github.com/levb/mattermost-server@v5.3.1+incompatible/api4/channel.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/mlog" 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitChannel() { 14 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST") 15 api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST") 16 api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST") 17 api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST") 18 api.BaseRoutes.Channels.Handle("/{channel_id:[A-Za-z0-9]+}/scheme", api.ApiSessionRequired(updateChannelScheme)).Methods("PUT") 19 20 api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET") 21 api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET") 22 api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST") 23 api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST") 24 api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET") 25 api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET") 26 27 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET") 28 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT") 29 api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT") 30 api.BaseRoutes.Channel.Handle("/convert", api.ApiSessionRequired(convertChannelToPrivate)).Methods("POST") 31 api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST") 32 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE") 33 api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET") 34 api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET") 35 36 api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET") 37 38 api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET") 39 api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") 40 41 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET") 42 api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST") 43 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST") 44 api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET") 45 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET") 46 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE") 47 api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") 48 api.BaseRoutes.ChannelMember.Handle("/schemeRoles", api.ApiSessionRequired(updateChannelMemberSchemeRoles)).Methods("PUT") 49 api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT") 50 } 51 52 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 53 channel := model.ChannelFromJson(r.Body) 54 if channel == nil { 55 c.SetInvalidParam("channel") 56 return 57 } 58 59 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 60 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 61 return 62 } 63 64 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 65 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 66 return 67 } 68 69 sc, err := c.App.CreateChannelWithUser(channel, c.Session.UserId) 70 if err != nil { 71 c.Err = err 72 return 73 } 74 75 c.LogAudit("name=" + channel.Name) 76 w.WriteHeader(http.StatusCreated) 77 w.Write([]byte(sc.ToJson())) 78 } 79 80 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 81 c.RequireChannelId() 82 if c.Err != nil { 83 return 84 } 85 86 channel := model.ChannelFromJson(r.Body) 87 88 if channel == nil { 89 c.SetInvalidParam("channel") 90 return 91 } 92 93 // The channel being updated in the payload must be the same one as indicated in the URL. 94 if channel.Id != c.Params.ChannelId { 95 c.SetInvalidParam("channel_id") 96 return 97 } 98 99 var oldChannel *model.Channel 100 if originalOldChannel, err := c.App.GetChannel(channel.Id); err != nil { 101 c.Err = err 102 return 103 } else { 104 oldChannel = originalOldChannel.DeepCopy() 105 } 106 107 switch oldChannel.Type { 108 case model.CHANNEL_OPEN: 109 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 110 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 111 return 112 } 113 114 case model.CHANNEL_PRIVATE: 115 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 116 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 117 return 118 } 119 120 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 121 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 122 if _, err := c.App.GetChannelMember(channel.Id, c.Session.UserId); err != nil { 123 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 124 return 125 } 126 127 default: 128 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 129 return 130 } 131 132 if oldChannel.DeleteAt > 0 { 133 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 134 return 135 } 136 137 if oldChannel.Name == model.DEFAULT_CHANNEL { 138 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 139 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 140 return 141 } 142 } 143 144 oldChannel.Header = channel.Header 145 oldChannel.Purpose = channel.Purpose 146 147 oldChannelDisplayName := oldChannel.DisplayName 148 149 if len(channel.DisplayName) > 0 { 150 oldChannel.DisplayName = channel.DisplayName 151 } 152 153 if len(channel.Name) > 0 { 154 oldChannel.Name = channel.Name 155 } 156 157 if len(channel.Type) > 0 { 158 oldChannel.Type = channel.Type 159 } 160 161 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 162 c.Err = err 163 return 164 } 165 166 if oldChannelDisplayName != channel.DisplayName { 167 if err := c.App.PostUpdateChannelDisplayNameMessage(c.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 168 mlog.Error(err.Error()) 169 } 170 } 171 172 c.LogAudit("name=" + channel.Name) 173 w.Write([]byte(oldChannel.ToJson())) 174 } 175 176 func convertChannelToPrivate(c *Context, w http.ResponseWriter, r *http.Request) { 177 c.RequireChannelId() 178 if c.Err != nil { 179 return 180 } 181 182 oldPublicChannel, err := c.App.GetChannel(c.Params.ChannelId) 183 if err != nil { 184 c.Err = err 185 return 186 } 187 188 if !c.App.SessionHasPermissionToTeam(c.Session, oldPublicChannel.TeamId, model.PERMISSION_MANAGE_TEAM) { 189 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 190 return 191 } 192 193 if oldPublicChannel.Type == model.CHANNEL_PRIVATE { 194 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.private_channel_error", nil, "", http.StatusBadRequest) 195 return 196 } 197 198 if oldPublicChannel.Name == model.DEFAULT_CHANNEL { 199 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.default_channel_error", nil, "", http.StatusBadRequest) 200 return 201 } 202 203 var user *model.User 204 if user, err = c.App.GetUser(c.Session.UserId); err != nil { 205 c.Err = err 206 return 207 } 208 209 oldPublicChannel.Type = model.CHANNEL_PRIVATE 210 211 rchannel, err := c.App.UpdateChannelPrivacy(oldPublicChannel, user) 212 if err != nil { 213 c.Err = err 214 return 215 } 216 217 c.LogAudit("name=" + rchannel.Name) 218 w.Write([]byte(rchannel.ToJson())) 219 } 220 221 func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { 222 c.RequireChannelId() 223 if c.Err != nil { 224 return 225 } 226 227 patch := model.ChannelPatchFromJson(r.Body) 228 if patch == nil { 229 c.SetInvalidParam("channel") 230 return 231 } 232 233 var oldChannel *model.Channel 234 if originalOldChannel, err := c.App.GetChannel(c.Params.ChannelId); err != nil { 235 c.Err = err 236 return 237 } else { 238 oldChannel = originalOldChannel.DeepCopy() 239 } 240 241 switch oldChannel.Type { 242 case model.CHANNEL_OPEN: 243 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 244 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 245 return 246 } 247 248 case model.CHANNEL_PRIVATE: 249 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 250 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 251 return 252 } 253 254 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 255 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 256 if _, err := c.App.GetChannelMember(c.Params.ChannelId, c.Session.UserId); err != nil { 257 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 258 return 259 } 260 261 default: 262 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 263 return 264 } 265 266 rchannel, err := c.App.PatchChannel(oldChannel, patch, c.Session.UserId) 267 if err != nil { 268 c.Err = err 269 return 270 } 271 272 err = c.App.FillInChannelProps(rchannel) 273 if err != nil { 274 c.Err = err 275 return 276 } 277 278 c.LogAudit("") 279 w.Write([]byte(rchannel.ToJson())) 280 } 281 282 func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { 283 c.RequireChannelId() 284 if c.Err != nil { 285 return 286 } 287 288 var channel *model.Channel 289 var err *model.AppError 290 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 291 c.Err = err 292 return 293 } 294 teamId := channel.TeamId 295 296 if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) { 297 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 298 return 299 } 300 301 channel, err = c.App.RestoreChannel(channel) 302 if err != nil { 303 c.Err = err 304 return 305 } 306 307 c.LogAudit("name=" + channel.Name) 308 w.Write([]byte(channel.ToJson())) 309 310 } 311 312 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 313 userIds := model.ArrayFromJson(r.Body) 314 allowed := false 315 316 if len(userIds) != 2 { 317 c.SetInvalidParam("user_ids") 318 return 319 } 320 321 for _, id := range userIds { 322 if len(id) != 26 { 323 c.SetInvalidParam("user_id") 324 return 325 } 326 if id == c.Session.UserId { 327 allowed = true 328 } 329 } 330 331 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 332 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 333 return 334 } 335 336 if !allowed && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 337 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 338 return 339 } 340 341 sc, err := c.App.CreateDirectChannel(userIds[0], userIds[1]) 342 if err != nil { 343 c.Err = err 344 return 345 } 346 347 w.WriteHeader(http.StatusCreated) 348 w.Write([]byte(sc.ToJson())) 349 } 350 351 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 352 userIds := model.ArrayFromJson(r.Body) 353 354 if len(userIds) == 0 { 355 c.SetInvalidParam("user_ids") 356 return 357 } 358 359 found := false 360 for _, id := range userIds { 361 if len(id) != 26 { 362 c.SetInvalidParam("user_id") 363 return 364 } 365 if id == c.Session.UserId { 366 found = true 367 } 368 } 369 370 if !found { 371 userIds = append(userIds, c.Session.UserId) 372 } 373 374 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 375 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 376 return 377 } 378 379 groupChannel, err := c.App.CreateGroupChannel(userIds, c.Session.UserId) 380 if err != nil { 381 c.Err = err 382 return 383 } 384 385 w.WriteHeader(http.StatusCreated) 386 w.Write([]byte(groupChannel.ToJson())) 387 } 388 389 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 390 c.RequireChannelId() 391 if c.Err != nil { 392 return 393 } 394 395 channel, err := c.App.GetChannel(c.Params.ChannelId) 396 if err != nil { 397 c.Err = err 398 return 399 } 400 401 if channel.Type == model.CHANNEL_OPEN { 402 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 403 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 404 return 405 } 406 } else { 407 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 408 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 409 return 410 } 411 } 412 413 err = c.App.FillInChannelProps(channel) 414 if err != nil { 415 c.Err = err 416 return 417 } 418 419 w.Write([]byte(channel.ToJson())) 420 } 421 422 func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { 423 c.RequireChannelId().RequireUserId() 424 if c.Err != nil { 425 return 426 } 427 428 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 429 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 430 return 431 } 432 433 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 434 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 435 return 436 } 437 438 channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId) 439 if err != nil { 440 c.Err = err 441 return 442 } 443 444 w.Write([]byte(channelUnread.ToJson())) 445 } 446 447 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 448 c.RequireChannelId() 449 if c.Err != nil { 450 return 451 } 452 453 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 454 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 455 return 456 } 457 458 memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId) 459 460 if err != nil { 461 c.Err = err 462 return 463 } 464 465 stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount} 466 w.Write([]byte(stats.ToJson())) 467 } 468 469 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 470 c.RequireChannelId() 471 if c.Err != nil { 472 return 473 } 474 475 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 476 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 477 return 478 } 479 480 posts, err := c.App.GetPinnedPosts(c.Params.ChannelId) 481 if err != nil { 482 c.Err = err 483 return 484 } 485 486 if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) { 487 return 488 } 489 490 w.Header().Set(model.HEADER_ETAG_SERVER, posts.Etag()) 491 w.Write([]byte(c.App.PostListWithProxyAddedToImageURLs(posts).ToJson())) 492 } 493 494 func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 495 c.RequireTeamId() 496 if c.Err != nil { 497 return 498 } 499 500 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 501 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 502 return 503 } 504 505 channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 506 if err != nil { 507 c.Err = err 508 return 509 } 510 511 err = c.App.FillInChannelsProps(channels) 512 if err != nil { 513 c.Err = err 514 return 515 } 516 517 w.Write([]byte(channels.ToJson())) 518 } 519 520 func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 521 c.RequireTeamId() 522 if c.Err != nil { 523 return 524 } 525 526 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 527 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 528 return 529 } 530 531 channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 532 if err != nil { 533 c.Err = err 534 return 535 } 536 537 err = c.App.FillInChannelsProps(channels) 538 if err != nil { 539 c.Err = err 540 return 541 } 542 543 w.Write([]byte(channels.ToJson())) 544 } 545 546 func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 547 c.RequireTeamId() 548 if c.Err != nil { 549 return 550 } 551 552 channelIds := model.ArrayFromJson(r.Body) 553 if len(channelIds) == 0 { 554 c.SetInvalidParam("channel_ids") 555 return 556 } 557 558 for _, cid := range channelIds { 559 if len(cid) != 26 { 560 c.SetInvalidParam("channel_id") 561 return 562 } 563 } 564 565 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 566 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 567 return 568 } 569 570 channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds) 571 if err != nil { 572 c.Err = err 573 return 574 } 575 576 err = c.App.FillInChannelsProps(channels) 577 if err != nil { 578 c.Err = err 579 return 580 } 581 582 w.Write([]byte(channels.ToJson())) 583 } 584 585 func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 586 c.RequireUserId().RequireTeamId() 587 if c.Err != nil { 588 return 589 } 590 591 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 592 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 593 return 594 } 595 596 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 597 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 598 return 599 } 600 601 channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId, false) 602 if err != nil { 603 c.Err = err 604 return 605 } 606 607 if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 608 return 609 } 610 611 err = c.App.FillInChannelsProps(channels) 612 if err != nil { 613 c.Err = err 614 return 615 } 616 617 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 618 w.Write([]byte(channels.ToJson())) 619 } 620 621 func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 622 c.RequireTeamId() 623 if c.Err != nil { 624 return 625 } 626 627 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 628 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 629 return 630 } 631 632 name := r.URL.Query().Get("name") 633 634 channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name) 635 if err != nil { 636 c.Err = err 637 return 638 } 639 640 // Don't fill in channels props, since unused by client and potentially expensive. 641 642 w.Write([]byte(channels.ToJson())) 643 } 644 645 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 646 c.RequireTeamId() 647 if c.Err != nil { 648 return 649 } 650 651 props := model.ChannelSearchFromJson(r.Body) 652 if props == nil { 653 c.SetInvalidParam("channel_search") 654 return 655 } 656 657 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 658 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 659 return 660 } 661 662 channels, err := c.App.SearchChannels(c.Params.TeamId, props.Term) 663 if err != nil { 664 c.Err = err 665 return 666 } 667 668 // Don't fill in channels props, since unused by client and potentially expensive. 669 670 w.Write([]byte(channels.ToJson())) 671 } 672 673 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 674 c.RequireChannelId() 675 if c.Err != nil { 676 return 677 } 678 679 var channel *model.Channel 680 var err *model.AppError 681 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 682 c.Err = err 683 return 684 } 685 686 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 687 c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest) 688 return 689 } 690 691 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 692 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 693 return 694 } 695 696 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 697 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 698 return 699 } 700 701 err = c.App.DeleteChannel(channel, c.Session.UserId) 702 if err != nil { 703 c.Err = err 704 return 705 } 706 707 c.LogAudit("name=" + channel.Name) 708 709 ReturnStatusOK(w) 710 } 711 712 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 713 c.RequireTeamId().RequireChannelName() 714 if c.Err != nil { 715 return 716 } 717 718 var channel *model.Channel 719 var err *model.AppError 720 721 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 722 723 if channel, err = c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId, includeDeleted); err != nil { 724 c.Err = err 725 return 726 } 727 728 if channel.Type == model.CHANNEL_OPEN { 729 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 730 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 731 return 732 } 733 } else { 734 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 735 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 736 return 737 } 738 } 739 740 err = c.App.FillInChannelProps(channel) 741 if err != nil { 742 c.Err = err 743 return 744 } 745 746 w.Write([]byte(channel.ToJson())) 747 } 748 749 func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { 750 c.RequireTeamName().RequireChannelName() 751 if c.Err != nil { 752 return 753 } 754 755 var channel *model.Channel 756 var err *model.AppError 757 758 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 759 760 if channel, err = c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName, includeDeleted); err != nil { 761 c.Err = err 762 return 763 } 764 765 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 766 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 767 return 768 } 769 770 err = c.App.FillInChannelProps(channel) 771 if err != nil { 772 c.Err = err 773 return 774 } 775 776 w.Write([]byte(channel.ToJson())) 777 } 778 779 func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 780 c.RequireChannelId() 781 if c.Err != nil { 782 return 783 } 784 785 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 786 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 787 return 788 } 789 790 members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage) 791 if err != nil { 792 c.Err = err 793 return 794 } 795 796 w.Write([]byte(members.ToJson())) 797 } 798 799 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 800 c.RequireChannelId() 801 if c.Err != nil { 802 return 803 } 804 805 userIds := model.ArrayFromJson(r.Body) 806 if len(userIds) == 0 { 807 c.SetInvalidParam("user_ids") 808 return 809 } 810 811 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 812 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 813 return 814 } 815 816 members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds) 817 if err != nil { 818 c.Err = err 819 return 820 } 821 822 w.Write([]byte(members.ToJson())) 823 } 824 825 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 826 c.RequireChannelId().RequireUserId() 827 if c.Err != nil { 828 return 829 } 830 831 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 832 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 833 return 834 } 835 836 member, err := c.App.GetChannelMember(c.Params.ChannelId, c.Params.UserId) 837 if err != nil { 838 c.Err = err 839 return 840 } 841 842 w.Write([]byte(member.ToJson())) 843 } 844 845 func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 846 c.RequireUserId().RequireTeamId() 847 if c.Err != nil { 848 return 849 } 850 851 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 852 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 853 return 854 } 855 856 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { 857 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 858 return 859 } 860 861 members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId) 862 if err != nil { 863 c.Err = err 864 return 865 } 866 867 w.Write([]byte(members.ToJson())) 868 } 869 870 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 871 c.RequireUserId() 872 if c.Err != nil { 873 return 874 } 875 876 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 877 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 878 return 879 } 880 881 view := model.ChannelViewFromJson(r.Body) 882 if view == nil { 883 c.SetInvalidParam("channel_view") 884 return 885 } 886 887 times, err := c.App.ViewChannel(view, c.Params.UserId, !c.Session.IsMobileApp()) 888 889 if err != nil { 890 c.Err = err 891 return 892 } 893 894 c.App.UpdateLastActivityAtIfNeeded(c.Session) 895 896 // Returning {"status": "OK", ...} for backwards compatibility 897 resp := &model.ChannelViewResponse{ 898 Status: "OK", 899 LastViewedAtTimes: times, 900 } 901 902 w.Write([]byte(resp.ToJson())) 903 } 904 905 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 906 c.RequireChannelId().RequireUserId() 907 if c.Err != nil { 908 return 909 } 910 911 props := model.MapFromJson(r.Body) 912 913 newRoles := props["roles"] 914 if !(model.IsValidUserRoles(newRoles)) { 915 c.SetInvalidParam("roles") 916 return 917 } 918 919 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 920 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 921 return 922 } 923 924 if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { 925 c.Err = err 926 return 927 } 928 929 ReturnStatusOK(w) 930 } 931 932 func updateChannelMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.Request) { 933 c.RequireChannelId().RequireUserId() 934 if c.Err != nil { 935 return 936 } 937 938 schemeRoles := model.SchemeRolesFromJson(r.Body) 939 if schemeRoles == nil { 940 c.SetInvalidParam("scheme_roles") 941 return 942 } 943 944 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 945 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 946 return 947 } 948 949 if _, err := c.App.UpdateChannelMemberSchemeRoles(c.Params.ChannelId, c.Params.UserId, schemeRoles.SchemeUser, schemeRoles.SchemeAdmin); err != nil { 950 c.Err = err 951 return 952 } 953 954 ReturnStatusOK(w) 955 } 956 957 func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 958 c.RequireChannelId().RequireUserId() 959 if c.Err != nil { 960 return 961 } 962 963 props := model.MapFromJson(r.Body) 964 if props == nil { 965 c.SetInvalidParam("notify_props") 966 return 967 } 968 969 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 970 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 971 return 972 } 973 974 _, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId) 975 if err != nil { 976 c.Err = err 977 return 978 } 979 980 ReturnStatusOK(w) 981 } 982 983 func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 984 c.RequireChannelId() 985 if c.Err != nil { 986 return 987 } 988 989 props := model.StringInterfaceFromJson(r.Body) 990 userId, ok := props["user_id"].(string) 991 if !ok || len(userId) != 26 { 992 c.SetInvalidParam("user_id") 993 return 994 } 995 996 member := &model.ChannelMember{ 997 ChannelId: c.Params.ChannelId, 998 UserId: userId, 999 } 1000 1001 postRootId, ok := props["post_root_id"].(string) 1002 if ok && len(postRootId) != 0 && len(postRootId) != 26 { 1003 c.SetInvalidParam("post_root_id") 1004 return 1005 } 1006 1007 var err *model.AppError 1008 if ok && len(postRootId) == 26 { 1009 rootPost, err := c.App.GetSinglePost(postRootId) 1010 if err != nil { 1011 c.Err = err 1012 return 1013 } 1014 if rootPost.ChannelId != member.ChannelId { 1015 c.SetInvalidParam("post_root_id") 1016 return 1017 } 1018 } 1019 1020 var channel *model.Channel 1021 if channel, err = c.App.GetChannel(member.ChannelId); err != nil { 1022 c.Err = err 1023 return 1024 } 1025 1026 // Check join permission if adding yourself, otherwise check manage permission 1027 if channel.Type == model.CHANNEL_OPEN { 1028 if member.UserId == c.Session.UserId { 1029 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 1030 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 1031 return 1032 } 1033 } else { 1034 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1035 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1036 return 1037 } 1038 } 1039 } 1040 1041 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1042 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1043 return 1044 } 1045 1046 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 1047 c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) 1048 return 1049 } 1050 1051 cm, err := c.App.AddChannelMember(member.UserId, channel, c.Session.UserId, postRootId) 1052 if err != nil { 1053 c.Err = err 1054 return 1055 } 1056 1057 c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId) 1058 w.WriteHeader(http.StatusCreated) 1059 w.Write([]byte(cm.ToJson())) 1060 } 1061 1062 func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 1063 c.RequireChannelId().RequireUserId() 1064 if c.Err != nil { 1065 return 1066 } 1067 1068 var channel *model.Channel 1069 var err *model.AppError 1070 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 1071 c.Err = err 1072 return 1073 } 1074 1075 if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) { 1076 c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest) 1077 return 1078 } 1079 1080 if c.Params.UserId != c.Session.UserId { 1081 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1082 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1083 return 1084 } 1085 1086 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1087 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1088 return 1089 } 1090 } 1091 1092 if err = c.App.RemoveUserFromChannel(c.Params.UserId, c.Session.UserId, channel); err != nil { 1093 c.Err = err 1094 return 1095 } 1096 1097 c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) 1098 1099 ReturnStatusOK(w) 1100 } 1101 1102 func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) { 1103 c.RequireChannelId() 1104 if c.Err != nil { 1105 return 1106 } 1107 1108 schemeID := model.SchemeIDFromJson(r.Body) 1109 if schemeID == nil || len(*schemeID) != 26 { 1110 c.SetInvalidParam("scheme_id") 1111 return 1112 } 1113 1114 if c.App.License() == nil { 1115 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusNotImplemented) 1116 return 1117 } 1118 1119 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_SYSTEM) { 1120 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 1121 return 1122 } 1123 1124 scheme, err := c.App.GetScheme(*schemeID) 1125 if err != nil { 1126 c.Err = err 1127 return 1128 } 1129 1130 if scheme.Scope != model.SCHEME_SCOPE_CHANNEL { 1131 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.scheme_scope.error", nil, "", http.StatusBadRequest) 1132 return 1133 } 1134 1135 channel, err := c.App.GetChannel(c.Params.ChannelId) 1136 if err != nil { 1137 c.Err = err 1138 return 1139 } 1140 1141 channel.SchemeId = &scheme.Id 1142 1143 _, err = c.App.UpdateChannelScheme(channel) 1144 if err != nil { 1145 c.Err = err 1146 return 1147 } 1148 1149 ReturnStatusOK(w) 1150 }