github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/bot.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/mattermost/mattermost-server/model"
    10  )
    11  
    12  func (api *API) InitBot() {
    13  	api.BaseRoutes.Bots.Handle("", api.ApiSessionRequired(createBot)).Methods("POST")
    14  	api.BaseRoutes.Bot.Handle("", api.ApiSessionRequired(patchBot)).Methods("PUT")
    15  	api.BaseRoutes.Bot.Handle("", api.ApiSessionRequired(getBot)).Methods("GET")
    16  	api.BaseRoutes.Bots.Handle("", api.ApiSessionRequired(getBots)).Methods("GET")
    17  	api.BaseRoutes.Bot.Handle("/disable", api.ApiSessionRequired(disableBot)).Methods("POST")
    18  	api.BaseRoutes.Bot.Handle("/enable", api.ApiSessionRequired(enableBot)).Methods("POST")
    19  	api.BaseRoutes.Bot.Handle("/assign/{user_id:[A-Za-z0-9]+}", api.ApiSessionRequired(assignBot)).Methods("POST")
    20  }
    21  
    22  func createBot(c *Context, w http.ResponseWriter, r *http.Request) {
    23  	botPatch := model.BotPatchFromJson(r.Body)
    24  	if botPatch == nil {
    25  		c.SetInvalidParam("bot")
    26  		return
    27  	}
    28  
    29  	bot := &model.Bot{
    30  		OwnerId: c.App.Session.UserId,
    31  	}
    32  	bot.Patch(botPatch)
    33  
    34  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_BOT) {
    35  		c.SetPermissionError(model.PERMISSION_CREATE_BOT)
    36  		return
    37  	}
    38  
    39  	createdBot, err := c.App.CreateBot(bot)
    40  	if err != nil {
    41  		c.Err = err
    42  		return
    43  	}
    44  
    45  	w.WriteHeader(http.StatusCreated)
    46  	w.Write(createdBot.ToJson())
    47  }
    48  
    49  func patchBot(c *Context, w http.ResponseWriter, r *http.Request) {
    50  	c.RequireBotUserId()
    51  	if c.Err != nil {
    52  		return
    53  	}
    54  	botUserId := c.Params.BotUserId
    55  
    56  	botPatch := model.BotPatchFromJson(r.Body)
    57  	if botPatch == nil {
    58  		c.SetInvalidParam("bot")
    59  		return
    60  	}
    61  
    62  	if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil {
    63  		c.Err = err
    64  		return
    65  	}
    66  
    67  	updatedBot, err := c.App.PatchBot(botUserId, botPatch)
    68  	if err != nil {
    69  		c.Err = err
    70  		return
    71  	}
    72  
    73  	w.Write(updatedBot.ToJson())
    74  }
    75  
    76  func getBot(c *Context, w http.ResponseWriter, r *http.Request) {
    77  	c.RequireBotUserId()
    78  	if c.Err != nil {
    79  		return
    80  	}
    81  	botUserId := c.Params.BotUserId
    82  
    83  	includeDeleted := r.URL.Query().Get("include_deleted") == "true"
    84  
    85  	bot, err := c.App.GetBot(botUserId, includeDeleted)
    86  	if err != nil {
    87  		c.Err = err
    88  		return
    89  	}
    90  
    91  	if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_OTHERS_BOTS) {
    92  		// Allow access to any bot.
    93  	} else if bot.OwnerId == c.App.Session.UserId {
    94  		if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_BOTS) {
    95  			// Pretend like the bot doesn't exist at all to avoid revealing that the
    96  			// user is a bot. It's kind of silly in this case, sine we created the bot,
    97  			// but we don't have read bot permissions.
    98  			c.Err = model.MakeBotNotFoundError(botUserId)
    99  			return
   100  		}
   101  	} else {
   102  		// Pretend like the bot doesn't exist at all, to avoid revealing that the
   103  		// user is a bot.
   104  		c.Err = model.MakeBotNotFoundError(botUserId)
   105  		return
   106  	}
   107  
   108  	if c.HandleEtag(bot.Etag(), "Get Bot", w, r) {
   109  		return
   110  	}
   111  
   112  	w.Write(bot.ToJson())
   113  }
   114  
   115  func getBots(c *Context, w http.ResponseWriter, r *http.Request) {
   116  	includeDeleted := r.URL.Query().Get("include_deleted") == "true"
   117  	onlyOrphaned := r.URL.Query().Get("only_orphaned") == "true"
   118  
   119  	var OwnerId string
   120  	if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_OTHERS_BOTS) {
   121  		// Get bots created by any user.
   122  		OwnerId = ""
   123  	} else if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_BOTS) {
   124  		// Only get bots created by this user.
   125  		OwnerId = c.App.Session.UserId
   126  	} else {
   127  		c.SetPermissionError(model.PERMISSION_READ_BOTS)
   128  		return
   129  	}
   130  
   131  	bots, err := c.App.GetBots(&model.BotGetOptions{
   132  		Page:           c.Params.Page,
   133  		PerPage:        c.Params.PerPage,
   134  		OwnerId:        OwnerId,
   135  		IncludeDeleted: includeDeleted,
   136  		OnlyOrphaned:   onlyOrphaned,
   137  	})
   138  	if err != nil {
   139  		c.Err = err
   140  		return
   141  	}
   142  
   143  	if c.HandleEtag(bots.Etag(), "Get Bots", w, r) {
   144  		return
   145  	}
   146  
   147  	w.Write(bots.ToJson())
   148  }
   149  
   150  func disableBot(c *Context, w http.ResponseWriter, r *http.Request) {
   151  	updateBotActive(c, w, r, false)
   152  }
   153  
   154  func enableBot(c *Context, w http.ResponseWriter, r *http.Request) {
   155  	updateBotActive(c, w, r, true)
   156  }
   157  
   158  func updateBotActive(c *Context, w http.ResponseWriter, r *http.Request, active bool) {
   159  	c.RequireBotUserId()
   160  	if c.Err != nil {
   161  		return
   162  	}
   163  	botUserId := c.Params.BotUserId
   164  
   165  	if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil {
   166  		c.Err = err
   167  		return
   168  	}
   169  
   170  	bot, err := c.App.UpdateBotActive(botUserId, active)
   171  	if err != nil {
   172  		c.Err = err
   173  		return
   174  	}
   175  
   176  	w.Write(bot.ToJson())
   177  }
   178  
   179  func assignBot(c *Context, w http.ResponseWriter, r *http.Request) {
   180  	c.RequireUserId()
   181  	c.RequireBotUserId()
   182  	if c.Err != nil {
   183  		return
   184  	}
   185  	botUserId := c.Params.BotUserId
   186  	userId := c.Params.UserId
   187  
   188  	if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil {
   189  		c.Err = err
   190  		return
   191  	}
   192  
   193  	bot, err := c.App.UpdateBotOwner(botUserId, userId)
   194  	if err != nil {
   195  		c.Err = err
   196  		return
   197  	}
   198  
   199  	w.Write(bot.ToJson())
   200  }