github.com/qichengzx/mattermost-server@v4.5.1-0.20180604164826-2c75247c97d0+incompatible/api4/channel.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/mlog" 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitChannel() { 14 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST") 15 api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST") 16 api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST") 17 api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST") 18 api.BaseRoutes.Channels.Handle("/{channel_id:[A-Za-z0-9]+}/scheme", api.ApiSessionRequired(updateChannelScheme)).Methods("PUT") 19 20 api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET") 21 api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET") 22 api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST") 23 api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST") 24 api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET") 25 api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET") 26 27 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET") 28 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT") 29 api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT") 30 api.BaseRoutes.Channel.Handle("/convert", api.ApiSessionRequired(convertChannelToPrivate)).Methods("POST") 31 api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST") 32 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE") 33 api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET") 34 api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET") 35 36 api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET") 37 38 api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET") 39 api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") 40 41 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET") 42 api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST") 43 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST") 44 api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET") 45 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET") 46 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE") 47 api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") 48 api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT") 49 } 50 51 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 52 channel := model.ChannelFromJson(r.Body) 53 if channel == nil { 54 c.SetInvalidParam("channel") 55 return 56 } 57 58 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 59 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 60 return 61 } 62 63 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 64 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 65 return 66 } 67 68 if sc, err := c.App.CreateChannelWithUser(channel, c.Session.UserId); err != nil { 69 c.Err = err 70 return 71 } else { 72 c.LogAudit("name=" + channel.Name) 73 w.WriteHeader(http.StatusCreated) 74 w.Write([]byte(sc.ToJson())) 75 } 76 } 77 78 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 79 c.RequireChannelId() 80 if c.Err != nil { 81 return 82 } 83 84 channel := model.ChannelFromJson(r.Body) 85 86 if channel == nil { 87 c.SetInvalidParam("channel") 88 return 89 } 90 91 var oldChannel *model.Channel 92 var err *model.AppError 93 if oldChannel, err = c.App.GetChannel(channel.Id); err != nil { 94 c.Err = err 95 return 96 } 97 98 if _, err = c.App.GetChannelMember(channel.Id, c.Session.UserId); err != nil { 99 c.Err = err 100 return 101 } 102 103 if !CanManageChannel(c, channel) { 104 return 105 } 106 107 if oldChannel.DeleteAt > 0 { 108 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 109 return 110 } 111 112 if oldChannel.Name == model.DEFAULT_CHANNEL { 113 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 114 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 115 return 116 } 117 } 118 119 oldChannel.Header = channel.Header 120 oldChannel.Purpose = channel.Purpose 121 122 oldChannelDisplayName := oldChannel.DisplayName 123 124 if len(channel.DisplayName) > 0 { 125 oldChannel.DisplayName = channel.DisplayName 126 } 127 128 if len(channel.Name) > 0 { 129 oldChannel.Name = channel.Name 130 } 131 132 if len(channel.Type) > 0 { 133 oldChannel.Type = channel.Type 134 } 135 136 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 137 c.Err = err 138 return 139 } else { 140 if oldChannelDisplayName != channel.DisplayName { 141 if err := c.App.PostUpdateChannelDisplayNameMessage(c.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 142 mlog.Error(err.Error()) 143 } 144 } 145 146 c.LogAudit("name=" + channel.Name) 147 w.Write([]byte(oldChannel.ToJson())) 148 } 149 } 150 151 func convertChannelToPrivate(c *Context, w http.ResponseWriter, r *http.Request) { 152 c.RequireChannelId() 153 if c.Err != nil { 154 return 155 } 156 157 oldPublicChannel, err := c.App.GetChannel(c.Params.ChannelId) 158 if err != nil { 159 c.Err = err 160 return 161 } else if !c.App.SessionHasPermissionToTeam(c.Session, oldPublicChannel.TeamId, model.PERMISSION_MANAGE_TEAM) { 162 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 163 return 164 } else if oldPublicChannel.Type == model.CHANNEL_PRIVATE { 165 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.private_channel_error", nil, "", http.StatusBadRequest) 166 return 167 } else if oldPublicChannel.Name == model.DEFAULT_CHANNEL { 168 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.default_channel_error", nil, "", http.StatusBadRequest) 169 return 170 } 171 172 var user *model.User 173 if user, err = c.App.GetUser(c.Session.UserId); err != nil { 174 c.Err = err 175 return 176 } 177 178 oldPublicChannel.Type = model.CHANNEL_PRIVATE 179 180 if rchannel, err := c.App.UpdateChannelPrivacy(oldPublicChannel, user); err != nil { 181 c.Err = err 182 return 183 } else { 184 c.LogAudit("name=" + rchannel.Name) 185 w.Write([]byte(rchannel.ToJson())) 186 } 187 } 188 189 func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { 190 c.RequireChannelId() 191 if c.Err != nil { 192 return 193 } 194 195 patch := model.ChannelPatchFromJson(r.Body) 196 if patch == nil { 197 c.SetInvalidParam("channel") 198 return 199 } 200 201 oldChannel, err := c.App.GetChannel(c.Params.ChannelId) 202 if err != nil { 203 c.Err = err 204 return 205 } 206 207 if !CanManageChannel(c, oldChannel) { 208 return 209 } 210 211 if rchannel, err := c.App.PatchChannel(oldChannel, patch, c.Session.UserId); err != nil { 212 c.Err = err 213 return 214 } else { 215 c.LogAudit("") 216 w.Write([]byte(rchannel.ToJson())) 217 } 218 } 219 220 func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { 221 c.RequireChannelId() 222 if c.Err != nil { 223 return 224 } 225 226 var channel *model.Channel 227 var err *model.AppError 228 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 229 c.Err = err 230 return 231 } 232 teamId := channel.TeamId 233 234 if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) { 235 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 236 return 237 } 238 239 channel, err = c.App.RestoreChannel(channel) 240 if err != nil { 241 c.Err = err 242 return 243 } 244 245 c.LogAudit("name=" + channel.Name) 246 w.Write([]byte(channel.ToJson())) 247 248 } 249 250 func CanManageChannel(c *Context, channel *model.Channel) bool { 251 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 252 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 253 return false 254 } 255 256 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 257 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 258 return false 259 } 260 261 return true 262 } 263 264 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 265 userIds := model.ArrayFromJson(r.Body) 266 allowed := false 267 268 if len(userIds) != 2 { 269 c.SetInvalidParam("user_ids") 270 return 271 } 272 273 for _, id := range userIds { 274 if len(id) != 26 { 275 c.SetInvalidParam("user_id") 276 return 277 } 278 if id == c.Session.UserId { 279 allowed = true 280 } 281 } 282 283 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 284 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 285 return 286 } 287 288 if !allowed && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 289 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 290 return 291 } 292 293 if sc, err := c.App.CreateDirectChannel(userIds[0], userIds[1]); err != nil { 294 c.Err = err 295 return 296 } else { 297 w.WriteHeader(http.StatusCreated) 298 w.Write([]byte(sc.ToJson())) 299 } 300 } 301 302 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 303 userIds := model.ArrayFromJson(r.Body) 304 305 if len(userIds) == 0 { 306 c.SetInvalidParam("user_ids") 307 return 308 } 309 310 found := false 311 for _, id := range userIds { 312 if len(id) != 26 { 313 c.SetInvalidParam("user_id") 314 return 315 } 316 if id == c.Session.UserId { 317 found = true 318 } 319 } 320 321 if !found { 322 userIds = append(userIds, c.Session.UserId) 323 } 324 325 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 326 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 327 return 328 } 329 330 if groupChannel, err := c.App.CreateGroupChannel(userIds, c.Session.UserId); err != nil { 331 c.Err = err 332 return 333 } else { 334 w.WriteHeader(http.StatusCreated) 335 w.Write([]byte(groupChannel.ToJson())) 336 } 337 } 338 339 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 340 c.RequireChannelId() 341 if c.Err != nil { 342 return 343 } 344 345 channel, err := c.App.GetChannel(c.Params.ChannelId) 346 if err != nil { 347 c.Err = err 348 return 349 } 350 351 if channel.Type == model.CHANNEL_OPEN { 352 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 353 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 354 return 355 } 356 } else { 357 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 358 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 359 return 360 } 361 } 362 363 w.Write([]byte(channel.ToJson())) 364 } 365 366 func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { 367 c.RequireChannelId().RequireUserId() 368 if c.Err != nil { 369 return 370 } 371 372 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 373 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 374 return 375 } 376 377 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 378 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 379 return 380 } 381 382 channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId) 383 if err != nil { 384 c.Err = err 385 return 386 } 387 388 w.Write([]byte(channelUnread.ToJson())) 389 } 390 391 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 392 c.RequireChannelId() 393 if c.Err != nil { 394 return 395 } 396 397 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 398 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 399 return 400 } 401 402 memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId) 403 404 if err != nil { 405 c.Err = err 406 return 407 } 408 409 stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount} 410 w.Write([]byte(stats.ToJson())) 411 } 412 413 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 414 c.RequireChannelId() 415 if c.Err != nil { 416 return 417 } 418 419 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 420 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 421 return 422 } 423 424 if posts, err := c.App.GetPinnedPosts(c.Params.ChannelId); err != nil { 425 c.Err = err 426 return 427 } else if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) { 428 return 429 } else { 430 w.Header().Set(model.HEADER_ETAG_SERVER, posts.Etag()) 431 w.Write([]byte(c.App.PostListWithProxyAddedToImageURLs(posts).ToJson())) 432 } 433 } 434 435 func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 436 c.RequireTeamId() 437 if c.Err != nil { 438 return 439 } 440 441 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 442 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 443 return 444 } 445 446 if channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 447 c.Err = err 448 return 449 } else { 450 w.Write([]byte(channels.ToJson())) 451 return 452 } 453 } 454 455 func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 456 c.RequireTeamId() 457 if c.Err != nil { 458 return 459 } 460 461 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 462 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 463 return 464 } 465 466 if channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { 467 c.Err = err 468 return 469 } else { 470 w.Write([]byte(channels.ToJson())) 471 return 472 } 473 } 474 475 func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 476 c.RequireTeamId() 477 if c.Err != nil { 478 return 479 } 480 481 channelIds := model.ArrayFromJson(r.Body) 482 if len(channelIds) == 0 { 483 c.SetInvalidParam("channel_ids") 484 return 485 } 486 487 for _, cid := range channelIds { 488 if len(cid) != 26 { 489 c.SetInvalidParam("channel_id") 490 return 491 } 492 } 493 494 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 495 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 496 return 497 } 498 499 if channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds); err != nil { 500 c.Err = err 501 return 502 } else { 503 w.Write([]byte(channels.ToJson())) 504 } 505 } 506 507 func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 508 c.RequireUserId().RequireTeamId() 509 if c.Err != nil { 510 return 511 } 512 513 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 514 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 515 return 516 } 517 518 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 519 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 520 return 521 } 522 523 if channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId); err != nil { 524 c.Err = err 525 return 526 } else if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 527 return 528 } else { 529 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 530 w.Write([]byte(channels.ToJson())) 531 } 532 } 533 534 func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 535 c.RequireTeamId() 536 if c.Err != nil { 537 return 538 } 539 540 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 541 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 542 return 543 } 544 545 name := r.URL.Query().Get("name") 546 547 if channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name); err != nil { 548 c.Err = err 549 return 550 } else { 551 w.Write([]byte(channels.ToJson())) 552 } 553 } 554 555 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 556 c.RequireTeamId() 557 if c.Err != nil { 558 return 559 } 560 561 props := model.ChannelSearchFromJson(r.Body) 562 if props == nil { 563 c.SetInvalidParam("channel_search") 564 return 565 } 566 567 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 568 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 569 return 570 } 571 572 if channels, err := c.App.SearchChannels(c.Params.TeamId, props.Term); err != nil { 573 c.Err = err 574 return 575 } else { 576 w.Write([]byte(channels.ToJson())) 577 } 578 } 579 580 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 581 c.RequireChannelId() 582 if c.Err != nil { 583 return 584 } 585 586 var channel *model.Channel 587 var err *model.AppError 588 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 589 c.Err = err 590 return 591 } 592 593 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 594 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 595 return 596 } 597 598 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 599 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 600 return 601 } 602 603 err = c.App.DeleteChannel(channel, c.Session.UserId) 604 if err != nil { 605 c.Err = err 606 return 607 } 608 609 c.LogAudit("name=" + channel.Name) 610 611 ReturnStatusOK(w) 612 } 613 614 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 615 c.RequireTeamId().RequireChannelName() 616 if c.Err != nil { 617 return 618 } 619 620 var channel *model.Channel 621 var err *model.AppError 622 623 if channel, err = c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId); err != nil { 624 c.Err = err 625 return 626 } 627 628 if channel.Type == model.CHANNEL_OPEN { 629 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 630 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 631 return 632 } 633 } else { 634 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 635 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 636 return 637 } 638 } 639 640 w.Write([]byte(channel.ToJson())) 641 } 642 643 func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { 644 c.RequireTeamName().RequireChannelName() 645 if c.Err != nil { 646 return 647 } 648 649 var channel *model.Channel 650 var err *model.AppError 651 652 if channel, err = c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName); err != nil { 653 c.Err = err 654 return 655 } 656 657 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 658 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 659 return 660 } 661 662 w.Write([]byte(channel.ToJson())) 663 } 664 665 func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 666 c.RequireChannelId() 667 if c.Err != nil { 668 return 669 } 670 671 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 672 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 673 return 674 } 675 676 if members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage); err != nil { 677 c.Err = err 678 return 679 } else { 680 w.Write([]byte(members.ToJson())) 681 } 682 } 683 684 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 685 c.RequireChannelId() 686 if c.Err != nil { 687 return 688 } 689 690 userIds := model.ArrayFromJson(r.Body) 691 if len(userIds) == 0 { 692 c.SetInvalidParam("user_ids") 693 return 694 } 695 696 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 697 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 698 return 699 } 700 701 if members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds); err != nil { 702 c.Err = err 703 return 704 } else { 705 w.Write([]byte(members.ToJson())) 706 } 707 } 708 709 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 710 c.RequireChannelId().RequireUserId() 711 if c.Err != nil { 712 return 713 } 714 715 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 716 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 717 return 718 } 719 720 if member, err := c.App.GetChannelMember(c.Params.ChannelId, c.Params.UserId); err != nil { 721 c.Err = err 722 return 723 } else { 724 w.Write([]byte(member.ToJson())) 725 } 726 } 727 728 func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 729 c.RequireUserId().RequireTeamId() 730 if c.Err != nil { 731 return 732 } 733 734 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 735 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 736 return 737 } 738 739 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { 740 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 741 return 742 } 743 744 if members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId); err != nil { 745 c.Err = err 746 return 747 } else { 748 w.Write([]byte(members.ToJson())) 749 } 750 } 751 752 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 753 c.RequireUserId() 754 if c.Err != nil { 755 return 756 } 757 758 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 759 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 760 return 761 } 762 763 view := model.ChannelViewFromJson(r.Body) 764 if view == nil { 765 c.SetInvalidParam("channel_view") 766 return 767 } 768 769 times, err := c.App.ViewChannel(view, c.Params.UserId, !c.Session.IsMobileApp()) 770 771 if err != nil { 772 c.Err = err 773 return 774 } 775 776 c.App.UpdateLastActivityAtIfNeeded(c.Session) 777 778 // Returning {"status": "OK", ...} for backwards compatibility 779 resp := &model.ChannelViewResponse{ 780 Status: "OK", 781 LastViewedAtTimes: times, 782 } 783 784 w.Write([]byte(resp.ToJson())) 785 } 786 787 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 788 c.RequireChannelId().RequireUserId() 789 if c.Err != nil { 790 return 791 } 792 793 props := model.MapFromJson(r.Body) 794 795 newRoles := props["roles"] 796 if !(model.IsValidUserRoles(newRoles)) { 797 c.SetInvalidParam("roles") 798 return 799 } 800 801 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 802 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 803 return 804 } 805 806 if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { 807 c.Err = err 808 return 809 } 810 811 ReturnStatusOK(w) 812 } 813 814 func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 815 c.RequireChannelId().RequireUserId() 816 if c.Err != nil { 817 return 818 } 819 820 props := model.MapFromJson(r.Body) 821 if props == nil { 822 c.SetInvalidParam("notify_props") 823 return 824 } 825 826 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 827 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 828 return 829 } 830 831 _, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId) 832 if err != nil { 833 c.Err = err 834 return 835 } 836 837 ReturnStatusOK(w) 838 } 839 840 func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 841 c.RequireChannelId() 842 if c.Err != nil { 843 return 844 } 845 846 props := model.StringInterfaceFromJson(r.Body) 847 userId, ok := props["user_id"].(string) 848 if !ok || len(userId) != 26 { 849 c.SetInvalidParam("user_id") 850 return 851 } 852 853 member := &model.ChannelMember{ 854 ChannelId: c.Params.ChannelId, 855 UserId: userId, 856 } 857 858 postRootId, ok := props["post_root_id"].(string) 859 if ok && len(postRootId) != 0 && len(postRootId) != 26 { 860 c.SetInvalidParam("post_root_id") 861 return 862 } 863 864 var err *model.AppError 865 if ok && len(postRootId) == 26 { 866 if rootPost, err := c.App.GetSinglePost(postRootId); err != nil { 867 c.Err = err 868 return 869 } else if rootPost.ChannelId != member.ChannelId { 870 c.SetInvalidParam("post_root_id") 871 return 872 } 873 } 874 875 var channel *model.Channel 876 if channel, err = c.App.GetChannel(member.ChannelId); err != nil { 877 c.Err = err 878 return 879 } 880 881 // Check join permission if adding yourself, otherwise check manage permission 882 if channel.Type == model.CHANNEL_OPEN { 883 if member.UserId == c.Session.UserId { 884 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 885 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 886 return 887 } 888 } else { 889 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 890 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 891 return 892 } 893 } 894 } 895 896 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 897 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 898 return 899 } 900 901 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 902 c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) 903 return 904 } 905 906 if cm, err := c.App.AddChannelMember(member.UserId, channel, c.Session.UserId, postRootId); err != nil { 907 c.Err = err 908 return 909 } else { 910 c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId) 911 w.WriteHeader(http.StatusCreated) 912 w.Write([]byte(cm.ToJson())) 913 } 914 } 915 916 func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 917 c.RequireChannelId().RequireUserId() 918 if c.Err != nil { 919 return 920 } 921 922 var channel *model.Channel 923 var err *model.AppError 924 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 925 c.Err = err 926 return 927 } 928 929 if c.Params.UserId != c.Session.UserId { 930 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 931 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 932 return 933 } 934 935 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 936 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 937 return 938 } 939 } 940 941 if err = c.App.RemoveUserFromChannel(c.Params.UserId, c.Session.UserId, channel); err != nil { 942 c.Err = err 943 return 944 } 945 946 c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) 947 948 ReturnStatusOK(w) 949 } 950 951 func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) { 952 c.RequireChannelId() 953 if c.Err != nil { 954 return 955 } 956 957 schemeID := model.SchemeIDFromJson(r.Body) 958 if schemeID == nil || len(*schemeID) != 26 { 959 c.SetInvalidParam("scheme_id") 960 return 961 } 962 963 if c.App.License() == nil { 964 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusNotImplemented) 965 return 966 } 967 968 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_SYSTEM) { 969 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 970 return 971 } 972 973 scheme, err := c.App.GetScheme(*schemeID) 974 if err != nil { 975 c.Err = err 976 return 977 } 978 979 if scheme.Scope != model.SCHEME_SCOPE_CHANNEL { 980 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.scheme_scope.error", nil, "", http.StatusBadRequest) 981 return 982 } 983 984 channel, err := c.App.GetChannel(c.Params.ChannelId) 985 if err != nil { 986 c.Err = err 987 return 988 } 989 990 channel.SchemeId = &scheme.Id 991 992 _, err = c.App.UpdateChannelScheme(channel) 993 if err != nil { 994 c.Err = err 995 return 996 } 997 998 ReturnStatusOK(w) 999 }