github.com/psyb0t/mattermost-server@v4.6.1-0.20180125161845-5503a1351abf+incompatible/api/channel.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api 5 6 import ( 7 "net/http" 8 "strconv" 9 10 l4g "github.com/alecthomas/log4go" 11 "github.com/gorilla/mux" 12 "github.com/mattermost/mattermost-server/model" 13 "github.com/mattermost/mattermost-server/utils" 14 ) 15 16 func (api *API) InitChannel() { 17 api.BaseRoutes.Channels.Handle("/", api.ApiUserRequired(getChannels)).Methods("GET") 18 api.BaseRoutes.Channels.Handle("/more/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getMoreChannelsPage)).Methods("GET") 19 api.BaseRoutes.Channels.Handle("/more/search", api.ApiUserRequired(searchMoreChannels)).Methods("POST") 20 api.BaseRoutes.Channels.Handle("/counts", api.ApiUserRequired(getChannelCounts)).Methods("GET") 21 api.BaseRoutes.Channels.Handle("/members", api.ApiUserRequired(getMyChannelMembers)).Methods("GET") 22 api.BaseRoutes.Channels.Handle("/create", api.ApiUserRequired(createChannel)).Methods("POST") 23 api.BaseRoutes.Channels.Handle("/view", api.ApiUserRequired(viewChannel)).Methods("POST") 24 api.BaseRoutes.Channels.Handle("/create_direct", api.ApiUserRequired(createDirectChannel)).Methods("POST") 25 api.BaseRoutes.Channels.Handle("/create_group", api.ApiUserRequired(createGroupChannel)).Methods("POST") 26 api.BaseRoutes.Channels.Handle("/update", api.ApiUserRequired(updateChannel)).Methods("POST") 27 api.BaseRoutes.Channels.Handle("/update_header", api.ApiUserRequired(updateChannelHeader)).Methods("POST") 28 api.BaseRoutes.Channels.Handle("/update_purpose", api.ApiUserRequired(updateChannelPurpose)).Methods("POST") 29 api.BaseRoutes.Channels.Handle("/update_notify_props", api.ApiUserRequired(updateNotifyProps)).Methods("POST") 30 api.BaseRoutes.Channels.Handle("/autocomplete", api.ApiUserRequired(autocompleteChannels)).Methods("GET") 31 api.BaseRoutes.Channels.Handle("/name/{channel_name:[A-Za-z0-9_-]+}", api.ApiUserRequired(getChannelByName)).Methods("GET") 32 33 api.BaseRoutes.NeedChannelName.Handle("/join", api.ApiUserRequired(join)).Methods("POST") 34 35 api.BaseRoutes.NeedChannel.Handle("/", api.ApiUserRequired(getChannel)).Methods("GET") 36 api.BaseRoutes.NeedChannel.Handle("/stats", api.ApiUserRequired(getChannelStats)).Methods("GET") 37 api.BaseRoutes.NeedChannel.Handle("/members/{user_id:[A-Za-z0-9]+}", api.ApiUserRequired(getChannelMember)).Methods("GET") 38 api.BaseRoutes.NeedChannel.Handle("/members/ids", api.ApiUserRequired(getChannelMembersByIds)).Methods("POST") 39 api.BaseRoutes.NeedChannel.Handle("/pinned", api.ApiUserRequired(getPinnedPosts)).Methods("GET") 40 api.BaseRoutes.NeedChannel.Handle("/join", api.ApiUserRequired(join)).Methods("POST") 41 api.BaseRoutes.NeedChannel.Handle("/leave", api.ApiUserRequired(leave)).Methods("POST") 42 api.BaseRoutes.NeedChannel.Handle("/delete", api.ApiUserRequired(deleteChannel)).Methods("POST") 43 api.BaseRoutes.NeedChannel.Handle("/add", api.ApiUserRequired(addMember)).Methods("POST") 44 api.BaseRoutes.NeedChannel.Handle("/remove", api.ApiUserRequired(removeMember)).Methods("POST") 45 api.BaseRoutes.NeedChannel.Handle("/update_member_roles", api.ApiUserRequired(updateChannelMemberRoles)).Methods("POST") 46 } 47 48 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 49 channel := model.ChannelFromJson(r.Body) 50 if channel == nil { 51 c.SetInvalidParam("createChannel", "channel") 52 return 53 } 54 55 if len(channel.TeamId) == 0 { 56 channel.TeamId = c.TeamId 57 } 58 59 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 60 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 61 return 62 } 63 64 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 65 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 66 return 67 } 68 69 if sc, err := c.App.CreateChannelWithUser(channel, c.Session.UserId); err != nil { 70 c.Err = err 71 return 72 } else { 73 c.LogAudit("name=" + channel.Name) 74 w.Write([]byte(sc.ToJson())) 75 } 76 } 77 78 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 79 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 80 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 81 return 82 } 83 84 data := model.MapFromJson(r.Body) 85 86 userId := data["user_id"] 87 if len(userId) != 26 { 88 c.SetInvalidParam("createDirectChannel", "user_id") 89 return 90 } 91 92 if sc, err := c.App.CreateDirectChannel(c.Session.UserId, userId); err != nil { 93 c.Err = err 94 return 95 } else { 96 w.Write([]byte(sc.ToJson())) 97 } 98 } 99 100 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 101 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 102 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 103 return 104 } 105 106 userIds := model.ArrayFromJson(r.Body) 107 if len(userIds) == 0 { 108 c.SetInvalidParam("createGroupChannel", "user_ids") 109 return 110 } 111 112 found := false 113 for _, id := range userIds { 114 if id == c.Session.UserId { 115 found = true 116 break 117 } 118 } 119 120 if !found { 121 userIds = append(userIds, c.Session.UserId) 122 } 123 124 if sc, err := c.App.CreateGroupChannel(userIds, c.Session.UserId); err != nil { 125 c.Err = err 126 return 127 } else { 128 w.Write([]byte(sc.ToJson())) 129 } 130 } 131 132 func CanManageChannel(c *Context, channel *model.Channel) bool { 133 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 134 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 135 return false 136 } 137 138 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 139 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 140 return false 141 } 142 143 return true 144 } 145 146 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 147 148 channel := model.ChannelFromJson(r.Body) 149 150 if channel == nil { 151 c.SetInvalidParam("updateChannel", "channel") 152 return 153 } 154 155 var oldChannel *model.Channel 156 var err *model.AppError 157 if oldChannel, err = c.App.GetChannel(channel.Id); err != nil { 158 c.Err = err 159 return 160 } 161 162 if _, err = c.App.GetChannelMember(channel.Id, c.Session.UserId); err != nil { 163 c.Err = err 164 return 165 } 166 167 if !CanManageChannel(c, channel) { 168 return 169 } 170 171 if oldChannel.DeleteAt > 0 { 172 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 173 return 174 } 175 176 if oldChannel.Name == model.DEFAULT_CHANNEL { 177 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 178 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 179 return 180 } 181 } 182 183 oldChannel.Header = channel.Header 184 oldChannel.Purpose = channel.Purpose 185 186 oldChannelDisplayName := oldChannel.DisplayName 187 188 if len(channel.DisplayName) > 0 { 189 oldChannel.DisplayName = channel.DisplayName 190 } 191 192 if len(channel.Name) > 0 { 193 oldChannel.Name = channel.Name 194 } 195 196 if len(channel.Type) > 0 { 197 oldChannel.Type = channel.Type 198 } 199 200 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 201 c.Err = err 202 return 203 } else { 204 if oldChannelDisplayName != channel.DisplayName { 205 if err := c.App.PostUpdateChannelDisplayNameMessage(c.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 206 l4g.Error(err.Error()) 207 } 208 } 209 c.LogAudit("name=" + channel.Name) 210 w.Write([]byte(oldChannel.ToJson())) 211 } 212 213 } 214 215 func updateChannelHeader(c *Context, w http.ResponseWriter, r *http.Request) { 216 217 props := model.MapFromJson(r.Body) 218 channelId := props["channel_id"] 219 if len(channelId) != 26 { 220 c.SetInvalidParam("updateChannelHeader", "channel_id") 221 return 222 } 223 224 channelHeader := props["channel_header"] 225 if len(channelHeader) > 1024 { 226 c.SetInvalidParam("updateChannelHeader", "channel_header") 227 return 228 } 229 230 var channel *model.Channel 231 var err *model.AppError 232 if channel, err = c.App.GetChannel(channelId); err != nil { 233 c.Err = err 234 return 235 } 236 237 if _, err = c.App.GetChannelMember(channelId, c.Session.UserId); err != nil { 238 c.Err = err 239 return 240 } 241 242 if !CanManageChannel(c, channel) { 243 return 244 } 245 246 oldChannelHeader := channel.Header 247 channel.Header = channelHeader 248 249 if _, err := c.App.UpdateChannel(channel); err != nil { 250 c.Err = err 251 return 252 } else { 253 if err := c.App.PostUpdateChannelHeaderMessage(c.Session.UserId, channel, oldChannelHeader, channelHeader); err != nil { 254 l4g.Error(err.Error()) 255 } 256 c.LogAudit("name=" + channel.Name) 257 w.Write([]byte(channel.ToJson())) 258 } 259 } 260 261 func updateChannelPurpose(c *Context, w http.ResponseWriter, r *http.Request) { 262 263 props := model.MapFromJson(r.Body) 264 channelId := props["channel_id"] 265 if len(channelId) != 26 { 266 c.SetInvalidParam("updateChannelPurpose", "channel_id") 267 return 268 } 269 270 channelPurpose := props["channel_purpose"] 271 if len(channelPurpose) > 1024 { 272 c.SetInvalidParam("updateChannelPurpose", "channel_purpose") 273 return 274 } 275 276 var channel *model.Channel 277 var err *model.AppError 278 if channel, err = c.App.GetChannel(channelId); err != nil { 279 c.Err = err 280 return 281 } 282 283 if _, err = c.App.GetChannelMember(channelId, c.Session.UserId); err != nil { 284 c.Err = err 285 return 286 } 287 288 if !CanManageChannel(c, channel) { 289 return 290 } 291 292 oldChannelPurpose := channel.Purpose 293 channel.Purpose = channelPurpose 294 295 if _, err := c.App.UpdateChannel(channel); err != nil { 296 c.Err = err 297 return 298 } else { 299 if err := c.App.PostUpdateChannelPurposeMessage(c.Session.UserId, channel, oldChannelPurpose, channelPurpose); err != nil { 300 l4g.Error(err.Error()) 301 } 302 c.LogAudit("name=" + channel.Name) 303 w.Write([]byte(channel.ToJson())) 304 } 305 } 306 307 func getChannels(c *Context, w http.ResponseWriter, r *http.Request) { 308 if c.TeamId == "" { 309 c.Err = model.NewAppError("", "api.context.missing_teamid.app_error", nil, "TeamIdRequired", http.StatusBadRequest) 310 return 311 } 312 // user is already in the team 313 // Get's all channels the user is a member of 314 315 if channels, err := c.App.GetChannelsForUser(c.TeamId, c.Session.UserId); err != nil { 316 if err.Id == "store.sql_channel.get_channels.not_found.app_error" { 317 // lets make sure the user is valid 318 if _, err := c.App.GetUser(c.Session.UserId); err != nil { 319 c.Err = err 320 c.RemoveSessionCookie(w, r) 321 l4g.Error(utils.T("api.channel.get_channels.error"), c.Session.UserId) 322 return 323 } 324 } 325 c.Err = err 326 return 327 } else if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 328 return 329 } else { 330 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 331 w.Write([]byte(channels.ToJson())) 332 } 333 } 334 335 func getMoreChannelsPage(c *Context, w http.ResponseWriter, r *http.Request) { 336 params := mux.Vars(r) 337 338 offset, err := strconv.Atoi(params["offset"]) 339 if err != nil { 340 c.SetInvalidParam("getProfiles", "offset") 341 return 342 } 343 344 limit, err := strconv.Atoi(params["limit"]) 345 if err != nil { 346 c.SetInvalidParam("getProfiles", "limit") 347 return 348 } 349 350 // user is already in the team 351 if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 352 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 353 return 354 } 355 356 if channels, err := c.App.GetChannelsUserNotIn(c.TeamId, c.Session.UserId, offset, limit); err != nil { 357 c.Err = err 358 return 359 } else { 360 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 361 w.Write([]byte(channels.ToJson())) 362 } 363 } 364 365 func getChannelCounts(c *Context, w http.ResponseWriter, r *http.Request) { 366 367 // user is already in the team 368 369 if counts, err := c.App.GetChannelCounts(c.TeamId, c.Session.UserId); err != nil { 370 c.Err = model.NewAppError("getChannelCounts", "api.channel.get_channel_counts.app_error", nil, err.Message, http.StatusInternalServerError) 371 return 372 } else if c.HandleEtag(counts.Etag(), "Get Channel Counts", w, r) { 373 return 374 } else { 375 w.Header().Set(model.HEADER_ETAG_SERVER, counts.Etag()) 376 w.Write([]byte(counts.ToJson())) 377 } 378 } 379 380 func join(c *Context, w http.ResponseWriter, r *http.Request) { 381 382 params := mux.Vars(r) 383 channelId := params["channel_id"] 384 channelName := params["channel_name"] 385 386 var channel *model.Channel 387 var err *model.AppError 388 if channelId != "" { 389 channel, err = c.App.GetChannel(channelId) 390 } else if channelName != "" { 391 channel, err = c.App.GetChannelByName(channelName, c.TeamId) 392 } else { 393 c.SetInvalidParam("join", "channel_id, channel_name") 394 return 395 } 396 397 if err != nil { 398 c.Err = err 399 return 400 } 401 402 if channel.Type == model.CHANNEL_OPEN { 403 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 404 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 405 return 406 } 407 } 408 409 if err = c.App.JoinChannel(channel, c.Session.UserId); err != nil { 410 c.Err = err 411 return 412 } 413 414 w.Write([]byte(channel.ToJson())) 415 } 416 417 func leave(c *Context, w http.ResponseWriter, r *http.Request) { 418 419 params := mux.Vars(r) 420 id := params["channel_id"] 421 422 err := c.App.LeaveChannel(id, c.Session.UserId) 423 if err != nil { 424 c.Err = err 425 return 426 } 427 428 result := make(map[string]string) 429 result["id"] = id 430 w.Write([]byte(model.MapToJson(result))) 431 } 432 433 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 434 435 params := mux.Vars(r) 436 id := params["channel_id"] 437 438 var channel *model.Channel 439 var err *model.AppError 440 if channel, err = c.App.GetChannel(id); err != nil { 441 c.Err = err 442 return 443 } 444 445 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 446 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 447 return 448 } 449 450 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 451 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 452 return 453 } 454 455 err = c.App.DeleteChannel(channel, c.Session.UserId) 456 if err != nil { 457 c.Err = err 458 return 459 } 460 461 c.LogAudit("name=" + channel.Name) 462 463 result := make(map[string]string) 464 result["id"] = channel.Id 465 w.Write([]byte(model.MapToJson(result))) 466 } 467 468 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 469 params := mux.Vars(r) 470 id := params["channel_id"] 471 472 var channel *model.Channel 473 var err *model.AppError 474 if channel, err = c.App.GetChannel(id); err != nil { 475 c.Err = err 476 return 477 } 478 479 if channel.TeamId != c.TeamId && !channel.IsGroupOrDirect() { 480 c.Err = model.NewAppError("getChannel", "api.channel.get_channel.wrong_team.app_error", map[string]interface{}{"ChannelId": id, "TeamId": c.TeamId}, "", http.StatusBadRequest) 481 return 482 } 483 484 var member *model.ChannelMember 485 if member, err = c.App.GetChannelMember(id, c.Session.UserId); err != nil { 486 c.Err = err 487 return 488 } 489 490 data := &model.ChannelData{} 491 data.Channel = channel 492 data.Member = member 493 494 if c.HandleEtag(data.Etag(), "Get Channel", w, r) { 495 return 496 } else { 497 w.Header().Set(model.HEADER_ETAG_SERVER, data.Etag()) 498 w.Write([]byte(data.ToJson())) 499 } 500 } 501 502 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 503 params := mux.Vars(r) 504 channelName := params["channel_name"] 505 506 if channel, err := c.App.GetChannelByName(channelName, c.TeamId); err != nil { 507 c.Err = err 508 return 509 } else { 510 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 511 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 512 return 513 } 514 515 if channel.TeamId != c.TeamId && !channel.IsGroupOrDirect() { 516 c.Err = model.NewAppError("getChannel", "api.channel.get_channel.wrong_team.app_error", map[string]interface{}{"ChannelName": channelName, "TeamId": c.TeamId}, "", http.StatusBadRequest) 517 return 518 } 519 520 if c.HandleEtag(channel.Etag(), "Get Channel By Name", w, r) { 521 return 522 } else { 523 w.Header().Set(model.HEADER_ETAG_SERVER, channel.Etag()) 524 w.Write([]byte(channel.ToJson())) 525 } 526 } 527 } 528 529 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 530 params := mux.Vars(r) 531 id := params["channel_id"] 532 533 var channel *model.Channel 534 var err *model.AppError 535 if channel, err = c.App.GetChannel(id); err != nil { 536 c.Err = err 537 return 538 } 539 540 if channel.DeleteAt > 0 { 541 c.Err = model.NewAppError("getChannelStats", "api.channel.get_channel_extra_info.deleted.app_error", nil, "", http.StatusBadRequest) 542 return 543 } 544 545 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 546 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 547 return 548 } 549 550 if memberCount, err := c.App.GetChannelMemberCount(id); err != nil { 551 c.Err = err 552 return 553 } else { 554 stats := model.ChannelStats{ChannelId: channel.Id, MemberCount: memberCount} 555 w.Write([]byte(stats.ToJson())) 556 } 557 } 558 559 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 560 params := mux.Vars(r) 561 channelId := params["channel_id"] 562 userId := params["user_id"] 563 564 if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) { 565 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 566 return 567 } 568 569 if member, err := c.App.GetChannelMember(channelId, userId); err != nil { 570 c.Err = err 571 return 572 } else { 573 w.Write([]byte(member.ToJson())) 574 } 575 } 576 577 func getMyChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 578 if members, err := c.App.GetChannelMembersForUser(c.TeamId, c.Session.UserId); err != nil { 579 c.Err = err 580 return 581 } else { 582 w.Write([]byte(members.ToJson())) 583 } 584 } 585 586 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 587 params := mux.Vars(r) 588 channelId := params["channel_id"] 589 590 if result := <-c.App.Srv.Store.Channel().GetPinnedPosts(channelId); result.Err != nil { 591 c.Err = result.Err 592 return 593 } else { 594 posts := result.Data.(*model.PostList) 595 w.Write([]byte(posts.ToJson())) 596 } 597 598 } 599 600 func addMember(c *Context, w http.ResponseWriter, r *http.Request) { 601 params := mux.Vars(r) 602 id := params["channel_id"] 603 604 data := model.MapFromJson(r.Body) 605 userId := data["user_id"] 606 607 if len(userId) != 26 { 608 c.SetInvalidParam("addMember", "user_id") 609 return 610 } 611 612 var channel *model.Channel 613 var err *model.AppError 614 if channel, err = c.App.GetChannel(id); err != nil { 615 c.Err = err 616 return 617 } 618 619 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 620 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 621 return 622 } 623 624 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 625 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 626 return 627 } 628 629 var nUser *model.User 630 if nUser, err = c.App.GetUser(userId); err != nil { 631 c.Err = model.NewAppError("addMember", "api.channel.add_member.find_user.app_error", nil, err.Error(), http.StatusBadRequest) 632 return 633 } 634 635 cm, err := c.App.AddUserToChannel(nUser, channel) 636 if err != nil { 637 c.Err = err 638 return 639 } 640 641 c.LogAudit("name=" + channel.Name + " user_id=" + userId) 642 643 var oUser *model.User 644 if oUser, err = c.App.GetUser(c.Session.UserId); err != nil { 645 c.Err = model.NewAppError("addMember", "api.channel.add_member.user_adding.app_error", nil, err.Error(), http.StatusInternalServerError) 646 return 647 } 648 649 c.App.Go(func() { 650 c.App.PostAddToChannelMessage(oUser, nUser, channel, "") 651 }) 652 653 c.App.UpdateChannelLastViewedAt([]string{id}, oUser.Id) 654 w.Write([]byte(cm.ToJson())) 655 } 656 657 func removeMember(c *Context, w http.ResponseWriter, r *http.Request) { 658 params := mux.Vars(r) 659 channelId := params["channel_id"] 660 661 data := model.MapFromJson(r.Body) 662 userIdToRemove := data["user_id"] 663 664 if len(userIdToRemove) != 26 { 665 c.SetInvalidParam("removeMember", "user_id") 666 return 667 } 668 669 var channel *model.Channel 670 var err *model.AppError 671 if channel, err = c.App.GetChannel(channelId); err != nil { 672 c.Err = err 673 return 674 } 675 676 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 677 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 678 return 679 } 680 681 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 682 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 683 return 684 } 685 686 if err = c.App.RemoveUserFromChannel(userIdToRemove, c.Session.UserId, channel); err != nil { 687 c.Err = err 688 return 689 } 690 691 c.LogAudit("name=" + channel.Name + " user_id=" + userIdToRemove) 692 693 result := make(map[string]string) 694 result["channel_id"] = channel.Id 695 result["removed_user_id"] = userIdToRemove 696 w.Write([]byte(model.MapToJson(result))) 697 } 698 699 func updateNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 700 data := model.MapFromJson(r.Body) 701 702 userId := data["user_id"] 703 if len(userId) != 26 { 704 c.SetInvalidParam("updateNotifyProps", "user_id") 705 return 706 } 707 708 channelId := data["channel_id"] 709 if len(channelId) != 26 { 710 c.SetInvalidParam("updateNotifyProps", "channel_id") 711 return 712 } 713 714 if !c.App.SessionHasPermissionToUser(c.Session, userId) { 715 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 716 return 717 } 718 719 member, err := c.App.UpdateChannelMemberNotifyProps(data, channelId, userId) 720 if err != nil { 721 c.Err = err 722 return 723 } 724 725 w.Write([]byte(model.MapToJson(member.NotifyProps))) 726 } 727 728 func searchMoreChannels(c *Context, w http.ResponseWriter, r *http.Request) { 729 props := model.ChannelSearchFromJson(r.Body) 730 if props == nil { 731 c.SetInvalidParam("searchMoreChannels", "") 732 return 733 } 734 735 if c.Session.GetTeamByTeamId(c.TeamId) == nil { 736 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 737 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 738 return 739 } 740 } 741 742 if len(props.Term) == 0 { 743 c.SetInvalidParam("searchMoreChannels", "term") 744 return 745 } 746 747 if channels, err := c.App.SearchChannelsUserNotIn(c.TeamId, c.Session.UserId, props.Term); err != nil { 748 c.Err = err 749 return 750 } else { 751 w.Write([]byte(channels.ToJson())) 752 } 753 } 754 755 func autocompleteChannels(c *Context, w http.ResponseWriter, r *http.Request) { 756 term := r.URL.Query().Get("term") 757 758 if c.Session.GetTeamByTeamId(c.TeamId) == nil { 759 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 760 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 761 return 762 } 763 } 764 765 if channels, err := c.App.SearchChannels(c.TeamId, term); err != nil { 766 c.Err = err 767 return 768 } else { 769 w.Write([]byte(channels.ToJson())) 770 } 771 772 } 773 774 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 775 view := model.ChannelViewFromJson(r.Body) 776 if view == nil { 777 c.SetInvalidParam("viewChannel", "channel_view") 778 return 779 } 780 781 if _, err := c.App.ViewChannel(view, c.Session.UserId, !c.Session.IsMobileApp()); err != nil { 782 c.Err = err 783 return 784 } 785 786 ReturnStatusOK(w) 787 } 788 789 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 790 params := mux.Vars(r) 791 channelId := params["channel_id"] 792 793 userIds := model.ArrayFromJson(r.Body) 794 if len(userIds) == 0 { 795 c.SetInvalidParam("getChannelMembersByIds", "user_ids") 796 return 797 } 798 799 if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) { 800 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 801 return 802 } 803 804 if members, err := c.App.GetChannelMembersByIds(channelId, userIds); err != nil { 805 c.Err = err 806 return 807 } else { 808 w.Write([]byte(members.ToJson())) 809 } 810 } 811 812 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 813 params := mux.Vars(r) 814 channelId := params["channel_id"] 815 816 props := model.MapFromJson(r.Body) 817 818 userId := props["user_id"] 819 if len(userId) != 26 { 820 c.SetInvalidParam("updateChannelMemberRoles", "user_id") 821 return 822 } 823 824 if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 825 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 826 return 827 } 828 829 newRoles := props["new_roles"] 830 if !(model.IsValidUserRoles(newRoles)) { 831 c.SetInvalidParam("updateChannelMemberRoles", "new_roles") 832 return 833 } 834 835 if _, err := c.App.UpdateChannelMemberRoles(channelId, userId, newRoles); err != nil { 836 c.Err = err 837 return 838 } 839 840 rdata := map[string]string{} 841 rdata["status"] = "ok" 842 w.Write([]byte(model.MapToJson(rdata))) 843 }