github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/preference.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/masterhung0112/hk_server/v5/audit"
    10  	"github.com/masterhung0112/hk_server/v5/model"
    11  )
    12  
    13  func (api *API) InitPreference() {
    14  	api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(getPreferences)).Methods("GET")
    15  	api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(updatePreferences)).Methods("PUT")
    16  	api.BaseRoutes.Preferences.Handle("/delete", api.ApiSessionRequired(deletePreferences)).Methods("POST")
    17  	api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferencesByCategory)).Methods("GET")
    18  	api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/name/{preference_name:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferenceByCategoryAndName)).Methods("GET")
    19  }
    20  
    21  func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) {
    22  	c.RequireUserId()
    23  	if c.Err != nil {
    24  		return
    25  	}
    26  
    27  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    28  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    29  		return
    30  	}
    31  
    32  	preferences, err := c.App.GetPreferencesForUser(c.Params.UserId)
    33  	if err != nil {
    34  		c.Err = err
    35  		return
    36  	}
    37  
    38  	w.Write([]byte(preferences.ToJson()))
    39  }
    40  
    41  func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request) {
    42  	c.RequireUserId().RequireCategory()
    43  	if c.Err != nil {
    44  		return
    45  	}
    46  
    47  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    48  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    49  		return
    50  	}
    51  
    52  	preferences, err := c.App.GetPreferenceByCategoryForUser(c.Params.UserId, c.Params.Category)
    53  	if err != nil {
    54  		c.Err = err
    55  		return
    56  	}
    57  
    58  	w.Write([]byte(preferences.ToJson()))
    59  }
    60  
    61  func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.Request) {
    62  	c.RequireUserId().RequireCategory().RequirePreferenceName()
    63  	if c.Err != nil {
    64  		return
    65  	}
    66  
    67  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    68  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    69  		return
    70  	}
    71  
    72  	preferences, err := c.App.GetPreferenceByCategoryAndNameForUser(c.Params.UserId, c.Params.Category, c.Params.PreferenceName)
    73  	if err != nil {
    74  		c.Err = err
    75  		return
    76  	}
    77  
    78  	w.Write([]byte(preferences.ToJson()))
    79  }
    80  
    81  func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
    82  	c.RequireUserId()
    83  	if c.Err != nil {
    84  		return
    85  	}
    86  
    87  	auditRec := c.MakeAuditRecord("updatePreferences", audit.Fail)
    88  	defer c.LogAuditRec(auditRec)
    89  
    90  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
    91  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
    92  		return
    93  	}
    94  
    95  	preferences, err := model.PreferencesFromJson(r.Body)
    96  	if err != nil {
    97  		c.SetInvalidParam("preferences")
    98  		return
    99  	}
   100  
   101  	var sanitizedPreferences model.Preferences
   102  
   103  	for _, pref := range preferences {
   104  		if pref.Category == model.PREFERENCE_CATEGORY_FLAGGED_POST {
   105  			post, err := c.App.GetSinglePost(pref.Name)
   106  			if err != nil {
   107  				c.SetInvalidParam("preference.name")
   108  				return
   109  			}
   110  
   111  			if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), post.ChannelId, model.PERMISSION_READ_CHANNEL) {
   112  				c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   113  				return
   114  			}
   115  		}
   116  
   117  		sanitizedPreferences = append(sanitizedPreferences, pref)
   118  	}
   119  
   120  	if err := c.App.UpdatePreferences(c.Params.UserId, sanitizedPreferences); err != nil {
   121  		c.Err = err
   122  		return
   123  	}
   124  
   125  	auditRec.Success()
   126  	ReturnStatusOK(w)
   127  }
   128  
   129  func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
   130  	c.RequireUserId()
   131  	if c.Err != nil {
   132  		return
   133  	}
   134  
   135  	auditRec := c.MakeAuditRecord("deletePreferences", audit.Fail)
   136  	defer c.LogAuditRec(auditRec)
   137  
   138  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
   139  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   140  		return
   141  	}
   142  
   143  	preferences, err := model.PreferencesFromJson(r.Body)
   144  	if err != nil {
   145  		c.SetInvalidParam("preferences")
   146  		return
   147  	}
   148  
   149  	if err := c.App.DeletePreferences(c.Params.UserId, preferences); err != nil {
   150  		c.Err = err
   151  		return
   152  	}
   153  
   154  	auditRec.Success()
   155  	ReturnStatusOK(w)
   156  }