github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/integration_action.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"encoding/json"
     8  	"net/http"
     9  
    10  	"github.com/mattermost/mattermost-server/model"
    11  )
    12  
    13  func (api *API) InitAction() {
    14  	api.BaseRoutes.Post.Handle("/actions/{action_id:[A-Za-z0-9]+}", api.ApiSessionRequired(doPostAction)).Methods("POST")
    15  
    16  	api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/open", api.ApiHandler(openDialog)).Methods("POST")
    17  	api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/submit", api.ApiSessionRequired(submitDialog)).Methods("POST")
    18  }
    19  
    20  func doPostAction(c *Context, w http.ResponseWriter, r *http.Request) {
    21  	c.RequirePostId().RequireActionId()
    22  	if c.Err != nil {
    23  		return
    24  	}
    25  
    26  	actionRequest := model.DoPostActionRequestFromJson(r.Body)
    27  	if actionRequest == nil {
    28  		actionRequest = &model.DoPostActionRequest{}
    29  	}
    30  
    31  	var cookie *model.PostActionCookie
    32  	if actionRequest.Cookie != "" {
    33  		cookie = &model.PostActionCookie{}
    34  		cookieStr, err := model.DecryptPostActionCookie(actionRequest.Cookie, c.App.PostActionCookieSecret())
    35  		if err != nil {
    36  			c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest)
    37  			return
    38  		}
    39  		err = json.Unmarshal([]byte(cookieStr), &cookie)
    40  		if err != nil {
    41  			c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest)
    42  			return
    43  		}
    44  		if !c.App.SessionHasPermissionToChannel(c.App.Session, cookie.ChannelId, model.PERMISSION_READ_CHANNEL) {
    45  			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
    46  			return
    47  		}
    48  	} else {
    49  		if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
    50  			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
    51  			return
    52  		}
    53  	}
    54  
    55  	var appErr *model.AppError
    56  	resp := &model.PostActionAPIResponse{Status: "OK"}
    57  
    58  	resp.TriggerId, appErr = c.App.DoPostActionWithCookie(c.Params.PostId, c.Params.ActionId, c.App.Session.UserId,
    59  		actionRequest.SelectedOption, cookie)
    60  	if appErr != nil {
    61  		c.Err = appErr
    62  		return
    63  	}
    64  
    65  	b, _ := json.Marshal(resp)
    66  	w.Write(b)
    67  }
    68  
    69  func openDialog(c *Context, w http.ResponseWriter, r *http.Request) {
    70  	var dialog model.OpenDialogRequest
    71  	err := json.NewDecoder(r.Body).Decode(&dialog)
    72  	if err != nil {
    73  		c.SetInvalidParam("dialog")
    74  		return
    75  	}
    76  
    77  	if dialog.URL == "" {
    78  		c.SetInvalidParam("url")
    79  		return
    80  	}
    81  
    82  	if dialog.Dialog.Elements == nil || len(dialog.Dialog.Elements) == 0 {
    83  		c.SetInvalidParam("dialog.elements")
    84  		return
    85  	}
    86  
    87  	if err := c.App.OpenInteractiveDialog(dialog); err != nil {
    88  		c.Err = err
    89  		return
    90  	}
    91  
    92  	ReturnStatusOK(w)
    93  }
    94  
    95  func submitDialog(c *Context, w http.ResponseWriter, r *http.Request) {
    96  	var submit model.SubmitDialogRequest
    97  
    98  	jsonErr := json.NewDecoder(r.Body).Decode(&submit)
    99  	if jsonErr != nil {
   100  		c.SetInvalidParam("dialog")
   101  		return
   102  	}
   103  
   104  	if submit.URL == "" {
   105  		c.SetInvalidParam("url")
   106  		return
   107  	}
   108  
   109  	submit.UserId = c.App.Session.UserId
   110  
   111  	if !c.App.SessionHasPermissionToChannel(c.App.Session, submit.ChannelId, model.PERMISSION_READ_CHANNEL) {
   112  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   113  		return
   114  	}
   115  
   116  	if !c.App.SessionHasPermissionToTeam(c.App.Session, submit.TeamId, model.PERMISSION_VIEW_TEAM) {
   117  		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
   118  		return
   119  	}
   120  
   121  	resp, err := c.App.SubmitInteractiveDialog(submit)
   122  	if err != nil {
   123  		c.Err = err
   124  		return
   125  	}
   126  
   127  	b, _ := json.Marshal(resp)
   128  
   129  	w.Write(b)
   130  }