github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/bot.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/model" 10 ) 11 12 func (api *API) InitBot() { 13 api.BaseRoutes.Bots.Handle("", api.ApiSessionRequired(createBot)).Methods("POST") 14 api.BaseRoutes.Bot.Handle("", api.ApiSessionRequired(patchBot)).Methods("PUT") 15 api.BaseRoutes.Bot.Handle("", api.ApiSessionRequired(getBot)).Methods("GET") 16 api.BaseRoutes.Bots.Handle("", api.ApiSessionRequired(getBots)).Methods("GET") 17 api.BaseRoutes.Bot.Handle("/disable", api.ApiSessionRequired(disableBot)).Methods("POST") 18 api.BaseRoutes.Bot.Handle("/enable", api.ApiSessionRequired(enableBot)).Methods("POST") 19 api.BaseRoutes.Bot.Handle("/assign/{user_id:[A-Za-z0-9]+}", api.ApiSessionRequired(assignBot)).Methods("POST") 20 } 21 22 func createBot(c *Context, w http.ResponseWriter, r *http.Request) { 23 botPatch := model.BotPatchFromJson(r.Body) 24 if botPatch == nil { 25 c.SetInvalidParam("bot") 26 return 27 } 28 29 bot := &model.Bot{ 30 OwnerId: c.App.Session.UserId, 31 } 32 bot.Patch(botPatch) 33 34 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_BOT) { 35 c.SetPermissionError(model.PERMISSION_CREATE_BOT) 36 return 37 } 38 39 createdBot, err := c.App.CreateBot(bot) 40 if err != nil { 41 c.Err = err 42 return 43 } 44 45 w.WriteHeader(http.StatusCreated) 46 w.Write(createdBot.ToJson()) 47 } 48 49 func patchBot(c *Context, w http.ResponseWriter, r *http.Request) { 50 c.RequireBotUserId() 51 if c.Err != nil { 52 return 53 } 54 botUserId := c.Params.BotUserId 55 56 botPatch := model.BotPatchFromJson(r.Body) 57 if botPatch == nil { 58 c.SetInvalidParam("bot") 59 return 60 } 61 62 if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil { 63 c.Err = err 64 return 65 } 66 67 updatedBot, err := c.App.PatchBot(botUserId, botPatch) 68 if err != nil { 69 c.Err = err 70 return 71 } 72 73 w.Write(updatedBot.ToJson()) 74 } 75 76 func getBot(c *Context, w http.ResponseWriter, r *http.Request) { 77 c.RequireBotUserId() 78 if c.Err != nil { 79 return 80 } 81 botUserId := c.Params.BotUserId 82 83 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 84 85 bot, err := c.App.GetBot(botUserId, includeDeleted) 86 if err != nil { 87 c.Err = err 88 return 89 } 90 91 if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_OTHERS_BOTS) { 92 // Allow access to any bot. 93 } else if bot.OwnerId == c.App.Session.UserId { 94 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_BOTS) { 95 // Pretend like the bot doesn't exist at all to avoid revealing that the 96 // user is a bot. It's kind of silly in this case, sine we created the bot, 97 // but we don't have read bot permissions. 98 c.Err = model.MakeBotNotFoundError(botUserId) 99 return 100 } 101 } else { 102 // Pretend like the bot doesn't exist at all, to avoid revealing that the 103 // user is a bot. 104 c.Err = model.MakeBotNotFoundError(botUserId) 105 return 106 } 107 108 if c.HandleEtag(bot.Etag(), "Get Bot", w, r) { 109 return 110 } 111 112 w.Write(bot.ToJson()) 113 } 114 115 func getBots(c *Context, w http.ResponseWriter, r *http.Request) { 116 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 117 onlyOrphaned := r.URL.Query().Get("only_orphaned") == "true" 118 119 var OwnerId string 120 if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_OTHERS_BOTS) { 121 // Get bots created by any user. 122 OwnerId = "" 123 } else if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_BOTS) { 124 // Only get bots created by this user. 125 OwnerId = c.App.Session.UserId 126 } else { 127 c.SetPermissionError(model.PERMISSION_READ_BOTS) 128 return 129 } 130 131 bots, err := c.App.GetBots(&model.BotGetOptions{ 132 Page: c.Params.Page, 133 PerPage: c.Params.PerPage, 134 OwnerId: OwnerId, 135 IncludeDeleted: includeDeleted, 136 OnlyOrphaned: onlyOrphaned, 137 }) 138 if err != nil { 139 c.Err = err 140 return 141 } 142 143 if c.HandleEtag(bots.Etag(), "Get Bots", w, r) { 144 return 145 } 146 147 w.Write(bots.ToJson()) 148 } 149 150 func disableBot(c *Context, w http.ResponseWriter, r *http.Request) { 151 updateBotActive(c, w, r, false) 152 } 153 154 func enableBot(c *Context, w http.ResponseWriter, r *http.Request) { 155 updateBotActive(c, w, r, true) 156 } 157 158 func updateBotActive(c *Context, w http.ResponseWriter, r *http.Request, active bool) { 159 c.RequireBotUserId() 160 if c.Err != nil { 161 return 162 } 163 botUserId := c.Params.BotUserId 164 165 if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil { 166 c.Err = err 167 return 168 } 169 170 bot, err := c.App.UpdateBotActive(botUserId, active) 171 if err != nil { 172 c.Err = err 173 return 174 } 175 176 w.Write(bot.ToJson()) 177 } 178 179 func assignBot(c *Context, w http.ResponseWriter, r *http.Request) { 180 c.RequireUserId() 181 c.RequireBotUserId() 182 if c.Err != nil { 183 return 184 } 185 botUserId := c.Params.BotUserId 186 userId := c.Params.UserId 187 188 if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil { 189 c.Err = err 190 return 191 } 192 193 bot, err := c.App.UpdateBotOwner(botUserId, userId) 194 if err != nil { 195 c.Err = err 196 return 197 } 198 199 w.Write(bot.ToJson()) 200 }