github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/integration_action.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"encoding/json"
     8  	"net/http"
     9  
    10  	"github.com/masterhung0112/hk_server/v5/model"
    11  )
    12  
    13  func (api *API) InitAction() {
    14  	api.BaseRoutes.Post.Handle("/actions/{action_id:[A-Za-z0-9]+}", api.ApiSessionRequired(doPostAction)).Methods("POST")
    15  
    16  	api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/open", api.ApiHandler(openDialog)).Methods("POST")
    17  	api.BaseRoutes.ApiRoot.Handle("/actions/dialogs/submit", api.ApiSessionRequired(submitDialog)).Methods("POST")
    18  }
    19  
    20  func doPostAction(c *Context, w http.ResponseWriter, r *http.Request) {
    21  	c.RequirePostId()
    22  	if c.Err != nil {
    23  		return
    24  	}
    25  
    26  	actionRequest := model.DoPostActionRequestFromJson(r.Body)
    27  	if actionRequest == nil {
    28  		actionRequest = &model.DoPostActionRequest{}
    29  	}
    30  
    31  	var cookie *model.PostActionCookie
    32  	if actionRequest.Cookie != "" {
    33  		cookie = &model.PostActionCookie{}
    34  		cookieStr, err := model.DecryptPostActionCookie(actionRequest.Cookie, c.App.PostActionCookieSecret())
    35  		if err != nil {
    36  			c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest)
    37  			return
    38  		}
    39  		err = json.Unmarshal([]byte(cookieStr), &cookie)
    40  		if err != nil {
    41  			c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest)
    42  			return
    43  		}
    44  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), cookie.ChannelId, model.PERMISSION_READ_CHANNEL) {
    45  			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
    46  			return
    47  		}
    48  	} else {
    49  		if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
    50  			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
    51  			return
    52  		}
    53  	}
    54  
    55  	var appErr *model.AppError
    56  	resp := &model.PostActionAPIResponse{Status: "OK"}
    57  
    58  	resp.TriggerId, appErr = c.App.DoPostActionWithCookie(c.AppContext, c.Params.PostId, c.Params.ActionId, c.AppContext.Session().UserId,
    59  		actionRequest.SelectedOption, cookie)
    60  	if appErr != nil {
    61  		c.Err = appErr
    62  		return
    63  	}
    64  
    65  	b, _ := json.Marshal(resp)
    66  	w.Write(b)
    67  }
    68  
    69  func openDialog(c *Context, w http.ResponseWriter, r *http.Request) {
    70  	var dialog model.OpenDialogRequest
    71  	err := json.NewDecoder(r.Body).Decode(&dialog)
    72  	if err != nil {
    73  		c.SetInvalidParam("dialog")
    74  		return
    75  	}
    76  
    77  	if dialog.URL == "" {
    78  		c.SetInvalidParam("url")
    79  		return
    80  	}
    81  
    82  	if err := c.App.OpenInteractiveDialog(dialog); err != nil {
    83  		c.Err = err
    84  		return
    85  	}
    86  
    87  	ReturnStatusOK(w)
    88  }
    89  
    90  func submitDialog(c *Context, w http.ResponseWriter, r *http.Request) {
    91  	var submit model.SubmitDialogRequest
    92  
    93  	jsonErr := json.NewDecoder(r.Body).Decode(&submit)
    94  	if jsonErr != nil {
    95  		c.SetInvalidParam("dialog")
    96  		return
    97  	}
    98  
    99  	if submit.URL == "" {
   100  		c.SetInvalidParam("url")
   101  		return
   102  	}
   103  
   104  	submit.UserId = c.AppContext.Session().UserId
   105  
   106  	if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), submit.ChannelId, model.PERMISSION_READ_CHANNEL) {
   107  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   108  		return
   109  	}
   110  
   111  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), submit.TeamId, model.PERMISSION_VIEW_TEAM) {
   112  		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
   113  		return
   114  	}
   115  
   116  	resp, err := c.App.SubmitInteractiveDialog(c.AppContext, submit)
   117  	if err != nil {
   118  		c.Err = err
   119  		return
   120  	}
   121  
   122  	b, _ := json.Marshal(resp)
   123  
   124  	w.Write(b)
   125  }