github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/api/command.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api 5 6 import ( 7 "io/ioutil" 8 "net/http" 9 "strings" 10 11 "github.com/mattermost/mattermost-server/model" 12 ) 13 14 func (api *API) InitCommand() { 15 api.BaseRoutes.Commands.Handle("/execute", api.ApiUserRequired(executeCommand)).Methods("POST") 16 api.BaseRoutes.Commands.Handle("/list", api.ApiUserRequired(listCommands)).Methods("GET") 17 18 api.BaseRoutes.Commands.Handle("/create", api.ApiUserRequired(createCommand)).Methods("POST") 19 api.BaseRoutes.Commands.Handle("/update", api.ApiUserRequired(updateCommand)).Methods("POST") 20 api.BaseRoutes.Commands.Handle("/list_team_commands", api.ApiUserRequired(listTeamCommands)).Methods("GET") 21 api.BaseRoutes.Commands.Handle("/regen_token", api.ApiUserRequired(regenCommandToken)).Methods("POST") 22 api.BaseRoutes.Commands.Handle("/delete", api.ApiUserRequired(deleteCommand)).Methods("POST") 23 24 api.BaseRoutes.Teams.Handle("/command_test", api.ApiAppHandler(testCommand)).Methods("POST") 25 api.BaseRoutes.Teams.Handle("/command_test", api.ApiAppHandler(testCommand)).Methods("GET") 26 api.BaseRoutes.Teams.Handle("/command_test_e", api.ApiAppHandler(testEphemeralCommand)).Methods("POST") 27 api.BaseRoutes.Teams.Handle("/command_test_e", api.ApiAppHandler(testEphemeralCommand)).Methods("GET") 28 } 29 30 func listCommands(c *Context, w http.ResponseWriter, r *http.Request) { 31 commands, err := c.App.ListAutocompleteCommands(c.TeamId, c.T) 32 if err != nil { 33 c.Err = err 34 return 35 } 36 37 w.Write([]byte(model.CommandListToJson(commands))) 38 } 39 40 func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) { 41 commandArgs := model.CommandArgsFromJson(r.Body) 42 if commandArgs == nil { 43 c.SetInvalidParam("executeCommand", "command_args") 44 return 45 } 46 47 if len(commandArgs.Command) <= 1 || strings.Index(commandArgs.Command, "/") != 0 { 48 c.Err = model.NewAppError("executeCommand", "api.command.execute_command.start.app_error", nil, "", http.StatusBadRequest) 49 return 50 } 51 52 if len(commandArgs.ChannelId) > 0 { 53 if !c.App.SessionHasPermissionToChannel(c.Session, commandArgs.ChannelId, model.PERMISSION_USE_SLASH_COMMANDS) { 54 c.SetPermissionError(model.PERMISSION_USE_SLASH_COMMANDS) 55 return 56 } 57 } 58 59 commandArgs.TeamId = c.TeamId 60 commandArgs.UserId = c.Session.UserId 61 commandArgs.T = c.T 62 commandArgs.Session = c.Session 63 commandArgs.SiteURL = c.GetSiteURLHeader() 64 65 response, err := c.App.ExecuteCommand(commandArgs) 66 if err != nil { 67 c.Err = err 68 return 69 } 70 71 w.Write([]byte(response.ToJson())) 72 } 73 74 func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { 75 cmd := model.CommandFromJson(r.Body) 76 77 if cmd == nil { 78 c.SetInvalidParam("createCommand", "command") 79 return 80 } 81 82 c.LogAudit("attempt") 83 84 if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { 85 c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) 86 return 87 } 88 89 cmd.CreatorId = c.Session.UserId 90 cmd.TeamId = c.TeamId 91 92 rcmd, err := c.App.CreateCommand(cmd) 93 if err != nil { 94 c.Err = err 95 return 96 } 97 98 c.LogAudit("success") 99 w.Write([]byte(rcmd.ToJson())) 100 } 101 102 func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) { 103 cmd := model.CommandFromJson(r.Body) 104 105 if cmd == nil { 106 c.SetInvalidParam("updateCommand", "command") 107 return 108 } 109 110 c.LogAudit("attempt") 111 112 oldCmd, err := c.App.GetCommand(cmd.Id) 113 if err != nil { 114 c.Err = err 115 return 116 } 117 118 if c.TeamId != oldCmd.TeamId { 119 c.Err = model.NewAppError("updateCommand", "api.command.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusBadRequest) 120 return 121 } 122 123 if !c.App.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { 124 c.LogAudit("fail - inappropriate permissions") 125 c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) 126 return 127 } 128 129 if c.Session.UserId != oldCmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { 130 c.LogAudit("fail - inappropriate permissions") 131 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) 132 return 133 } 134 135 rcmd, err := c.App.UpdateCommand(oldCmd, cmd) 136 if err != nil { 137 c.Err = err 138 return 139 } 140 141 c.LogAudit("success") 142 143 w.Write([]byte(rcmd.ToJson())) 144 } 145 146 func listTeamCommands(c *Context, w http.ResponseWriter, r *http.Request) { 147 if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { 148 c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) 149 return 150 } 151 152 cmds, err := c.App.ListTeamCommands(c.TeamId) 153 if err != nil { 154 c.Err = err 155 return 156 } 157 158 w.Write([]byte(model.CommandListToJson(cmds))) 159 } 160 161 func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) { 162 props := model.MapFromJson(r.Body) 163 164 id := props["id"] 165 if len(id) == 0 { 166 c.SetInvalidParam("regenCommandToken", "id") 167 return 168 } 169 170 c.LogAudit("attempt") 171 172 cmd, err := c.App.GetCommand(id) 173 if err != nil { 174 c.Err = err 175 return 176 } 177 178 if c.TeamId != cmd.TeamId { 179 c.Err = model.NewAppError("regenCommandToken", "api.command.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusBadRequest) 180 return 181 } 182 183 if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { 184 c.LogAudit("fail - inappropriate permissions") 185 c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) 186 return 187 } 188 189 if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { 190 c.LogAudit("fail - inappropriate permissions") 191 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) 192 return 193 } 194 195 rcmd, err := c.App.RegenCommandToken(cmd) 196 if err != nil { 197 c.Err = err 198 return 199 } 200 201 w.Write([]byte(rcmd.ToJson())) 202 } 203 204 func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) { 205 props := model.MapFromJson(r.Body) 206 207 id := props["id"] 208 if len(id) == 0 { 209 c.SetInvalidParam("deleteCommand", "id") 210 return 211 } 212 213 c.LogAudit("attempt") 214 215 cmd, err := c.App.GetCommand(id) 216 if err != nil { 217 c.Err = err 218 return 219 } 220 221 if c.TeamId != cmd.TeamId { 222 c.Err = model.NewAppError("deleteCommand", "api.command.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusBadRequest) 223 return 224 } 225 226 if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { 227 c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) 228 c.LogAudit("fail - inappropriate permissions") 229 return 230 } 231 232 if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { 233 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) 234 c.LogAudit("fail - inappropriate permissions") 235 return 236 } 237 238 err = c.App.DeleteCommand(cmd.Id) 239 if err != nil { 240 c.Err = err 241 return 242 } 243 244 c.LogAudit("success") 245 w.Write([]byte(model.MapToJson(props))) 246 } 247 248 func testCommand(c *Context, w http.ResponseWriter, r *http.Request) { 249 r.ParseForm() 250 251 msg := "" 252 if r.Method == "POST" { 253 msg = msg + "\ntoken=" + r.FormValue("token") 254 msg = msg + "\nteam_domain=" + r.FormValue("team_domain") 255 } else { 256 body, _ := ioutil.ReadAll(r.Body) 257 msg = string(body) 258 } 259 260 rc := &model.CommandResponse{ 261 Text: "test command response " + msg, 262 ResponseType: model.COMMAND_RESPONSE_TYPE_IN_CHANNEL, 263 } 264 265 w.Write([]byte(rc.ToJson())) 266 } 267 268 func testEphemeralCommand(c *Context, w http.ResponseWriter, r *http.Request) { 269 r.ParseForm() 270 271 msg := "" 272 if r.Method == "POST" { 273 msg = msg + "\ntoken=" + r.FormValue("token") 274 msg = msg + "\nteam_domain=" + r.FormValue("team_domain") 275 } else { 276 body, _ := ioutil.ReadAll(r.Body) 277 msg = string(body) 278 } 279 280 rc := &model.CommandResponse{ 281 Text: "test command response " + msg, 282 ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, 283 } 284 285 w.Write([]byte(rc.ToJson())) 286 }