github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/api4/team.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "bytes" 8 "encoding/base64" 9 "fmt" 10 "net/http" 11 "strconv" 12 13 "github.com/mattermost/mattermost-server/model" 14 ) 15 16 const ( 17 MAX_ADD_MEMBERS_BATCH = 20 18 ) 19 20 func (api *API) InitTeam() { 21 api.BaseRoutes.Teams.Handle("", api.ApiSessionRequired(createTeam)).Methods("POST") 22 api.BaseRoutes.Teams.Handle("", api.ApiSessionRequired(getAllTeams)).Methods("GET") 23 api.BaseRoutes.Teams.Handle("/search", api.ApiSessionRequired(searchTeams)).Methods("POST") 24 api.BaseRoutes.TeamsForUser.Handle("", api.ApiSessionRequired(getTeamsForUser)).Methods("GET") 25 api.BaseRoutes.TeamsForUser.Handle("/unread", api.ApiSessionRequired(getTeamsUnreadForUser)).Methods("GET") 26 27 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(getTeam)).Methods("GET") 28 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(updateTeam)).Methods("PUT") 29 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(deleteTeam)).Methods("DELETE") 30 api.BaseRoutes.Team.Handle("/patch", api.ApiSessionRequired(patchTeam)).Methods("PUT") 31 api.BaseRoutes.Team.Handle("/stats", api.ApiSessionRequired(getTeamStats)).Methods("GET") 32 33 api.BaseRoutes.Team.Handle("/image", api.ApiSessionRequiredTrustRequester(getTeamIcon)).Methods("GET") 34 api.BaseRoutes.Team.Handle("/image", api.ApiSessionRequired(setTeamIcon)).Methods("POST") 35 api.BaseRoutes.Team.Handle("/image", api.ApiSessionRequired(removeTeamIcon)).Methods("DELETE") 36 37 api.BaseRoutes.TeamMembers.Handle("", api.ApiSessionRequired(getTeamMembers)).Methods("GET") 38 api.BaseRoutes.TeamMembers.Handle("/ids", api.ApiSessionRequired(getTeamMembersByIds)).Methods("POST") 39 api.BaseRoutes.TeamMembersForUser.Handle("", api.ApiSessionRequired(getTeamMembersForUser)).Methods("GET") 40 api.BaseRoutes.TeamMembers.Handle("", api.ApiSessionRequired(addTeamMember)).Methods("POST") 41 api.BaseRoutes.Teams.Handle("/members/invite", api.ApiSessionRequired(addUserToTeamFromInvite)).Methods("POST") 42 api.BaseRoutes.TeamMembers.Handle("/batch", api.ApiSessionRequired(addTeamMembers)).Methods("POST") 43 api.BaseRoutes.TeamMember.Handle("", api.ApiSessionRequired(removeTeamMember)).Methods("DELETE") 44 45 api.BaseRoutes.TeamForUser.Handle("/unread", api.ApiSessionRequired(getTeamUnread)).Methods("GET") 46 47 api.BaseRoutes.TeamByName.Handle("", api.ApiSessionRequired(getTeamByName)).Methods("GET") 48 api.BaseRoutes.TeamMember.Handle("", api.ApiSessionRequired(getTeamMember)).Methods("GET") 49 api.BaseRoutes.TeamByName.Handle("/exists", api.ApiSessionRequired(teamExists)).Methods("GET") 50 api.BaseRoutes.TeamMember.Handle("/roles", api.ApiSessionRequired(updateTeamMemberRoles)).Methods("PUT") 51 52 api.BaseRoutes.Team.Handle("/import", api.ApiSessionRequired(importTeam)).Methods("POST") 53 api.BaseRoutes.Team.Handle("/invite/email", api.ApiSessionRequired(inviteUsersToTeam)).Methods("POST") 54 api.BaseRoutes.Teams.Handle("/invite/{invite_id:[A-Za-z0-9]+}", api.ApiHandler(getInviteInfo)).Methods("GET") 55 } 56 57 func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { 58 team := model.TeamFromJson(r.Body) 59 if team == nil { 60 c.SetInvalidParam("team") 61 return 62 } 63 64 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) { 65 c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden) 66 return 67 } 68 69 rteam, err := c.App.CreateTeamWithUser(team, c.Session.UserId) 70 if err != nil { 71 c.Err = err 72 return 73 } 74 75 // Don't sanitize the team here since the user will be a team admin and their session won't reflect that yet 76 77 w.WriteHeader(http.StatusCreated) 78 w.Write([]byte(rteam.ToJson())) 79 } 80 81 func getTeam(c *Context, w http.ResponseWriter, r *http.Request) { 82 c.RequireTeamId() 83 if c.Err != nil { 84 return 85 } 86 87 if team, err := c.App.GetTeam(c.Params.TeamId); err != nil { 88 c.Err = err 89 return 90 } else { 91 if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { 92 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 93 return 94 } 95 96 c.App.SanitizeTeam(c.Session, team) 97 98 w.Write([]byte(team.ToJson())) 99 return 100 } 101 } 102 103 func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { 104 c.RequireTeamName() 105 if c.Err != nil { 106 return 107 } 108 109 if team, err := c.App.GetTeamByName(c.Params.TeamName); err != nil { 110 c.Err = err 111 return 112 } else { 113 if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { 114 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 115 return 116 } 117 118 c.App.SanitizeTeam(c.Session, team) 119 120 w.Write([]byte(team.ToJson())) 121 return 122 } 123 } 124 125 func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) { 126 c.RequireTeamId() 127 if c.Err != nil { 128 return 129 } 130 131 team := model.TeamFromJson(r.Body) 132 133 if team == nil { 134 c.SetInvalidParam("team") 135 return 136 } 137 138 team.Id = c.Params.TeamId 139 140 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 141 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 142 return 143 } 144 145 updatedTeam, err := c.App.UpdateTeam(team) 146 147 if err != nil { 148 c.Err = err 149 return 150 } 151 152 c.App.SanitizeTeam(c.Session, updatedTeam) 153 154 w.Write([]byte(updatedTeam.ToJson())) 155 } 156 157 func patchTeam(c *Context, w http.ResponseWriter, r *http.Request) { 158 c.RequireTeamId() 159 if c.Err != nil { 160 return 161 } 162 163 team := model.TeamPatchFromJson(r.Body) 164 165 if team == nil { 166 c.SetInvalidParam("team") 167 return 168 } 169 170 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 171 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 172 return 173 } 174 175 patchedTeam, err := c.App.PatchTeam(c.Params.TeamId, team) 176 177 if err != nil { 178 c.Err = err 179 return 180 } 181 182 c.App.SanitizeTeam(c.Session, patchedTeam) 183 184 c.LogAudit("") 185 w.Write([]byte(patchedTeam.ToJson())) 186 } 187 188 func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) { 189 c.RequireTeamId() 190 if c.Err != nil { 191 return 192 } 193 194 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 195 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 196 return 197 } 198 199 var err *model.AppError 200 if c.Params.Permanent { 201 err = c.App.PermanentDeleteTeamId(c.Params.TeamId) 202 } else { 203 err = c.App.SoftDeleteTeam(c.Params.TeamId) 204 } 205 206 if err != nil { 207 c.Err = err 208 return 209 } 210 211 ReturnStatusOK(w) 212 } 213 214 func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) { 215 c.RequireUserId() 216 if c.Err != nil { 217 return 218 } 219 220 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 221 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 222 return 223 } 224 225 if teams, err := c.App.GetTeamsForUser(c.Params.UserId); err != nil { 226 c.Err = err 227 return 228 } else { 229 c.App.SanitizeTeams(c.Session, teams) 230 231 w.Write([]byte(model.TeamListToJson(teams))) 232 } 233 } 234 235 func getTeamsUnreadForUser(c *Context, w http.ResponseWriter, r *http.Request) { 236 c.RequireUserId() 237 if c.Err != nil { 238 return 239 } 240 241 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 242 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 243 return 244 } 245 246 // optional team id to be excluded from the result 247 teamId := r.URL.Query().Get("exclude_team") 248 249 unreadTeamsList, err := c.App.GetTeamsUnreadForUser(teamId, c.Params.UserId) 250 if err != nil { 251 c.Err = err 252 return 253 } 254 255 w.Write([]byte(model.TeamsUnreadToJson(unreadTeamsList))) 256 } 257 258 func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 259 c.RequireTeamId().RequireUserId() 260 if c.Err != nil { 261 return 262 } 263 264 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 265 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 266 return 267 } 268 269 if team, err := c.App.GetTeamMember(c.Params.TeamId, c.Params.UserId); err != nil { 270 c.Err = err 271 return 272 } else { 273 w.Write([]byte(team.ToJson())) 274 return 275 } 276 } 277 278 func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { 279 c.RequireTeamId() 280 if c.Err != nil { 281 return 282 } 283 284 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 285 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 286 return 287 } 288 289 if members, err := c.App.GetTeamMembers(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 290 c.Err = err 291 return 292 } else { 293 w.Write([]byte(model.TeamMembersToJson(members))) 294 return 295 } 296 } 297 298 func getTeamMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 299 c.RequireUserId() 300 if c.Err != nil { 301 return 302 } 303 304 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 305 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 306 return 307 } 308 309 members, err := c.App.GetTeamMembersForUser(c.Params.UserId) 310 if err != nil { 311 c.Err = err 312 return 313 } 314 315 w.Write([]byte(model.TeamMembersToJson(members))) 316 } 317 318 func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 319 c.RequireTeamId() 320 if c.Err != nil { 321 return 322 } 323 324 userIds := model.ArrayFromJson(r.Body) 325 326 if len(userIds) == 0 { 327 c.SetInvalidParam("user_ids") 328 return 329 } 330 331 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 332 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 333 return 334 } 335 336 members, err := c.App.GetTeamMembersByIds(c.Params.TeamId, userIds) 337 if err != nil { 338 c.Err = err 339 return 340 } 341 342 w.Write([]byte(model.TeamMembersToJson(members))) 343 } 344 345 func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 346 c.RequireTeamId() 347 if c.Err != nil { 348 return 349 } 350 351 var err *model.AppError 352 member := model.TeamMemberFromJson(r.Body) 353 if member.TeamId != c.Params.TeamId { 354 c.SetInvalidParam("team_id") 355 return 356 } 357 358 if len(member.UserId) != 26 { 359 c.SetInvalidParam("user_id") 360 return 361 } 362 363 if !c.App.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 364 c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) 365 return 366 } 367 368 member, err = c.App.AddTeamMember(member.TeamId, member.UserId) 369 370 if err != nil { 371 c.Err = err 372 return 373 } 374 375 w.WriteHeader(http.StatusCreated) 376 w.Write([]byte(member.ToJson())) 377 } 378 379 func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) { 380 tokenId := r.URL.Query().Get("token") 381 inviteId := r.URL.Query().Get("invite_id") 382 383 var member *model.TeamMember 384 var err *model.AppError 385 386 if len(tokenId) > 0 { 387 member, err = c.App.AddTeamMemberByToken(c.Session.UserId, tokenId) 388 } else if len(inviteId) > 0 { 389 member, err = c.App.AddTeamMemberByInviteId(inviteId, c.Session.UserId) 390 } else { 391 err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.missing_parameter.app_error", nil, "", http.StatusBadRequest) 392 } 393 394 if err != nil { 395 c.Err = err 396 return 397 } 398 399 w.WriteHeader(http.StatusCreated) 400 w.Write([]byte(member.ToJson())) 401 } 402 403 func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { 404 c.RequireTeamId() 405 if c.Err != nil { 406 return 407 } 408 409 var err *model.AppError 410 members := model.TeamMembersFromJson(r.Body) 411 412 if len(members) > MAX_ADD_MEMBERS_BATCH || len(members) == 0 { 413 c.SetInvalidParam("too many members in batch") 414 return 415 } 416 417 var userIds []string 418 for _, member := range members { 419 if member.TeamId != c.Params.TeamId { 420 c.SetInvalidParam("team_id for member with user_id=" + member.UserId) 421 return 422 } 423 424 if len(member.UserId) != 26 { 425 c.SetInvalidParam("user_id") 426 return 427 } 428 429 userIds = append(userIds, member.UserId) 430 } 431 432 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 433 c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) 434 return 435 } 436 437 members, err = c.App.AddTeamMembers(c.Params.TeamId, userIds, c.Session.UserId) 438 439 if err != nil { 440 c.Err = err 441 return 442 } 443 444 w.WriteHeader(http.StatusCreated) 445 w.Write([]byte(model.TeamMembersToJson(members))) 446 } 447 448 func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 449 c.RequireTeamId().RequireUserId() 450 if c.Err != nil { 451 return 452 } 453 454 if c.Session.UserId != c.Params.UserId { 455 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) { 456 c.SetPermissionError(model.PERMISSION_REMOVE_USER_FROM_TEAM) 457 return 458 } 459 } 460 461 if err := c.App.RemoveUserFromTeam(c.Params.TeamId, c.Params.UserId, c.Session.UserId); err != nil { 462 c.Err = err 463 return 464 } 465 466 ReturnStatusOK(w) 467 } 468 469 func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) { 470 c.RequireTeamId().RequireUserId() 471 if c.Err != nil { 472 return 473 } 474 475 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 476 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 477 return 478 } 479 480 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 481 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 482 return 483 } 484 485 unreadTeam, err := c.App.GetTeamUnread(c.Params.TeamId, c.Params.UserId) 486 if err != nil { 487 c.Err = err 488 return 489 } 490 491 w.Write([]byte(unreadTeam.ToJson())) 492 } 493 494 func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) { 495 c.RequireTeamId() 496 if c.Err != nil { 497 return 498 } 499 500 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 501 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 502 return 503 } 504 505 if stats, err := c.App.GetTeamStats(c.Params.TeamId); err != nil { 506 c.Err = err 507 return 508 } else { 509 w.Write([]byte(stats.ToJson())) 510 return 511 } 512 } 513 514 func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 515 c.RequireTeamId().RequireUserId() 516 if c.Err != nil { 517 return 518 } 519 520 props := model.MapFromJson(r.Body) 521 522 newRoles := props["roles"] 523 if !model.IsValidUserRoles(newRoles) { 524 c.SetInvalidParam("team_member_roles") 525 return 526 } 527 528 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) { 529 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES) 530 return 531 } 532 533 if _, err := c.App.UpdateTeamMemberRoles(c.Params.TeamId, c.Params.UserId, newRoles); err != nil { 534 c.Err = err 535 return 536 } 537 538 ReturnStatusOK(w) 539 } 540 541 func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) { 542 var teams []*model.Team 543 var err *model.AppError 544 545 if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 546 teams, err = c.App.GetAllTeamsPage(c.Params.Page*c.Params.PerPage, c.Params.PerPage) 547 } else { 548 teams, err = c.App.GetAllOpenTeamsPage(c.Params.Page*c.Params.PerPage, c.Params.PerPage) 549 } 550 551 if err != nil { 552 c.Err = err 553 return 554 } 555 556 c.App.SanitizeTeams(c.Session, teams) 557 558 w.Write([]byte(model.TeamListToJson(teams))) 559 } 560 561 func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) { 562 props := model.TeamSearchFromJson(r.Body) 563 if props == nil { 564 c.SetInvalidParam("team_search") 565 return 566 } 567 568 if len(props.Term) == 0 { 569 c.SetInvalidParam("term") 570 return 571 } 572 573 var teams []*model.Team 574 var err *model.AppError 575 576 if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 577 teams, err = c.App.SearchAllTeams(props.Term) 578 } else { 579 teams, err = c.App.SearchOpenTeams(props.Term) 580 } 581 582 if err != nil { 583 c.Err = err 584 return 585 } 586 587 c.App.SanitizeTeams(c.Session, teams) 588 589 w.Write([]byte(model.TeamListToJson(teams))) 590 } 591 592 func teamExists(c *Context, w http.ResponseWriter, r *http.Request) { 593 c.RequireTeamName() 594 if c.Err != nil { 595 return 596 } 597 598 resp := make(map[string]bool) 599 600 if _, err := c.App.GetTeamByName(c.Params.TeamName); err != nil { 601 resp["exists"] = false 602 } else { 603 resp["exists"] = true 604 } 605 606 w.Write([]byte(model.MapBoolToJson(resp))) 607 } 608 609 func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { 610 c.RequireTeamId() 611 if c.Err != nil { 612 return 613 } 614 615 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_IMPORT_TEAM) { 616 c.SetPermissionError(model.PERMISSION_IMPORT_TEAM) 617 return 618 } 619 620 if err := r.ParseMultipartForm(10000000); err != nil { 621 c.Err = model.NewAppError("importTeam", "api.team.import_team.parse.app_error", nil, err.Error(), http.StatusInternalServerError) 622 return 623 } 624 625 importFromArray, ok := r.MultipartForm.Value["importFrom"] 626 if !ok || len(importFromArray) < 1 { 627 c.Err = model.NewAppError("importTeam", "api.team.import_team.no_import_from.app_error", nil, "", http.StatusBadRequest) 628 return 629 } 630 importFrom := importFromArray[0] 631 632 fileSizeStr, ok := r.MultipartForm.Value["filesize"] 633 if !ok || len(fileSizeStr) < 1 { 634 c.Err = model.NewAppError("importTeam", "api.team.import_team.unavailable.app_error", nil, "", http.StatusBadRequest) 635 return 636 } 637 638 fileSize, err := strconv.ParseInt(fileSizeStr[0], 10, 64) 639 if err != nil { 640 c.Err = model.NewAppError("importTeam", "api.team.import_team.integer.app_error", nil, "", http.StatusBadRequest) 641 return 642 } 643 644 fileInfoArray, ok := r.MultipartForm.File["file"] 645 if !ok { 646 c.Err = model.NewAppError("importTeam", "api.team.import_team.no_file.app_error", nil, "", http.StatusBadRequest) 647 return 648 } 649 650 if len(fileInfoArray) <= 0 { 651 c.Err = model.NewAppError("importTeam", "api.team.import_team.array.app_error", nil, "", http.StatusBadRequest) 652 return 653 } 654 655 fileInfo := fileInfoArray[0] 656 657 fileData, err := fileInfo.Open() 658 if err != nil { 659 c.Err = model.NewAppError("importTeam", "api.team.import_team.open.app_error", nil, err.Error(), http.StatusBadRequest) 660 return 661 } 662 defer fileData.Close() 663 664 var log *bytes.Buffer 665 switch importFrom { 666 case "slack": 667 var err *model.AppError 668 if err, log = c.App.SlackImport(fileData, fileSize, c.Params.TeamId); err != nil { 669 c.Err = err 670 c.Err.StatusCode = http.StatusBadRequest 671 } 672 } 673 674 data := map[string]string{} 675 data["results"] = base64.StdEncoding.EncodeToString([]byte(log.Bytes())) 676 if c.Err != nil { 677 w.WriteHeader(c.Err.StatusCode) 678 } 679 w.Write([]byte(model.MapToJson(data))) 680 } 681 682 func inviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) { 683 c.RequireTeamId() 684 if c.Err != nil { 685 return 686 } 687 688 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_INVITE_USER) { 689 c.SetPermissionError(model.PERMISSION_INVITE_USER) 690 return 691 } 692 693 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 694 c.SetPermissionError(model.PERMISSION_INVITE_USER) 695 return 696 } 697 698 emailList := model.ArrayFromJson(r.Body) 699 700 if len(emailList) == 0 { 701 c.SetInvalidParam("user_email") 702 return 703 } 704 705 err := c.App.InviteNewUsersToTeam(emailList, c.Params.TeamId, c.Session.UserId) 706 if err != nil { 707 c.Err = err 708 return 709 } 710 711 ReturnStatusOK(w) 712 } 713 714 func getInviteInfo(c *Context, w http.ResponseWriter, r *http.Request) { 715 c.RequireInviteId() 716 if c.Err != nil { 717 return 718 } 719 720 if team, err := c.App.GetTeamByInviteId(c.Params.InviteId); err != nil { 721 c.Err = err 722 return 723 } else { 724 if !(team.Type == model.TEAM_OPEN) { 725 c.Err = model.NewAppError("getInviteInfo", "api.team.get_invite_info.not_open_team", nil, "id="+c.Params.InviteId, http.StatusForbidden) 726 return 727 } 728 729 result := map[string]string{} 730 result["display_name"] = team.DisplayName 731 result["description"] = team.Description 732 result["name"] = team.Name 733 result["id"] = team.Id 734 w.Write([]byte(model.MapToJson(result))) 735 } 736 } 737 738 func getTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { 739 c.RequireTeamId() 740 if c.Err != nil { 741 return 742 } 743 744 if team, err := c.App.GetTeam(c.Params.TeamId); err != nil { 745 c.Err = err 746 return 747 } else { 748 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) && 749 (team.Type != model.TEAM_OPEN || team.AllowOpenInvite) { 750 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 751 return 752 } 753 754 etag := strconv.FormatInt(team.LastTeamIconUpdate, 10) 755 756 if c.HandleEtag(etag, "Get Team Icon", w, r) { 757 return 758 } 759 760 if img, err := c.App.GetTeamIcon(team); err != nil { 761 c.Err = err 762 return 763 } else { 764 w.Header().Set("Content-Type", "image/png") 765 w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%v, public", 24*60*60)) // 24 hrs 766 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 767 w.Write(img) 768 } 769 } 770 } 771 772 func setTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { 773 c.RequireTeamId() 774 if c.Err != nil { 775 return 776 } 777 778 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 779 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 780 return 781 } 782 783 if r.ContentLength > *c.App.Config().FileSettings.MaxFileSize { 784 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.too_large.app_error", nil, "", http.StatusBadRequest) 785 return 786 } 787 788 if err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize); err != nil { 789 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.parse.app_error", nil, err.Error(), http.StatusBadRequest) 790 return 791 } 792 793 m := r.MultipartForm 794 795 imageArray, ok := m.File["image"] 796 if !ok { 797 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.no_file.app_error", nil, "", http.StatusBadRequest) 798 return 799 } 800 801 if len(imageArray) <= 0 { 802 c.Err = model.NewAppError("setTeamIcon", "api.team.set_team_icon.array.app_error", nil, "", http.StatusBadRequest) 803 return 804 } 805 806 imageData := imageArray[0] 807 808 if err := c.App.SetTeamIcon(c.Params.TeamId, imageData); err != nil { 809 c.Err = err 810 return 811 } 812 813 c.LogAudit("") 814 ReturnStatusOK(w) 815 } 816 817 func removeTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { 818 c.RequireTeamId() 819 if c.Err != nil { 820 return 821 } 822 823 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 824 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 825 return 826 } 827 828 if err := c.App.RemoveTeamIcon(c.Params.TeamId); err != nil { 829 c.Err = err 830 return 831 } 832 833 c.LogAudit("") 834 ReturnStatusOK(w) 835 }