github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/api4/channel.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/mlog" 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitChannel() { 14 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST") 15 api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST") 16 api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST") 17 api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST") 18 19 api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET") 20 api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET") 21 api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST") 22 api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST") 23 api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET") 24 api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET") 25 26 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET") 27 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT") 28 api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT") 29 api.BaseRoutes.Channel.Handle("/convert", api.ApiSessionRequired(convertChannelToPrivate)).Methods("POST") 30 api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST") 31 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE") 32 api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET") 33 api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET") 34 35 api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET") 36 37 api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET") 38 api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") 39 40 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET") 41 api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST") 42 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST") 43 api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET") 44 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET") 45 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE") 46 api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") 47 api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT") 48 } 49 50 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 51 channel := model.ChannelFromJson(r.Body) 52 if channel == nil { 53 c.SetInvalidParam("channel") 54 return 55 } 56 57 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_TEAM) { 58 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 59 return 60 } 61 62 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 63 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 64 return 65 } 66 67 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 68 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 69 return 70 } 71 72 if sc, err := c.App.CreateChannelWithUser(channel, c.Session.UserId); err != nil { 73 c.Err = err 74 return 75 } else { 76 c.LogAudit("name=" + channel.Name) 77 w.WriteHeader(http.StatusCreated) 78 w.Write([]byte(sc.ToJson())) 79 } 80 } 81 82 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 83 c.RequireChannelId() 84 if c.Err != nil { 85 return 86 } 87 88 channel := model.ChannelFromJson(r.Body) 89 90 if channel == nil { 91 c.SetInvalidParam("channel") 92 return 93 } 94 95 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_TEAM) { 96 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 97 return 98 } 99 100 var oldChannel *model.Channel 101 var err *model.AppError 102 if oldChannel, err = c.App.GetChannel(channel.Id); err != nil { 103 c.Err = err 104 return 105 } 106 107 if _, err = c.App.GetChannelMember(channel.Id, c.Session.UserId); err != nil { 108 c.Err = err 109 return 110 } 111 112 if !CanManageChannel(c, channel) { 113 return 114 } 115 116 if oldChannel.DeleteAt > 0 { 117 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 118 return 119 } 120 121 if oldChannel.Name == model.DEFAULT_CHANNEL { 122 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 123 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 124 return 125 } 126 } 127 128 oldChannel.Header = channel.Header 129 oldChannel.Purpose = channel.Purpose 130 131 oldChannelDisplayName := oldChannel.DisplayName 132 133 if len(channel.DisplayName) > 0 { 134 oldChannel.DisplayName = channel.DisplayName 135 } 136 137 if len(channel.Name) > 0 { 138 oldChannel.Name = channel.Name 139 } 140 141 if len(channel.Type) > 0 { 142 oldChannel.Type = channel.Type 143 } 144 145 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 146 c.Err = err 147 return 148 } else { 149 if oldChannelDisplayName != channel.DisplayName { 150 if err := c.App.PostUpdateChannelDisplayNameMessage(c.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 151 mlog.Error(err.Error()) 152 } 153 } 154 155 c.LogAudit("name=" + channel.Name) 156 w.Write([]byte(oldChannel.ToJson())) 157 } 158 } 159 160 func convertChannelToPrivate(c *Context, w http.ResponseWriter, r *http.Request) { 161 c.RequireChannelId() 162 if c.Err != nil { 163 return 164 } 165 166 oldPublicChannel, err := c.App.GetChannel(c.Params.ChannelId) 167 if err != nil { 168 c.Err = err 169 return 170 } else if !c.App.SessionHasPermissionToTeam(c.Session, oldPublicChannel.TeamId, model.PERMISSION_MANAGE_TEAM) { 171 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 172 return 173 } else if oldPublicChannel.Type == model.CHANNEL_PRIVATE { 174 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.private_channel_error", nil, "", http.StatusBadRequest) 175 return 176 } else if oldPublicChannel.Name == model.DEFAULT_CHANNEL { 177 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.default_channel_error", nil, "", http.StatusBadRequest) 178 return 179 } 180 181 var user *model.User 182 if user, err = c.App.GetUser(c.Session.UserId); err != nil { 183 c.Err = err 184 return 185 } 186 187 oldPublicChannel.Type = model.CHANNEL_PRIVATE 188 189 if rchannel, err := c.App.UpdateChannelPrivacy(oldPublicChannel, user); err != nil { 190 c.Err = err 191 return 192 } else { 193 c.LogAudit("name=" + rchannel.Name) 194 w.Write([]byte(rchannel.ToJson())) 195 } 196 } 197 198 func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { 199 c.RequireChannelId() 200 if c.Err != nil { 201 return 202 } 203 204 patch := model.ChannelPatchFromJson(r.Body) 205 if patch == nil { 206 c.SetInvalidParam("channel") 207 return 208 } 209 210 oldChannel, err := c.App.GetChannel(c.Params.ChannelId) 211 if err != nil { 212 c.Err = err 213 return 214 } 215 216 if oldChannel.Type != model.CHANNEL_DIRECT && !c.App.SessionHasPermissionToTeam(c.Session, oldChannel.TeamId, model.PERMISSION_MANAGE_TEAM) { 217 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 218 return 219 } 220 221 if !CanManageChannel(c, oldChannel) { 222 return 223 } 224 225 if rchannel, err := c.App.PatchChannel(oldChannel, patch, c.Session.UserId); err != nil { 226 c.Err = err 227 return 228 } else { 229 c.LogAudit("") 230 w.Write([]byte(rchannel.ToJson())) 231 } 232 } 233 234 func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { 235 c.RequireChannelId() 236 if c.Err != nil { 237 return 238 } 239 240 var channel *model.Channel 241 var err *model.AppError 242 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 243 c.Err = err 244 return 245 } 246 teamId := channel.TeamId 247 248 if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) { 249 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 250 return 251 } 252 253 channel, err = c.App.RestoreChannel(channel) 254 if err != nil { 255 c.Err = err 256 return 257 } 258 259 c.LogAudit("name=" + channel.Name) 260 w.Write([]byte(channel.ToJson())) 261 262 } 263 264 func CanManageChannel(c *Context, channel *model.Channel) bool { 265 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 266 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 267 return false 268 } 269 270 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 271 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 272 return false 273 } 274 275 return true 276 } 277 278 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 279 userIds := model.ArrayFromJson(r.Body) 280 allowed := false 281 282 if len(userIds) != 2 { 283 c.SetInvalidParam("user_ids") 284 return 285 } 286 287 for _, id := range userIds { 288 if len(id) != 26 { 289 c.SetInvalidParam("user_id") 290 return 291 } 292 if id == c.Session.UserId { 293 allowed = true 294 } 295 } 296 297 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 298 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 299 return 300 } 301 302 if !allowed && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 303 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 304 return 305 } 306 307 if sc, err := c.App.CreateDirectChannel(userIds[0], userIds[1]); err != nil { 308 c.Err = err 309 return 310 } else { 311 w.WriteHeader(http.StatusCreated) 312 w.Write([]byte(sc.ToJson())) 313 } 314 } 315 316 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 317 userIds := model.ArrayFromJson(r.Body) 318 319 if len(userIds) == 0 { 320 c.SetInvalidParam("user_ids") 321 return 322 } 323 324 found := false 325 for _, id := range userIds { 326 if len(id) != 26 { 327 c.SetInvalidParam("user_id") 328 return 329 } 330 if id == c.Session.UserId { 331 found = true 332 } 333 } 334 335 if !found { 336 userIds = append(userIds, c.Session.UserId) 337 } 338 339 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 340 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 341 return 342 } 343 344 if groupChannel, err := c.App.CreateGroupChannel(userIds, c.Session.UserId); err != nil { 345 c.Err = err 346 return 347 } else { 348 w.WriteHeader(http.StatusCreated) 349 w.Write([]byte(groupChannel.ToJson())) 350 } 351 } 352 353 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 354 c.RequireChannelId() 355 if c.Err != nil { 356 return 357 } 358 359 channel, err := c.App.GetChannel(c.Params.ChannelId) 360 if err != nil { 361 c.Err = err 362 return 363 } 364 365 if channel.Type == model.CHANNEL_OPEN { 366 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 367 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 368 return 369 } 370 } else { 371 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 372 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 373 return 374 } 375 } 376 377 w.Write([]byte(channel.ToJson())) 378 } 379 380 func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { 381 c.RequireChannelId().RequireUserId() 382 if c.Err != nil { 383 return 384 } 385 386 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 387 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 388 return 389 } 390 391 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 392 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 393 return 394 } 395 396 channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId) 397 if err != nil { 398 c.Err = err 399 return 400 } 401 402 w.Write([]byte(channelUnread.ToJson())) 403 } 404 405 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 406 c.RequireChannelId() 407 if c.Err != nil { 408 return 409 } 410 411 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 412 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 413 return 414 } 415 416 memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId) 417 418 if err != nil { 419 c.Err = err 420 return 421 } 422 423 stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount} 424 w.Write([]byte(stats.ToJson())) 425 } 426 427 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 428 c.RequireChannelId() 429 if c.Err != nil { 430 return 431 } 432 433 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 434 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 435 return 436 } 437 438 if posts, err := c.App.GetPinnedPosts(c.Params.ChannelId); err != nil { 439 c.Err = err 440 return 441 } else if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) { 442 return 443 } else { 444 w.Header().Set(model.HEADER_ETAG_SERVER, posts.Etag()) 445 w.Write([]byte(c.App.PostListWithProxyAddedToImageURLs(posts).ToJson())) 446 } 447 } 448 449 func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 450 c.RequireTeamId() 451 if c.Err != nil { 452 return 453 } 454 455 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 456 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 457 return 458 } 459 460 if channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 461 c.Err = err 462 return 463 } else { 464 w.Write([]byte(channels.ToJson())) 465 return 466 } 467 } 468 469 func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 470 c.RequireTeamId() 471 if c.Err != nil { 472 return 473 } 474 475 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 476 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 477 return 478 } 479 480 if channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 481 c.Err = err 482 return 483 } else { 484 w.Write([]byte(channels.ToJson())) 485 return 486 } 487 } 488 489 func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 490 c.RequireTeamId() 491 if c.Err != nil { 492 return 493 } 494 495 channelIds := model.ArrayFromJson(r.Body) 496 if len(channelIds) == 0 { 497 c.SetInvalidParam("channel_ids") 498 return 499 } 500 501 for _, cid := range channelIds { 502 if len(cid) != 26 { 503 c.SetInvalidParam("channel_id") 504 return 505 } 506 } 507 508 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 509 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 510 return 511 } 512 513 if channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds); err != nil { 514 c.Err = err 515 return 516 } else { 517 w.Write([]byte(channels.ToJson())) 518 } 519 } 520 521 func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 522 c.RequireUserId().RequireTeamId() 523 if c.Err != nil { 524 return 525 } 526 527 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 528 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 529 return 530 } 531 532 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 533 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 534 return 535 } 536 537 if channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId); err != nil { 538 c.Err = err 539 return 540 } else if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 541 return 542 } else { 543 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 544 w.Write([]byte(channels.ToJson())) 545 } 546 } 547 548 func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 549 c.RequireTeamId() 550 if c.Err != nil { 551 return 552 } 553 554 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 555 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 556 return 557 } 558 559 name := r.URL.Query().Get("name") 560 561 if channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name); err != nil { 562 c.Err = err 563 return 564 } else { 565 w.Write([]byte(channels.ToJson())) 566 } 567 } 568 569 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 570 c.RequireTeamId() 571 if c.Err != nil { 572 return 573 } 574 575 props := model.ChannelSearchFromJson(r.Body) 576 if props == nil { 577 c.SetInvalidParam("channel_search") 578 return 579 } 580 581 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 582 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 583 return 584 } 585 586 if channels, err := c.App.SearchChannels(c.Params.TeamId, props.Term); err != nil { 587 c.Err = err 588 return 589 } else { 590 w.Write([]byte(channels.ToJson())) 591 } 592 } 593 594 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 595 c.RequireChannelId() 596 if c.Err != nil { 597 return 598 } 599 600 var channel *model.Channel 601 var err *model.AppError 602 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 603 c.Err = err 604 return 605 } 606 607 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_TEAM) { 608 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 609 return 610 } 611 612 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 613 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 614 return 615 } 616 617 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 618 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 619 return 620 } 621 622 err = c.App.DeleteChannel(channel, c.Session.UserId) 623 if err != nil { 624 c.Err = err 625 return 626 } 627 628 c.LogAudit("name=" + channel.Name) 629 630 ReturnStatusOK(w) 631 } 632 633 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 634 c.RequireTeamId().RequireChannelName() 635 if c.Err != nil { 636 return 637 } 638 639 var channel *model.Channel 640 var err *model.AppError 641 642 if channel, err = c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId); err != nil { 643 c.Err = err 644 return 645 } 646 647 if channel.Type == model.CHANNEL_OPEN { 648 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 649 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 650 return 651 } 652 } else { 653 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 654 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 655 return 656 } 657 } 658 659 w.Write([]byte(channel.ToJson())) 660 } 661 662 func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { 663 c.RequireTeamName().RequireChannelName() 664 if c.Err != nil { 665 return 666 } 667 668 var channel *model.Channel 669 var err *model.AppError 670 671 if channel, err = c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName); err != nil { 672 c.Err = err 673 return 674 } 675 676 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 677 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 678 return 679 } 680 681 w.Write([]byte(channel.ToJson())) 682 } 683 684 func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 685 c.RequireChannelId() 686 if c.Err != nil { 687 return 688 } 689 690 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 691 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 692 return 693 } 694 695 if members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage); err != nil { 696 c.Err = err 697 return 698 } else { 699 w.Write([]byte(members.ToJson())) 700 } 701 } 702 703 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 704 c.RequireChannelId() 705 if c.Err != nil { 706 return 707 } 708 709 userIds := model.ArrayFromJson(r.Body) 710 if len(userIds) == 0 { 711 c.SetInvalidParam("user_ids") 712 return 713 } 714 715 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 716 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 717 return 718 } 719 720 if members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds); err != nil { 721 c.Err = err 722 return 723 } else { 724 w.Write([]byte(members.ToJson())) 725 } 726 } 727 728 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 729 c.RequireChannelId().RequireUserId() 730 if c.Err != nil { 731 return 732 } 733 734 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 735 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 736 return 737 } 738 739 if member, err := c.App.GetChannelMember(c.Params.ChannelId, c.Params.UserId); err != nil { 740 c.Err = err 741 return 742 } else { 743 w.Write([]byte(member.ToJson())) 744 } 745 } 746 747 func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 748 c.RequireUserId().RequireTeamId() 749 if c.Err != nil { 750 return 751 } 752 753 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 754 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 755 return 756 } 757 758 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { 759 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 760 return 761 } 762 763 if members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId); err != nil { 764 c.Err = err 765 return 766 } else { 767 w.Write([]byte(members.ToJson())) 768 } 769 } 770 771 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 772 c.RequireUserId() 773 if c.Err != nil { 774 return 775 } 776 777 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 778 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 779 return 780 } 781 782 view := model.ChannelViewFromJson(r.Body) 783 if view == nil { 784 c.SetInvalidParam("channel_view") 785 return 786 } 787 788 times, err := c.App.ViewChannel(view, c.Params.UserId, !c.Session.IsMobileApp()) 789 790 if err != nil { 791 c.Err = err 792 return 793 } 794 795 c.App.UpdateLastActivityAtIfNeeded(c.Session) 796 797 // Returning {"status": "OK", ...} for backwards compatibility 798 resp := &model.ChannelViewResponse{ 799 Status: "OK", 800 LastViewedAtTimes: times, 801 } 802 803 w.Write([]byte(resp.ToJson())) 804 } 805 806 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 807 c.RequireChannelId().RequireUserId() 808 if c.Err != nil { 809 return 810 } 811 812 props := model.MapFromJson(r.Body) 813 814 var channel *model.Channel 815 var err *model.AppError 816 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 817 c.Err = err 818 return 819 } 820 821 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_TEAM) { 822 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 823 return 824 } 825 826 newRoles := props["roles"] 827 if !(model.IsValidUserRoles(newRoles)) { 828 c.SetInvalidParam("roles") 829 return 830 } 831 832 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 833 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 834 return 835 } 836 837 if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { 838 c.Err = err 839 return 840 } 841 842 ReturnStatusOK(w) 843 } 844 845 func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 846 c.RequireChannelId().RequireUserId() 847 if c.Err != nil { 848 return 849 } 850 851 props := model.MapFromJson(r.Body) 852 if props == nil { 853 c.SetInvalidParam("notify_props") 854 return 855 } 856 857 var channel *model.Channel 858 var channelErr *model.AppError 859 if channel, channelErr = c.App.GetChannel(c.Params.ChannelId); channelErr != nil { 860 c.Err = channelErr 861 return 862 } 863 864 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_TEAM) { 865 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 866 return 867 } 868 869 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 870 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 871 return 872 } 873 874 _, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId) 875 if err != nil { 876 c.Err = err 877 return 878 } 879 880 ReturnStatusOK(w) 881 } 882 883 func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 884 c.RequireChannelId() 885 if c.Err != nil { 886 return 887 } 888 889 props := model.StringInterfaceFromJson(r.Body) 890 userId, ok := props["user_id"].(string) 891 if !ok || len(userId) != 26 { 892 c.SetInvalidParam("user_id") 893 return 894 } 895 896 member := &model.ChannelMember{ 897 ChannelId: c.Params.ChannelId, 898 UserId: userId, 899 } 900 901 postRootId, ok := props["post_root_id"].(string) 902 if ok && len(postRootId) != 0 && len(postRootId) != 26 { 903 c.SetInvalidParam("post_root_id") 904 return 905 } 906 907 var err *model.AppError 908 if ok && len(postRootId) == 26 { 909 if rootPost, err := c.App.GetSinglePost(postRootId); err != nil { 910 c.Err = err 911 return 912 } else if rootPost.ChannelId != member.ChannelId { 913 c.SetInvalidParam("post_root_id") 914 return 915 } 916 } 917 918 var channel *model.Channel 919 if channel, err = c.App.GetChannel(member.ChannelId); err != nil { 920 c.Err = err 921 return 922 } 923 924 // Check join permission if adding yourself, otherwise check manage permission 925 if channel.Type == model.CHANNEL_OPEN { 926 if member.UserId == c.Session.UserId { 927 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 928 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 929 return 930 } 931 } else { 932 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 933 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 934 return 935 } 936 } 937 } 938 939 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 940 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 941 return 942 } 943 944 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 945 c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) 946 return 947 } 948 949 if cm, err := c.App.AddChannelMember(member.UserId, channel, c.Session.UserId, postRootId); err != nil { 950 c.Err = err 951 return 952 } else { 953 c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId) 954 w.WriteHeader(http.StatusCreated) 955 w.Write([]byte(cm.ToJson())) 956 } 957 } 958 959 func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 960 c.RequireChannelId().RequireUserId() 961 if c.Err != nil { 962 return 963 } 964 965 var channel *model.Channel 966 var err *model.AppError 967 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 968 c.Err = err 969 return 970 } 971 972 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_TEAM) { 973 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 974 return 975 } 976 977 if c.Params.UserId != c.Session.UserId { 978 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 979 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 980 return 981 } 982 983 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 984 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 985 return 986 } 987 } 988 989 if err = c.App.RemoveUserFromChannel(c.Params.UserId, c.Session.UserId, channel); err != nil { 990 c.Err = err 991 return 992 } 993 994 c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) 995 996 ReturnStatusOK(w) 997 }