github.com/haalcala/mattermost-server-change-repo@v0.0.0-20210713015153-16753fbeee5f/api4/scheme.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/v5/audit" 10 "github.com/mattermost/mattermost-server/v5/model" 11 ) 12 13 func (api *API) InitScheme() { 14 api.BaseRoutes.Schemes.Handle("", api.ApiSessionRequired(getSchemes)).Methods("GET") 15 api.BaseRoutes.Schemes.Handle("", api.ApiSessionRequired(createScheme)).Methods("POST") 16 api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}", api.ApiSessionRequired(deleteScheme)).Methods("DELETE") 17 api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}", api.ApiSessionRequiredTrustRequester(getScheme)).Methods("GET") 18 api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}/patch", api.ApiSessionRequired(patchScheme)).Methods("PUT") 19 api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequiredTrustRequester(getTeamsForScheme)).Methods("GET") 20 api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequiredTrustRequester(getChannelsForScheme)).Methods("GET") 21 } 22 23 func createScheme(c *Context, w http.ResponseWriter, r *http.Request) { 24 scheme := model.SchemeFromJson(r.Body) 25 if scheme == nil { 26 c.SetInvalidParam("scheme") 27 return 28 } 29 30 auditRec := c.MakeAuditRecord("createScheme", audit.Fail) 31 defer c.LogAuditRec(auditRec) 32 auditRec.AddMeta("scheme", scheme) 33 34 if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.CustomPermissionsSchemes { 35 c.Err = model.NewAppError("Api4.CreateScheme", "api.scheme.create_scheme.license.error", nil, "", http.StatusNotImplemented) 36 return 37 } 38 39 if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) { 40 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) 41 return 42 } 43 44 scheme, err := c.App.CreateScheme(scheme) 45 if err != nil { 46 c.Err = err 47 return 48 } 49 50 auditRec.Success() 51 auditRec.AddMeta("scheme", scheme) // overwrite meta 52 53 w.WriteHeader(http.StatusCreated) 54 w.Write([]byte(scheme.ToJson())) 55 } 56 57 func getScheme(c *Context, w http.ResponseWriter, r *http.Request) { 58 c.RequireSchemeId() 59 if c.Err != nil { 60 return 61 } 62 63 if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS) { 64 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS) 65 return 66 } 67 68 scheme, err := c.App.GetScheme(c.Params.SchemeId) 69 if err != nil { 70 c.Err = err 71 return 72 } 73 74 w.Write([]byte(scheme.ToJson())) 75 } 76 77 func getSchemes(c *Context, w http.ResponseWriter, r *http.Request) { 78 if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS) { 79 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS) 80 return 81 } 82 83 scope := c.Params.Scope 84 if scope != "" && scope != model.SCHEME_SCOPE_TEAM && scope != model.SCHEME_SCOPE_CHANNEL { 85 c.SetInvalidParam("scope") 86 return 87 } 88 89 schemes, err := c.App.GetSchemesPage(c.Params.Scope, c.Params.Page, c.Params.PerPage) 90 if err != nil { 91 c.Err = err 92 return 93 } 94 95 w.Write([]byte(model.SchemesToJson(schemes))) 96 } 97 98 func getTeamsForScheme(c *Context, w http.ResponseWriter, r *http.Request) { 99 c.RequireSchemeId() 100 if c.Err != nil { 101 return 102 } 103 104 if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_TEAMS) { 105 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_TEAMS) 106 return 107 } 108 109 scheme, err := c.App.GetScheme(c.Params.SchemeId) 110 if err != nil { 111 c.Err = err 112 return 113 } 114 115 if scheme.Scope != model.SCHEME_SCOPE_TEAM { 116 c.Err = model.NewAppError("Api4.GetTeamsForScheme", "api.scheme.get_teams_for_scheme.scope.error", nil, "", http.StatusBadRequest) 117 return 118 } 119 120 teams, err := c.App.GetTeamsForSchemePage(scheme, c.Params.Page, c.Params.PerPage) 121 if err != nil { 122 c.Err = err 123 return 124 } 125 126 w.Write([]byte(model.TeamListToJson(teams))) 127 } 128 129 func getChannelsForScheme(c *Context, w http.ResponseWriter, r *http.Request) { 130 c.RequireSchemeId() 131 if c.Err != nil { 132 return 133 } 134 135 if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS) { 136 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS) 137 return 138 } 139 140 scheme, err := c.App.GetScheme(c.Params.SchemeId) 141 if err != nil { 142 c.Err = err 143 return 144 } 145 146 if scheme.Scope != model.SCHEME_SCOPE_CHANNEL { 147 c.Err = model.NewAppError("Api4.GetChannelsForScheme", "api.scheme.get_channels_for_scheme.scope.error", nil, "", http.StatusBadRequest) 148 return 149 } 150 151 channels, err := c.App.GetChannelsForSchemePage(scheme, c.Params.Page, c.Params.PerPage) 152 if err != nil { 153 c.Err = err 154 return 155 } 156 157 w.Write([]byte(channels.ToJson())) 158 } 159 160 func patchScheme(c *Context, w http.ResponseWriter, r *http.Request) { 161 c.RequireSchemeId() 162 if c.Err != nil { 163 return 164 } 165 166 patch := model.SchemePatchFromJson(r.Body) 167 if patch == nil { 168 c.SetInvalidParam("scheme") 169 return 170 } 171 172 auditRec := c.MakeAuditRecord("patchScheme", audit.Fail) 173 defer c.LogAuditRec(auditRec) 174 175 if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.CustomPermissionsSchemes { 176 c.Err = model.NewAppError("Api4.PatchScheme", "api.scheme.patch_scheme.license.error", nil, "", http.StatusNotImplemented) 177 return 178 } 179 180 scheme, err := c.App.GetScheme(c.Params.SchemeId) 181 if err != nil { 182 c.Err = err 183 return 184 } 185 auditRec.AddMeta("scheme", scheme) 186 187 if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) { 188 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) 189 return 190 } 191 192 scheme, err = c.App.PatchScheme(scheme, patch) 193 if err != nil { 194 c.Err = err 195 return 196 } 197 auditRec.AddMeta("patch", scheme) 198 199 auditRec.Success() 200 c.LogAudit("") 201 202 w.Write([]byte(scheme.ToJson())) 203 } 204 205 func deleteScheme(c *Context, w http.ResponseWriter, r *http.Request) { 206 c.RequireSchemeId() 207 if c.Err != nil { 208 return 209 } 210 211 auditRec := c.MakeAuditRecord("deleteScheme", audit.Fail) 212 defer c.LogAuditRec(auditRec) 213 214 if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.CustomPermissionsSchemes { 215 c.Err = model.NewAppError("Api4.DeleteScheme", "api.scheme.delete_scheme.license.error", nil, "", http.StatusNotImplemented) 216 return 217 } 218 219 if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) { 220 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) 221 return 222 } 223 224 scheme, err := c.App.DeleteScheme(c.Params.SchemeId) 225 if err != nil { 226 c.Err = err 227 return 228 } 229 230 auditRec.Success() 231 auditRec.AddMeta("scheme", scheme) 232 233 ReturnStatusOK(w) 234 }