github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/integration_action.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "encoding/json" 8 "net/http" 9 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitAction() { 14 api.BaseRoutes.Post.Handle("/actions/{action_id:[A-Za-z0-9]+}", api.ApiSessionRequired(doPostAction)).Methods("POST") 15 16 api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/open", api.ApiHandler(openDialog)).Methods("POST") 17 api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/submit", api.ApiSessionRequired(submitDialog)).Methods("POST") 18 } 19 20 func doPostAction(c *Context, w http.ResponseWriter, r *http.Request) { 21 c.RequirePostId().RequireActionId() 22 if c.Err != nil { 23 return 24 } 25 26 actionRequest := model.DoPostActionRequestFromJson(r.Body) 27 if actionRequest == nil { 28 actionRequest = &model.DoPostActionRequest{} 29 } 30 31 var cookie *model.PostActionCookie 32 if actionRequest.Cookie != "" { 33 cookie = &model.PostActionCookie{} 34 cookieStr, err := model.DecryptPostActionCookie(actionRequest.Cookie, c.App.PostActionCookieSecret()) 35 if err != nil { 36 c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest) 37 return 38 } 39 err = json.Unmarshal([]byte(cookieStr), &cookie) 40 if err != nil { 41 c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest) 42 return 43 } 44 if !c.App.SessionHasPermissionToChannel(c.App.Session, cookie.ChannelId, model.PERMISSION_READ_CHANNEL) { 45 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 46 return 47 } 48 } else { 49 if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) { 50 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 51 return 52 } 53 } 54 55 var appErr *model.AppError 56 resp := &model.PostActionAPIResponse{Status: "OK"} 57 58 resp.TriggerId, appErr = c.App.DoPostActionWithCookie(c.Params.PostId, c.Params.ActionId, c.App.Session.UserId, 59 actionRequest.SelectedOption, cookie) 60 if appErr != nil { 61 c.Err = appErr 62 return 63 } 64 65 b, _ := json.Marshal(resp) 66 w.Write(b) 67 } 68 69 func openDialog(c *Context, w http.ResponseWriter, r *http.Request) { 70 var dialog model.OpenDialogRequest 71 err := json.NewDecoder(r.Body).Decode(&dialog) 72 if err != nil { 73 c.SetInvalidParam("dialog") 74 return 75 } 76 77 if dialog.URL == "" { 78 c.SetInvalidParam("url") 79 return 80 } 81 82 if dialog.Dialog.Elements == nil || len(dialog.Dialog.Elements) == 0 { 83 c.SetInvalidParam("dialog.elements") 84 return 85 } 86 87 if err := c.App.OpenInteractiveDialog(dialog); err != nil { 88 c.Err = err 89 return 90 } 91 92 ReturnStatusOK(w) 93 } 94 95 func submitDialog(c *Context, w http.ResponseWriter, r *http.Request) { 96 var submit model.SubmitDialogRequest 97 98 jsonErr := json.NewDecoder(r.Body).Decode(&submit) 99 if jsonErr != nil { 100 c.SetInvalidParam("dialog") 101 return 102 } 103 104 if submit.URL == "" { 105 c.SetInvalidParam("url") 106 return 107 } 108 109 submit.UserId = c.App.Session.UserId 110 111 if !c.App.SessionHasPermissionToChannel(c.App.Session, submit.ChannelId, model.PERMISSION_READ_CHANNEL) { 112 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 113 return 114 } 115 116 if !c.App.SessionHasPermissionToTeam(c.App.Session, submit.TeamId, model.PERMISSION_VIEW_TEAM) { 117 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 118 return 119 } 120 121 resp, err := c.App.SubmitInteractiveDialog(submit) 122 if err != nil { 123 c.Err = err 124 return 125 } 126 127 b, _ := json.Marshal(resp) 128 129 w.Write(b) 130 }