github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/reaction.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/mattermost/mattermost-server/model"
    10  )
    11  
    12  func (api *API) InitReaction() {
    13  	api.BaseRoutes.Reactions.Handle("", api.ApiSessionRequired(saveReaction)).Methods("POST")
    14  	api.BaseRoutes.Post.Handle("/reactions", api.ApiSessionRequired(getReactions)).Methods("GET")
    15  	api.BaseRoutes.ReactionByNameForPostForUser.Handle("", api.ApiSessionRequired(deleteReaction)).Methods("DELETE")
    16  	api.BaseRoutes.Posts.Handle("/ids/reactions", api.ApiSessionRequired(getBulkReactions)).Methods("POST")
    17  }
    18  
    19  func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) {
    20  	reaction := model.ReactionFromJson(r.Body)
    21  	if reaction == nil {
    22  		c.SetInvalidParam("reaction")
    23  		return
    24  	}
    25  
    26  	if len(reaction.UserId) != 26 || len(reaction.PostId) != 26 || len(reaction.EmojiName) == 0 || len(reaction.EmojiName) > model.EMOJI_NAME_MAX_LENGTH {
    27  		c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.invalid.app_error", nil, "", http.StatusBadRequest)
    28  		return
    29  	}
    30  
    31  	if reaction.UserId != c.App.Session.UserId {
    32  		c.Err = model.NewAppError("saveReaction", "api.reaction.save_reaction.user_id.app_error", nil, "", http.StatusForbidden)
    33  		return
    34  	}
    35  
    36  	if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, reaction.PostId, model.PERMISSION_ADD_REACTION) {
    37  		c.SetPermissionError(model.PERMISSION_ADD_REACTION)
    38  		return
    39  	}
    40  
    41  	reaction, err := c.App.SaveReactionForPost(reaction)
    42  	if err != nil {
    43  		c.Err = err
    44  		return
    45  	}
    46  
    47  	w.Write([]byte(reaction.ToJson()))
    48  }
    49  
    50  func getReactions(c *Context, w http.ResponseWriter, r *http.Request) {
    51  	c.RequirePostId()
    52  	if c.Err != nil {
    53  		return
    54  	}
    55  
    56  	if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
    57  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
    58  		return
    59  	}
    60  
    61  	reactions, err := c.App.GetReactionsForPost(c.Params.PostId)
    62  	if err != nil {
    63  		c.Err = err
    64  		return
    65  	}
    66  
    67  	w.Write([]byte(model.ReactionsToJson(reactions)))
    68  }
    69  
    70  func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) {
    71  	c.RequireUserId()
    72  	if c.Err != nil {
    73  		return
    74  	}
    75  
    76  	c.RequirePostId()
    77  	if c.Err != nil {
    78  		return
    79  	}
    80  
    81  	c.RequireEmojiName()
    82  	if c.Err != nil {
    83  		return
    84  	}
    85  
    86  	if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, c.Params.PostId, model.PERMISSION_REMOVE_REACTION) {
    87  		c.SetPermissionError(model.PERMISSION_REMOVE_REACTION)
    88  		return
    89  	}
    90  
    91  	if c.Params.UserId != c.App.Session.UserId && !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_REMOVE_OTHERS_REACTIONS) {
    92  		c.SetPermissionError(model.PERMISSION_REMOVE_OTHERS_REACTIONS)
    93  		return
    94  	}
    95  
    96  	reaction := &model.Reaction{
    97  		UserId:    c.Params.UserId,
    98  		PostId:    c.Params.PostId,
    99  		EmojiName: c.Params.EmojiName,
   100  	}
   101  
   102  	err := c.App.DeleteReactionForPost(reaction)
   103  	if err != nil {
   104  		c.Err = err
   105  		return
   106  	}
   107  
   108  	ReturnStatusOK(w)
   109  }
   110  
   111  func getBulkReactions(c *Context, w http.ResponseWriter, r *http.Request) {
   112  	postIds := model.ArrayFromJson(r.Body)
   113  	for _, postId := range postIds {
   114  		if !c.App.SessionHasPermissionToChannelByPost(c.App.Session, postId, model.PERMISSION_READ_CHANNEL) {
   115  			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   116  			return
   117  		}
   118  	}
   119  	reactions, err := c.App.GetBulkReactionsForPosts(postIds)
   120  	if err != nil {
   121  		c.Err = err
   122  		return
   123  	}
   124  
   125  	w.Write([]byte(model.MapPostIdToReactionsToJson(reactions)))
   126  }