github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/channel_category.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/masterhung0112/hk_server/v5/audit" 10 "github.com/masterhung0112/hk_server/v5/model" 11 "github.com/masterhung0112/hk_server/v5/shared/mlog" 12 ) 13 14 func getCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 15 c.RequireUserId().RequireTeamId() 16 if c.Err != nil { 17 return 18 } 19 20 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 21 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 22 return 23 } 24 25 categories, err := c.App.GetSidebarCategories(c.Params.UserId, c.Params.TeamId) 26 if err != nil { 27 c.Err = err 28 return 29 } 30 31 w.Write(categories.ToJson()) 32 } 33 34 func createCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 35 c.RequireUserId().RequireTeamId() 36 if c.Err != nil { 37 return 38 } 39 40 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 41 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 42 return 43 } 44 45 auditRec := c.MakeAuditRecord("createCategoryForTeamForUser", audit.Fail) 46 defer c.LogAuditRec(auditRec) 47 48 categoryCreateRequest, err := model.SidebarCategoryFromJson(r.Body) 49 if err != nil || c.Params.UserId != categoryCreateRequest.UserId || c.Params.TeamId != categoryCreateRequest.TeamId { 50 c.SetInvalidParam("category") 51 return 52 } 53 54 if appErr := validateSidebarCategory(c, c.Params.TeamId, c.Params.UserId, categoryCreateRequest); appErr != nil { 55 c.Err = appErr 56 return 57 } 58 59 category, appErr := c.App.CreateSidebarCategory(c.Params.UserId, c.Params.TeamId, categoryCreateRequest) 60 if appErr != nil { 61 c.Err = appErr 62 return 63 } 64 65 auditRec.Success() 66 w.Write(category.ToJson()) 67 } 68 69 func getCategoryOrderForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 70 c.RequireUserId().RequireTeamId() 71 if c.Err != nil { 72 return 73 } 74 75 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 76 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 77 return 78 } 79 80 order, err := c.App.GetSidebarCategoryOrder(c.Params.UserId, c.Params.TeamId) 81 if err != nil { 82 c.Err = err 83 return 84 } 85 86 w.Write([]byte(model.ArrayToJson(order))) 87 } 88 89 func updateCategoryOrderForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 90 c.RequireUserId().RequireTeamId() 91 if c.Err != nil { 92 return 93 } 94 95 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 96 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 97 return 98 } 99 100 auditRec := c.MakeAuditRecord("updateCategoryOrderForTeamForUser", audit.Fail) 101 defer c.LogAuditRec(auditRec) 102 103 categoryOrder := model.ArrayFromJson(r.Body) 104 105 for _, categoryId := range categoryOrder { 106 if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, categoryId) { 107 c.SetInvalidParam("category") 108 return 109 } 110 } 111 112 err := c.App.UpdateSidebarCategoryOrder(c.Params.UserId, c.Params.TeamId, categoryOrder) 113 if err != nil { 114 c.Err = err 115 return 116 } 117 118 auditRec.Success() 119 w.Write([]byte(model.ArrayToJson(categoryOrder))) 120 } 121 122 func getCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 123 c.RequireUserId().RequireTeamId().RequireCategoryId() 124 if c.Err != nil { 125 return 126 } 127 128 if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) { 129 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 130 return 131 } 132 133 categories, err := c.App.GetSidebarCategory(c.Params.CategoryId) 134 if err != nil { 135 c.Err = err 136 return 137 } 138 139 w.Write(categories.ToJson()) 140 } 141 142 func updateCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 143 c.RequireUserId().RequireTeamId() 144 if c.Err != nil { 145 return 146 } 147 148 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 149 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 150 return 151 } 152 153 auditRec := c.MakeAuditRecord("updateCategoriesForTeamForUser", audit.Fail) 154 defer c.LogAuditRec(auditRec) 155 156 categoriesUpdateRequest, err := model.SidebarCategoriesFromJson(r.Body) 157 if err != nil { 158 c.SetInvalidParam("category") 159 return 160 } 161 162 for _, category := range categoriesUpdateRequest { 163 if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, category.Id) { 164 c.SetInvalidParam("category") 165 return 166 } 167 } 168 169 if appErr := validateSidebarCategories(c, c.Params.TeamId, c.Params.UserId, categoriesUpdateRequest); appErr != nil { 170 c.Err = appErr 171 return 172 } 173 174 categories, appErr := c.App.UpdateSidebarCategories(c.Params.UserId, c.Params.TeamId, categoriesUpdateRequest) 175 if appErr != nil { 176 c.Err = appErr 177 return 178 } 179 180 auditRec.Success() 181 w.Write(model.SidebarCategoriesWithChannelsToJson(categories)) 182 } 183 184 func validateSidebarCategory(c *Context, teamId, userId string, category *model.SidebarCategoryWithChannels) *model.AppError { 185 channels, err := c.App.GetChannelsForUser(teamId, userId, true, 0) 186 if err != nil { 187 return model.NewAppError("validateSidebarCategory", "api.invalid_channel", nil, err.Error(), http.StatusBadRequest) 188 } 189 190 category.Channels = validateSidebarCategoryChannels(userId, category.Channels, channels) 191 192 return nil 193 } 194 195 func validateSidebarCategories(c *Context, teamId, userId string, categories []*model.SidebarCategoryWithChannels) *model.AppError { 196 channels, err := c.App.GetChannelsForUser(teamId, userId, true, 0) 197 if err != nil { 198 return model.NewAppError("validateSidebarCategory", "api.invalid_channel", nil, err.Error(), http.StatusBadRequest) 199 } 200 201 for _, category := range categories { 202 category.Channels = validateSidebarCategoryChannels(userId, category.Channels, channels) 203 } 204 205 return nil 206 } 207 208 func validateSidebarCategoryChannels(userId string, channelIds []string, channels *model.ChannelList) []string { 209 var filtered []string 210 211 for _, channelId := range channelIds { 212 found := false 213 for _, channel := range *channels { 214 if channel.Id == channelId { 215 found = true 216 break 217 } 218 } 219 220 if found { 221 filtered = append(filtered, channelId) 222 } else { 223 mlog.Info("Stopping user from adding channel to their sidebar when they are not a member", mlog.String("user_id", userId), mlog.String("channel_id", channelId)) 224 } 225 } 226 227 return filtered 228 } 229 230 func updateCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 231 c.RequireUserId().RequireTeamId().RequireCategoryId() 232 if c.Err != nil { 233 return 234 } 235 236 if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) { 237 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 238 return 239 } 240 241 auditRec := c.MakeAuditRecord("updateCategoryForTeamForUser", audit.Fail) 242 defer c.LogAuditRec(auditRec) 243 244 categoryUpdateRequest, err := model.SidebarCategoryFromJson(r.Body) 245 if err != nil || categoryUpdateRequest.TeamId != c.Params.TeamId || categoryUpdateRequest.UserId != c.Params.UserId { 246 c.SetInvalidParam("category") 247 return 248 } 249 250 if appErr := validateSidebarCategory(c, c.Params.TeamId, c.Params.UserId, categoryUpdateRequest); appErr != nil { 251 c.Err = appErr 252 return 253 } 254 255 categoryUpdateRequest.Id = c.Params.CategoryId 256 257 categories, appErr := c.App.UpdateSidebarCategories(c.Params.UserId, c.Params.TeamId, []*model.SidebarCategoryWithChannels{categoryUpdateRequest}) 258 if appErr != nil { 259 c.Err = appErr 260 return 261 } 262 263 auditRec.Success() 264 w.Write(categories[0].ToJson()) 265 } 266 267 func deleteCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 268 c.RequireUserId().RequireTeamId().RequireCategoryId() 269 if c.Err != nil { 270 return 271 } 272 273 if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) { 274 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 275 return 276 } 277 278 auditRec := c.MakeAuditRecord("deleteCategoryForTeamForUser", audit.Fail) 279 defer c.LogAuditRec(auditRec) 280 281 appErr := c.App.DeleteSidebarCategory(c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) 282 if appErr != nil { 283 c.Err = appErr 284 return 285 } 286 287 auditRec.Success() 288 ReturnStatusOK(w) 289 }