github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/webhook.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/masterhung0112/hk_server/v5/audit"
    10  	"github.com/masterhung0112/hk_server/v5/model"
    11  )
    12  
    13  func (api *API) InitWebhook() {
    14  	api.BaseRoutes.IncomingHooks.Handle("", api.ApiSessionRequired(createIncomingHook)).Methods("POST")
    15  	api.BaseRoutes.IncomingHooks.Handle("", api.ApiSessionRequired(getIncomingHooks)).Methods("GET")
    16  	api.BaseRoutes.IncomingHook.Handle("", api.ApiSessionRequired(getIncomingHook)).Methods("GET")
    17  	api.BaseRoutes.IncomingHook.Handle("", api.ApiSessionRequired(updateIncomingHook)).Methods("PUT")
    18  	api.BaseRoutes.IncomingHook.Handle("", api.ApiSessionRequired(deleteIncomingHook)).Methods("DELETE")
    19  
    20  	api.BaseRoutes.OutgoingHooks.Handle("", api.ApiSessionRequired(createOutgoingHook)).Methods("POST")
    21  	api.BaseRoutes.OutgoingHooks.Handle("", api.ApiSessionRequired(getOutgoingHooks)).Methods("GET")
    22  	api.BaseRoutes.OutgoingHook.Handle("", api.ApiSessionRequired(getOutgoingHook)).Methods("GET")
    23  	api.BaseRoutes.OutgoingHook.Handle("", api.ApiSessionRequired(updateOutgoingHook)).Methods("PUT")
    24  	api.BaseRoutes.OutgoingHook.Handle("", api.ApiSessionRequired(deleteOutgoingHook)).Methods("DELETE")
    25  	api.BaseRoutes.OutgoingHook.Handle("/regen_token", api.ApiSessionRequired(regenOutgoingHookToken)).Methods("POST")
    26  }
    27  
    28  func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
    29  	hook := model.IncomingWebhookFromJson(r.Body)
    30  	if hook == nil {
    31  		c.SetInvalidParam("incoming_webhook")
    32  		return
    33  	}
    34  
    35  	channel, err := c.App.GetChannel(hook.ChannelId)
    36  	if err != nil {
    37  		c.Err = err
    38  		return
    39  	}
    40  
    41  	auditRec := c.MakeAuditRecord("createIncomingHook", audit.Fail)
    42  	defer c.LogAuditRec(auditRec)
    43  	auditRec.AddMeta("channel", channel)
    44  	c.LogAudit("attempt")
    45  
    46  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) {
    47  		c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS)
    48  		return
    49  	}
    50  
    51  	if channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_READ_CHANNEL) {
    52  		c.LogAudit("fail - bad channel permissions")
    53  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
    54  		return
    55  	}
    56  
    57  	userId := c.AppContext.Session().UserId
    58  	if hook.UserId != "" && hook.UserId != userId {
    59  		if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) {
    60  			c.LogAudit("fail - innapropriate permissions")
    61  			c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS)
    62  			return
    63  		}
    64  
    65  		if _, err = c.App.GetUser(hook.UserId); err != nil {
    66  			c.Err = err
    67  			return
    68  		}
    69  
    70  		userId = hook.UserId
    71  	}
    72  
    73  	incomingHook, err := c.App.CreateIncomingWebhookForChannel(userId, channel, hook)
    74  	if err != nil {
    75  		c.Err = err
    76  		return
    77  	}
    78  
    79  	auditRec.Success()
    80  	auditRec.AddMeta("hook", incomingHook)
    81  	c.LogAudit("success")
    82  
    83  	w.WriteHeader(http.StatusCreated)
    84  	w.Write([]byte(incomingHook.ToJson()))
    85  }
    86  
    87  func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
    88  	c.RequireHookId()
    89  	if c.Err != nil {
    90  		return
    91  	}
    92  
    93  	updatedHook := model.IncomingWebhookFromJson(r.Body)
    94  	if updatedHook == nil {
    95  		c.SetInvalidParam("incoming_webhook")
    96  		return
    97  	}
    98  
    99  	// The hook being updated in the payload must be the same one as indicated in the URL.
   100  	if updatedHook.Id != c.Params.HookId {
   101  		c.SetInvalidParam("hook_id")
   102  		return
   103  	}
   104  
   105  	auditRec := c.MakeAuditRecord("updateIncomingHook", audit.Fail)
   106  	defer c.LogAuditRec(auditRec)
   107  	auditRec.AddMeta("hook_id", c.Params.HookId)
   108  	c.LogAudit("attempt")
   109  
   110  	oldHook, err := c.App.GetIncomingWebhook(c.Params.HookId)
   111  	if err != nil {
   112  		c.Err = err
   113  		return
   114  	}
   115  	auditRec.AddMeta("team_id", oldHook.TeamId)
   116  
   117  	if updatedHook.TeamId == "" {
   118  		updatedHook.TeamId = oldHook.TeamId
   119  	}
   120  
   121  	if updatedHook.TeamId != oldHook.TeamId {
   122  		c.Err = model.NewAppError("updateIncomingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.AppContext.Session().UserId, http.StatusBadRequest)
   123  		return
   124  	}
   125  
   126  	channel, err := c.App.GetChannel(updatedHook.ChannelId)
   127  	if err != nil {
   128  		c.Err = err
   129  		return
   130  	}
   131  	auditRec.AddMeta("channel_id", channel.Id)
   132  	auditRec.AddMeta("channel_name", channel.Name)
   133  
   134  	if channel.TeamId != updatedHook.TeamId {
   135  		c.SetInvalidParam("channel_id")
   136  		return
   137  	}
   138  
   139  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) {
   140  		c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS)
   141  		return
   142  	}
   143  
   144  	if c.AppContext.Session().UserId != oldHook.UserId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) {
   145  		c.LogAudit("fail - inappropriate permissions")
   146  		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS)
   147  		return
   148  	}
   149  
   150  	if channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_READ_CHANNEL) {
   151  		c.LogAudit("fail - bad channel permissions")
   152  		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
   153  		return
   154  	}
   155  
   156  	incomingHook, err := c.App.UpdateIncomingWebhook(oldHook, updatedHook)
   157  	if err != nil {
   158  		c.Err = err
   159  		return
   160  	}
   161  
   162  	auditRec.Success()
   163  	c.LogAudit("success")
   164  
   165  	w.WriteHeader(http.StatusCreated)
   166  	w.Write([]byte(incomingHook.ToJson()))
   167  }
   168  
   169  func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
   170  	teamId := r.URL.Query().Get("team_id")
   171  	userId := c.AppContext.Session().UserId
   172  
   173  	var hooks []*model.IncomingWebhook
   174  	var err *model.AppError
   175  
   176  	if teamId != "" {
   177  		if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) {
   178  			c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS)
   179  			return
   180  		}
   181  
   182  		// Remove userId as a filter if they have permission to manage others.
   183  		if c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) {
   184  			userId = ""
   185  		}
   186  
   187  		hooks, err = c.App.GetIncomingWebhooksForTeamPageByUser(teamId, userId, c.Params.Page, c.Params.PerPage)
   188  	} else {
   189  		if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) {
   190  			c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS)
   191  			return
   192  		}
   193  
   194  		// Remove userId as a filter if they have permission to manage others.
   195  		if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) {
   196  			userId = ""
   197  		}
   198  
   199  		hooks, err = c.App.GetIncomingWebhooksPageByUser(userId, c.Params.Page, c.Params.PerPage)
   200  	}
   201  
   202  	if err != nil {
   203  		c.Err = err
   204  		return
   205  	}
   206  
   207  	w.Write([]byte(model.IncomingWebhookListToJson(hooks)))
   208  }
   209  
   210  func getIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
   211  	c.RequireHookId()
   212  	if c.Err != nil {
   213  		return
   214  	}
   215  
   216  	hookId := c.Params.HookId
   217  
   218  	var err *model.AppError
   219  	var hook *model.IncomingWebhook
   220  	var channel *model.Channel
   221  
   222  	hook, err = c.App.GetIncomingWebhook(hookId)
   223  	if err != nil {
   224  		c.Err = err
   225  		return
   226  	}
   227  
   228  	auditRec := c.MakeAuditRecord("getIncomingHook", audit.Fail)
   229  	defer c.LogAuditRec(auditRec)
   230  	auditRec.AddMeta("hook_id", hook.Id)
   231  	auditRec.AddMeta("hook_display", hook.DisplayName)
   232  	auditRec.AddMeta("channel_id", hook.ChannelId)
   233  	auditRec.AddMeta("team_id", hook.TeamId)
   234  	c.LogAudit("attempt")
   235  
   236  	channel, err = c.App.GetChannel(hook.ChannelId)
   237  	if err != nil {
   238  		c.Err = err
   239  		return
   240  	}
   241  
   242  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) ||
   243  		(channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), hook.ChannelId, model.PERMISSION_READ_CHANNEL)) {
   244  		c.LogAudit("fail - bad permissions")
   245  		c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS)
   246  		return
   247  	}
   248  
   249  	if c.AppContext.Session().UserId != hook.UserId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) {
   250  		c.LogAudit("fail - inappropriate permissions")
   251  		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS)
   252  		return
   253  	}
   254  
   255  	auditRec.Success()
   256  	c.LogAudit("success")
   257  
   258  	w.Write([]byte(hook.ToJson()))
   259  }
   260  
   261  func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
   262  	c.RequireHookId()
   263  	if c.Err != nil {
   264  		return
   265  	}
   266  
   267  	hookId := c.Params.HookId
   268  
   269  	var err *model.AppError
   270  	var hook *model.IncomingWebhook
   271  	var channel *model.Channel
   272  
   273  	hook, err = c.App.GetIncomingWebhook(hookId)
   274  	if err != nil {
   275  		c.Err = err
   276  		return
   277  	}
   278  
   279  	channel, err = c.App.GetChannel(hook.ChannelId)
   280  	if err != nil {
   281  		c.Err = err
   282  		return
   283  	}
   284  
   285  	auditRec := c.MakeAuditRecord("deleteIncomingHook", audit.Fail)
   286  	defer c.LogAuditRec(auditRec)
   287  	auditRec.AddMeta("hook_id", hook.Id)
   288  	auditRec.AddMeta("hook_display", hook.DisplayName)
   289  	auditRec.AddMeta("channel_id", channel.Id)
   290  	auditRec.AddMeta("channel_name", channel.Name)
   291  	auditRec.AddMeta("team_id", hook.TeamId)
   292  
   293  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) ||
   294  		(channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), hook.ChannelId, model.PERMISSION_READ_CHANNEL)) {
   295  		c.LogAudit("fail - bad permissions")
   296  		c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS)
   297  		return
   298  	}
   299  
   300  	if c.AppContext.Session().UserId != hook.UserId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) {
   301  		c.LogAudit("fail - inappropriate permissions")
   302  		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS)
   303  		return
   304  	}
   305  
   306  	if err = c.App.DeleteIncomingWebhook(hookId); err != nil {
   307  		c.Err = err
   308  		return
   309  	}
   310  
   311  	auditRec.Success()
   312  	ReturnStatusOK(w)
   313  }
   314  
   315  func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
   316  	c.RequireHookId()
   317  	if c.Err != nil {
   318  		return
   319  	}
   320  
   321  	updatedHook := model.OutgoingWebhookFromJson(r.Body)
   322  	if updatedHook == nil {
   323  		c.SetInvalidParam("outgoing_webhook")
   324  		return
   325  	}
   326  
   327  	// The hook being updated in the payload must be the same one as indicated in the URL.
   328  	if updatedHook.Id != c.Params.HookId {
   329  		c.SetInvalidParam("hook_id")
   330  		return
   331  	}
   332  
   333  	auditRec := c.MakeAuditRecord("updateOutgoingHook", audit.Fail)
   334  	defer c.LogAuditRec(auditRec)
   335  	auditRec.AddMeta("hook_id", updatedHook.Id)
   336  	auditRec.AddMeta("hook_display", updatedHook.DisplayName)
   337  	auditRec.AddMeta("channel_id", updatedHook.ChannelId)
   338  	auditRec.AddMeta("team_id", updatedHook.TeamId)
   339  	c.LogAudit("attempt")
   340  
   341  	oldHook, err := c.App.GetOutgoingWebhook(c.Params.HookId)
   342  	if err != nil {
   343  		c.Err = err
   344  		return
   345  	}
   346  
   347  	if updatedHook.TeamId == "" {
   348  		updatedHook.TeamId = oldHook.TeamId
   349  	}
   350  
   351  	if updatedHook.TeamId != oldHook.TeamId {
   352  		c.Err = model.NewAppError("updateOutgoingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.AppContext.Session().UserId, http.StatusBadRequest)
   353  		return
   354  	}
   355  
   356  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), updatedHook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   357  		c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   358  		return
   359  	}
   360  
   361  	if c.AppContext.Session().UserId != oldHook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), updatedHook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   362  		c.LogAudit("fail - inappropriate permissions")
   363  		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS)
   364  		return
   365  	}
   366  
   367  	updatedHook.CreatorId = c.AppContext.Session().UserId
   368  
   369  	rhook, err := c.App.UpdateOutgoingWebhook(oldHook, updatedHook)
   370  	if err != nil {
   371  		c.Err = err
   372  		return
   373  	}
   374  
   375  	auditRec.Success()
   376  	c.LogAudit("success")
   377  
   378  	w.Write([]byte(rhook.ToJson()))
   379  }
   380  
   381  func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
   382  	hook := model.OutgoingWebhookFromJson(r.Body)
   383  	if hook == nil {
   384  		c.SetInvalidParam("outgoing_webhook")
   385  		return
   386  	}
   387  
   388  	auditRec := c.MakeAuditRecord("createOutgoingHook", audit.Fail)
   389  	defer c.LogAuditRec(auditRec)
   390  	auditRec.AddMeta("hook_id", hook.Id)
   391  	c.LogAudit("attempt")
   392  
   393  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   394  		c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   395  		return
   396  	}
   397  
   398  	if hook.CreatorId == "" {
   399  		hook.CreatorId = c.AppContext.Session().UserId
   400  	} else {
   401  		if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   402  			c.LogAudit("fail - innapropriate permissions")
   403  			c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS)
   404  			return
   405  		}
   406  
   407  		_, err := c.App.GetUser(hook.CreatorId)
   408  		if err != nil {
   409  			c.Err = err
   410  			return
   411  		}
   412  	}
   413  
   414  	rhook, err := c.App.CreateOutgoingWebhook(hook)
   415  	if err != nil {
   416  		c.LogAudit("fail")
   417  		c.Err = err
   418  		return
   419  	}
   420  
   421  	auditRec.Success()
   422  	auditRec.AddMeta("hook_display", rhook.DisplayName)
   423  	auditRec.AddMeta("channel_id", rhook.ChannelId)
   424  	auditRec.AddMeta("team_id", rhook.TeamId)
   425  	c.LogAudit("success")
   426  
   427  	w.WriteHeader(http.StatusCreated)
   428  	w.Write([]byte(rhook.ToJson()))
   429  }
   430  
   431  func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
   432  	channelId := r.URL.Query().Get("channel_id")
   433  	teamId := r.URL.Query().Get("team_id")
   434  	userId := c.AppContext.Session().UserId
   435  
   436  	var hooks []*model.OutgoingWebhook
   437  	var err *model.AppError
   438  
   439  	if channelId != "" {
   440  		if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channelId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   441  			c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   442  			return
   443  		}
   444  
   445  		// Remove userId as a filter if they have permission to manage others.
   446  		if c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channelId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   447  			userId = ""
   448  		}
   449  
   450  		hooks, err = c.App.GetOutgoingWebhooksForChannelPageByUser(channelId, userId, c.Params.Page, c.Params.PerPage)
   451  	} else if teamId != "" {
   452  		if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   453  			c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   454  			return
   455  		}
   456  
   457  		// Remove userId as a filter if they have permission to manage others.
   458  		if c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   459  			userId = ""
   460  		}
   461  
   462  		hooks, err = c.App.GetOutgoingWebhooksForTeamPageByUser(teamId, userId, c.Params.Page, c.Params.PerPage)
   463  	} else {
   464  		if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   465  			c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   466  			return
   467  		}
   468  
   469  		// Remove userId as a filter if they have permission to manage others.
   470  		if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   471  			userId = ""
   472  		}
   473  
   474  		hooks, err = c.App.GetOutgoingWebhooksPageByUser(userId, c.Params.Page, c.Params.PerPage)
   475  	}
   476  
   477  	if err != nil {
   478  		c.Err = err
   479  		return
   480  	}
   481  
   482  	w.Write([]byte(model.OutgoingWebhookListToJson(hooks)))
   483  }
   484  
   485  func getOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
   486  	c.RequireHookId()
   487  	if c.Err != nil {
   488  		return
   489  	}
   490  
   491  	hook, err := c.App.GetOutgoingWebhook(c.Params.HookId)
   492  	if err != nil {
   493  		c.Err = err
   494  		return
   495  	}
   496  
   497  	auditRec := c.MakeAuditRecord("getOutgoingHook", audit.Fail)
   498  	defer c.LogAuditRec(auditRec)
   499  	auditRec.AddMeta("hook_id", hook.Id)
   500  	auditRec.AddMeta("hook_display", hook.DisplayName)
   501  	auditRec.AddMeta("channel_id", hook.ChannelId)
   502  	auditRec.AddMeta("team_id", hook.TeamId)
   503  	c.LogAudit("attempt")
   504  
   505  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   506  		c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   507  		return
   508  	}
   509  
   510  	if c.AppContext.Session().UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   511  		c.LogAudit("fail - inappropriate permissions")
   512  		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS)
   513  		return
   514  	}
   515  
   516  	auditRec.Success()
   517  	c.LogAudit("success")
   518  
   519  	w.Write([]byte(hook.ToJson()))
   520  }
   521  
   522  func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) {
   523  	c.RequireHookId()
   524  	if c.Err != nil {
   525  		return
   526  	}
   527  
   528  	hook, err := c.App.GetOutgoingWebhook(c.Params.HookId)
   529  	if err != nil {
   530  		c.Err = err
   531  		return
   532  	}
   533  
   534  	auditRec := c.MakeAuditRecord("regenOutgoingHookToken", audit.Fail)
   535  	defer c.LogAuditRec(auditRec)
   536  	auditRec.AddMeta("hook_id", hook.Id)
   537  	auditRec.AddMeta("hook_display", hook.DisplayName)
   538  	auditRec.AddMeta("channel_id", hook.ChannelId)
   539  	auditRec.AddMeta("team_id", hook.TeamId)
   540  	c.LogAudit("attempt")
   541  
   542  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   543  		c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   544  		return
   545  	}
   546  
   547  	if c.AppContext.Session().UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   548  		c.LogAudit("fail - inappropriate permissions")
   549  		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS)
   550  		return
   551  	}
   552  
   553  	rhook, err := c.App.RegenOutgoingWebhookToken(hook)
   554  	if err != nil {
   555  		c.Err = err
   556  		return
   557  	}
   558  
   559  	auditRec.Success()
   560  	c.LogAudit("success")
   561  
   562  	w.Write([]byte(rhook.ToJson()))
   563  }
   564  
   565  func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
   566  	c.RequireHookId()
   567  	if c.Err != nil {
   568  		return
   569  	}
   570  
   571  	hook, err := c.App.GetOutgoingWebhook(c.Params.HookId)
   572  	if err != nil {
   573  		c.Err = err
   574  		return
   575  	}
   576  
   577  	auditRec := c.MakeAuditRecord("deleteOutgoingHook", audit.Fail)
   578  	defer c.LogAuditRec(auditRec)
   579  	auditRec.AddMeta("hook_id", hook.Id)
   580  	auditRec.AddMeta("hook_display", hook.DisplayName)
   581  	auditRec.AddMeta("channel_id", hook.ChannelId)
   582  	auditRec.AddMeta("team_id", hook.TeamId)
   583  	c.LogAudit("attempt")
   584  
   585  	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) {
   586  		c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS)
   587  		return
   588  	}
   589  
   590  	if c.AppContext.Session().UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) {
   591  		c.LogAudit("fail - inappropriate permissions")
   592  		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS)
   593  		return
   594  	}
   595  
   596  	if err := c.App.DeleteOutgoingWebhook(hook.Id); err != nil {
   597  		c.LogAudit("fail")
   598  		c.Err = err
   599  		return
   600  	}
   601  
   602  	auditRec.Success()
   603  	c.LogAudit("success")
   604  
   605  	ReturnStatusOK(w)
   606  }