizeTeam(c.Session, updatedTeam) 152 153 w.Write([]byte(updatedTeam.ToJson())) 154 } 155 156 func patchTeam(c *Context, w http.ResponseWriter, r *http.Request) { 157 c.RequireTeamId() 158 if c.Err != nil { 159 return 160 } 161 162 team := model.TeamPatchFromJson(r.Body) 163 164 if team == nil { 165 c.SetInvalidParam("team") 166 return 167 } 168 169 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 170 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 171 return 172 } 173 174 patchedTeam, err := c.App.PatchTeam(c.Params.TeamId, team) 175 176 if err != nil { 177 c.Err = err 178 return 179 } 180 181 c.App.SanitizeTeam(c.Session, patchedTeam) 182 183 c.LogAudit("") 184 w.Write([]byte(patchedTeam.ToJson())) 185 } 186 187 func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) { 188 c.RequireTeamId() 189 if c.Err != nil { 190 return 191 } 192 193 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 194 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 195 return 196 } 197 198 var err *model.AppError 199 if c.Params.Permanent { 200 err = c.App.PermanentDeleteTeamId(c.Params.TeamId) 201 } else { 202 err = c.App.SoftDeleteTeam(c.Params.TeamId) 203 } 204 205 if err != nil { 206 c.Err = err 207 return 208 } 209 210 ReturnStatusOK(w) 211 } 212 213 func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) { 214 c.RequireUserId() 215 if c.Err != nil { 216 return 217 } 218 219 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 220 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 221 return 222 } 223 224 if teams, err := c.App.GetTeamsForUser(c.Params.UserId); err != nil { 225 c.Err = err 226 return 227 } else { 228 c.App.SanitizeTeams(c.Session, teams) 229 230 w.Write([]byte(model.TeamListToJson(teams))) 231 } 232 } 233 234 func getTeamsUnreadForUser(c *Context, w http.ResponseWriter, r *http.Request) { 235 c.RequireUserId() 236 if c.Err != nil { 237 return 238 } 239 240 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 241 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 242 return 243 } 244 245 // optional team id to be excluded from the result 246 teamId := r.URL.Query().Get("exclude_team") 247 248 unreadTeamsList, err := c.App.GetTeamsUnreadForUser(teamId, c.Params.UserId) 249 if err != nil { 250 c.Err = err 251 return 252 } 253 254 w.Write([]byte(model.TeamsUnreadToJson(unreadTeamsList))) 255 } 256 257 func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 258 c.RequireTeamId().RequireUserId() 259 if c.Err != nil { 260 return 261 } 262 263 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 264 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 265 return 266 } 267 268 if team, err := c.App.GetTeamMember(c.Params.TeamId, c.Params.UserId); err != nil { 269 c.Err = err 270 return 271 } else { 272 w.Write([]byte(team.ToJson())) 273 return 274 } 275 } 276 277 func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { 278 c.RequireTeamId() 279 if c.Err != nil { 280 return 281 } 282 283 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 284 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 285 return 286 } 287 288 if members, err := c.App.GetTeamMembers(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 289 c.Err = err 290 return 291 } else { 292 w.Write([]byte(model.TeamMembersToJson(members))) 293 return 294 } 295 } 296 297 func getTeamMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 298 c.RequireUserId() 299 if c.Err != nil { 300 return 301 } 302 303 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 304 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 305 return 306 } 307 308 members, err := c.App.GetTeamMembersForUser(c.Params.UserId) 309 if err != nil { 310 c.Err = err 311 return 312 } 313 314 w.Write([]byte(model.TeamMembersToJson(members))) 315 } 316 317 func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 318 c.RequireTeamId() 319 if c.Err != nil { 320 return 321 } 322 323 userIds := model.ArrayFromJson(r.Body) 324 325 if len(userIds) == 0 { 326 c.SetInvalidParam("user_ids") 327 return 328 } 329 330 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 331 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 332 return 333 } 334 335 members, err := c.App.GetTeamMembersByIds(c.Params.TeamId, userIds) 336 if err != nil { 337 c.Err = err 338 return 339 } 340 341 w.Write([]byte(model.TeamMembersToJson(members))) 342 } 343 344 func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 345 c.RequireTeamId() 346 if c.Err != nil { 347 return 348 } 349 350 var err *model.AppError 351 member := model.TeamMemberFromJson(r.Body) 352 if member.TeamId != c.Params.TeamId { 353 c.SetInvalidParam("team_id") 354 return 355 } 356 357 if len(member.UserId) != 26 { 358 c.SetInvalidParam("user_id") 359 return 360 } 361 362 if !c.App.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 363 c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) 364 return 365 } 366 367 member, err = c.App.AddTeamMember(member.TeamId, member.UserId) 368 369 if err != nil { 370 c.Err = err 371 return 372 } 373 374 w.WriteHeader(http.StatusCreated) 375 w.Write([]byte(member.ToJson())) 376 } 377 378 func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) { 379 hash := r.URL.Query().Get("hash") 380 data := r.URL.Query().Get("data") 381 inviteId := r.URL.Query().Get("invite_id") 382 383 var member *model.TeamMember 384 var err *model.AppError 385 386 if len(hash) > 0 && len(data) > 0 { 387 member, err = c.App.AddTeamMemberByHash(c.Session.UserId, hash, data) 388 } else if len(inviteId) > 0 { 389 member, err = c.App.AddTeamMemberByInviteId(inviteId, c.Session.UserId) 390 } else { 391 err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.missing_parameter.app_error", nil, "", http.StatusBadRequest) 392 } 393 394 if err != nil { 395 c.Err = err 396 return 397 } 398 399 w.WriteHeader(http.StatusCreated) 400 w.Write([]byte(member.ToJson())) 401 } 402 403 func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { 404 c.RequireTeamId() 405 if c.Err != nil { 406 return 407 } 408 409 var err *model.AppError 410 members := model.TeamMembersFromJson(r.Body) 411 412 if len(members) > MAX_ADD_MEMBERS_BATCH || len(members) == 0 { 413 c.SetInvalidParam("too many members in batch") 414 return 415 } 416 417 var userIds []string 418 for _, member := range members { 419 if member.TeamId != c.Params.TeamId { 420 c.SetInvalidParam("team_id for member with user_id=" + member.UserId) 421 return 422 } 423 424 if len(member.UserId) != 26 { 425 c.SetInvalidParam("user_id") 426 return 427 } 428 429 userIds = append(userIds, member.UserId) 430 } 431 432 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 433 c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) 434 return 435 } 436 437 members, err = c.App.AddTeamMembers(c.Params.TeamId, userIds, c.Session.UserId) 438 439 if err != nil { 440 c.Err = err 441 return 442 } 443 444 w.WriteHeader(http.StatusCreated) 445 w.Write([]byte(model.TeamMembersToJson(members))) 446 } 447 448 func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 449 c.RequireTeamId().RequireUserId() 450 if c.Err != nil { 451 return 452 } 453 454 if c.Session.UserId != c.Params.UserId { 455 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) { 456 c.SetPermissionError(model.PERMISSION_REMOVE_USER_FROM_TEAM) 457 return 458 } 459 } 460 461 if err := c.App.RemoveUserFromTeam(c.Params.TeamId, c.Params.UserId, c.Session.UserId); err != nil { 462 c.Err = err 463 return 464 } 465 466 ReturnStatusOK(w) 467 } 468 469 func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) { 470 c.RequireTeamId().RequireUserId() 471 if c.Err != nil { 472 return 473 } 474 475 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 476 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 477 return 478 } 479 480 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 481 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 482 return 483 } 484 485 unreadTeam, err := c.App.GetTeamUnread(c.Params.TeamId, c.Params.UserId) 486 if err != nil { 487 c.Err = err 488 return 489 } 490 491 w.Write([]byte(unreadTeam.ToJson())) 492 } 493 494 func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) { 495 c.RequireTeamId() 496 if c.Err != nil { 497 return 498 } 499 500 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 501 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 502 return 503 } 504 505 if stats, err := c.App.GetTeamStats(c.Params.TeamId); err != nil { 506 c.Err = err 507 return 508 } else { 509 w.Write([]byte(stats.ToJson())) 510 return 511 } 512 } 513 514 func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 515 c.RequireTeamId().RequireUserId() 516 if c.Err != nil { 517 return 518 } 519 520 props := model.MapFromJson(r.Body) 521 522 newRoles := props["roles"] 523 if !model.IsValidUserRoles(newRoles) { 524 c.SetInvalidParam("team_member_roles") 525 return 526 } 527 528 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) { 529 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES) 530 return 531 } 532 533 if _, err := c.App.UpdateTeamMemberRoles(c.Params.TeamId, c.Params.UserId, newRoles); err != nil { 534 c.Err = err 535 return 536 } 537 538 ReturnStatusOK(w) 539 } 540 541 func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) { 542 var teams []*model.Team 543 var err *model.AppError 544 545 if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 546 teams, err = c.App.GetAllTeamsPage(c.Params.Page*c.Params.PerPage, c.Params.PerPage) 547 } else { 548 teams, err = c.App.GetAllOpenTeamsPage(c.Params.Page*c.Params.PerPage, c.Params.PerPage) 549 } 550 551 if err != nil { 552 c.Err = err 553 return 554 } 555 556 c.App.SanitizeTeams(c.Session, teams) 557 558 w.Write([]byte(model.TeamListToJson(teams))) 559 } 560 561 func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) { 562 props := model.TeamSearchFromJson(r.Body) 563 if props == nil { 564 c.SetInvalidParam("team_search") 565 return 566 } 567 568 if len(props.Term) == 0 { 569 c.SetInvalidParam("term") 570 return 571 } 572 573 var teams []*model.Team 574 var err *model.AppError 575 576 if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 577 teams, err = c.App.SearchAllTeams(props.Term) 578 } else { 579 teams, err = c.App.SearchOpenTeams(props.Term) 580 } 581 582 if err != nil { 583 c.Err = err 584 return 585 } 586 587 c.App.SanitizeTeams(c.Session, teams) 588 589 w.Write([]byte(model.TeamListToJson(teams))) 590 } 591 592 func teamExists(c *Context, w http.ResponseWriter, r *http.Request) { 593 c.RequireTeamName() 594 if c.Err != nil { 595 return 596 } 597 598 resp := make(map[string]bool) 599 600 if _, err := c.App.GetTeamByName(c.Params.TeamName); err != nil { 601 resp["exists"] = false 602 } else { 603 resp["exists"] = true 604 } 605 606 w.Write([]byte(model.MapBoolToJson(resp))) 607 } 608 609 func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { 610 c.RequireTeamId() 611 if c.Err != nil { 612 return 613 } 614 615 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_IMPORT_TEAM) { 616 c.SetPermissionError(model.PERMISSION_IMPORT_TEAM) 617 return 618 } 619 620 if err := r.ParseMultipartForm(10000000); err != nil { 621 c.Err = model.NewAppError("importTeam", "api.team.import_team.parse.app_error", nil, err.Error(), http.StatusInternalServerError) 622 return 623 } 624 625 importFromArray, ok := r.MultipartForm.Value["importFrom"] 626 if !ok || len(importFromArray) < 1 { 627 c.Err = model.NewAppError("importTeam", "api.team.import_team.no_import_from.app_error", nil, "", http.StatusBadRequest) 628 return 629 } 630 importFrom := importFromArray[0] 631 632 fileSizeStr, ok := r.MultipartForm.Value["filesize"] 633 if !ok || len(fileSizeStr) < 1 { 634 c.Err = model.NewAppError("importTeam", "api.team.import_team.unavailable.app_error", nil, "", http.StatusBadRequest) 635 return 636 } 637 638 fileSize, err := strconv.ParseInt(fileSizeStr[0], 10, 64) 639 if err != nil { 640 c.Err = model.NewAppError("importTeam", "api.team.import_team.integer.app_error", nil, "", http.StatusBadRequest) 641 return 642 } 643 644 fileInfoArray, ok := r.MultipartForm.File["file"] 645 if !ok { 646 c.Err = model.NewAppError("importTeam", "api.team.import_team.no_file.app_error", nil, "", http.StatusBadRequest) 647 return 648 } 649 650 if len(fileInfoArray) <= 0 { 651 c.Err = model.NewAppError("importTeam", "api.team.import_team.array.app_error", nil, "", http.StatusBadRequest) 652 return 653 } 654 655 fileInfo := fileInfoArray[0] 656 657 fileData, err := fileInfo.Open() 658 if err != nil { 659 c.Err = model.NewAppError("importTeam", "api.team.import_team.open.app_error", nil, err.Error(), http.StatusBadRequest) 660 return 661 } 662 defer fileData.Close() 663 664 var log *bytes.Buffer 665 switch importFrom { 666 case "slack": 667 var err *model.AppError 668 if err, log = c.App.SlackImport(fileData, fileSize, c.Params.TeamId); err != nil { 669 c.Err = err 670 c.Err.StatusCode = http.StatusBadRequest 671 } 672 } 673 674 data := map[string]string{} 675 data["results"] = base64.StdEncoding.EncodeToString([]byte(log.Bytes())) 676 if c.Err != nil { 677 w.WriteHeader(c.Err.StatusCode) 678 } 679 w.Write([]byte(model.MapToJson(data))) 680 } 681 682 func inviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) { 683 c.RequireTeamId() 684 if c.Err != nil { 685 return 686 } 687 688 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_INVITE_USER) { 689 c.SetPermissionError(model.PERMISSION_INVITE_USER) 690 return 691 } 692 693 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 694 c.SetPermissionError(model.PERMISSION_INVITE_USER) 695 return 696 } 697 698 emailList := model.ArrayFromJson(r.Body) 699 700 if len(emailList) == 0 { 701 c.SetInvalidParam("user_email") 702 return 703 } 704 705 err := c.App.InviteNewUsersToTeam(emailList, c.Params.TeamId, c.Session.UserId) 706 if err != nil { 707 c.Err = err 708 return 709 } 710 711 ReturnStatusOK(w) 712 } 713 714 func getInviteInfo(c *Context, w http.ResponseWriter, r *http.Request) { 715 c.RequireInviteId() 716 if c.Err != nil { 717 return 718 } 719 720 if team, err := c.App.GetTeamByInviteId(c.Params.InviteId); err != nil { 721 c.Err = err 722 return 723 } else { 724 if !(team.Type == model.TEAM_OPEN) { 725 c.Err = model.NewAppError("getInviteInfo", "api.team.get_invite_info.not_open_team", nil, "id="+c.Params.InviteId, http.StatusForbidden) 726 return 727 } 728 729 result := map[string]string{} 730 result["display_name"] = team.DisplayName 731 result["description"] = team.Description 732 result["name"] = team.Name 733 result["id"] = team.Id 734 w.Write([]byte(model.MapToJson(result))) 735 } 736 } 737 738 func getTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { 739 c.RequireTeamId() 740 if c.Err != nil { 741 return 742 } 743 744 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 745 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 746 return 747 } 748 749 if team, err := c.App.GetTeam(c.Params.TeamId); err != nil { 750 c.Err = err 751 return 752 } else { 753 etag := strconv.FormatInt(team.LastTeamIconUpdate, 10) 754 755 if c.HandleEtag(etag, "Get Team Icon", w, r) { 756 return 757 } 758 759 if img, err := c.App.GetTeamIcon(team); err != nil { 760 c.Err = err 761 return 762 } else { 763 w.Header().Set("Content-Type", "image/png") 764 w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%v, public", 24*60*60)) // 24 hrs 765 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 766 w.Write(img) 767 } 768 } 769 } 770 771 func setTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { 772 c.RequireTeamId() 773 if c.Err != nil { 774 return 775 } 776 777 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 778 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 779 return 780 } 781 782 if r.ContentLength > *c.App.Config().FileSettings.MaxFileSize { 783 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.too_large.app_error", nil, "", http.StatusBadRequest) 784 return 785 } 786 787 if err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize); err != nil { 788 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.parse.app_error", nil, err.Error(), http.StatusBadRequest) 789 return 790 } 791 792 m := r.MultipartForm 793 794 imageArray, ok := m.File["image"] 795 if !ok { 796 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.no_file.app_error", nil, "", http.StatusBadRequest) 797 return 798 } 799 800 if len(imageArray) <= 0 { 801 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.array.app_error", nil, "", http.StatusBadRequest) 802 return 803 } 804 805 imageData := imageArray[0] 806 807 if err := c.App.SetTeamIcon(c.Params.TeamId, imageData); err != nil { 808 c.Err = err 809 return 810 } 811 812 c.LogAudit("") 813 ReturnStatusOK(w) 814 }