github.com/keys-pub/mattermost-server@v4.10.10+incompatible/api4/reaction.go

github.com/keys-pub/mattermost-server@v4.10.10+incompatible/api4/reaction.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/mattermost/mattermost-server/model"
    10  )
    11  
    12  func (api *API) InitReaction() {
    13  	api.BaseRoutes.Reactions.Handle("", api.ApiSessionRequired(saveReaction)).Methods("POST")
    14  	api.BaseRoutes.Post.Handle("/reactions", api.ApiSessionRequired(getReactions)).Methods("GET")
    15  	api.BaseRoutes.ReactionByNameForPostForUser.Handle("", api.ApiSessionRequired(deleteReaction)).Methods("DELETE")
    16  }
    17  
    18  func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) {
    19  	reaction := model.ReactionFromJson(r.Body)
    20  	if reaction == nil {
    21  		c.SetInvalidParam("reaction")
    22  		return
    23  	}
    24  
    25  	if len(reaction.UserId) != 26 || len(reaction.PostId) != 26 || len(reaction.EmojiName) == 0 || len(reaction.EmojiName) > model.EMOJI_NAME_MAX_LENGTH {
    26  		c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.invalid.app_error", nil, "", http.StatusBadRequest)
    27  		return
    28  	}
    29  
    30  	if reaction.UserId != c.Session.UserId {
    31  		c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.user_id.app_error", nil, "", http.StatusForbidden)
    32  		return
    33  	}
    34  
    35  	if !c.App.SessionHasPermissionToChannelByPost(c.Session, reaction.PostId, model.PERMISSION_ADD_REACTION) {
    36  		c.SetPermissionError(model.PERMISSION_ADD_REACTION)
    37  		return
    38  	}
    39  
    40  	if reaction, err := c.App.SaveReactionForPost(reaction); err != nil {
    41  		c.Err = err
    42  		return
    43  	} else {
    44  		w.Write([]byte(reaction.ToJson()))
    45  		return
    46  	}
    47  }
    48  
    49  func getReactions(c *Context, w http.ResponseWriter, r *http.Request) {
    50  	c.RequirePostId()
    51  	if c.Err != nil {
    52  		return
    53  	}
    54  
    55  	if !c.App.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
    56  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
    57  		return
    58  	}
    59  
    60  	if reactions, err := c.App.GetReactionsForPost(c.Params.PostId); err != nil {
    61  		c.Err = err
    62  		return
    63  	} else {
    64  		w.Write([]byte(model.ReactionsToJson(reactions)))
    65  		return
    66  	}
    67  }
    68  
    69  func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) {
    70  	c.RequireUserId()
    71  	if c.Err != nil {
    72  		return
    73  	}
    74  
    75  	c.RequirePostId()
    76  	if c.Err != nil {
    77  		return
    78  	}
    79  
    80  	c.RequireEmojiName()
    81  	if c.Err != nil {
    82  		return
    83  	}
    84  
    85  	if !c.App.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_REMOVE_REACTION) {
    86  		c.SetPermissionError(model.PERMISSION_REMOVE_REACTION)
    87  		return
    88  	}
    89  
    90  	if c.Params.UserId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_REMOVE_OTHERS_REACTIONS) {
    91  		c.SetPermissionError(model.PERMISSION_REMOVE_OTHERS_REACTIONS)
    92  		return
    93  	}
    94  
    95  	reaction := &model.Reaction{
    96  		UserId:    c.Params.UserId,
    97  		PostId:    c.Params.PostId,
    98  		EmojiName: c.Params.EmojiName,
    99  	}
   100  
   101  	err := c.App.DeleteReactionForPost(reaction)
   102  	if err != nil {
   103  		c.Err = err
   104  		return
   105  	}
   106  
   107  	ReturnStatusOK(w)
   108  }