github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/emoji.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "io" 8 "io/ioutil" 9 "net/http" 10 "strings" 11 12 "github.com/mattermost/mattermost-server/app" 13 "github.com/mattermost/mattermost-server/model" 14 "github.com/mattermost/mattermost-server/web" 15 ) 16 17 const ( 18 EMOJI_MAX_AUTOCOMPLETE_ITEMS = 100 19 ) 20 21 func (api *API) InitEmoji() { 22 api.BaseRoutes.Emojis.Handle("", api.ApiSessionRequired(createEmoji)).Methods("POST") 23 api.BaseRoutes.Emojis.Handle("", api.ApiSessionRequired(getEmojiList)).Methods("GET") 24 api.BaseRoutes.Emojis.Handle("/search", api.ApiSessionRequired(searchEmojis)).Methods("POST") 25 api.BaseRoutes.Emojis.Handle("/autocomplete", api.ApiSessionRequired(autocompleteEmojis)).Methods("GET") 26 api.BaseRoutes.Emoji.Handle("", api.ApiSessionRequired(deleteEmoji)).Methods("DELETE") 27 api.BaseRoutes.Emoji.Handle("", api.ApiSessionRequired(getEmoji)).Methods("GET") 28 api.BaseRoutes.EmojiByName.Handle("", api.ApiSessionRequired(getEmojiByName)).Methods("GET") 29 api.BaseRoutes.Emoji.Handle("/image", api.ApiSessionRequiredTrustRequester(getEmojiImage)).Methods("GET") 30 } 31 32 func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) { 33 defer io.Copy(ioutil.Discard, r.Body) 34 35 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 36 c.Err = model.NewAppError("createEmoji", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 37 return 38 } 39 40 if r.ContentLength > app.MaxEmojiFileSize { 41 c.Err = model.NewAppError("createEmoji", "api.emoji.create.too_large.app_error", nil, "", http.StatusRequestEntityTooLarge) 42 return 43 } 44 45 if err := r.ParseMultipartForm(app.MaxEmojiFileSize); err != nil { 46 c.Err = model.NewAppError("createEmoji", "api.emoji.create.parse.app_error", nil, err.Error(), http.StatusBadRequest) 47 return 48 } 49 50 // Allow any user with CREATE_EMOJIS permission at Team level to create emojis at system level 51 memberships, err := c.App.GetTeamMembersForUser(c.App.Session.UserId) 52 53 if err != nil { 54 c.Err = err 55 return 56 } 57 58 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_EMOJIS) { 59 hasPermission := false 60 for _, membership := range memberships { 61 if c.App.SessionHasPermissionToTeam(c.App.Session, membership.TeamId, model.PERMISSION_CREATE_EMOJIS) { 62 hasPermission = true 63 break 64 } 65 } 66 if !hasPermission { 67 c.SetPermissionError(model.PERMISSION_CREATE_EMOJIS) 68 return 69 } 70 } 71 72 m := r.MultipartForm 73 props := m.Value 74 75 if len(props["emoji"]) == 0 { 76 c.SetInvalidParam("emoji") 77 return 78 } 79 80 emoji := model.EmojiFromJson(strings.NewReader(props["emoji"][0])) 81 if emoji == nil { 82 c.SetInvalidParam("emoji") 83 return 84 } 85 86 newEmoji, err := c.App.CreateEmoji(c.App.Session.UserId, emoji, m) 87 if err != nil { 88 c.Err = err 89 return 90 } 91 92 w.Write([]byte(newEmoji.ToJson())) 93 } 94 95 func getEmojiList(c *Context, w http.ResponseWriter, r *http.Request) { 96 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 97 c.Err = model.NewAppError("getEmoji", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 98 return 99 } 100 101 sort := r.URL.Query().Get("sort") 102 if sort != "" && sort != model.EMOJI_SORT_BY_NAME { 103 c.SetInvalidUrlParam("sort") 104 return 105 } 106 107 listEmoji, err := c.App.GetEmojiList(c.Params.Page, c.Params.PerPage, sort) 108 if err != nil { 109 c.Err = err 110 return 111 } 112 113 w.Write([]byte(model.EmojiListToJson(listEmoji))) 114 } 115 116 func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) { 117 c.RequireEmojiId() 118 if c.Err != nil { 119 return 120 } 121 122 emoji, err := c.App.GetEmoji(c.Params.EmojiId) 123 if err != nil { 124 c.Err = err 125 return 126 } 127 128 // Allow any user with DELETE_EMOJIS permission at Team level to delete emojis at system level 129 memberships, err := c.App.GetTeamMembersForUser(c.App.Session.UserId) 130 131 if err != nil { 132 c.Err = err 133 return 134 } 135 136 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_DELETE_EMOJIS) { 137 hasPermission := false 138 for _, membership := range memberships { 139 if c.App.SessionHasPermissionToTeam(c.App.Session, membership.TeamId, model.PERMISSION_DELETE_EMOJIS) { 140 hasPermission = true 141 break 142 } 143 } 144 if !hasPermission { 145 c.SetPermissionError(model.PERMISSION_DELETE_EMOJIS) 146 return 147 } 148 } 149 150 if c.App.Session.UserId != emoji.CreatorId { 151 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_DELETE_OTHERS_EMOJIS) { 152 hasPermission := false 153 for _, membership := range memberships { 154 if c.App.SessionHasPermissionToTeam(c.App.Session, membership.TeamId, model.PERMISSION_DELETE_OTHERS_EMOJIS) { 155 hasPermission = true 156 break 157 } 158 } 159 160 if !hasPermission { 161 c.SetPermissionError(model.PERMISSION_DELETE_OTHERS_EMOJIS) 162 return 163 } 164 } 165 } 166 167 err = c.App.DeleteEmoji(emoji) 168 if err != nil { 169 c.Err = err 170 return 171 } 172 173 ReturnStatusOK(w) 174 } 175 176 func getEmoji(c *Context, w http.ResponseWriter, r *http.Request) { 177 c.RequireEmojiId() 178 if c.Err != nil { 179 return 180 } 181 182 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 183 c.Err = model.NewAppError("getEmoji", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 184 return 185 } 186 187 emoji, err := c.App.GetEmoji(c.Params.EmojiId) 188 if err != nil { 189 c.Err = err 190 return 191 } 192 193 w.Write([]byte(emoji.ToJson())) 194 } 195 196 func getEmojiByName(c *Context, w http.ResponseWriter, r *http.Request) { 197 c.RequireEmojiName() 198 if c.Err != nil { 199 return 200 } 201 202 emoji, err := c.App.GetEmojiByName(c.Params.EmojiName) 203 if err != nil { 204 c.Err = err 205 return 206 } 207 208 w.Write([]byte(emoji.ToJson())) 209 } 210 211 func getEmojiImage(c *Context, w http.ResponseWriter, r *http.Request) { 212 c.RequireEmojiId() 213 if c.Err != nil { 214 return 215 } 216 217 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 218 c.Err = model.NewAppError("getEmojiImage", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 219 return 220 } 221 222 image, imageType, err := c.App.GetEmojiImage(c.Params.EmojiId) 223 if err != nil { 224 c.Err = err 225 return 226 } 227 228 w.Header().Set("Content-Type", "image/"+imageType) 229 w.Header().Set("Cache-Control", "max-age=2592000, public") 230 w.Write(image) 231 } 232 233 func searchEmojis(c *Context, w http.ResponseWriter, r *http.Request) { 234 emojiSearch := model.EmojiSearchFromJson(r.Body) 235 if emojiSearch == nil { 236 c.SetInvalidParam("term") 237 return 238 } 239 240 if emojiSearch.Term == "" { 241 c.SetInvalidParam("term") 242 return 243 } 244 245 emojis, err := c.App.SearchEmoji(emojiSearch.Term, emojiSearch.PrefixOnly, web.PER_PAGE_MAXIMUM) 246 if err != nil { 247 c.Err = err 248 return 249 } 250 251 w.Write([]byte(model.EmojiListToJson(emojis))) 252 } 253 254 func autocompleteEmojis(c *Context, w http.ResponseWriter, r *http.Request) { 255 name := r.URL.Query().Get("name") 256 257 if name == "" { 258 c.SetInvalidUrlParam("name") 259 return 260 } 261 262 emojis, err := c.App.SearchEmoji(name, true, EMOJI_MAX_AUTOCOMPLETE_ITEMS) 263 if err != nil { 264 c.Err = err 265 return 266 } 267 268 w.Write([]byte(model.EmojiListToJson(emojis))) 269 }