github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/preference.go (about)

     1  // // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/mattermost/mattermost-server/model"
    10  )
    11  
    12  func (api *API) InitPreference() {
    13  	api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(getPreferences)).Methods("GET")
    14  	api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(updatePreferences)).Methods("PUT")
    15  	api.BaseRoutes.Preferences.Handle("/delete", api.ApiSessionRequired(deletePreferences)).Methods("POST")
    16  	api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferencesByCategory)).Methods("GET")
    17  	api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/name/{preference_name:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferenceByCategoryAndName)).Methods("GET")
    18  }
    19  
    20  func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) {
    21  	c.RequireUserId()
    22  	if c.Err != nil {
    23  		return
    24  	}
    25  
    26  	if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) {
    27  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    28  		return
    29  	}
    30  
    31  	preferences, err := c.App.GetPreferencesForUser(c.Params.UserId)
    32  	if err != nil {
    33  		c.Err = err
    34  		return
    35  	}
    36  
    37  	w.Write([]byte(preferences.ToJson()))
    38  }
    39  
    40  func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request) {
    41  	c.RequireUserId().RequireCategory()
    42  	if c.Err != nil {
    43  		return
    44  	}
    45  
    46  	if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) {
    47  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    48  		return
    49  	}
    50  
    51  	preferences, err := c.App.GetPreferenceByCategoryForUser(c.Params.UserId, c.Params.Category)
    52  	if err != nil {
    53  		c.Err = err
    54  		return
    55  	}
    56  
    57  	w.Write([]byte(preferences.ToJson()))
    58  }
    59  
    60  func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.Request) {
    61  	c.RequireUserId().RequireCategory().RequirePreferenceName()
    62  	if c.Err != nil {
    63  		return
    64  	}
    65  
    66  	if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) {
    67  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    68  		return
    69  	}
    70  
    71  	preferences, err := c.App.GetPreferenceByCategoryAndNameForUser(c.Params.UserId, c.Params.Category, c.Params.PreferenceName)
    72  	if err != nil {
    73  		c.Err = err
    74  		return
    75  	}
    76  
    77  	w.Write([]byte(preferences.ToJson()))
    78  }
    79  
    80  func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
    81  	c.RequireUserId()
    82  	if c.Err != nil {
    83  		return
    84  	}
    85  
    86  	if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) {
    87  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    88  		return
    89  	}
    90  
    91  	preferences, err := model.PreferencesFromJson(r.Body)
    92  	if err != nil {
    93  		c.SetInvalidParam("preferences")
    94  		return
    95  	}
    96  
    97  	var sanitizedPreferences model.Preferences
    98  
    99  	for _, pref := range preferences {
   100  		if pref.Category == model.PREFERENCE_CATEGORY_FLAGGED_POST {
   101  			post, err := c.App.GetSinglePost(pref.Name)
   102  			if err != nil {
   103  				c.SetInvalidParam("preference.name")
   104  				return
   105  			}
   106  
   107  			if !c.App.SessionHasPermissionToChannel(c.App.Session, post.ChannelId, model.PERMISSION_READ_CHANNEL) {
   108  				c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   109  				return
   110  			}
   111  		}
   112  
   113  		sanitizedPreferences = append(sanitizedPreferences, pref)
   114  	}
   115  
   116  	if err := c.App.UpdatePreferences(c.Params.UserId, sanitizedPreferences); err != nil {
   117  		c.Err = err
   118  		return
   119  	}
   120  
   121  	ReturnStatusOK(w)
   122  }
   123  
   124  func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
   125  	c.RequireUserId()
   126  	if c.Err != nil {
   127  		return
   128  	}
   129  
   130  	if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) {
   131  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   132  		return
   133  	}
   134  
   135  	preferences, err := model.PreferencesFromJson(r.Body)
   136  	if err != nil {
   137  		c.SetInvalidParam("preferences")
   138  		return
   139  	}
   140  
   141  	if err := c.App.DeletePreferences(c.Params.UserId, preferences); err != nil {
   142  		c.Err = err
   143  		return
   144  	}
   145  
   146  	ReturnStatusOK(w)
   147  }