github.com/demisto/mattermost-server@v4.9.0-rc3+incompatible/api4/role.go (about) 1 // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "strings" 9 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitRole() { 14 api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}", api.ApiSessionRequiredTrustRequester(getRole)).Methods("GET") 15 api.BaseRoutes.Roles.Handle("/name/{role_name:[a-z0-9_]+}", api.ApiSessionRequiredTrustRequester(getRoleByName)).Methods("GET") 16 api.BaseRoutes.Roles.Handle("/names", api.ApiSessionRequiredTrustRequester(getRolesByNames)).Methods("POST") 17 api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}/patch", api.ApiSessionRequired(patchRole)).Methods("PUT") 18 } 19 20 func getRole(c *Context, w http.ResponseWriter, r *http.Request) { 21 c.RequireRoleId() 22 if c.Err != nil { 23 return 24 } 25 26 if role, err := c.App.GetRole(c.Params.RoleId); err != nil { 27 c.Err = err 28 return 29 } else { 30 w.Write([]byte(role.ToJson())) 31 } 32 } 33 34 func getRoleByName(c *Context, w http.ResponseWriter, r *http.Request) { 35 c.RequireRoleName() 36 if c.Err != nil { 37 return 38 } 39 40 if role, err := c.App.GetRoleByName(c.Params.RoleName); err != nil { 41 c.Err = err 42 return 43 } else { 44 w.Write([]byte(role.ToJson())) 45 } 46 } 47 48 func getRolesByNames(c *Context, w http.ResponseWriter, r *http.Request) { 49 rolenames := model.ArrayFromJson(r.Body) 50 51 if len(rolenames) == 0 { 52 c.SetInvalidParam("rolenames") 53 return 54 } 55 56 var cleanedRoleNames []string 57 for _, rolename := range rolenames { 58 if strings.TrimSpace(rolename) == "" { 59 continue 60 } 61 62 if !model.IsValidRoleName(rolename) { 63 c.SetInvalidParam("rolename") 64 return 65 } 66 67 cleanedRoleNames = append(cleanedRoleNames, rolename) 68 } 69 70 if roles, err := c.App.GetRolesByNames(cleanedRoleNames); err != nil { 71 c.Err = err 72 return 73 } else { 74 w.Write([]byte(model.RoleListToJson(roles))) 75 } 76 } 77 78 func patchRole(c *Context, w http.ResponseWriter, r *http.Request) { 79 c.RequireRoleId() 80 if c.Err != nil { 81 return 82 } 83 84 patch := model.RolePatchFromJson(r.Body) 85 if patch == nil { 86 c.SetInvalidParam("role") 87 return 88 } 89 90 oldRole, err := c.App.GetRole(c.Params.RoleId) 91 if err != nil { 92 c.Err = err 93 return 94 } 95 96 if c.App.License() == nil && patch.Permissions != nil { 97 allowedPermissions := []string{ 98 model.PERMISSION_CREATE_TEAM.Id, 99 model.PERMISSION_MANAGE_WEBHOOKS.Id, 100 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 101 model.PERMISSION_MANAGE_OAUTH.Id, 102 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 103 } 104 105 changedPermissions := model.PermissionsChangedByPatch(oldRole, patch) 106 for _, permission := range changedPermissions { 107 allowed := false 108 for _, allowedPermission := range allowedPermissions { 109 if permission == allowedPermission { 110 allowed = true 111 } 112 } 113 114 if !allowed { 115 c.Err = model.NewAppError("Api4.PatchRoles", "api.roles.patch_roles.license.error", nil, "", http.StatusNotImplemented) 116 return 117 } 118 } 119 } 120 121 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 122 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 123 return 124 } 125 126 if role, err := c.App.PatchRole(oldRole, patch); err != nil { 127 c.Err = err 128 return 129 } else { 130 c.LogAudit("") 131 w.Write([]byte(role.ToJson())) 132 } 133 }