github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/integration_action.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "encoding/json" 8 "net/http" 9 10 "github.com/masterhung0112/hk_server/v5/model" 11 ) 12 13 func (api *API) InitAction() { 14 api.BaseRoutes.Post.Handle("/actions/{action_id:[A-Za-z0-9]+}", api.ApiSessionRequired(doPostAction)).Methods("POST") 15 16 api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/open", api.ApiHandler(openDialog)).Methods("POST") 17 api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/submit", api.ApiSessionRequired(submitDialog)).Methods("POST") 18 } 19 20 func doPostAction(c *Context, w http.ResponseWriter, r *http.Request) { 21 c.RequirePostId() 22 if c.Err != nil { 23 return 24 } 25 26 actionRequest := model.DoPostActionRequestFromJson(r.Body) 27 if actionRequest == nil { 28 actionRequest = &model.DoPostActionRequest{} 29 } 30 31 var cookie *model.PostActionCookie 32 if actionRequest.Cookie != "" { 33 cookie = &model.PostActionCookie{} 34 cookieStr, err := model.DecryptPostActionCookie(actionRequest.Cookie, c.App.PostActionCookieSecret()) 35 if err != nil { 36 c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest) 37 return 38 } 39 err = json.Unmarshal([]byte(cookieStr), &cookie) 40 if err != nil { 41 c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest) 42 return 43 } 44 if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), cookie.ChannelId, model.PERMISSION_READ_CHANNEL) { 45 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 46 return 47 } 48 } else { 49 if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PERMISSION_READ_CHANNEL) { 50 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 51 return 52 } 53 } 54 55 var appErr *model.AppError 56 resp := &model.PostActionAPIResponse{Status: "OK"} 57 58 resp.TriggerId, appErr = c.App.DoPostActionWithCookie(c.AppContext, c.Params.PostId, c.Params.ActionId, c.AppContext.Session().UserId, 59 actionRequest.SelectedOption, cookie) 60 if appErr != nil { 61 c.Err = appErr 62 return 63 } 64 65 b, _ := json.Marshal(resp) 66 w.Write(b) 67 } 68 69 func openDialog(c *Context, w http.ResponseWriter, r *http.Request) { 70 var dialog model.OpenDialogRequest 71 err := json.NewDecoder(r.Body).Decode(&dialog) 72 if err != nil { 73 c.SetInvalidParam("dialog") 74 return 75 } 76 77 if dialog.URL == "" { 78 c.SetInvalidParam("url") 79 return 80 } 81 82 if err := c.App.OpenInteractiveDialog(dialog); err != nil { 83 c.Err = err 84 return 85 } 86 87 ReturnStatusOK(w) 88 } 89 90 func submitDialog(c *Context, w http.ResponseWriter, r *http.Request) { 91 var submit model.SubmitDialogRequest 92 93 jsonErr := json.NewDecoder(r.Body).Decode(&submit) 94 if jsonErr != nil { 95 c.SetInvalidParam("dialog") 96 return 97 } 98 99 if submit.URL == "" { 100 c.SetInvalidParam("url") 101 return 102 } 103 104 submit.UserId = c.AppContext.Session().UserId 105 106 if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), submit.ChannelId, model.PERMISSION_READ_CHANNEL) { 107 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 108 return 109 } 110 111 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), submit.TeamId, model.PERMISSION_VIEW_TEAM) { 112 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 113 return 114 } 115 116 resp, err := c.App.SubmitInteractiveDialog(c.AppContext, submit) 117 if err != nil { 118 c.Err = err 119 return 120 } 121 122 b, _ := json.Marshal(resp) 123 124 w.Write(b) 125 }