github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/channel_category.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/masterhung0112/hk_server/v5/audit"
    10  	"github.com/masterhung0112/hk_server/v5/model"
    11  	"github.com/masterhung0112/hk_server/v5/shared/mlog"
    12  )
    13  
    14  func getCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
    15  	c.RequireUserId().RequireTeamId()
    16  	if c.Err != nil {
    17  		return
    18  	}
    19  
    20  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    21  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    22  		return
    23  	}
    24  
    25  	categories, err := c.App.GetSidebarCategories(c.Params.UserId, c.Params.TeamId)
    26  	if err != nil {
    27  		c.Err = err
    28  		return
    29  	}
    30  
    31  	w.Write(categories.ToJson())
    32  }
    33  
    34  func createCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
    35  	c.RequireUserId().RequireTeamId()
    36  	if c.Err != nil {
    37  		return
    38  	}
    39  
    40  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    41  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    42  		return
    43  	}
    44  
    45  	auditRec := c.MakeAuditRecord("createCategoryForTeamForUser", audit.Fail)
    46  	defer c.LogAuditRec(auditRec)
    47  
    48  	categoryCreateRequest, err := model.SidebarCategoryFromJson(r.Body)
    49  	if err != nil || c.Params.UserId != categoryCreateRequest.UserId || c.Params.TeamId != categoryCreateRequest.TeamId {
    50  		c.SetInvalidParam("category")
    51  		return
    52  	}
    53  
    54  	if appErr := validateSidebarCategory(c, c.Params.TeamId, c.Params.UserId, categoryCreateRequest); appErr != nil {
    55  		c.Err = appErr
    56  		return
    57  	}
    58  
    59  	category, appErr := c.App.CreateSidebarCategory(c.Params.UserId, c.Params.TeamId, categoryCreateRequest)
    60  	if appErr != nil {
    61  		c.Err = appErr
    62  		return
    63  	}
    64  
    65  	auditRec.Success()
    66  	w.Write(category.ToJson())
    67  }
    68  
    69  func getCategoryOrderForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
    70  	c.RequireUserId().RequireTeamId()
    71  	if c.Err != nil {
    72  		return
    73  	}
    74  
    75  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    76  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    77  		return
    78  	}
    79  
    80  	order, err := c.App.GetSidebarCategoryOrder(c.Params.UserId, c.Params.TeamId)
    81  	if err != nil {
    82  		c.Err = err
    83  		return
    84  	}
    85  
    86  	w.Write([]byte(model.ArrayToJson(order)))
    87  }
    88  
    89  func updateCategoryOrderForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
    90  	c.RequireUserId().RequireTeamId()
    91  	if c.Err != nil {
    92  		return
    93  	}
    94  
    95  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    96  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    97  		return
    98  	}
    99  
   100  	auditRec := c.MakeAuditRecord("updateCategoryOrderForTeamForUser", audit.Fail)
   101  	defer c.LogAuditRec(auditRec)
   102  
   103  	categoryOrder := model.ArrayFromJson(r.Body)
   104  
   105  	for _, categoryId := range categoryOrder {
   106  		if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, categoryId) {
   107  			c.SetInvalidParam("category")
   108  			return
   109  		}
   110  	}
   111  
   112  	err := c.App.UpdateSidebarCategoryOrder(c.Params.UserId, c.Params.TeamId, categoryOrder)
   113  	if err != nil {
   114  		c.Err = err
   115  		return
   116  	}
   117  
   118  	auditRec.Success()
   119  	w.Write([]byte(model.ArrayToJson(categoryOrder)))
   120  }
   121  
   122  func getCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
   123  	c.RequireUserId().RequireTeamId().RequireCategoryId()
   124  	if c.Err != nil {
   125  		return
   126  	}
   127  
   128  	if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) {
   129  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   130  		return
   131  	}
   132  
   133  	categories, err := c.App.GetSidebarCategory(c.Params.CategoryId)
   134  	if err != nil {
   135  		c.Err = err
   136  		return
   137  	}
   138  
   139  	w.Write(categories.ToJson())
   140  }
   141  
   142  func updateCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
   143  	c.RequireUserId().RequireTeamId()
   144  	if c.Err != nil {
   145  		return
   146  	}
   147  
   148  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
   149  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   150  		return
   151  	}
   152  
   153  	auditRec := c.MakeAuditRecord("updateCategoriesForTeamForUser", audit.Fail)
   154  	defer c.LogAuditRec(auditRec)
   155  
   156  	categoriesUpdateRequest, err := model.SidebarCategoriesFromJson(r.Body)
   157  	if err != nil {
   158  		c.SetInvalidParam("category")
   159  		return
   160  	}
   161  
   162  	for _, category := range categoriesUpdateRequest {
   163  		if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, category.Id) {
   164  			c.SetInvalidParam("category")
   165  			return
   166  		}
   167  	}
   168  
   169  	if appErr := validateSidebarCategories(c, c.Params.TeamId, c.Params.UserId, categoriesUpdateRequest); appErr != nil {
   170  		c.Err = appErr
   171  		return
   172  	}
   173  
   174  	categories, appErr := c.App.UpdateSidebarCategories(c.Params.UserId, c.Params.TeamId, categoriesUpdateRequest)
   175  	if appErr != nil {
   176  		c.Err = appErr
   177  		return
   178  	}
   179  
   180  	auditRec.Success()
   181  	w.Write(model.SidebarCategoriesWithChannelsToJson(categories))
   182  }
   183  
   184  func validateSidebarCategory(c *Context, teamId, userId string, category *model.SidebarCategoryWithChannels) *model.AppError {
   185  	channels, err := c.App.GetChannelsForUser(teamId, userId, true, 0)
   186  	if err != nil {
   187  		return model.NewAppError("validateSidebarCategory", "api.invalid_channel", nil, err.Error(), http.StatusBadRequest)
   188  	}
   189  
   190  	category.Channels = validateSidebarCategoryChannels(userId, category.Channels, channels)
   191  
   192  	return nil
   193  }
   194  
   195  func validateSidebarCategories(c *Context, teamId, userId string, categories []*model.SidebarCategoryWithChannels) *model.AppError {
   196  	channels, err := c.App.GetChannelsForUser(teamId, userId, true, 0)
   197  	if err != nil {
   198  		return model.NewAppError("validateSidebarCategory", "api.invalid_channel", nil, err.Error(), http.StatusBadRequest)
   199  	}
   200  
   201  	for _, category := range categories {
   202  		category.Channels = validateSidebarCategoryChannels(userId, category.Channels, channels)
   203  	}
   204  
   205  	return nil
   206  }
   207  
   208  func validateSidebarCategoryChannels(userId string, channelIds []string, channels *model.ChannelList) []string {
   209  	var filtered []string
   210  
   211  	for _, channelId := range channelIds {
   212  		found := false
   213  		for _, channel := range *channels {
   214  			if channel.Id == channelId {
   215  				found = true
   216  				break
   217  			}
   218  		}
   219  
   220  		if found {
   221  			filtered = append(filtered, channelId)
   222  		} else {
   223  			mlog.Info("Stopping user from adding channel to their sidebar when they are not a member", mlog.String("user_id", userId), mlog.String("channel_id", channelId))
   224  		}
   225  	}
   226  
   227  	return filtered
   228  }
   229  
   230  func updateCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
   231  	c.RequireUserId().RequireTeamId().RequireCategoryId()
   232  	if c.Err != nil {
   233  		return
   234  	}
   235  
   236  	if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) {
   237  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   238  		return
   239  	}
   240  
   241  	auditRec := c.MakeAuditRecord("updateCategoryForTeamForUser", audit.Fail)
   242  	defer c.LogAuditRec(auditRec)
   243  
   244  	categoryUpdateRequest, err := model.SidebarCategoryFromJson(r.Body)
   245  	if err != nil || categoryUpdateRequest.TeamId != c.Params.TeamId || categoryUpdateRequest.UserId != c.Params.UserId {
   246  		c.SetInvalidParam("category")
   247  		return
   248  	}
   249  
   250  	if appErr := validateSidebarCategory(c, c.Params.TeamId, c.Params.UserId, categoryUpdateRequest); appErr != nil {
   251  		c.Err = appErr
   252  		return
   253  	}
   254  
   255  	categoryUpdateRequest.Id = c.Params.CategoryId
   256  
   257  	categories, appErr := c.App.UpdateSidebarCategories(c.Params.UserId, c.Params.TeamId, []*model.SidebarCategoryWithChannels{categoryUpdateRequest})
   258  	if appErr != nil {
   259  		c.Err = appErr
   260  		return
   261  	}
   262  
   263  	auditRec.Success()
   264  	w.Write(categories[0].ToJson())
   265  }
   266  
   267  func deleteCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) {
   268  	c.RequireUserId().RequireTeamId().RequireCategoryId()
   269  	if c.Err != nil {
   270  		return
   271  	}
   272  
   273  	if !c.App.SessionHasPermissionToCategory(*c.AppContext.Session(), c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) {
   274  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   275  		return
   276  	}
   277  
   278  	auditRec := c.MakeAuditRecord("deleteCategoryForTeamForUser", audit.Fail)
   279  	defer c.LogAuditRec(auditRec)
   280  
   281  	appErr := c.App.DeleteSidebarCategory(c.Params.UserId, c.Params.TeamId, c.Params.CategoryId)
   282  	if appErr != nil {
   283  		c.Err = appErr
   284  		return
   285  	}
   286  
   287  	auditRec.Success()
   288  	ReturnStatusOK(w)
   289  }