github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/role.go (about)

     1  // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  	"strings"
     9  
    10  	"github.com/mattermost/mattermost-server/model"
    11  )
    12  
    13  func (api *API) InitRole() {
    14  	api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}", api.ApiSessionRequiredTrustRequester(getRole)).Methods("GET")
    15  	api.BaseRoutes.Roles.Handle("/name/{role_name:[a-z0-9_]+}", api.ApiSessionRequiredTrustRequester(getRoleByName)).Methods("GET")
    16  	api.BaseRoutes.Roles.Handle("/names", api.ApiSessionRequiredTrustRequester(getRolesByNames)).Methods("POST")
    17  	api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}/patch", api.ApiSessionRequired(patchRole)).Methods("PUT")
    18  }
    19  
    20  func getRole(c *Context, w http.ResponseWriter, r *http.Request) {
    21  	c.RequireRoleId()
    22  	if c.Err != nil {
    23  		return
    24  	}
    25  
    26  	role, err := c.App.GetRole(c.Params.RoleId)
    27  	if err != nil {
    28  		c.Err = err
    29  		return
    30  	}
    31  
    32  	w.Write([]byte(role.ToJson()))
    33  }
    34  
    35  func getRoleByName(c *Context, w http.ResponseWriter, r *http.Request) {
    36  	c.RequireRoleName()
    37  	if c.Err != nil {
    38  		return
    39  	}
    40  
    41  	role, err := c.App.GetRoleByName(c.Params.RoleName)
    42  	if err != nil {
    43  		c.Err = err
    44  		return
    45  	}
    46  
    47  	w.Write([]byte(role.ToJson()))
    48  }
    49  
    50  func getRolesByNames(c *Context, w http.ResponseWriter, r *http.Request) {
    51  	rolenames := model.ArrayFromJson(r.Body)
    52  
    53  	if len(rolenames) == 0 {
    54  		c.SetInvalidParam("rolenames")
    55  		return
    56  	}
    57  
    58  	var cleanedRoleNames []string
    59  	for _, rolename := range rolenames {
    60  		if strings.TrimSpace(rolename) == "" {
    61  			continue
    62  		}
    63  
    64  		if !model.IsValidRoleName(rolename) {
    65  			c.SetInvalidParam("rolename")
    66  			return
    67  		}
    68  
    69  		cleanedRoleNames = append(cleanedRoleNames, rolename)
    70  	}
    71  
    72  	roles, err := c.App.GetRolesByNames(cleanedRoleNames)
    73  	if err != nil {
    74  		c.Err = err
    75  		return
    76  	}
    77  
    78  	w.Write([]byte(model.RoleListToJson(roles)))
    79  }
    80  
    81  func patchRole(c *Context, w http.ResponseWriter, r *http.Request) {
    82  	c.RequireRoleId()
    83  	if c.Err != nil {
    84  		return
    85  	}
    86  
    87  	patch := model.RolePatchFromJson(r.Body)
    88  	if patch == nil {
    89  		c.SetInvalidParam("role")
    90  		return
    91  	}
    92  
    93  	oldRole, err := c.App.GetRole(c.Params.RoleId)
    94  	if err != nil {
    95  		c.Err = err
    96  		return
    97  	}
    98  
    99  	if c.App.License() == nil && patch.Permissions != nil {
   100  		allowedPermissions := []string{
   101  			model.PERMISSION_CREATE_TEAM.Id,
   102  			model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id,
   103  			model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id,
   104  			model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
   105  			model.PERMISSION_MANAGE_OAUTH.Id,
   106  			model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
   107  			model.PERMISSION_CREATE_EMOJIS.Id,
   108  			model.PERMISSION_DELETE_EMOJIS.Id,
   109  			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
   110  		}
   111  
   112  		changedPermissions := model.PermissionsChangedByPatch(oldRole, patch)
   113  		for _, permission := range changedPermissions {
   114  			allowed := false
   115  			for _, allowedPermission := range allowedPermissions {
   116  				if permission == allowedPermission {
   117  					allowed = true
   118  				}
   119  			}
   120  
   121  			if !allowed {
   122  				c.Err = model.NewAppError("Api4.PatchRoles", "api.roles.patch_roles.license.error", nil, "", http.StatusNotImplemented)
   123  				return
   124  			}
   125  		}
   126  	}
   127  
   128  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
   129  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   130  		return
   131  	}
   132  
   133  	role, err := c.App.PatchRole(oldRole, patch)
   134  	if err != nil {
   135  		c.Err = err
   136  		return
   137  	}
   138  
   139  	c.LogAudit("")
   140  	w.Write([]byte(role.ToJson()))
   141  }