github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/reaction.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/model" 10 ) 11 12 func (api *API) InitReaction() { 13 api.BaseRoutes.Reactions.Handle("", api.ApiSessionRequired(saveReaction)).Methods("POST") 14 api.BaseRoutes.Post.Handle("/reactions", api.ApiSessionRequired(getReactions)).Methods("GET") 15 api.BaseRoutes.ReactionByNameForPostForUser.Handle("", api.ApiSessionRequired(deleteReaction)).Methods("DELETE") 16 api.BaseRoutes.Posts.Handle("/ids/reactions", api.ApiSessionRequired(getBulkReactions)).Methods("POST") 17 } 18 19 func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) { 20 reaction := model.ReactionFromJson(r.Body) 21 if reaction == nil { 22 c.SetInvalidParam("reaction") 23 return 24 } 25 26 if len(reaction.UserId) != 26 || len(reaction.PostId) != 26 || len(reaction.EmojiName) == 0 || len(reaction.EmojiName) > model.EMOJI_NAME_MAX_LENGTH { 27 c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.invalid.app_error", nil, "", http.StatusBadRequest) 28 return 29 } 30 31 if reaction.UserId != c.App.Session.UserId { 32 c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.user_id.app_error", nil, "", http.StatusForbidden) 33 return 34 } 35 36 if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, reaction.PostId, model.PERMISSION_ADD_REACTION) { 37 c.SetPermissionError(model.PERMISSION_ADD_REACTION) 38 return 39 } 40 41 reaction, err := c.App.SaveReactionForPost(reaction) 42 if err != nil { 43 c.Err = err 44 return 45 } 46 47 w.Write([]byte(reaction.ToJson())) 48 } 49 50 func getReactions(c *Context, w http.ResponseWriter, r *http.Request) { 51 c.RequirePostId() 52 if c.Err != nil { 53 return 54 } 55 56 if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) { 57 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 58 return 59 } 60 61 reactions, err := c.App.GetReactionsForPost(c.Params.PostId) 62 if err != nil { 63 c.Err = err 64 return 65 } 66 67 w.Write([]byte(model.ReactionsToJson(reactions))) 68 } 69 70 func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) { 71 c.RequireUserId() 72 if c.Err != nil { 73 return 74 } 75 76 c.RequirePostId() 77 if c.Err != nil { 78 return 79 } 80 81 c.RequireEmojiName() 82 if c.Err != nil { 83 return 84 } 85 86 if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, c.Params.PostId, model.PERMISSION_REMOVE_REACTION) { 87 c.SetPermissionError(model.PERMISSION_REMOVE_REACTION) 88 return 89 } 90 91 if c.Params.UserId != c.App.Session.UserId && !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_REMOVE_OTHERS_REACTIONS) { 92 c.SetPermissionError(model.PERMISSION_REMOVE_OTHERS_REACTIONS) 93 return 94 } 95 96 reaction := &model.Reaction{ 97 UserId: c.Params.UserId, 98 PostId: c.Params.PostId, 99 EmojiName: c.Params.EmojiName, 100 } 101 102 err := c.App.DeleteReactionForPost(reaction) 103 if err != nil { 104 c.Err = err 105 return 106 } 107 108 ReturnStatusOK(w) 109 } 110 111 func getBulkReactions(c *Context, w http.ResponseWriter, r *http.Request) { 112 postIds := model.ArrayFromJson(r.Body) 113 for _, postId := range postIds { 114 if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, postId, model.PERMISSION_READ_CHANNEL) { 115 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 116 return 117 } 118 } 119 reactions, err := c.App.GetBulkReactionsForPosts(postIds) 120 if err != nil { 121 c.Err = err 122 return 123 } 124 125 w.Write([]byte(model.MapPostIdToReactionsToJson(reactions))) 126 }