github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/channel.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"context"
     8  	"encoding/json"
     9  	"net/http"
    10  	"strconv"
    11  	"strings"
    12  
    13  	"github.com/masterhung0112/hk_server/v5/app"
    14  	"github.com/masterhung0112/hk_server/v5/audit"
    15  	"github.com/masterhung0112/hk_server/v5/model"
    16  	"github.com/masterhung0112/hk_server/v5/shared/mlog"
    17  )
    18  
    19  func (api *API) InitChannel() {
    20  	api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(getAllChannels)).Methods("GET")
    21  	api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST")
    22  	api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST")
    23  	api.BaseRoutes.Channels.Handle("/search", api.ApiSessionRequiredDisableWhenBusy(searchAllChannels)).Methods("POST")
    24  	api.BaseRoutes.Channels.Handle("/group/search", api.ApiSessionRequiredDisableWhenBusy(searchGroupChannels)).Methods("POST")
    25  	api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST")
    26  	api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST")
    27  	api.BaseRoutes.Channels.Handle("/{channel_id:[A-Za-z0-9]+}/scheme", api.ApiSessionRequired(updateChannelScheme)).Methods("PUT")
    28  
    29  	api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET")
    30  	api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET")
    31  	api.BaseRoutes.ChannelsForTeam.Handle("/private", api.ApiSessionRequired(getPrivateChannelsForTeam)).Methods("GET")
    32  	api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST")
    33  	api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequiredDisableWhenBusy(searchChannelsForTeam)).Methods("POST")
    34  	api.BaseRoutes.ChannelsForTeam.Handle("/search_archived", api.ApiSessionRequiredDisableWhenBusy(searchArchivedChannelsForTeam)).Methods("POST")
    35  	api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET")
    36  	api.BaseRoutes.ChannelsForTeam.Handle("/search_autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeamForSearch)).Methods("GET")
    37  	api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET")
    38  
    39  	api.BaseRoutes.ChannelCategories.Handle("", api.ApiSessionRequired(getCategoriesForTeamForUser)).Methods("GET")
    40  	api.BaseRoutes.ChannelCategories.Handle("", api.ApiSessionRequired(createCategoryForTeamForUser)).Methods("POST")
    41  	api.BaseRoutes.ChannelCategories.Handle("", api.ApiSessionRequired(updateCategoriesForTeamForUser)).Methods("PUT")
    42  	api.BaseRoutes.ChannelCategories.Handle("/order", api.ApiSessionRequired(getCategoryOrderForTeamForUser)).Methods("GET")
    43  	api.BaseRoutes.ChannelCategories.Handle("/order", api.ApiSessionRequired(updateCategoryOrderForTeamForUser)).Methods("PUT")
    44  	api.BaseRoutes.ChannelCategories.Handle("/{category_id:[A-Za-z0-9_-]+}", api.ApiSessionRequired(getCategoryForTeamForUser)).Methods("GET")
    45  	api.BaseRoutes.ChannelCategories.Handle("/{category_id:[A-Za-z0-9_-]+}", api.ApiSessionRequired(updateCategoryForTeamForUser)).Methods("PUT")
    46  	api.BaseRoutes.ChannelCategories.Handle("/{category_id:[A-Za-z0-9_-]+}", api.ApiSessionRequired(deleteCategoryForTeamForUser)).Methods("DELETE")
    47  
    48  	api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET")
    49  	api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT")
    50  	api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT")
    51  	api.BaseRoutes.Channel.Handle("/convert", api.ApiSessionRequired(convertChannelToPrivate)).Methods("POST")
    52  	api.BaseRoutes.Channel.Handle("/privacy", api.ApiSessionRequired(updateChannelPrivacy)).Methods("PUT")
    53  	api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST")
    54  	api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE")
    55  	api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET")
    56  	api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET")
    57  	api.BaseRoutes.Channel.Handle("/timezones", api.ApiSessionRequired(getChannelMembersTimezones)).Methods("GET")
    58  	api.BaseRoutes.Channel.Handle("/members_minus_group_members", api.ApiSessionRequired(channelMembersMinusGroupMembers)).Methods("GET")
    59  	api.BaseRoutes.Channel.Handle("/move", api.ApiSessionRequired(moveChannel)).Methods("POST")
    60  	api.BaseRoutes.Channel.Handle("/member_counts_by_group", api.ApiSessionRequired(channelMemberCountsByGroup)).Methods("GET")
    61  
    62  	api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET")
    63  
    64  	api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET")
    65  	api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET")
    66  
    67  	api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET")
    68  	api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST")
    69  	api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST")
    70  	api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET")
    71  	api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET")
    72  	api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE")
    73  	api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT")
    74  	api.BaseRoutes.ChannelMember.Handle("/schemeRoles", api.ApiSessionRequired(updateChannelMemberSchemeRoles)).Methods("PUT")
    75  	api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT")
    76  
    77  	api.BaseRoutes.ChannelModerations.Handle("", api.ApiSessionRequired(getChannelModerations)).Methods("GET")
    78  	api.BaseRoutes.ChannelModerations.Handle("/patch", api.ApiSessionRequired(patchChannelModerations)).Methods("PUT")
    79  }
    80  
    81  func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
    82  	channel := model.ChannelFromJson(r.Body)
    83  	if channel == nil {
    84  		c.SetInvalidParam("channel")
    85  		return
    86  	}
    87  
    88  	auditRec := c.MakeAuditRecord("createChannel", audit.Fail)
    89  	defer c.LogAuditRec(auditRec)
    90  	auditRec.AddMeta("channel", channel)
    91  
    92  	if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) {
    93  		c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL)
    94  		return
    95  	}
    96  
    97  	if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) {
    98  		c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL)
    99  		return
   100  	}
   101  
   102  	sc, err := c.App.CreateChannelWithUser(c.AppContext, channel, c.AppContext.Session().UserId)
   103  	if err != nil {
   104  		c.Err = err
   105  		return
   106  	}
   107  
   108  	auditRec.Success()
   109  	auditRec.AddMeta("channel", sc) // overwrite meta
   110  	c.LogAudit("name=" + channel.Name)
   111  
   112  	w.WriteHeader(http.StatusCreated)
   113  	w.Write([]byte(sc.ToJson()))
   114  }
   115  
   116  func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
   117  	c.RequireChannelId()
   118  	if c.Err != nil {
   119  		return
   120  	}
   121  
   122  	channel := model.ChannelFromJson(r.Body)
   123  
   124  	if channel == nil {
   125  		c.SetInvalidParam("channel")
   126  		return
   127  	}
   128  
   129  	// The channel being updated in the payload must be the same one as indicated in the URL.
   130  	if channel.Id != c.Params.ChannelId {
   131  		c.SetInvalidParam("channel_id")
   132  		return
   133  	}
   134  
   135  	auditRec := c.MakeAuditRecord("updateChannel", audit.Fail)
   136  	defer c.LogAuditRec(auditRec)
   137  
   138  	originalOldChannel, err := c.App.GetChannel(channel.Id)
   139  	if err != nil {
   140  		c.Err = err
   141  		return
   142  	}
   143  	oldChannel := originalOldChannel.DeepCopy()
   144  
   145  	auditRec.AddMeta("channel", oldChannel)
   146  
   147  	switch oldChannel.Type {
   148  	case model.CHANNEL_OPEN:
   149  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) {
   150  			c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES)
   151  			return
   152  		}
   153  
   154  	case model.CHANNEL_PRIVATE:
   155  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) {
   156  			c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES)
   157  			return
   158  		}
   159  
   160  	case model.CHANNEL_GROUP, model.CHANNEL_DIRECT:
   161  		// Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership.
   162  		if _, errGet := c.App.GetChannelMember(context.Background(), channel.Id, c.AppContext.Session().UserId); errGet != nil {
   163  			c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
   164  			return
   165  		}
   166  
   167  	default:
   168  		c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
   169  		return
   170  	}
   171  
   172  	if oldChannel.DeleteAt > 0 {
   173  		c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest)
   174  		return
   175  	}
   176  
   177  	if channel.Type != "" && channel.Type != oldChannel.Type {
   178  		c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.typechange.app_error", nil, "", http.StatusBadRequest)
   179  		return
   180  	}
   181  
   182  	if oldChannel.Name == model.DEFAULT_CHANNEL {
   183  		if channel.Name != "" && channel.Name != oldChannel.Name {
   184  			c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest)
   185  			return
   186  		}
   187  	}
   188  
   189  	oldChannel.Header = channel.Header
   190  	oldChannel.Purpose = channel.Purpose
   191  
   192  	oldChannelDisplayName := oldChannel.DisplayName
   193  
   194  	if channel.DisplayName != "" {
   195  		oldChannel.DisplayName = channel.DisplayName
   196  	}
   197  
   198  	if channel.Name != "" {
   199  		oldChannel.Name = channel.Name
   200  		auditRec.AddMeta("new_channel_name", oldChannel.Name)
   201  	}
   202  
   203  	if channel.GroupConstrained != nil {
   204  		oldChannel.GroupConstrained = channel.GroupConstrained
   205  	}
   206  
   207  	updatedChannel, err := c.App.UpdateChannel(oldChannel)
   208  	if err != nil {
   209  		c.Err = err
   210  		return
   211  	}
   212  	auditRec.AddMeta("update", updatedChannel)
   213  
   214  	if oldChannelDisplayName != channel.DisplayName {
   215  		if err := c.App.PostUpdateChannelDisplayNameMessage(c.AppContext, c.AppContext.Session().UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil {
   216  			mlog.Warn("Error while posting channel display name message", mlog.Err(err))
   217  		}
   218  	}
   219  
   220  	auditRec.Success()
   221  	c.LogAudit("name=" + channel.Name)
   222  
   223  	w.Write([]byte(oldChannel.ToJson()))
   224  }
   225  
   226  func convertChannelToPrivate(c *Context, w http.ResponseWriter, r *http.Request) {
   227  	c.RequireChannelId()
   228  	if c.Err != nil {
   229  		return
   230  	}
   231  
   232  	oldPublicChannel, err := c.App.GetChannel(c.Params.ChannelId)
   233  	if err != nil {
   234  		c.Err = err
   235  		return
   236  	}
   237  
   238  	auditRec := c.MakeAuditRecord("convertChannelToPrivate", audit.Fail)
   239  	defer c.LogAuditRec(auditRec)
   240  	auditRec.AddMeta("channel", oldPublicChannel)
   241  
   242  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_CONVERT_PUBLIC_CHANNEL_TO_PRIVATE) {
   243  		c.SetPermissionError(model.PERMISSION_CONVERT_PUBLIC_CHANNEL_TO_PRIVATE)
   244  		return
   245  	}
   246  
   247  	if oldPublicChannel.Type == model.CHANNEL_PRIVATE {
   248  		c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.private_channel_error", nil, "", http.StatusBadRequest)
   249  		return
   250  	}
   251  
   252  	if oldPublicChannel.Name == model.DEFAULT_CHANNEL {
   253  		c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.default_channel_error", nil, "", http.StatusBadRequest)
   254  		return
   255  	}
   256  
   257  	user, err := c.App.GetUser(c.AppContext.Session().UserId)
   258  	if err != nil {
   259  		c.Err = err
   260  		return
   261  	}
   262  	auditRec.AddMeta("user", user)
   263  
   264  	oldPublicChannel.Type = model.CHANNEL_PRIVATE
   265  
   266  	rchannel, err := c.App.UpdateChannelPrivacy(c.AppContext, oldPublicChannel, user)
   267  	if err != nil {
   268  		c.Err = err
   269  		return
   270  	}
   271  
   272  	auditRec.Success()
   273  	c.LogAudit("name=" + rchannel.Name)
   274  
   275  	w.Write([]byte(rchannel.ToJson()))
   276  }
   277  
   278  func updateChannelPrivacy(c *Context, w http.ResponseWriter, r *http.Request) {
   279  	c.RequireChannelId()
   280  	if c.Err != nil {
   281  		return
   282  	}
   283  
   284  	props := model.StringInterfaceFromJson(r.Body)
   285  	privacy, ok := props["privacy"].(string)
   286  	if !ok || (privacy != model.CHANNEL_OPEN && privacy != model.CHANNEL_PRIVATE) {
   287  		c.SetInvalidParam("privacy")
   288  		return
   289  	}
   290  
   291  	channel, err := c.App.GetChannel(c.Params.ChannelId)
   292  	if err != nil {
   293  		c.Err = err
   294  		return
   295  	}
   296  
   297  	auditRec := c.MakeAuditRecord("updateChannelPrivacy", audit.Fail)
   298  	defer c.LogAuditRec(auditRec)
   299  	auditRec.AddMeta("channel", channel)
   300  	auditRec.AddMeta("new_type", privacy)
   301  
   302  	if privacy == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_CONVERT_PRIVATE_CHANNEL_TO_PUBLIC) {
   303  		c.SetPermissionError(model.PERMISSION_CONVERT_PRIVATE_CHANNEL_TO_PUBLIC)
   304  		return
   305  	}
   306  
   307  	if privacy == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_CONVERT_PUBLIC_CHANNEL_TO_PRIVATE) {
   308  		c.SetPermissionError(model.PERMISSION_CONVERT_PUBLIC_CHANNEL_TO_PRIVATE)
   309  		return
   310  	}
   311  
   312  	if channel.Name == model.DEFAULT_CHANNEL && privacy == model.CHANNEL_PRIVATE {
   313  		c.Err = model.NewAppError("updateChannelPrivacy", "api.channel.update_channel_privacy.default_channel_error", nil, "", http.StatusBadRequest)
   314  		return
   315  	}
   316  
   317  	user, err := c.App.GetUser(c.AppContext.Session().UserId)
   318  	if err != nil {
   319  		c.Err = err
   320  		return
   321  	}
   322  	auditRec.AddMeta("user", user)
   323  
   324  	channel.Type = privacy
   325  
   326  	updatedChannel, err := c.App.UpdateChannelPrivacy(c.AppContext, channel, user)
   327  	if err != nil {
   328  		c.Err = err
   329  		return
   330  	}
   331  
   332  	auditRec.Success()
   333  	c.LogAudit("name=" + updatedChannel.Name)
   334  
   335  	w.Write([]byte(updatedChannel.ToJson()))
   336  }
   337  
   338  func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) {
   339  	c.RequireChannelId()
   340  	if c.Err != nil {
   341  		return
   342  	}
   343  	patch := model.ChannelPatchFromJson(r.Body)
   344  	if patch == nil {
   345  		c.SetInvalidParam("channel")
   346  		return
   347  	}
   348  
   349  	originalOldChannel, err := c.App.GetChannel(c.Params.ChannelId)
   350  	if err != nil {
   351  		c.Err = err
   352  		return
   353  	}
   354  	oldChannel := originalOldChannel.DeepCopy()
   355  
   356  	auditRec := c.MakeAuditRecord("patchChannel", audit.Fail)
   357  	defer c.LogAuditRec(auditRec)
   358  	auditRec.AddMeta("channel", oldChannel)
   359  
   360  	switch oldChannel.Type {
   361  	case model.CHANNEL_OPEN:
   362  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) {
   363  			c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES)
   364  			return
   365  		}
   366  
   367  	case model.CHANNEL_PRIVATE:
   368  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) {
   369  			c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES)
   370  			return
   371  		}
   372  
   373  	case model.CHANNEL_GROUP, model.CHANNEL_DIRECT:
   374  		// Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership.
   375  		if _, err = c.App.GetChannelMember(context.Background(), c.Params.ChannelId, c.AppContext.Session().UserId); err != nil {
   376  			c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
   377  			return
   378  		}
   379  
   380  	default:
   381  		c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
   382  		return
   383  	}
   384  
   385  	rchannel, err := c.App.PatchChannel(c.AppContext, oldChannel, patch, c.AppContext.Session().UserId)
   386  	if err != nil {
   387  		c.Err = err
   388  		return
   389  	}
   390  
   391  	err = c.App.FillInChannelProps(rchannel)
   392  	if err != nil {
   393  		c.Err = err
   394  		return
   395  	}
   396  
   397  	auditRec.Success()
   398  	c.LogAudit("")
   399  	auditRec.AddMeta("patch", rchannel)
   400  
   401  	w.Write([]byte(rchannel.ToJson()))
   402  }
   403  
   404  func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) {
   405  	c.RequireChannelId()
   406  	if c.Err != nil {
   407  		return
   408  	}
   409  
   410  	channel, err := c.App.GetChannel(c.Params.ChannelId)
   411  	if err != nil {
   412  		c.Err = err
   413  		return
   414  	}
   415  	teamId := channel.TeamId
   416  
   417  	auditRec := c.MakeAuditRecord("restoreChannel", audit.Fail)
   418  	defer c.LogAuditRec(auditRec)
   419  	auditRec.AddMeta("channel", channel)
   420  
   421  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_TEAM) {
   422  		c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
   423  		return
   424  	}
   425  
   426  	channel, err = c.App.RestoreChannel(c.AppContext, channel, c.AppContext.Session().UserId)
   427  	if err != nil {
   428  		c.Err = err
   429  		return
   430  	}
   431  
   432  	auditRec.Success()
   433  	c.LogAudit("name=" + channel.Name)
   434  
   435  	w.Write([]byte(channel.ToJson()))
   436  }
   437  
   438  func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
   439  	userIds := model.ArrayFromJson(r.Body)
   440  	allowed := false
   441  
   442  	if len(userIds) != 2 {
   443  		c.SetInvalidParam("user_ids")
   444  		return
   445  	}
   446  
   447  	for _, id := range userIds {
   448  		if !model.IsValidId(id) {
   449  			c.SetInvalidParam("user_id")
   450  			return
   451  		}
   452  		if id == c.AppContext.Session().UserId {
   453  			allowed = true
   454  		}
   455  	}
   456  
   457  	auditRec := c.MakeAuditRecord("createDirectChannel", audit.Fail)
   458  	defer c.LogAuditRec(auditRec)
   459  
   460  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_CREATE_DIRECT_CHANNEL) {
   461  		c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL)
   462  		return
   463  	}
   464  
   465  	if !allowed && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) {
   466  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   467  		return
   468  	}
   469  
   470  	otherUserId := userIds[0]
   471  	if c.AppContext.Session().UserId == otherUserId {
   472  		otherUserId = userIds[1]
   473  	}
   474  
   475  	auditRec.AddMeta("other_user_id", otherUserId)
   476  
   477  	canSee, err := c.App.UserCanSeeOtherUser(c.AppContext.Session().UserId, otherUserId)
   478  	if err != nil {
   479  		c.Err = err
   480  		return
   481  	}
   482  
   483  	if !canSee {
   484  		c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
   485  		return
   486  	}
   487  
   488  	sc, err := c.App.GetOrCreateDirectChannel(c.AppContext, userIds[0], userIds[1])
   489  	if err != nil {
   490  		c.Err = err
   491  		return
   492  	}
   493  
   494  	auditRec.Success()
   495  	auditRec.AddMeta("channel", sc)
   496  
   497  	w.WriteHeader(http.StatusCreated)
   498  	w.Write([]byte(sc.ToJson()))
   499  }
   500  
   501  func searchGroupChannels(c *Context, w http.ResponseWriter, r *http.Request) {
   502  	props := model.ChannelSearchFromJson(r.Body)
   503  	if props == nil {
   504  		c.SetInvalidParam("channel_search")
   505  		return
   506  	}
   507  
   508  	groupChannels, err := c.App.SearchGroupChannels(c.AppContext.Session().UserId, props.Term)
   509  	if err != nil {
   510  		c.Err = err
   511  		return
   512  	}
   513  
   514  	w.Write([]byte(groupChannels.ToJson()))
   515  }
   516  
   517  func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) {
   518  	userIds := model.ArrayFromJson(r.Body)
   519  
   520  	if len(userIds) == 0 {
   521  		c.SetInvalidParam("user_ids")
   522  		return
   523  	}
   524  
   525  	found := false
   526  	for _, id := range userIds {
   527  		if !model.IsValidId(id) {
   528  			c.SetInvalidParam("user_id")
   529  			return
   530  		}
   531  		if id == c.AppContext.Session().UserId {
   532  			found = true
   533  		}
   534  	}
   535  
   536  	if !found {
   537  		userIds = append(userIds, c.AppContext.Session().UserId)
   538  	}
   539  
   540  	auditRec := c.MakeAuditRecord("createGroupChannel", audit.Fail)
   541  	defer c.LogAuditRec(auditRec)
   542  
   543  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_CREATE_GROUP_CHANNEL) {
   544  		c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL)
   545  		return
   546  	}
   547  
   548  	canSeeAll := true
   549  	for _, id := range userIds {
   550  		if c.AppContext.Session().UserId != id {
   551  			canSee, err := c.App.UserCanSeeOtherUser(c.AppContext.Session().UserId, id)
   552  			if err != nil {
   553  				c.Err = err
   554  				return
   555  			}
   556  			if !canSee {
   557  				canSeeAll = false
   558  			}
   559  		}
   560  	}
   561  
   562  	if !canSeeAll {
   563  		c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
   564  		return
   565  	}
   566  
   567  	groupChannel, err := c.App.CreateGroupChannel(userIds, c.AppContext.Session().UserId)
   568  	if err != nil {
   569  		c.Err = err
   570  		return
   571  	}
   572  
   573  	auditRec.Success()
   574  	auditRec.AddMeta("channel", groupChannel)
   575  
   576  	w.WriteHeader(http.StatusCreated)
   577  	w.Write([]byte(groupChannel.ToJson()))
   578  }
   579  
   580  func getChannel(c *Context, w http.ResponseWriter, r *http.Request) {
   581  	c.RequireChannelId()
   582  	if c.Err != nil {
   583  		return
   584  	}
   585  
   586  	channel, err := c.App.GetChannel(c.Params.ChannelId)
   587  	if err != nil {
   588  		c.Err = err
   589  		return
   590  	}
   591  
   592  	if channel.Type == model.CHANNEL_OPEN {
   593  		if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
   594  			c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
   595  			return
   596  		}
   597  	} else {
   598  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
   599  			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   600  			return
   601  		}
   602  	}
   603  
   604  	err = c.App.FillInChannelProps(channel)
   605  	if err != nil {
   606  		c.Err = err
   607  		return
   608  	}
   609  
   610  	w.Write([]byte(channel.ToJson()))
   611  }
   612  
   613  func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) {
   614  	c.RequireChannelId().RequireUserId()
   615  	if c.Err != nil {
   616  		return
   617  	}
   618  
   619  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
   620  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   621  		return
   622  	}
   623  
   624  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
   625  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   626  		return
   627  	}
   628  
   629  	channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId)
   630  	if err != nil {
   631  		c.Err = err
   632  		return
   633  	}
   634  
   635  	w.Write([]byte(channelUnread.ToJson()))
   636  }
   637  
   638  func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) {
   639  	c.RequireChannelId()
   640  	if c.Err != nil {
   641  		return
   642  	}
   643  
   644  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
   645  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   646  		return
   647  	}
   648  
   649  	memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId)
   650  	if err != nil {
   651  		c.Err = err
   652  		return
   653  	}
   654  
   655  	guestCount, err := c.App.GetChannelGuestCount(c.Params.ChannelId)
   656  	if err != nil {
   657  		c.Err = err
   658  		return
   659  	}
   660  
   661  	pinnedPostCount, err := c.App.GetChannelPinnedPostCount(c.Params.ChannelId)
   662  	if err != nil {
   663  		c.Err = err
   664  		return
   665  	}
   666  
   667  	stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount, GuestCount: guestCount, PinnedPostCount: pinnedPostCount}
   668  	w.Write([]byte(stats.ToJson()))
   669  }
   670  
   671  func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) {
   672  	c.RequireChannelId()
   673  	if c.Err != nil {
   674  		return
   675  	}
   676  
   677  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
   678  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   679  		return
   680  	}
   681  
   682  	posts, err := c.App.GetPinnedPosts(c.Params.ChannelId)
   683  	if err != nil {
   684  		c.Err = err
   685  		return
   686  	}
   687  
   688  	if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) {
   689  		return
   690  	}
   691  
   692  	clientPostList := c.App.PreparePostListForClient(posts)
   693  
   694  	w.Header().Set(model.HEADER_ETAG_SERVER, clientPostList.Etag())
   695  	w.Write([]byte(clientPostList.ToJson()))
   696  }
   697  
   698  func getAllChannels(c *Context, w http.ResponseWriter, r *http.Request) {
   699  	permissions := []*model.Permission{
   700  		model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_GROUPS,
   701  		model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS,
   702  	}
   703  	if !c.App.SessionHasPermissionToAny(*c.AppContext.Session(), permissions) {
   704  		c.SetPermissionError(permissions...)
   705  		return
   706  	}
   707  	// Only system managers may use the ExcludePolicyConstrained parameter
   708  	if c.Params.ExcludePolicyConstrained && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
   709  		c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
   710  		return
   711  	}
   712  
   713  	opts := model.ChannelSearchOpts{
   714  		NotAssociatedToGroup:     c.Params.NotAssociatedToGroup,
   715  		ExcludeDefaultChannels:   c.Params.ExcludeDefaultChannels,
   716  		IncludeDeleted:           c.Params.IncludeDeleted,
   717  		ExcludePolicyConstrained: c.Params.ExcludePolicyConstrained,
   718  	}
   719  	if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
   720  		opts.IncludePolicyID = true
   721  	}
   722  
   723  	channels, err := c.App.GetAllChannels(c.Params.Page, c.Params.PerPage, opts)
   724  	if err != nil {
   725  		c.Err = err
   726  		return
   727  	}
   728  
   729  	var payload []byte
   730  	if c.Params.IncludeTotalCount {
   731  		totalCount, err := c.App.GetAllChannelsCount(opts)
   732  		if err != nil {
   733  			c.Err = err
   734  			return
   735  		}
   736  		cwc := &model.ChannelsWithCount{
   737  			Channels:   channels,
   738  			TotalCount: totalCount,
   739  		}
   740  		payload = cwc.ToJson()
   741  	} else {
   742  		payload = []byte(channels.ToJson())
   743  	}
   744  
   745  	w.Write(payload)
   746  }
   747  
   748  func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
   749  	c.RequireTeamId()
   750  	if c.Err != nil {
   751  		return
   752  	}
   753  
   754  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
   755  		c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS)
   756  		return
   757  	}
   758  
   759  	channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage)
   760  	if err != nil {
   761  		c.Err = err
   762  		return
   763  	}
   764  
   765  	err = c.App.FillInChannelsProps(channels)
   766  	if err != nil {
   767  		c.Err = err
   768  		return
   769  	}
   770  
   771  	w.Write([]byte(channels.ToJson()))
   772  }
   773  
   774  func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
   775  	c.RequireTeamId()
   776  	if c.Err != nil {
   777  		return
   778  	}
   779  
   780  	channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage, c.AppContext.Session().UserId)
   781  	if err != nil {
   782  		c.Err = err
   783  		return
   784  	}
   785  
   786  	err = c.App.FillInChannelsProps(channels)
   787  	if err != nil {
   788  		c.Err = err
   789  		return
   790  	}
   791  
   792  	w.Write([]byte(channels.ToJson()))
   793  }
   794  
   795  func getPrivateChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
   796  	c.RequireTeamId()
   797  	if c.Err != nil {
   798  		return
   799  	}
   800  
   801  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) {
   802  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   803  		return
   804  	}
   805  
   806  	channels, err := c.App.GetPrivateChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage)
   807  	if err != nil {
   808  		c.Err = err
   809  		return
   810  	}
   811  
   812  	err = c.App.FillInChannelsProps(channels)
   813  	if err != nil {
   814  		c.Err = err
   815  		return
   816  	}
   817  
   818  	w.Write([]byte(channels.ToJson()))
   819  }
   820  
   821  func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
   822  	c.RequireTeamId()
   823  	if c.Err != nil {
   824  		return
   825  	}
   826  
   827  	channelIds := model.ArrayFromJson(r.Body)
   828  	if len(channelIds) == 0 {
   829  		c.SetInvalidParam("channel_ids")
   830  		return
   831  	}
   832  
   833  	for _, cid := range channelIds {
   834  		if !model.IsValidId(cid) {
   835  			c.SetInvalidParam("channel_id")
   836  			return
   837  		}
   838  	}
   839  
   840  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
   841  		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
   842  		return
   843  	}
   844  
   845  	channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds)
   846  	if err != nil {
   847  		c.Err = err
   848  		return
   849  	}
   850  
   851  	err = c.App.FillInChannelsProps(channels)
   852  	if err != nil {
   853  		c.Err = err
   854  		return
   855  	}
   856  
   857  	w.Write([]byte(channels.ToJson()))
   858  }
   859  
   860  func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
   861  	c.RequireUserId().RequireTeamId()
   862  	if c.Err != nil {
   863  		return
   864  	}
   865  
   866  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
   867  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   868  		return
   869  	}
   870  
   871  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
   872  		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
   873  		return
   874  	}
   875  
   876  	query := r.URL.Query()
   877  	lastDeleteAt, nErr := strconv.Atoi(query.Get("last_delete_at"))
   878  	if nErr != nil {
   879  		lastDeleteAt = 0
   880  	}
   881  	if lastDeleteAt < 0 {
   882  		c.SetInvalidUrlParam("last_delete_at")
   883  		return
   884  	}
   885  
   886  	channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId, c.Params.IncludeDeleted, lastDeleteAt)
   887  	if err != nil {
   888  		c.Err = err
   889  		return
   890  	}
   891  
   892  	if c.HandleEtag(channels.Etag(), "Get Channels", w, r) {
   893  		return
   894  	}
   895  
   896  	err = c.App.FillInChannelsProps(channels)
   897  	if err != nil {
   898  		c.Err = err
   899  		return
   900  	}
   901  
   902  	w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag())
   903  	w.Write([]byte(channels.ToJson()))
   904  }
   905  
   906  func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
   907  	c.RequireTeamId()
   908  	if c.Err != nil {
   909  		return
   910  	}
   911  
   912  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
   913  		c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS)
   914  		return
   915  	}
   916  
   917  	name := r.URL.Query().Get("name")
   918  
   919  	channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name)
   920  	if err != nil {
   921  		c.Err = err
   922  		return
   923  	}
   924  
   925  	// Don't fill in channels props, since unused by client and potentially expensive.
   926  
   927  	w.Write([]byte(channels.ToJson()))
   928  }
   929  
   930  func autocompleteChannelsForTeamForSearch(c *Context, w http.ResponseWriter, r *http.Request) {
   931  	c.RequireTeamId()
   932  	if c.Err != nil {
   933  		return
   934  	}
   935  
   936  	name := r.URL.Query().Get("name")
   937  
   938  	channels, err := c.App.AutocompleteChannelsForSearch(c.Params.TeamId, c.AppContext.Session().UserId, name)
   939  	if err != nil {
   940  		c.Err = err
   941  		return
   942  	}
   943  
   944  	w.Write([]byte(channels.ToJson()))
   945  }
   946  
   947  func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
   948  	c.RequireTeamId()
   949  	if c.Err != nil {
   950  		return
   951  	}
   952  
   953  	props := model.ChannelSearchFromJson(r.Body)
   954  	if props == nil {
   955  		c.SetInvalidParam("channel_search")
   956  		return
   957  	}
   958  
   959  	var channels *model.ChannelList
   960  	var err *model.AppError
   961  	if c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
   962  		channels, err = c.App.SearchChannels(c.Params.TeamId, props.Term)
   963  	} else {
   964  		// If the user is not a team member, return a 404
   965  		if _, err = c.App.GetTeamMember(c.Params.TeamId, c.AppContext.Session().UserId); err != nil {
   966  			c.Err = err
   967  			return
   968  		}
   969  
   970  		channels, err = c.App.SearchChannelsForUser(c.AppContext.Session().UserId, c.Params.TeamId, props.Term)
   971  	}
   972  
   973  	if err != nil {
   974  		c.Err = err
   975  		return
   976  	}
   977  
   978  	// Don't fill in channels props, since unused by client and potentially expensive.
   979  
   980  	w.Write([]byte(channels.ToJson()))
   981  }
   982  
   983  func searchArchivedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
   984  	c.RequireTeamId()
   985  	if c.Err != nil {
   986  		return
   987  	}
   988  
   989  	props := model.ChannelSearchFromJson(r.Body)
   990  	if props == nil {
   991  		c.SetInvalidParam("channel_search")
   992  		return
   993  	}
   994  
   995  	var channels *model.ChannelList
   996  	var err *model.AppError
   997  	if c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
   998  		channels, err = c.App.SearchArchivedChannels(c.Params.TeamId, props.Term, c.AppContext.Session().UserId)
   999  	} else {
  1000  		// If the user is not a team member, return a 404
  1001  		if _, err = c.App.GetTeamMember(c.Params.TeamId, c.AppContext.Session().UserId); err != nil {
  1002  			c.Err = err
  1003  			return
  1004  		}
  1005  
  1006  		channels, err = c.App.SearchArchivedChannels(c.Params.TeamId, props.Term, c.AppContext.Session().UserId)
  1007  	}
  1008  
  1009  	if err != nil {
  1010  		c.Err = err
  1011  		return
  1012  	}
  1013  
  1014  	// Don't fill in channels props, since unused by client and potentially expensive.
  1015  
  1016  	w.Write([]byte(channels.ToJson()))
  1017  }
  1018  
  1019  func searchAllChannels(c *Context, w http.ResponseWriter, r *http.Request) {
  1020  	props := model.ChannelSearchFromJson(r.Body)
  1021  	if props == nil {
  1022  		c.SetInvalidParam("channel_search")
  1023  		return
  1024  	}
  1025  	// Only system managers may use the ExcludePolicyConstrained field
  1026  	if props.ExcludePolicyConstrained && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
  1027  		c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
  1028  		return
  1029  	}
  1030  
  1031  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS) {
  1032  		c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS)
  1033  		return
  1034  	}
  1035  	includeDeleted, _ := strconv.ParseBool(r.URL.Query().Get("include_deleted"))
  1036  	includeDeleted = includeDeleted || props.IncludeDeleted
  1037  
  1038  	opts := model.ChannelSearchOpts{
  1039  		NotAssociatedToGroup:     props.NotAssociatedToGroup,
  1040  		ExcludeDefaultChannels:   props.ExcludeDefaultChannels,
  1041  		TeamIds:                  props.TeamIds,
  1042  		GroupConstrained:         props.GroupConstrained,
  1043  		ExcludeGroupConstrained:  props.ExcludeGroupConstrained,
  1044  		ExcludePolicyConstrained: props.ExcludePolicyConstrained,
  1045  		Public:                   props.Public,
  1046  		Private:                  props.Private,
  1047  		IncludeDeleted:           includeDeleted,
  1048  		Deleted:                  props.Deleted,
  1049  		Page:                     props.Page,
  1050  		PerPage:                  props.PerPage,
  1051  	}
  1052  	if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
  1053  		opts.IncludePolicyID = true
  1054  	}
  1055  
  1056  	channels, totalCount, appErr := c.App.SearchAllChannels(props.Term, opts)
  1057  	if appErr != nil {
  1058  		c.Err = appErr
  1059  		return
  1060  	}
  1061  
  1062  	// Don't fill in channels props, since unused by client and potentially expensive.
  1063  	var payload []byte
  1064  	if props.Page != nil && props.PerPage != nil {
  1065  		data := model.ChannelsWithCount{Channels: channels, TotalCount: totalCount}
  1066  		payload = data.ToJson()
  1067  	} else {
  1068  		payload = []byte(channels.ToJson())
  1069  	}
  1070  
  1071  	w.Write(payload)
  1072  }
  1073  
  1074  func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
  1075  	c.RequireChannelId()
  1076  	if c.Err != nil {
  1077  		return
  1078  	}
  1079  
  1080  	channel, err := c.App.GetChannel(c.Params.ChannelId)
  1081  	if err != nil {
  1082  		c.Err = err
  1083  		return
  1084  	}
  1085  
  1086  	auditRec := c.MakeAuditRecord("deleteChannel", audit.Fail)
  1087  	defer c.LogAuditRec(auditRec)
  1088  	auditRec.AddMeta("channeld", channel)
  1089  
  1090  	if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP {
  1091  		c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest)
  1092  		return
  1093  	}
  1094  
  1095  	if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
  1096  		c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
  1097  		return
  1098  	}
  1099  
  1100  	if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
  1101  		c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
  1102  		return
  1103  	}
  1104  
  1105  	if c.Params.Permanent {
  1106  		if *c.App.Config().ServiceSettings.EnableAPIChannelDeletion {
  1107  			err = c.App.PermanentDeleteChannel(channel)
  1108  		} else {
  1109  			err = model.NewAppError("deleteChannel", "api.user.delete_channel.not_enabled.app_error", nil, "channelId="+c.Params.ChannelId, http.StatusUnauthorized)
  1110  		}
  1111  	} else {
  1112  		err = c.App.DeleteChannel(c.AppContext, channel, c.AppContext.Session().UserId)
  1113  	}
  1114  	if err != nil {
  1115  		c.Err = err
  1116  		return
  1117  	}
  1118  
  1119  	auditRec.Success()
  1120  	c.LogAudit("name=" + channel.Name)
  1121  
  1122  	ReturnStatusOK(w)
  1123  }
  1124  
  1125  func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) {
  1126  	c.RequireTeamId().RequireChannelName()
  1127  	if c.Err != nil {
  1128  		return
  1129  	}
  1130  
  1131  	includeDeleted, _ := strconv.ParseBool(r.URL.Query().Get("include_deleted"))
  1132  	channel, appErr := c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId, includeDeleted)
  1133  	if appErr != nil {
  1134  		c.Err = appErr
  1135  		return
  1136  	}
  1137  
  1138  	if channel.Type == model.CHANNEL_OPEN {
  1139  		if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_READ_CHANNEL) {
  1140  			c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
  1141  			return
  1142  		}
  1143  	} else {
  1144  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_READ_CHANNEL) {
  1145  			c.Err = model.NewAppError("getChannelByName", "app.channel.get_by_name.missing.app_error", nil, "teamId="+channel.TeamId+", "+"name="+channel.Name+"", http.StatusNotFound)
  1146  			return
  1147  		}
  1148  	}
  1149  
  1150  	appErr = c.App.FillInChannelProps(channel)
  1151  	if appErr != nil {
  1152  		c.Err = appErr
  1153  		return
  1154  	}
  1155  
  1156  	w.Write([]byte(channel.ToJson()))
  1157  }
  1158  
  1159  func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) {
  1160  	c.RequireTeamName().RequireChannelName()
  1161  	if c.Err != nil {
  1162  		return
  1163  	}
  1164  
  1165  	includeDeleted, _ := strconv.ParseBool(r.URL.Query().Get("include_deleted"))
  1166  	channel, appErr := c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName, includeDeleted)
  1167  	if appErr != nil {
  1168  		c.Err = appErr
  1169  		return
  1170  	}
  1171  
  1172  	teamOk := c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL)
  1173  	channelOk := c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_READ_CHANNEL)
  1174  
  1175  	if channel.Type == model.CHANNEL_OPEN {
  1176  		if !teamOk && !channelOk {
  1177  			c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
  1178  			return
  1179  		}
  1180  	} else if !channelOk {
  1181  		c.Err = model.NewAppError("getChannelByNameForTeamName", "app.channel.get_by_name.missing.app_error", nil, "teamId="+channel.TeamId+", "+"name="+channel.Name+"", http.StatusNotFound)
  1182  		return
  1183  	}
  1184  
  1185  	appErr = c.App.FillInChannelProps(channel)
  1186  	if appErr != nil {
  1187  		c.Err = appErr
  1188  		return
  1189  	}
  1190  
  1191  	w.Write([]byte(channel.ToJson()))
  1192  }
  1193  
  1194  func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) {
  1195  	c.RequireChannelId()
  1196  	if c.Err != nil {
  1197  		return
  1198  	}
  1199  
  1200  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
  1201  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
  1202  		return
  1203  	}
  1204  
  1205  	members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage)
  1206  	if err != nil {
  1207  		c.Err = err
  1208  		return
  1209  	}
  1210  
  1211  	w.Write([]byte(members.ToJson()))
  1212  }
  1213  
  1214  func getChannelMembersTimezones(c *Context, w http.ResponseWriter, r *http.Request) {
  1215  	c.RequireChannelId()
  1216  	if c.Err != nil {
  1217  		return
  1218  	}
  1219  
  1220  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
  1221  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
  1222  		return
  1223  	}
  1224  
  1225  	membersTimezones, err := c.App.GetChannelMembersTimezones(c.Params.ChannelId)
  1226  	if err != nil {
  1227  		c.Err = err
  1228  		return
  1229  	}
  1230  
  1231  	w.Write([]byte(model.ArrayToJson(membersTimezones)))
  1232  }
  1233  
  1234  func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
  1235  	c.RequireChannelId()
  1236  	if c.Err != nil {
  1237  		return
  1238  	}
  1239  
  1240  	userIds := model.ArrayFromJson(r.Body)
  1241  	if len(userIds) == 0 {
  1242  		c.SetInvalidParam("user_ids")
  1243  		return
  1244  	}
  1245  
  1246  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
  1247  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
  1248  		return
  1249  	}
  1250  
  1251  	members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds)
  1252  	if err != nil {
  1253  		c.Err = err
  1254  		return
  1255  	}
  1256  
  1257  	w.Write([]byte(members.ToJson()))
  1258  }
  1259  
  1260  func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
  1261  	c.RequireChannelId().RequireUserId()
  1262  	if c.Err != nil {
  1263  		return
  1264  	}
  1265  
  1266  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
  1267  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
  1268  		return
  1269  	}
  1270  
  1271  	member, err := c.App.GetChannelMember(app.WithMaster(context.Background()), c.Params.ChannelId, c.Params.UserId)
  1272  	if err != nil {
  1273  		c.Err = err
  1274  		return
  1275  	}
  1276  
  1277  	w.Write([]byte(member.ToJson()))
  1278  }
  1279  
  1280  func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) {
  1281  	c.RequireUserId().RequireTeamId()
  1282  	if c.Err != nil {
  1283  		return
  1284  	}
  1285  
  1286  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
  1287  		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
  1288  		return
  1289  	}
  1290  
  1291  	if c.AppContext.Session().UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
  1292  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
  1293  		return
  1294  	}
  1295  
  1296  	members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId)
  1297  	if err != nil {
  1298  		c.Err = err
  1299  		return
  1300  	}
  1301  
  1302  	w.Write([]byte(members.ToJson()))
  1303  }
  1304  
  1305  func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) {
  1306  	c.RequireUserId()
  1307  	if c.Err != nil {
  1308  		return
  1309  	}
  1310  
  1311  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
  1312  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
  1313  		return
  1314  	}
  1315  
  1316  	view := model.ChannelViewFromJson(r.Body)
  1317  	if view == nil {
  1318  		c.SetInvalidParam("channel_view")
  1319  		return
  1320  	}
  1321  
  1322  	// Validate view struct
  1323  	// Check IDs are valid or blank. Blank IDs are used to denote focus loss or initial channel view.
  1324  	if view.ChannelId != "" && !model.IsValidId(view.ChannelId) {
  1325  		c.SetInvalidParam("channel_view.channel_id")
  1326  		return
  1327  	}
  1328  	if view.PrevChannelId != "" && !model.IsValidId(view.PrevChannelId) {
  1329  		c.SetInvalidParam("channel_view.prev_channel_id")
  1330  		return
  1331  	}
  1332  
  1333  	times, err := c.App.ViewChannel(view, c.Params.UserId, c.AppContext.Session().Id, view.CollapsedThreadsSupported)
  1334  	if err != nil {
  1335  		c.Err = err
  1336  		return
  1337  	}
  1338  
  1339  	c.App.UpdateLastActivityAtIfNeeded(*c.AppContext.Session())
  1340  	c.ExtendSessionExpiryIfNeeded(w, r)
  1341  
  1342  	// Returning {"status": "OK", ...} for backwards compatibility
  1343  	resp := &model.ChannelViewResponse{
  1344  		Status:            "OK",
  1345  		LastViewedAtTimes: times,
  1346  	}
  1347  
  1348  	w.Write([]byte(resp.ToJson()))
  1349  }
  1350  
  1351  func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) {
  1352  	c.RequireChannelId().RequireUserId()
  1353  	if c.Err != nil {
  1354  		return
  1355  	}
  1356  
  1357  	props := model.MapFromJson(r.Body)
  1358  
  1359  	newRoles := props["roles"]
  1360  	if !(model.IsValidUserRoles(newRoles)) {
  1361  		c.SetInvalidParam("roles")
  1362  		return
  1363  	}
  1364  
  1365  	auditRec := c.MakeAuditRecord("updateChannelMemberRoles", audit.Fail)
  1366  	defer c.LogAuditRec(auditRec)
  1367  	auditRec.AddMeta("channel_id", c.Params.ChannelId)
  1368  	auditRec.AddMeta("roles", newRoles)
  1369  
  1370  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) {
  1371  		c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES)
  1372  		return
  1373  	}
  1374  
  1375  	if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil {
  1376  		c.Err = err
  1377  		return
  1378  	}
  1379  
  1380  	auditRec.Success()
  1381  
  1382  	ReturnStatusOK(w)
  1383  }
  1384  
  1385  func updateChannelMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.Request) {
  1386  	c.RequireChannelId().RequireUserId()
  1387  	if c.Err != nil {
  1388  		return
  1389  	}
  1390  
  1391  	schemeRoles := model.SchemeRolesFromJson(r.Body)
  1392  	if schemeRoles == nil {
  1393  		c.SetInvalidParam("scheme_roles")
  1394  		return
  1395  	}
  1396  
  1397  	auditRec := c.MakeAuditRecord("updateChannelMemberSchemeRoles", audit.Fail)
  1398  	defer c.LogAuditRec(auditRec)
  1399  	auditRec.AddMeta("channel_id", c.Params.ChannelId)
  1400  	auditRec.AddMeta("roles", schemeRoles)
  1401  
  1402  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) {
  1403  		c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES)
  1404  		return
  1405  	}
  1406  
  1407  	if _, err := c.App.UpdateChannelMemberSchemeRoles(c.Params.ChannelId, c.Params.UserId, schemeRoles.SchemeGuest, schemeRoles.SchemeUser, schemeRoles.SchemeAdmin); err != nil {
  1408  		c.Err = err
  1409  		return
  1410  	}
  1411  
  1412  	auditRec.Success()
  1413  
  1414  	ReturnStatusOK(w)
  1415  }
  1416  
  1417  func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) {
  1418  	c.RequireChannelId().RequireUserId()
  1419  	if c.Err != nil {
  1420  		return
  1421  	}
  1422  
  1423  	props := model.MapFromJson(r.Body)
  1424  	if props == nil {
  1425  		c.SetInvalidParam("notify_props")
  1426  		return
  1427  	}
  1428  
  1429  	auditRec := c.MakeAuditRecord("updateChannelMemberNotifyProps", audit.Fail)
  1430  	defer c.LogAuditRec(auditRec)
  1431  	auditRec.AddMeta("channel_id", c.Params.ChannelId)
  1432  	auditRec.AddMeta("props", props)
  1433  
  1434  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
  1435  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
  1436  		return
  1437  	}
  1438  
  1439  	_, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId)
  1440  	if err != nil {
  1441  		c.Err = err
  1442  		return
  1443  	}
  1444  
  1445  	auditRec.Success()
  1446  
  1447  	ReturnStatusOK(w)
  1448  }
  1449  
  1450  func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
  1451  	c.RequireChannelId()
  1452  	if c.Err != nil {
  1453  		return
  1454  	}
  1455  
  1456  	props := model.StringInterfaceFromJson(r.Body)
  1457  	userId, ok := props["user_id"].(string)
  1458  	if !ok || !model.IsValidId(userId) {
  1459  		c.SetInvalidParam("user_id")
  1460  		return
  1461  	}
  1462  
  1463  	member := &model.ChannelMember{
  1464  		ChannelId: c.Params.ChannelId,
  1465  		UserId:    userId,
  1466  	}
  1467  
  1468  	postRootId, ok := props["post_root_id"].(string)
  1469  	if ok && postRootId != "" && !model.IsValidId(postRootId) {
  1470  		c.SetInvalidParam("post_root_id")
  1471  		return
  1472  	}
  1473  
  1474  	if ok && len(postRootId) == 26 {
  1475  		rootPost, err := c.App.GetSinglePost(postRootId)
  1476  		if err != nil {
  1477  			c.Err = err
  1478  			return
  1479  		}
  1480  		if rootPost.ChannelId != member.ChannelId {
  1481  			c.SetInvalidParam("post_root_id")
  1482  			return
  1483  		}
  1484  	}
  1485  
  1486  	channel, err := c.App.GetChannel(member.ChannelId)
  1487  	if err != nil {
  1488  		c.Err = err
  1489  		return
  1490  	}
  1491  
  1492  	auditRec := c.MakeAuditRecord("addChannelMember", audit.Fail)
  1493  	defer c.LogAuditRec(auditRec)
  1494  	auditRec.AddMeta("channel", channel)
  1495  
  1496  	if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP {
  1497  		c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest)
  1498  		return
  1499  	}
  1500  
  1501  	isNewMembership := false
  1502  	if _, err = c.App.GetChannelMember(context.Background(), member.ChannelId, member.UserId); err != nil {
  1503  		if err.Id == app.MissingChannelMemberError {
  1504  			isNewMembership = true
  1505  		} else {
  1506  			c.Err = err
  1507  			return
  1508  		}
  1509  	}
  1510  
  1511  	isSelfAdd := member.UserId == c.AppContext.Session().UserId
  1512  
  1513  	if channel.Type == model.CHANNEL_OPEN {
  1514  		if isSelfAdd && isNewMembership {
  1515  			if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) {
  1516  				c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS)
  1517  				return
  1518  			}
  1519  		} else if isSelfAdd && !isNewMembership {
  1520  			// nothing to do, since already in the channel
  1521  		} else if !isSelfAdd {
  1522  			if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) {
  1523  				c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS)
  1524  				return
  1525  			}
  1526  		}
  1527  	}
  1528  
  1529  	if channel.Type == model.CHANNEL_PRIVATE {
  1530  		if isSelfAdd && isNewMembership {
  1531  			if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) {
  1532  				c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS)
  1533  				return
  1534  			}
  1535  		} else if isSelfAdd && !isNewMembership {
  1536  			// nothing to do, since already in the channel
  1537  		} else if !isSelfAdd {
  1538  			if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) {
  1539  				c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS)
  1540  				return
  1541  			}
  1542  		}
  1543  	}
  1544  
  1545  	if channel.IsGroupConstrained() {
  1546  		nonMembers, err := c.App.FilterNonGroupChannelMembers([]string{member.UserId}, channel)
  1547  		if err != nil {
  1548  			if v, ok := err.(*model.AppError); ok {
  1549  				c.Err = v
  1550  			} else {
  1551  				c.Err = model.NewAppError("addChannelMember", "api.channel.add_members.error", nil, err.Error(), http.StatusBadRequest)
  1552  			}
  1553  			return
  1554  		}
  1555  		if len(nonMembers) > 0 {
  1556  			c.Err = model.NewAppError("addChannelMember", "api.channel.add_members.user_denied", map[string]interface{}{"UserIDs": nonMembers}, "", http.StatusBadRequest)
  1557  			return
  1558  		}
  1559  	}
  1560  
  1561  	cm, err := c.App.AddChannelMember(c.AppContext, member.UserId, channel, app.ChannelMemberOpts{
  1562  		UserRequestorID: c.AppContext.Session().UserId,
  1563  		PostRootID:      postRootId,
  1564  	})
  1565  	if err != nil {
  1566  		c.Err = err
  1567  		return
  1568  	}
  1569  
  1570  	auditRec.Success()
  1571  	auditRec.AddMeta("add_user_id", cm.UserId)
  1572  	c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId)
  1573  
  1574  	w.WriteHeader(http.StatusCreated)
  1575  	w.Write([]byte(cm.ToJson()))
  1576  }
  1577  
  1578  func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
  1579  	c.RequireChannelId().RequireUserId()
  1580  	if c.Err != nil {
  1581  		return
  1582  	}
  1583  
  1584  	channel, err := c.App.GetChannel(c.Params.ChannelId)
  1585  	if err != nil {
  1586  		c.Err = err
  1587  		return
  1588  	}
  1589  
  1590  	user, err := c.App.GetUser(c.Params.UserId)
  1591  	if err != nil {
  1592  		c.Err = err
  1593  		return
  1594  	}
  1595  
  1596  	auditRec := c.MakeAuditRecord("removeChannelMember", audit.Fail)
  1597  	defer c.LogAuditRec(auditRec)
  1598  	auditRec.AddMeta("channel", channel)
  1599  	auditRec.AddMeta("remove_user_id", user.Id)
  1600  
  1601  	if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) {
  1602  		c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest)
  1603  		return
  1604  	}
  1605  
  1606  	if channel.IsGroupConstrained() && (c.Params.UserId != c.AppContext.Session().UserId) && !user.IsBot {
  1607  		c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_member.group_constrained.app_error", nil, "", http.StatusBadRequest)
  1608  		return
  1609  	}
  1610  
  1611  	if c.Params.UserId != c.AppContext.Session().UserId {
  1612  		if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) {
  1613  			c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS)
  1614  			return
  1615  		}
  1616  
  1617  		if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) {
  1618  			c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS)
  1619  			return
  1620  		}
  1621  	}
  1622  
  1623  	if err = c.App.RemoveUserFromChannel(c.AppContext, c.Params.UserId, c.AppContext.Session().UserId, channel); err != nil {
  1624  		c.Err = err
  1625  		return
  1626  	}
  1627  
  1628  	auditRec.Success()
  1629  	c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId)
  1630  
  1631  	ReturnStatusOK(w)
  1632  }
  1633  
  1634  func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) {
  1635  	c.RequireChannelId()
  1636  	if c.Err != nil {
  1637  		return
  1638  	}
  1639  
  1640  	schemeID := model.SchemeIDFromJson(r.Body)
  1641  	if schemeID == nil || !model.IsValidId(*schemeID) {
  1642  		c.SetInvalidParam("scheme_id")
  1643  		return
  1644  	}
  1645  
  1646  	auditRec := c.MakeAuditRecord("updateChannelScheme", audit.Fail)
  1647  	defer c.LogAuditRec(auditRec)
  1648  	auditRec.AddMeta("new_scheme_id", schemeID)
  1649  
  1650  	if c.App.Srv().License() == nil {
  1651  		c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusNotImplemented)
  1652  		return
  1653  	}
  1654  
  1655  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) {
  1656  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
  1657  		return
  1658  	}
  1659  
  1660  	scheme, err := c.App.GetScheme(*schemeID)
  1661  	if err != nil {
  1662  		c.Err = err
  1663  		return
  1664  	}
  1665  
  1666  	if scheme.Scope != model.SCHEME_SCOPE_CHANNEL {
  1667  		c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.scheme_scope.error", nil, "", http.StatusBadRequest)
  1668  		return
  1669  	}
  1670  
  1671  	channel, err := c.App.GetChannel(c.Params.ChannelId)
  1672  	if err != nil {
  1673  		c.Err = err
  1674  		return
  1675  	}
  1676  
  1677  	auditRec.AddMeta("channel", channel)
  1678  	auditRec.AddMeta("old_scheme_id", channel.SchemeId)
  1679  
  1680  	channel.SchemeId = &scheme.Id
  1681  
  1682  	_, err = c.App.UpdateChannelScheme(channel)
  1683  	if err != nil {
  1684  		c.Err = err
  1685  		return
  1686  	}
  1687  
  1688  	auditRec.Success()
  1689  
  1690  	ReturnStatusOK(w)
  1691  }
  1692  
  1693  func channelMembersMinusGroupMembers(c *Context, w http.ResponseWriter, r *http.Request) {
  1694  	c.RequireChannelId()
  1695  	if c.Err != nil {
  1696  		return
  1697  	}
  1698  
  1699  	groupIDsParam := groupIDsQueryParamRegex.ReplaceAllString(c.Params.GroupIDs, "")
  1700  
  1701  	if len(groupIDsParam) < 26 {
  1702  		c.SetInvalidParam("group_ids")
  1703  		return
  1704  	}
  1705  
  1706  	groupIDs := []string{}
  1707  	for _, gid := range strings.Split(c.Params.GroupIDs, ",") {
  1708  		if !model.IsValidId(gid) {
  1709  			c.SetInvalidParam("group_ids")
  1710  			return
  1711  		}
  1712  		groupIDs = append(groupIDs, gid)
  1713  	}
  1714  
  1715  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS) {
  1716  		c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS)
  1717  		return
  1718  	}
  1719  
  1720  	users, totalCount, err := c.App.ChannelMembersMinusGroupMembers(
  1721  		c.Params.ChannelId,
  1722  		groupIDs,
  1723  		c.Params.Page,
  1724  		c.Params.PerPage,
  1725  	)
  1726  	if err != nil {
  1727  		c.Err = err
  1728  		return
  1729  	}
  1730  
  1731  	b, marshalErr := json.Marshal(&model.UsersWithGroupsAndCount{
  1732  		Users: users,
  1733  		Count: totalCount,
  1734  	})
  1735  	if marshalErr != nil {
  1736  		c.Err = model.NewAppError("Api4.channelMembersMinusGroupMembers", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError)
  1737  		return
  1738  	}
  1739  
  1740  	w.Write(b)
  1741  }
  1742  
  1743  func channelMemberCountsByGroup(c *Context, w http.ResponseWriter, r *http.Request) {
  1744  	if c.App.Srv().License() == nil {
  1745  		c.Err = model.NewAppError("Api4.channelMemberCountsByGroup", "api.channel.channel_member_counts_by_group.license.error", nil, "", http.StatusNotImplemented)
  1746  		return
  1747  	}
  1748  
  1749  	c.RequireChannelId()
  1750  	if c.Err != nil {
  1751  		return
  1752  	}
  1753  
  1754  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
  1755  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
  1756  		return
  1757  	}
  1758  
  1759  	includeTimezones := r.URL.Query().Get("include_timezones") == "true"
  1760  
  1761  	channelMemberCounts, err := c.App.GetMemberCountsByGroup(app.WithMaster(context.Background()), c.Params.ChannelId, includeTimezones)
  1762  	if err != nil {
  1763  		c.Err = err
  1764  		return
  1765  	}
  1766  
  1767  	b, marshalErr := json.Marshal(channelMemberCounts)
  1768  	if marshalErr != nil {
  1769  		c.Err = model.NewAppError("Api4.channelMemberCountsByGroup", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError)
  1770  		return
  1771  	}
  1772  
  1773  	w.Write(b)
  1774  }
  1775  
  1776  func getChannelModerations(c *Context, w http.ResponseWriter, r *http.Request) {
  1777  	if c.App.Srv().License() == nil {
  1778  		c.Err = model.NewAppError("Api4.GetChannelModerations", "api.channel.get_channel_moderations.license.error", nil, "", http.StatusNotImplemented)
  1779  		return
  1780  	}
  1781  
  1782  	c.RequireChannelId()
  1783  	if c.Err != nil {
  1784  		return
  1785  	}
  1786  
  1787  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS) {
  1788  		c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS)
  1789  		return
  1790  	}
  1791  
  1792  	channel, err := c.App.GetChannel(c.Params.ChannelId)
  1793  	if err != nil {
  1794  		c.Err = err
  1795  		return
  1796  	}
  1797  
  1798  	channelModerations, err := c.App.GetChannelModerationsForChannel(channel)
  1799  	if err != nil {
  1800  		c.Err = err
  1801  		return
  1802  	}
  1803  
  1804  	b, marshalErr := json.Marshal(channelModerations)
  1805  	if marshalErr != nil {
  1806  		c.Err = model.NewAppError("Api4.getChannelModerations", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError)
  1807  		return
  1808  	}
  1809  
  1810  	w.Write(b)
  1811  }
  1812  
  1813  func patchChannelModerations(c *Context, w http.ResponseWriter, r *http.Request) {
  1814  	if c.App.Srv().License() == nil {
  1815  		c.Err = model.NewAppError("Api4.patchChannelModerations", "api.channel.patch_channel_moderations.license.error", nil, "", http.StatusNotImplemented)
  1816  		return
  1817  	}
  1818  
  1819  	c.RequireChannelId()
  1820  	if c.Err != nil {
  1821  		return
  1822  	}
  1823  
  1824  	auditRec := c.MakeAuditRecord("patchChannelModerations", audit.Fail)
  1825  	defer c.LogAuditRec(auditRec)
  1826  
  1827  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_CHANNELS) {
  1828  		c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_CHANNELS)
  1829  		return
  1830  	}
  1831  
  1832  	channel, err := c.App.GetChannel(c.Params.ChannelId)
  1833  	if err != nil {
  1834  		c.Err = err
  1835  		return
  1836  	}
  1837  	auditRec.AddMeta("channel", channel)
  1838  
  1839  	channelModerationsPatch := model.ChannelModerationsPatchFromJson(r.Body)
  1840  	channelModerations, err := c.App.PatchChannelModerationsForChannel(channel, channelModerationsPatch)
  1841  	if err != nil {
  1842  		c.Err = err
  1843  		return
  1844  	}
  1845  	auditRec.AddMeta("patch", channelModerationsPatch)
  1846  
  1847  	b, marshalErr := json.Marshal(channelModerations)
  1848  	if marshalErr != nil {
  1849  		c.Err = model.NewAppError("Api4.patchChannelModerations", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError)
  1850  		return
  1851  	}
  1852  
  1853  	auditRec.Success()
  1854  	w.Write(b)
  1855  }
  1856  
  1857  func moveChannel(c *Context, w http.ResponseWriter, r *http.Request) {
  1858  	c.RequireChannelId()
  1859  	if c.Err != nil {
  1860  		return
  1861  	}
  1862  
  1863  	channel, err := c.App.GetChannel(c.Params.ChannelId)
  1864  	if err != nil {
  1865  		c.Err = err
  1866  		return
  1867  	}
  1868  
  1869  	props := model.StringInterfaceFromJson(r.Body)
  1870  	teamId, ok := props["team_id"].(string)
  1871  	if !ok {
  1872  		c.SetInvalidParam("team_id")
  1873  		return
  1874  	}
  1875  
  1876  	force, ok := props["force"].(bool)
  1877  	if !ok {
  1878  		c.SetInvalidParam("force")
  1879  		return
  1880  	}
  1881  
  1882  	team, err := c.App.GetTeam(teamId)
  1883  	if err != nil {
  1884  		c.Err = err
  1885  		return
  1886  	}
  1887  
  1888  	auditRec := c.MakeAuditRecord("moveChannel", audit.Fail)
  1889  	defer c.LogAuditRec(auditRec)
  1890  	auditRec.AddMeta("channel_id", channel.Id)
  1891  	auditRec.AddMeta("channel_name", channel.Name)
  1892  	auditRec.AddMeta("team_id", team.Id)
  1893  	auditRec.AddMeta("team_name", team.Name)
  1894  
  1895  	if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP {
  1896  		c.Err = model.NewAppError("moveChannel", "api.channel.move_channel.type.invalid", nil, "", http.StatusForbidden)
  1897  		return
  1898  	}
  1899  
  1900  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) {
  1901  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
  1902  		return
  1903  	}
  1904  
  1905  	user, err := c.App.GetUser(c.AppContext.Session().UserId)
  1906  	if err != nil {
  1907  		c.Err = err
  1908  		return
  1909  	}
  1910  
  1911  	err = c.App.RemoveAllDeactivatedMembersFromChannel(channel)
  1912  	if err != nil {
  1913  		c.Err = err
  1914  		return
  1915  	}
  1916  
  1917  	if force {
  1918  		err = c.App.RemoveUsersFromChannelNotMemberOfTeam(c.AppContext, user, channel, team)
  1919  		if err != nil {
  1920  			c.Err = err
  1921  			return
  1922  		}
  1923  	}
  1924  
  1925  	err = c.App.MoveChannel(c.AppContext, team, channel, user)
  1926  	if err != nil {
  1927  		c.Err = err
  1928  		return
  1929  	}
  1930  
  1931  	auditRec.Success()
  1932  	c.LogAudit("channel=" + channel.Name)
  1933  	c.LogAudit("team=" + team.Name)
  1934  
  1935  	w.Write([]byte(channel.ToJson()))
  1936  }