github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/preference.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/masterhung0112/hk_server/v5/audit" 10 "github.com/masterhung0112/hk_server/v5/model" 11 ) 12 13 func (api *API) InitPreference() { 14 api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(getPreferences)).Methods("GET") 15 api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(updatePreferences)).Methods("PUT") 16 api.BaseRoutes.Preferences.Handle("/delete", api.ApiSessionRequired(deletePreferences)).Methods("POST") 17 api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferencesByCategory)).Methods("GET") 18 api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/name/{preference_name:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferenceByCategoryAndName)).Methods("GET") 19 } 20 21 func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) { 22 c.RequireUserId() 23 if c.Err != nil { 24 return 25 } 26 27 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 28 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 29 return 30 } 31 32 preferences, err := c.App.GetPreferencesForUser(c.Params.UserId) 33 if err != nil { 34 c.Err = err 35 return 36 } 37 38 w.Write([]byte(preferences.ToJson())) 39 } 40 41 func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request) { 42 c.RequireUserId().RequireCategory() 43 if c.Err != nil { 44 return 45 } 46 47 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 48 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 49 return 50 } 51 52 preferences, err := c.App.GetPreferenceByCategoryForUser(c.Params.UserId, c.Params.Category) 53 if err != nil { 54 c.Err = err 55 return 56 } 57 58 w.Write([]byte(preferences.ToJson())) 59 } 60 61 func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.Request) { 62 c.RequireUserId().RequireCategory().RequirePreferenceName() 63 if c.Err != nil { 64 return 65 } 66 67 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 68 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 69 return 70 } 71 72 preferences, err := c.App.GetPreferenceByCategoryAndNameForUser(c.Params.UserId, c.Params.Category, c.Params.PreferenceName) 73 if err != nil { 74 c.Err = err 75 return 76 } 77 78 w.Write([]byte(preferences.ToJson())) 79 } 80 81 func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) { 82 c.RequireUserId() 83 if c.Err != nil { 84 return 85 } 86 87 auditRec := c.MakeAuditRecord("updatePreferences", audit.Fail) 88 defer c.LogAuditRec(auditRec) 89 90 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 91 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 92 return 93 } 94 95 preferences, err := model.PreferencesFromJson(r.Body) 96 if err != nil { 97 c.SetInvalidParam("preferences") 98 return 99 } 100 101 var sanitizedPreferences model.Preferences 102 103 for _, pref := range preferences { 104 if pref.Category == model.PREFERENCE_CATEGORY_FLAGGED_POST { 105 post, err := c.App.GetSinglePost(pref.Name) 106 if err != nil { 107 c.SetInvalidParam("preference.name") 108 return 109 } 110 111 if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), post.ChannelId, model.PERMISSION_READ_CHANNEL) { 112 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 113 return 114 } 115 } 116 117 sanitizedPreferences = append(sanitizedPreferences, pref) 118 } 119 120 if err := c.App.UpdatePreferences(c.Params.UserId, sanitizedPreferences); err != nil { 121 c.Err = err 122 return 123 } 124 125 auditRec.Success() 126 ReturnStatusOK(w) 127 } 128 129 func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) { 130 c.RequireUserId() 131 if c.Err != nil { 132 return 133 } 134 135 auditRec := c.MakeAuditRecord("deletePreferences", audit.Fail) 136 defer c.LogAuditRec(auditRec) 137 138 if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { 139 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 140 return 141 } 142 143 preferences, err := model.PreferencesFromJson(r.Body) 144 if err != nil { 145 c.SetInvalidParam("preferences") 146 return 147 } 148 149 if err := c.App.DeletePreferences(c.Params.UserId, preferences); err != nil { 150 c.Err = err 151 return 152 } 153 154 auditRec.Success() 155 ReturnStatusOK(w) 156 }