github.com/mattermost/mattermost-server/v5@v5.39.3/api4/data_retention.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "encoding/json" 8 "net/http" 9 10 "github.com/mattermost/mattermost-server/v5/audit" 11 "github.com/mattermost/mattermost-server/v5/model" 12 ) 13 14 func (api *API) InitDataRetention() { 15 api.BaseRoutes.DataRetention.Handle("/policy", api.ApiSessionRequired(getGlobalPolicy)).Methods("GET") 16 api.BaseRoutes.DataRetention.Handle("/policies", api.ApiSessionRequired(getPolicies)).Methods("GET") 17 api.BaseRoutes.DataRetention.Handle("/policies_count", api.ApiSessionRequired(getPoliciesCount)).Methods("GET") 18 api.BaseRoutes.DataRetention.Handle("/policies", api.ApiSessionRequired(createPolicy)).Methods("POST") 19 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getPolicy)).Methods("GET") 20 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}", api.ApiSessionRequired(patchPolicy)).Methods("PATCH") 21 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}", api.ApiSessionRequired(deletePolicy)).Methods("DELETE") 22 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequired(getTeamsForPolicy)).Methods("GET") 23 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequired(addTeamsToPolicy)).Methods("POST") 24 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequired(removeTeamsFromPolicy)).Methods("DELETE") 25 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams/search", api.ApiSessionRequired(searchTeamsInPolicy)).Methods("POST") 26 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForPolicy)).Methods("GET") 27 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(addChannelsToPolicy)).Methods("POST") 28 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(removeChannelsFromPolicy)).Methods("DELETE") 29 api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels/search", api.ApiSessionRequired(searchChannelsInPolicy)).Methods("POST") 30 api.BaseRoutes.User.Handle("/data_retention/team_policies", api.ApiSessionRequired(getTeamPoliciesForUser)).Methods("GET") 31 api.BaseRoutes.User.Handle("/data_retention/channel_policies", api.ApiSessionRequired(getChannelPoliciesForUser)).Methods("GET") 32 } 33 34 func getGlobalPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 35 // No permission check required. 36 37 policy, err := c.App.GetGlobalRetentionPolicy() 38 if err != nil { 39 c.Err = err 40 return 41 } 42 43 w.Write(policy.ToJson()) 44 } 45 46 func getPolicies(c *Context, w http.ResponseWriter, r *http.Request) { 47 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) { 48 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) 49 return 50 } 51 52 limit := c.Params.PerPage 53 offset := c.Params.Page * limit 54 55 policies, err := c.App.GetRetentionPolicies(offset, limit) 56 if err != nil { 57 c.Err = err 58 return 59 } 60 61 w.Write(policies.ToJson()) 62 } 63 64 func getPoliciesCount(c *Context, w http.ResponseWriter, r *http.Request) { 65 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) { 66 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) 67 return 68 } 69 70 count, err := c.App.GetRetentionPoliciesCount() 71 if err != nil { 72 c.Err = err 73 return 74 } 75 body := map[string]int64{"total_count": count} 76 b, _ := json.Marshal(body) 77 w.Write(b) 78 } 79 80 func getPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 81 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) { 82 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) 83 return 84 } 85 86 c.RequirePolicyId() 87 policy, err := c.App.GetRetentionPolicy(c.Params.PolicyId) 88 if err != nil { 89 c.Err = err 90 return 91 } 92 w.Write(policy.ToJson()) 93 } 94 95 func createPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 96 policy, jsonErr := model.RetentionPolicyWithTeamAndChannelIdsFromJson(r.Body) 97 if jsonErr != nil { 98 c.SetInvalidParam("policy") 99 return 100 } 101 auditRec := c.MakeAuditRecord("createPolicy", audit.Fail) 102 defer c.LogAuditRec(auditRec) 103 auditRec.AddMeta("policy", policy) 104 105 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) { 106 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) 107 return 108 } 109 110 newPolicy, err := c.App.CreateRetentionPolicy(policy) 111 if err != nil { 112 c.Err = err 113 return 114 } 115 116 auditRec.AddMeta("policy", newPolicy) // overwrite meta 117 auditRec.Success() 118 w.WriteHeader(http.StatusCreated) 119 w.Write(newPolicy.ToJson()) 120 } 121 122 func patchPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 123 patch, jsonErr := model.RetentionPolicyWithTeamAndChannelIdsFromJson(r.Body) 124 if jsonErr != nil { 125 c.SetInvalidParam("policy") 126 } 127 c.RequirePolicyId() 128 patch.ID = c.Params.PolicyId 129 130 auditRec := c.MakeAuditRecord("patchPolicy", audit.Fail) 131 defer c.LogAuditRec(auditRec) 132 auditRec.AddMeta("patch", patch) 133 134 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) { 135 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) 136 return 137 } 138 139 policy, err := c.App.PatchRetentionPolicy(patch) 140 if err != nil { 141 c.Err = err 142 return 143 } 144 auditRec.Success() 145 w.Write(policy.ToJson()) 146 } 147 148 func deletePolicy(c *Context, w http.ResponseWriter, r *http.Request) { 149 c.RequirePolicyId() 150 policyId := c.Params.PolicyId 151 152 auditRec := c.MakeAuditRecord("deletePolicy", audit.Fail) 153 defer c.LogAuditRec(auditRec) 154 auditRec.AddMeta("policy_id", policyId) 155 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) { 156 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) 157 return 158 } 159 160 err := c.App.DeleteRetentionPolicy(policyId) 161 if err != nil { 162 c.Err = err 163 return 164 } 165 auditRec.Success() 166 ReturnStatusOK(w) 167 } 168 169 func getTeamsForPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 170 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) { 171 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) 172 return 173 } 174 175 c.RequirePolicyId() 176 policyId := c.Params.PolicyId 177 limit := c.Params.PerPage 178 offset := c.Params.Page * limit 179 180 teams, err := c.App.GetTeamsForRetentionPolicy(policyId, offset, limit) 181 if err != nil { 182 c.Err = err 183 return 184 } 185 186 b, jsonErr := json.Marshal(teams) 187 if jsonErr != nil { 188 c.Err = model.NewAppError("Api4.getTeamsForPolicy", "api.marshal_error", nil, jsonErr.Error(), http.StatusInternalServerError) 189 return 190 } 191 w.Write(b) 192 } 193 194 func searchTeamsInPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 195 c.RequirePolicyId() 196 197 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) { 198 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) 199 return 200 } 201 202 props := model.TeamSearchFromJson(r.Body) 203 if props == nil { 204 c.SetInvalidParam("team_search") 205 return 206 } 207 props.PolicyID = model.NewString(c.Params.PolicyId) 208 props.IncludePolicyID = model.NewBool(true) 209 210 teams, _, err := c.App.SearchAllTeams(props) 211 if err != nil { 212 c.Err = err 213 return 214 } 215 c.App.SanitizeTeams(*c.AppContext.Session(), teams) 216 217 payload := []byte(model.TeamListToJson(teams)) 218 w.Write(payload) 219 } 220 221 func addTeamsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 222 c.RequirePolicyId() 223 policyId := c.Params.PolicyId 224 var teamIDs []string 225 jsonErr := json.NewDecoder(r.Body).Decode(&teamIDs) 226 if jsonErr != nil { 227 c.SetInvalidParam("team_ids") 228 return 229 } 230 auditRec := c.MakeAuditRecord("addTeamsToPolicy", audit.Fail) 231 defer c.LogAuditRec(auditRec) 232 auditRec.AddMeta("policy_id", policyId) 233 auditRec.AddMeta("team_ids", teamIDs) 234 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) { 235 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) 236 return 237 } 238 239 err := c.App.AddTeamsToRetentionPolicy(policyId, teamIDs) 240 if err != nil { 241 c.Err = err 242 return 243 } 244 245 auditRec.Success() 246 ReturnStatusOK(w) 247 } 248 249 func removeTeamsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 250 c.RequirePolicyId() 251 policyId := c.Params.PolicyId 252 var teamIDs []string 253 jsonErr := json.NewDecoder(r.Body).Decode(&teamIDs) 254 if jsonErr != nil { 255 c.SetInvalidParam("team_ids") 256 return 257 } 258 auditRec := c.MakeAuditRecord("removeTeamsFromPolicy", audit.Fail) 259 defer c.LogAuditRec(auditRec) 260 auditRec.AddMeta("policy_id", policyId) 261 auditRec.AddMeta("team_ids", teamIDs) 262 263 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) { 264 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) 265 return 266 } 267 268 err := c.App.RemoveTeamsFromRetentionPolicy(policyId, teamIDs) 269 if err != nil { 270 c.Err = err 271 return 272 } 273 274 auditRec.Success() 275 ReturnStatusOK(w) 276 } 277 278 func getChannelsForPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 279 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) { 280 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) 281 return 282 } 283 284 c.RequirePolicyId() 285 policyId := c.Params.PolicyId 286 limit := c.Params.PerPage 287 offset := c.Params.Page * limit 288 289 channels, err := c.App.GetChannelsForRetentionPolicy(policyId, offset, limit) 290 if err != nil { 291 c.Err = err 292 return 293 } 294 295 b, jsonErr := json.Marshal(channels) 296 if jsonErr != nil { 297 c.Err = model.NewAppError("Api4.getChannelsForPolicy", "api.marshal_error", nil, jsonErr.Error(), http.StatusInternalServerError) 298 return 299 } 300 w.Write(b) 301 } 302 303 func searchChannelsInPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 304 c.RequirePolicyId() 305 props := model.ChannelSearchFromJson(r.Body) 306 if props == nil { 307 c.SetInvalidParam("channel_search") 308 return 309 } 310 311 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) { 312 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) 313 return 314 } 315 316 opts := model.ChannelSearchOpts{ 317 PolicyID: c.Params.PolicyId, 318 IncludePolicyID: true, 319 Deleted: props.Deleted, 320 IncludeDeleted: props.IncludeDeleted, 321 Public: props.Public, 322 Private: props.Private, 323 TeamIds: props.TeamIds, 324 } 325 326 channels, _, appErr := c.App.SearchAllChannels(props.Term, opts) 327 if appErr != nil { 328 c.Err = appErr 329 return 330 } 331 332 payload := []byte(channels.ToJson()) 333 w.Write(payload) 334 } 335 336 func addChannelsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 337 c.RequirePolicyId() 338 policyId := c.Params.PolicyId 339 var channelIDs []string 340 jsonErr := json.NewDecoder(r.Body).Decode(&channelIDs) 341 if jsonErr != nil { 342 c.SetInvalidParam("channel_ids") 343 return 344 } 345 auditRec := c.MakeAuditRecord("addChannelsToPolicy", audit.Fail) 346 defer c.LogAuditRec(auditRec) 347 auditRec.AddMeta("policy_id", policyId) 348 auditRec.AddMeta("channel_ids", channelIDs) 349 350 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) { 351 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) 352 return 353 } 354 355 err := c.App.AddChannelsToRetentionPolicy(policyId, channelIDs) 356 if err != nil { 357 c.Err = err 358 return 359 } 360 361 auditRec.Success() 362 ReturnStatusOK(w) 363 } 364 365 func removeChannelsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request) { 366 c.RequirePolicyId() 367 policyId := c.Params.PolicyId 368 var channelIDs []string 369 jsonErr := json.NewDecoder(r.Body).Decode(&channelIDs) 370 if jsonErr != nil { 371 c.SetInvalidParam("channel_ids") 372 return 373 } 374 auditRec := c.MakeAuditRecord("removeChannelsFromPolicy", audit.Fail) 375 defer c.LogAuditRec(auditRec) 376 auditRec.AddMeta("policy_id", policyId) 377 auditRec.AddMeta("channel_ids", channelIDs) 378 379 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) { 380 c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) 381 return 382 } 383 384 err := c.App.RemoveChannelsFromRetentionPolicy(policyId, channelIDs) 385 if err != nil { 386 c.Err = err 387 return 388 } 389 390 auditRec.Success() 391 ReturnStatusOK(w) 392 } 393 394 func getTeamPoliciesForUser(c *Context, w http.ResponseWriter, r *http.Request) { 395 c.RequireUserId() 396 if c.Err != nil { 397 return 398 } 399 userID := c.Params.UserId 400 limit := c.Params.PerPage 401 offset := c.Params.Page * limit 402 403 if userID != c.AppContext.Session().UserId && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) { 404 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 405 return 406 } 407 408 policies, err := c.App.GetTeamPoliciesForUser(userID, offset, limit) 409 if err != nil { 410 c.Err = err 411 return 412 } 413 414 w.Write(policies.ToJson()) 415 } 416 417 func getChannelPoliciesForUser(c *Context, w http.ResponseWriter, r *http.Request) { 418 c.RequireUserId() 419 if c.Err != nil { 420 return 421 } 422 userID := c.Params.UserId 423 limit := c.Params.PerPage 424 offset := c.Params.Page * limit 425 426 if userID != c.AppContext.Session().UserId && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) { 427 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 428 return 429 } 430 431 policies, err := c.App.GetChannelPoliciesForUser(userID, offset, limit) 432 if err != nil { 433 c.Err = err 434 return 435 } 436 437 w.Write(policies.ToJson()) 438 }