github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/role.go (about) 1 // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "strings" 9 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitRole() { 14 api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}", api.ApiSessionRequiredTrustRequester(getRole)).Methods("GET") 15 api.BaseRoutes.Roles.Handle("/name/{role_name:[a-z0-9_]+}", api.ApiSessionRequiredTrustRequester(getRoleByName)).Methods("GET") 16 api.BaseRoutes.Roles.Handle("/names", api.ApiSessionRequiredTrustRequester(getRolesByNames)).Methods("POST") 17 api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}/patch", api.ApiSessionRequired(patchRole)).Methods("PUT") 18 } 19 20 func getRole(c *Context, w http.ResponseWriter, r *http.Request) { 21 c.RequireRoleId() 22 if c.Err != nil { 23 return 24 } 25 26 role, err := c.App.GetRole(c.Params.RoleId) 27 if err != nil { 28 c.Err = err 29 return 30 } 31 32 w.Write([]byte(role.ToJson())) 33 } 34 35 func getRoleByName(c *Context, w http.ResponseWriter, r *http.Request) { 36 c.RequireRoleName() 37 if c.Err != nil { 38 return 39 } 40 41 role, err := c.App.GetRoleByName(c.Params.RoleName) 42 if err != nil { 43 c.Err = err 44 return 45 } 46 47 w.Write([]byte(role.ToJson())) 48 } 49 50 func getRolesByNames(c *Context, w http.ResponseWriter, r *http.Request) { 51 rolenames := model.ArrayFromJson(r.Body) 52 53 if len(rolenames) == 0 { 54 c.SetInvalidParam("rolenames") 55 return 56 } 57 58 var cleanedRoleNames []string 59 for _, rolename := range rolenames { 60 if strings.TrimSpace(rolename) == "" { 61 continue 62 } 63 64 if !model.IsValidRoleName(rolename) { 65 c.SetInvalidParam("rolename") 66 return 67 } 68 69 cleanedRoleNames = append(cleanedRoleNames, rolename) 70 } 71 72 roles, err := c.App.GetRolesByNames(cleanedRoleNames) 73 if err != nil { 74 c.Err = err 75 return 76 } 77 78 w.Write([]byte(model.RoleListToJson(roles))) 79 } 80 81 func patchRole(c *Context, w http.ResponseWriter, r *http.Request) { 82 c.RequireRoleId() 83 if c.Err != nil { 84 return 85 } 86 87 patch := model.RolePatchFromJson(r.Body) 88 if patch == nil { 89 c.SetInvalidParam("role") 90 return 91 } 92 93 oldRole, err := c.App.GetRole(c.Params.RoleId) 94 if err != nil { 95 c.Err = err 96 return 97 } 98 99 if c.App.License() == nil && patch.Permissions != nil { 100 allowedPermissions := []string{ 101 model.PERMISSION_CREATE_TEAM.Id, 102 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 103 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 104 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 105 model.PERMISSION_MANAGE_OAUTH.Id, 106 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 107 model.PERMISSION_CREATE_EMOJIS.Id, 108 model.PERMISSION_DELETE_EMOJIS.Id, 109 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 110 } 111 112 changedPermissions := model.PermissionsChangedByPatch(oldRole, patch) 113 for _, permission := range changedPermissions { 114 allowed := false 115 for _, allowedPermission := range allowedPermissions { 116 if permission == allowedPermission { 117 allowed = true 118 } 119 } 120 121 if !allowed { 122 c.Err = model.NewAppError("Api4.PatchRoles", "api.roles.patch_roles.license.error", nil, "", http.StatusNotImplemented) 123 return 124 } 125 } 126 } 127 128 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 129 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 130 return 131 } 132 133 role, err := c.App.PatchRole(oldRole, patch) 134 if err != nil { 135 c.Err = err 136 return 137 } 138 139 c.LogAudit("") 140 w.Write([]byte(role.ToJson())) 141 }