github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/api/reaction.go (about)

     1  // Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/gorilla/mux"
    10  	"github.com/mattermost/mattermost-server/model"
    11  )
    12  
    13  func (api *API) InitReaction() {
    14  	api.BaseRoutes.NeedPost.Handle("/reactions/save", api.ApiUserRequired(saveReaction)).Methods("POST")
    15  	api.BaseRoutes.NeedPost.Handle("/reactions/delete", api.ApiUserRequired(deleteReaction)).Methods("POST")
    16  	api.BaseRoutes.NeedPost.Handle("/reactions", api.ApiUserRequired(listReactions)).Methods("GET")
    17  }
    18  
    19  func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) {
    20  	reaction := model.ReactionFromJson(r.Body)
    21  	if reaction == nil {
    22  		c.SetInvalidParam("saveReaction", "reaction")
    23  		return
    24  	}
    25  
    26  	if reaction.UserId != c.Session.UserId {
    27  		c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.user_id.app_error", nil, "", http.StatusForbidden)
    28  		return
    29  	}
    30  
    31  	params := mux.Vars(r)
    32  
    33  	channelId := params["channel_id"]
    34  	if len(channelId) != 26 {
    35  		c.SetInvalidParam("saveReaction", "channelId")
    36  		return
    37  	}
    38  
    39  	if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_ADD_REACTION) {
    40  		c.SetPermissionError(model.PERMISSION_ADD_REACTION)
    41  		return
    42  	}
    43  
    44  	postId := params["post_id"]
    45  	if len(postId) != 26 || postId != reaction.PostId {
    46  		c.SetInvalidParam("saveReaction", "postId")
    47  		return
    48  	}
    49  
    50  	var post *model.Post
    51  
    52  	if result := <-c.App.Srv.Store.Post().Get(reaction.PostId); result.Err != nil {
    53  		c.Err = result.Err
    54  		return
    55  	} else if post = result.Data.(*model.PostList).Posts[postId]; post.ChannelId != channelId {
    56  		c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.mismatched_channel_id.app_error",
    57  			nil, "channelId="+channelId+", post.ChannelId="+post.ChannelId+", postId="+postId, http.StatusBadRequest)
    58  		return
    59  	}
    60  
    61  	if reaction, err := c.App.SaveReactionForPost(reaction); err != nil {
    62  		c.Err = err
    63  		return
    64  	} else {
    65  		w.Write([]byte(reaction.ToJson()))
    66  		return
    67  	}
    68  }
    69  
    70  func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) {
    71  	reaction := model.ReactionFromJson(r.Body)
    72  	if reaction == nil {
    73  		c.SetInvalidParam("deleteReaction", "reaction")
    74  		return
    75  	}
    76  
    77  	if reaction.UserId != c.Session.UserId {
    78  		c.Err = model.NewAppError("deleteReaction", "api.reaction.delete_reaction.user_id.app_error", nil, "", http.StatusForbidden)
    79  		return
    80  	}
    81  
    82  	params := mux.Vars(r)
    83  
    84  	channelId := params["channel_id"]
    85  	if len(channelId) != 26 {
    86  		c.SetInvalidParam("deleteReaction", "channelId")
    87  		return
    88  	}
    89  
    90  	if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_REMOVE_REACTION) {
    91  		c.SetPermissionError(model.PERMISSION_REMOVE_REACTION)
    92  		return
    93  	}
    94  
    95  	postId := params["post_id"]
    96  	if len(postId) != 26 || postId != reaction.PostId {
    97  		c.SetInvalidParam("deleteReaction", "postId")
    98  		return
    99  	}
   100  
   101  	err := c.App.DeleteReactionForPost(reaction)
   102  	if err != nil {
   103  		c.Err = err
   104  		return
   105  	}
   106  
   107  	ReturnStatusOK(w)
   108  }
   109  
   110  func listReactions(c *Context, w http.ResponseWriter, r *http.Request) {
   111  	params := mux.Vars(r)
   112  
   113  	channelId := params["channel_id"]
   114  	if len(channelId) != 26 {
   115  		c.SetInvalidParam("deletePost", "channelId")
   116  		return
   117  	}
   118  
   119  	postId := params["post_id"]
   120  	if len(postId) != 26 {
   121  		c.SetInvalidParam("listReactions", "postId")
   122  		return
   123  	}
   124  
   125  	pchan := c.App.Srv.Store.Post().Get(postId)
   126  
   127  	if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
   128  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   129  		return
   130  	}
   131  
   132  	if result := <-pchan; result.Err != nil {
   133  		c.Err = result.Err
   134  		return
   135  	} else if post := result.Data.(*model.PostList).Posts[postId]; post.ChannelId != channelId {
   136  		c.Err = model.NewAppError("listReactions", "api.reaction.list_reactions.mismatched_channel_id.app_error",
   137  			nil, "channelId="+channelId+", post.ChannelId="+post.ChannelId+", postId="+postId, http.StatusBadRequest)
   138  		return
   139  	}
   140  
   141  	if result := <-c.App.Srv.Store.Reaction().GetForPost(postId, true); result.Err != nil {
   142  		c.Err = result.Err
   143  		return
   144  	} else {
   145  		reactions := result.Data.([]*model.Reaction)
   146  
   147  		w.Write([]byte(model.ReactionsToJson(reactions)))
   148  	}
   149  }