github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/preference.go (about) 1 // // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/model" 10 ) 11 12 func (api *API) InitPreference() { 13 api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(getPreferences)).Methods("GET") 14 api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(updatePreferences)).Methods("PUT") 15 api.BaseRoutes.Preferences.Handle("/delete", api.ApiSessionRequired(deletePreferences)).Methods("POST") 16 api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferencesByCategory)).Methods("GET") 17 api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/name/{preference_name:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferenceByCategoryAndName)).Methods("GET") 18 } 19 20 func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) { 21 c.RequireUserId() 22 if c.Err != nil { 23 return 24 } 25 26 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 27 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 28 return 29 } 30 31 preferences, err := c.App.GetPreferencesForUser(c.Params.UserId) 32 if err != nil { 33 c.Err = err 34 return 35 } 36 37 w.Write([]byte(preferences.ToJson())) 38 } 39 40 func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request) { 41 c.RequireUserId().RequireCategory() 42 if c.Err != nil { 43 return 44 } 45 46 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 47 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 48 return 49 } 50 51 preferences, err := c.App.GetPreferenceByCategoryForUser(c.Params.UserId, c.Params.Category) 52 if err != nil { 53 c.Err = err 54 return 55 } 56 57 w.Write([]byte(preferences.ToJson())) 58 } 59 60 func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.Request) { 61 c.RequireUserId().RequireCategory().RequirePreferenceName() 62 if c.Err != nil { 63 return 64 } 65 66 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 67 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 68 return 69 } 70 71 preferences, err := c.App.GetPreferenceByCategoryAndNameForUser(c.Params.UserId, c.Params.Category, c.Params.PreferenceName) 72 if err != nil { 73 c.Err = err 74 return 75 } 76 77 w.Write([]byte(preferences.ToJson())) 78 } 79 80 func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) { 81 c.RequireUserId() 82 if c.Err != nil { 83 return 84 } 85 86 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 87 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 88 return 89 } 90 91 preferences, err := model.PreferencesFromJson(r.Body) 92 if err != nil { 93 c.SetInvalidParam("preferences") 94 return 95 } 96 97 var sanitizedPreferences model.Preferences 98 99 for _, pref := range preferences { 100 if pref.Category == model.PREFERENCE_CATEGORY_FLAGGED_POST { 101 post, err := c.App.GetSinglePost(pref.Name) 102 if err != nil { 103 c.SetInvalidParam("preference.name") 104 return 105 } 106 107 if !c.App.SessionHasPermissionToChannel(c.App.Session, post.ChannelId, model.PERMISSION_READ_CHANNEL) { 108 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 109 return 110 } 111 } 112 113 sanitizedPreferences = append(sanitizedPreferences, pref) 114 } 115 116 if err := c.App.UpdatePreferences(c.Params.UserId, sanitizedPreferences); err != nil { 117 c.Err = err 118 return 119 } 120 121 ReturnStatusOK(w) 122 } 123 124 func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) { 125 c.RequireUserId() 126 if c.Err != nil { 127 return 128 } 129 130 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 131 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 132 return 133 } 134 135 preferences, err := model.PreferencesFromJson(r.Body) 136 if err != nil { 137 c.SetInvalidParam("preferences") 138 return 139 } 140 141 if err := c.App.DeletePreferences(c.Params.UserId, preferences); err != nil { 142 c.Err = err 143 return 144 } 145 146 ReturnStatusOK(w) 147 }