github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/webhook.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/masterhung0112/hk_server/v5/audit" 10 "github.com/masterhung0112/hk_server/v5/model" 11 ) 12 13 func (api *API) InitWebhook() { 14 api.BaseRoutes.IncomingHooks.Handle("", api.ApiSessionRequired(createIncomingHook)).Methods("POST") 15 api.BaseRoutes.IncomingHooks.Handle("", api.ApiSessionRequired(getIncomingHooks)).Methods("GET") 16 api.BaseRoutes.IncomingHook.Handle("", api.ApiSessionRequired(getIncomingHook)).Methods("GET") 17 api.BaseRoutes.IncomingHook.Handle("", api.ApiSessionRequired(updateIncomingHook)).Methods("PUT") 18 api.BaseRoutes.IncomingHook.Handle("", api.ApiSessionRequired(deleteIncomingHook)).Methods("DELETE") 19 20 api.BaseRoutes.OutgoingHooks.Handle("", api.ApiSessionRequired(createOutgoingHook)).Methods("POST") 21 api.BaseRoutes.OutgoingHooks.Handle("", api.ApiSessionRequired(getOutgoingHooks)).Methods("GET") 22 api.BaseRoutes.OutgoingHook.Handle("", api.ApiSessionRequired(getOutgoingHook)).Methods("GET") 23 api.BaseRoutes.OutgoingHook.Handle("", api.ApiSessionRequired(updateOutgoingHook)).Methods("PUT") 24 api.BaseRoutes.OutgoingHook.Handle("", api.ApiSessionRequired(deleteOutgoingHook)).Methods("DELETE") 25 api.BaseRoutes.OutgoingHook.Handle("/regen_token", api.ApiSessionRequired(regenOutgoingHookToken)).Methods("POST") 26 } 27 28 func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { 29 hook := model.IncomingWebhookFromJson(r.Body) 30 if hook == nil { 31 c.SetInvalidParam("incoming_webhook") 32 return 33 } 34 35 channel, err := c.App.GetChannel(hook.ChannelId) 36 if err != nil { 37 c.Err = err 38 return 39 } 40 41 auditRec := c.MakeAuditRecord("createIncomingHook", audit.Fail) 42 defer c.LogAuditRec(auditRec) 43 auditRec.AddMeta("channel", channel) 44 c.LogAudit("attempt") 45 46 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) { 47 c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) 48 return 49 } 50 51 if channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_READ_CHANNEL) { 52 c.LogAudit("fail - bad channel permissions") 53 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 54 return 55 } 56 57 userId := c.AppContext.Session().UserId 58 if hook.UserId != "" && hook.UserId != userId { 59 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) { 60 c.LogAudit("fail - innapropriate permissions") 61 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) 62 return 63 } 64 65 if _, err = c.App.GetUser(hook.UserId); err != nil { 66 c.Err = err 67 return 68 } 69 70 userId = hook.UserId 71 } 72 73 incomingHook, err := c.App.CreateIncomingWebhookForChannel(userId, channel, hook) 74 if err != nil { 75 c.Err = err 76 return 77 } 78 79 auditRec.Success() 80 auditRec.AddMeta("hook", incomingHook) 81 c.LogAudit("success") 82 83 w.WriteHeader(http.StatusCreated) 84 w.Write([]byte(incomingHook.ToJson())) 85 } 86 87 func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { 88 c.RequireHookId() 89 if c.Err != nil { 90 return 91 } 92 93 updatedHook := model.IncomingWebhookFromJson(r.Body) 94 if updatedHook == nil { 95 c.SetInvalidParam("incoming_webhook") 96 return 97 } 98 99 // The hook being updated in the payload must be the same one as indicated in the URL. 100 if updatedHook.Id != c.Params.HookId { 101 c.SetInvalidParam("hook_id") 102 return 103 } 104 105 auditRec := c.MakeAuditRecord("updateIncomingHook", audit.Fail) 106 defer c.LogAuditRec(auditRec) 107 auditRec.AddMeta("hook_id", c.Params.HookId) 108 c.LogAudit("attempt") 109 110 oldHook, err := c.App.GetIncomingWebhook(c.Params.HookId) 111 if err != nil { 112 c.Err = err 113 return 114 } 115 auditRec.AddMeta("team_id", oldHook.TeamId) 116 117 if updatedHook.TeamId == "" { 118 updatedHook.TeamId = oldHook.TeamId 119 } 120 121 if updatedHook.TeamId != oldHook.TeamId { 122 c.Err = model.NewAppError("updateIncomingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.AppContext.Session().UserId, http.StatusBadRequest) 123 return 124 } 125 126 channel, err := c.App.GetChannel(updatedHook.ChannelId) 127 if err != nil { 128 c.Err = err 129 return 130 } 131 auditRec.AddMeta("channel_id", channel.Id) 132 auditRec.AddMeta("channel_name", channel.Name) 133 134 if channel.TeamId != updatedHook.TeamId { 135 c.SetInvalidParam("channel_id") 136 return 137 } 138 139 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) { 140 c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) 141 return 142 } 143 144 if c.AppContext.Session().UserId != oldHook.UserId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) { 145 c.LogAudit("fail - inappropriate permissions") 146 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) 147 return 148 } 149 150 if channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channel.Id, model.PERMISSION_READ_CHANNEL) { 151 c.LogAudit("fail - bad channel permissions") 152 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 153 return 154 } 155 156 incomingHook, err := c.App.UpdateIncomingWebhook(oldHook, updatedHook) 157 if err != nil { 158 c.Err = err 159 return 160 } 161 162 auditRec.Success() 163 c.LogAudit("success") 164 165 w.WriteHeader(http.StatusCreated) 166 w.Write([]byte(incomingHook.ToJson())) 167 } 168 169 func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) { 170 teamId := r.URL.Query().Get("team_id") 171 userId := c.AppContext.Session().UserId 172 173 var hooks []*model.IncomingWebhook 174 var err *model.AppError 175 176 if teamId != "" { 177 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) { 178 c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) 179 return 180 } 181 182 // Remove userId as a filter if they have permission to manage others. 183 if c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) { 184 userId = "" 185 } 186 187 hooks, err = c.App.GetIncomingWebhooksForTeamPageByUser(teamId, userId, c.Params.Page, c.Params.PerPage) 188 } else { 189 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) { 190 c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) 191 return 192 } 193 194 // Remove userId as a filter if they have permission to manage others. 195 if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) { 196 userId = "" 197 } 198 199 hooks, err = c.App.GetIncomingWebhooksPageByUser(userId, c.Params.Page, c.Params.PerPage) 200 } 201 202 if err != nil { 203 c.Err = err 204 return 205 } 206 207 w.Write([]byte(model.IncomingWebhookListToJson(hooks))) 208 } 209 210 func getIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { 211 c.RequireHookId() 212 if c.Err != nil { 213 return 214 } 215 216 hookId := c.Params.HookId 217 218 var err *model.AppError 219 var hook *model.IncomingWebhook 220 var channel *model.Channel 221 222 hook, err = c.App.GetIncomingWebhook(hookId) 223 if err != nil { 224 c.Err = err 225 return 226 } 227 228 auditRec := c.MakeAuditRecord("getIncomingHook", audit.Fail) 229 defer c.LogAuditRec(auditRec) 230 auditRec.AddMeta("hook_id", hook.Id) 231 auditRec.AddMeta("hook_display", hook.DisplayName) 232 auditRec.AddMeta("channel_id", hook.ChannelId) 233 auditRec.AddMeta("team_id", hook.TeamId) 234 c.LogAudit("attempt") 235 236 channel, err = c.App.GetChannel(hook.ChannelId) 237 if err != nil { 238 c.Err = err 239 return 240 } 241 242 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) || 243 (channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), hook.ChannelId, model.PERMISSION_READ_CHANNEL)) { 244 c.LogAudit("fail - bad permissions") 245 c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) 246 return 247 } 248 249 if c.AppContext.Session().UserId != hook.UserId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) { 250 c.LogAudit("fail - inappropriate permissions") 251 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) 252 return 253 } 254 255 auditRec.Success() 256 c.LogAudit("success") 257 258 w.Write([]byte(hook.ToJson())) 259 } 260 261 func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { 262 c.RequireHookId() 263 if c.Err != nil { 264 return 265 } 266 267 hookId := c.Params.HookId 268 269 var err *model.AppError 270 var hook *model.IncomingWebhook 271 var channel *model.Channel 272 273 hook, err = c.App.GetIncomingWebhook(hookId) 274 if err != nil { 275 c.Err = err 276 return 277 } 278 279 channel, err = c.App.GetChannel(hook.ChannelId) 280 if err != nil { 281 c.Err = err 282 return 283 } 284 285 auditRec := c.MakeAuditRecord("deleteIncomingHook", audit.Fail) 286 defer c.LogAuditRec(auditRec) 287 auditRec.AddMeta("hook_id", hook.Id) 288 auditRec.AddMeta("hook_display", hook.DisplayName) 289 auditRec.AddMeta("channel_id", channel.Id) 290 auditRec.AddMeta("channel_name", channel.Name) 291 auditRec.AddMeta("team_id", hook.TeamId) 292 293 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) || 294 (channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), hook.ChannelId, model.PERMISSION_READ_CHANNEL)) { 295 c.LogAudit("fail - bad permissions") 296 c.SetPermissionError(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS) 297 return 298 } 299 300 if c.AppContext.Session().UserId != hook.UserId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) { 301 c.LogAudit("fail - inappropriate permissions") 302 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS) 303 return 304 } 305 306 if err = c.App.DeleteIncomingWebhook(hookId); err != nil { 307 c.Err = err 308 return 309 } 310 311 auditRec.Success() 312 ReturnStatusOK(w) 313 } 314 315 func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { 316 c.RequireHookId() 317 if c.Err != nil { 318 return 319 } 320 321 updatedHook := model.OutgoingWebhookFromJson(r.Body) 322 if updatedHook == nil { 323 c.SetInvalidParam("outgoing_webhook") 324 return 325 } 326 327 // The hook being updated in the payload must be the same one as indicated in the URL. 328 if updatedHook.Id != c.Params.HookId { 329 c.SetInvalidParam("hook_id") 330 return 331 } 332 333 auditRec := c.MakeAuditRecord("updateOutgoingHook", audit.Fail) 334 defer c.LogAuditRec(auditRec) 335 auditRec.AddMeta("hook_id", updatedHook.Id) 336 auditRec.AddMeta("hook_display", updatedHook.DisplayName) 337 auditRec.AddMeta("channel_id", updatedHook.ChannelId) 338 auditRec.AddMeta("team_id", updatedHook.TeamId) 339 c.LogAudit("attempt") 340 341 oldHook, err := c.App.GetOutgoingWebhook(c.Params.HookId) 342 if err != nil { 343 c.Err = err 344 return 345 } 346 347 if updatedHook.TeamId == "" { 348 updatedHook.TeamId = oldHook.TeamId 349 } 350 351 if updatedHook.TeamId != oldHook.TeamId { 352 c.Err = model.NewAppError("updateOutgoingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.AppContext.Session().UserId, http.StatusBadRequest) 353 return 354 } 355 356 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), updatedHook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 357 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 358 return 359 } 360 361 if c.AppContext.Session().UserId != oldHook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), updatedHook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 362 c.LogAudit("fail - inappropriate permissions") 363 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) 364 return 365 } 366 367 updatedHook.CreatorId = c.AppContext.Session().UserId 368 369 rhook, err := c.App.UpdateOutgoingWebhook(oldHook, updatedHook) 370 if err != nil { 371 c.Err = err 372 return 373 } 374 375 auditRec.Success() 376 c.LogAudit("success") 377 378 w.Write([]byte(rhook.ToJson())) 379 } 380 381 func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { 382 hook := model.OutgoingWebhookFromJson(r.Body) 383 if hook == nil { 384 c.SetInvalidParam("outgoing_webhook") 385 return 386 } 387 388 auditRec := c.MakeAuditRecord("createOutgoingHook", audit.Fail) 389 defer c.LogAuditRec(auditRec) 390 auditRec.AddMeta("hook_id", hook.Id) 391 c.LogAudit("attempt") 392 393 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 394 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 395 return 396 } 397 398 if hook.CreatorId == "" { 399 hook.CreatorId = c.AppContext.Session().UserId 400 } else { 401 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 402 c.LogAudit("fail - innapropriate permissions") 403 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) 404 return 405 } 406 407 _, err := c.App.GetUser(hook.CreatorId) 408 if err != nil { 409 c.Err = err 410 return 411 } 412 } 413 414 rhook, err := c.App.CreateOutgoingWebhook(hook) 415 if err != nil { 416 c.LogAudit("fail") 417 c.Err = err 418 return 419 } 420 421 auditRec.Success() 422 auditRec.AddMeta("hook_display", rhook.DisplayName) 423 auditRec.AddMeta("channel_id", rhook.ChannelId) 424 auditRec.AddMeta("team_id", rhook.TeamId) 425 c.LogAudit("success") 426 427 w.WriteHeader(http.StatusCreated) 428 w.Write([]byte(rhook.ToJson())) 429 } 430 431 func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) { 432 channelId := r.URL.Query().Get("channel_id") 433 teamId := r.URL.Query().Get("team_id") 434 userId := c.AppContext.Session().UserId 435 436 var hooks []*model.OutgoingWebhook 437 var err *model.AppError 438 439 if channelId != "" { 440 if !c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channelId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 441 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 442 return 443 } 444 445 // Remove userId as a filter if they have permission to manage others. 446 if c.App.SessionHasPermissionToChannel(*c.AppContext.Session(), channelId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 447 userId = "" 448 } 449 450 hooks, err = c.App.GetOutgoingWebhooksForChannelPageByUser(channelId, userId, c.Params.Page, c.Params.PerPage) 451 } else if teamId != "" { 452 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 453 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 454 return 455 } 456 457 // Remove userId as a filter if they have permission to manage others. 458 if c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), teamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 459 userId = "" 460 } 461 462 hooks, err = c.App.GetOutgoingWebhooksForTeamPageByUser(teamId, userId, c.Params.Page, c.Params.PerPage) 463 } else { 464 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 465 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 466 return 467 } 468 469 // Remove userId as a filter if they have permission to manage others. 470 if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 471 userId = "" 472 } 473 474 hooks, err = c.App.GetOutgoingWebhooksPageByUser(userId, c.Params.Page, c.Params.PerPage) 475 } 476 477 if err != nil { 478 c.Err = err 479 return 480 } 481 482 w.Write([]byte(model.OutgoingWebhookListToJson(hooks))) 483 } 484 485 func getOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { 486 c.RequireHookId() 487 if c.Err != nil { 488 return 489 } 490 491 hook, err := c.App.GetOutgoingWebhook(c.Params.HookId) 492 if err != nil { 493 c.Err = err 494 return 495 } 496 497 auditRec := c.MakeAuditRecord("getOutgoingHook", audit.Fail) 498 defer c.LogAuditRec(auditRec) 499 auditRec.AddMeta("hook_id", hook.Id) 500 auditRec.AddMeta("hook_display", hook.DisplayName) 501 auditRec.AddMeta("channel_id", hook.ChannelId) 502 auditRec.AddMeta("team_id", hook.TeamId) 503 c.LogAudit("attempt") 504 505 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 506 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 507 return 508 } 509 510 if c.AppContext.Session().UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 511 c.LogAudit("fail - inappropriate permissions") 512 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) 513 return 514 } 515 516 auditRec.Success() 517 c.LogAudit("success") 518 519 w.Write([]byte(hook.ToJson())) 520 } 521 522 func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) { 523 c.RequireHookId() 524 if c.Err != nil { 525 return 526 } 527 528 hook, err := c.App.GetOutgoingWebhook(c.Params.HookId) 529 if err != nil { 530 c.Err = err 531 return 532 } 533 534 auditRec := c.MakeAuditRecord("regenOutgoingHookToken", audit.Fail) 535 defer c.LogAuditRec(auditRec) 536 auditRec.AddMeta("hook_id", hook.Id) 537 auditRec.AddMeta("hook_display", hook.DisplayName) 538 auditRec.AddMeta("channel_id", hook.ChannelId) 539 auditRec.AddMeta("team_id", hook.TeamId) 540 c.LogAudit("attempt") 541 542 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 543 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 544 return 545 } 546 547 if c.AppContext.Session().UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 548 c.LogAudit("fail - inappropriate permissions") 549 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) 550 return 551 } 552 553 rhook, err := c.App.RegenOutgoingWebhookToken(hook) 554 if err != nil { 555 c.Err = err 556 return 557 } 558 559 auditRec.Success() 560 c.LogAudit("success") 561 562 w.Write([]byte(rhook.ToJson())) 563 } 564 565 func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { 566 c.RequireHookId() 567 if c.Err != nil { 568 return 569 } 570 571 hook, err := c.App.GetOutgoingWebhook(c.Params.HookId) 572 if err != nil { 573 c.Err = err 574 return 575 } 576 577 auditRec := c.MakeAuditRecord("deleteOutgoingHook", audit.Fail) 578 defer c.LogAuditRec(auditRec) 579 auditRec.AddMeta("hook_id", hook.Id) 580 auditRec.AddMeta("hook_display", hook.DisplayName) 581 auditRec.AddMeta("channel_id", hook.ChannelId) 582 auditRec.AddMeta("team_id", hook.TeamId) 583 c.LogAudit("attempt") 584 585 if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) { 586 c.SetPermissionError(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS) 587 return 588 } 589 590 if c.AppContext.Session().UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) { 591 c.LogAudit("fail - inappropriate permissions") 592 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS) 593 return 594 } 595 596 if err := c.App.DeleteOutgoingWebhook(hook.Id); err != nil { 597 c.LogAudit("fail") 598 c.Err = err 599 return 600 } 601 602 auditRec.Success() 603 c.LogAudit("success") 604 605 ReturnStatusOK(w) 606 }