github.com/rajatvaryani/mattermost-server@v5.11.1+incompatible/api4/channel.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/mlog" 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitChannel() { 14 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(getAllChannels)).Methods("GET") 15 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST") 16 api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST") 17 api.BaseRoutes.Channels.Handle("/search", api.ApiSessionRequired(searchAllChannels)).Methods("POST") 18 api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST") 19 api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST") 20 api.BaseRoutes.Channels.Handle("/{channel_id:[A-Za-z0-9]+}/scheme", api.ApiSessionRequired(updateChannelScheme)).Methods("PUT") 21 22 api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET") 23 api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET") 24 api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST") 25 api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST") 26 api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET") 27 api.BaseRoutes.ChannelsForTeam.Handle("/search_autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeamForSearch)).Methods("GET") 28 api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET") 29 30 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET") 31 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT") 32 api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT") 33 api.BaseRoutes.Channel.Handle("/convert", api.ApiSessionRequired(convertChannelToPrivate)).Methods("POST") 34 api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST") 35 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE") 36 api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET") 37 api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET") 38 api.BaseRoutes.Channel.Handle("/timezones", api.ApiSessionRequired(getChannelMembersTimezones)).Methods("GET") 39 api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET") 40 41 api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET") 42 api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") 43 44 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET") 45 api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST") 46 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST") 47 api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET") 48 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET") 49 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE") 50 api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") 51 api.BaseRoutes.ChannelMember.Handle("/schemeRoles", api.ApiSessionRequired(updateChannelMemberSchemeRoles)).Methods("PUT") 52 api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT") 53 } 54 55 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 56 channel := model.ChannelFromJson(r.Body) 57 if channel == nil { 58 c.SetInvalidParam("channel") 59 return 60 } 61 62 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 63 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 64 return 65 } 66 67 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 68 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 69 return 70 } 71 72 sc, err := c.App.CreateChannelWithUser(channel, c.App.Session.UserId) 73 if err != nil { 74 c.Err = err 75 return 76 } 77 78 c.LogAudit("name=" + channel.Name) 79 w.WriteHeader(http.StatusCreated) 80 w.Write([]byte(sc.ToJson())) 81 } 82 83 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 84 c.RequireChannelId() 85 if c.Err != nil { 86 return 87 } 88 89 channel := model.ChannelFromJson(r.Body) 90 91 if channel == nil { 92 c.SetInvalidParam("channel") 93 return 94 } 95 96 // The channel being updated in the payload must be the same one as indicated in the URL. 97 if channel.Id != c.Params.ChannelId { 98 c.SetInvalidParam("channel_id") 99 return 100 } 101 102 originalOldChannel, err := c.App.GetChannel(channel.Id) 103 if err != nil { 104 c.Err = err 105 return 106 } 107 oldChannel := originalOldChannel.DeepCopy() 108 109 switch oldChannel.Type { 110 case model.CHANNEL_OPEN: 111 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 112 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 113 return 114 } 115 116 case model.CHANNEL_PRIVATE: 117 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 118 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 119 return 120 } 121 122 // Since the `team_user` role can have PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES out of the box, we must additionally check membership for private channels. 123 if _, memberErr := c.App.GetChannelMember(channel.Id, c.App.Session.UserId); memberErr != nil { 124 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 125 return 126 } 127 128 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 129 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 130 if _, err := c.App.GetChannelMember(channel.Id, c.App.Session.UserId); err != nil { 131 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 132 return 133 } 134 135 default: 136 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 137 return 138 } 139 140 if oldChannel.DeleteAt > 0 { 141 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 142 return 143 } 144 145 if oldChannel.Name == model.DEFAULT_CHANNEL { 146 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 147 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 148 return 149 } 150 } 151 152 oldChannel.Header = channel.Header 153 oldChannel.Purpose = channel.Purpose 154 155 oldChannelDisplayName := oldChannel.DisplayName 156 157 if len(channel.DisplayName) > 0 { 158 oldChannel.DisplayName = channel.DisplayName 159 } 160 161 if len(channel.Name) > 0 { 162 oldChannel.Name = channel.Name 163 } 164 165 if len(channel.Type) > 0 { 166 oldChannel.Type = channel.Type 167 } 168 169 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 170 c.Err = err 171 return 172 } 173 174 if oldChannelDisplayName != channel.DisplayName { 175 if err := c.App.PostUpdateChannelDisplayNameMessage(c.App.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 176 mlog.Error(err.Error()) 177 } 178 } 179 180 c.LogAudit("name=" + channel.Name) 181 w.Write([]byte(oldChannel.ToJson())) 182 } 183 184 func convertChannelToPrivate(c *Context, w http.ResponseWriter, r *http.Request) { 185 c.RequireChannelId() 186 if c.Err != nil { 187 return 188 } 189 190 oldPublicChannel, err := c.App.GetChannel(c.Params.ChannelId) 191 if err != nil { 192 c.Err = err 193 return 194 } 195 196 if !c.App.SessionHasPermissionToTeam(c.App.Session, oldPublicChannel.TeamId, model.PERMISSION_MANAGE_TEAM) { 197 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 198 return 199 } 200 201 if oldPublicChannel.Type == model.CHANNEL_PRIVATE { 202 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.private_channel_error", nil, "", http.StatusBadRequest) 203 return 204 } 205 206 if oldPublicChannel.Name == model.DEFAULT_CHANNEL { 207 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.default_channel_error", nil, "", http.StatusBadRequest) 208 return 209 } 210 211 user, err := c.App.GetUser(c.App.Session.UserId) 212 if err != nil { 213 c.Err = err 214 return 215 } 216 217 oldPublicChannel.Type = model.CHANNEL_PRIVATE 218 219 rchannel, err := c.App.UpdateChannelPrivacy(oldPublicChannel, user) 220 if err != nil { 221 c.Err = err 222 return 223 } 224 225 c.LogAudit("name=" + rchannel.Name) 226 w.Write([]byte(rchannel.ToJson())) 227 } 228 229 func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { 230 c.RequireChannelId() 231 if c.Err != nil { 232 return 233 } 234 235 patch := model.ChannelPatchFromJson(r.Body) 236 if patch == nil { 237 c.SetInvalidParam("channel") 238 return 239 } 240 241 originalOldChannel, err := c.App.GetChannel(c.Params.ChannelId) 242 if err != nil { 243 c.Err = err 244 return 245 } 246 oldChannel := originalOldChannel.DeepCopy() 247 248 switch oldChannel.Type { 249 case model.CHANNEL_OPEN: 250 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 251 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 252 return 253 } 254 255 case model.CHANNEL_PRIVATE: 256 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 257 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 258 return 259 } 260 261 // Since the `team_user` role can have PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES out of the box, we must additionally check membership for private channels. 262 if _, memberErr := c.App.GetChannelMember(c.Params.ChannelId, c.App.Session.UserId); memberErr != nil { 263 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 264 return 265 } 266 267 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 268 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 269 if _, err = c.App.GetChannelMember(c.Params.ChannelId, c.App.Session.UserId); err != nil { 270 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 271 return 272 } 273 274 default: 275 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 276 return 277 } 278 279 rchannel, err := c.App.PatchChannel(oldChannel, patch, c.App.Session.UserId) 280 if err != nil { 281 c.Err = err 282 return 283 } 284 285 err = c.App.FillInChannelProps(rchannel) 286 if err != nil { 287 c.Err = err 288 return 289 } 290 291 c.LogAudit("") 292 w.Write([]byte(rchannel.ToJson())) 293 } 294 295 func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { 296 c.RequireChannelId() 297 if c.Err != nil { 298 return 299 } 300 301 channel, err := c.App.GetChannel(c.Params.ChannelId) 302 if err != nil { 303 c.Err = err 304 return 305 } 306 teamId := channel.TeamId 307 308 if !c.App.SessionHasPermissionToTeam(c.App.Session, teamId, model.PERMISSION_MANAGE_TEAM) { 309 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 310 return 311 } 312 313 channel, err = c.App.RestoreChannel(channel) 314 if err != nil { 315 c.Err = err 316 return 317 } 318 319 c.LogAudit("name=" + channel.Name) 320 w.Write([]byte(channel.ToJson())) 321 322 } 323 324 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 325 userIds := model.ArrayFromJson(r.Body) 326 allowed := false 327 328 if len(userIds) != 2 { 329 c.SetInvalidParam("user_ids") 330 return 331 } 332 333 for _, id := range userIds { 334 if len(id) != 26 { 335 c.SetInvalidParam("user_id") 336 return 337 } 338 if id == c.App.Session.UserId { 339 allowed = true 340 } 341 } 342 343 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 344 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 345 return 346 } 347 348 if !allowed && !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 349 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 350 return 351 } 352 353 sc, err := c.App.GetOrCreateDirectChannel(userIds[0], userIds[1]) 354 if err != nil { 355 c.Err = err 356 return 357 } 358 359 w.WriteHeader(http.StatusCreated) 360 w.Write([]byte(sc.ToJson())) 361 } 362 363 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 364 userIds := model.ArrayFromJson(r.Body) 365 366 if len(userIds) == 0 { 367 c.SetInvalidParam("user_ids") 368 return 369 } 370 371 found := false 372 for _, id := range userIds { 373 if len(id) != 26 { 374 c.SetInvalidParam("user_id") 375 return 376 } 377 if id == c.App.Session.UserId { 378 found = true 379 } 380 } 381 382 if !found { 383 userIds = append(userIds, c.App.Session.UserId) 384 } 385 386 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 387 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 388 return 389 } 390 391 groupChannel, err := c.App.CreateGroupChannel(userIds, c.App.Session.UserId) 392 if err != nil { 393 c.Err = err 394 return 395 } 396 397 w.WriteHeader(http.StatusCreated) 398 w.Write([]byte(groupChannel.ToJson())) 399 } 400 401 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 402 c.RequireChannelId() 403 if c.Err != nil { 404 return 405 } 406 407 channel, err := c.App.GetChannel(c.Params.ChannelId) 408 if err != nil { 409 c.Err = err 410 return 411 } 412 413 if channel.Type == model.CHANNEL_OPEN { 414 if !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 415 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 416 return 417 } 418 } else { 419 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 420 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 421 return 422 } 423 } 424 425 err = c.App.FillInChannelProps(channel) 426 if err != nil { 427 c.Err = err 428 return 429 } 430 431 w.Write([]byte(channel.ToJson())) 432 } 433 434 func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { 435 c.RequireChannelId().RequireUserId() 436 if c.Err != nil { 437 return 438 } 439 440 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 441 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 442 return 443 } 444 445 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 446 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 447 return 448 } 449 450 channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId) 451 if err != nil { 452 c.Err = err 453 return 454 } 455 456 w.Write([]byte(channelUnread.ToJson())) 457 } 458 459 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 460 c.RequireChannelId() 461 if c.Err != nil { 462 return 463 } 464 465 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 466 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 467 return 468 } 469 470 memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId) 471 if err != nil { 472 c.Err = err 473 return 474 } 475 476 stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount} 477 w.Write([]byte(stats.ToJson())) 478 } 479 480 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 481 c.RequireChannelId() 482 if c.Err != nil { 483 return 484 } 485 486 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 487 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 488 return 489 } 490 491 posts, err := c.App.GetPinnedPosts(c.Params.ChannelId) 492 if err != nil { 493 c.Err = err 494 return 495 } 496 497 if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) { 498 return 499 } 500 501 clientPostList := c.App.PreparePostListForClient(posts) 502 503 w.Header().Set(model.HEADER_ETAG_SERVER, clientPostList.Etag()) 504 w.Write([]byte(clientPostList.ToJson())) 505 } 506 507 func getAllChannels(c *Context, w http.ResponseWriter, r *http.Request) { 508 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 509 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 510 return 511 } 512 513 channels, err := c.App.GetAllChannels(c.Params.Page, c.Params.PerPage, false) 514 if err != nil { 515 c.Err = err 516 return 517 } 518 519 w.Write([]byte(channels.ToJson())) 520 } 521 522 func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 523 c.RequireTeamId() 524 if c.Err != nil { 525 return 526 } 527 528 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 529 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 530 return 531 } 532 533 channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 534 if err != nil { 535 c.Err = err 536 return 537 } 538 539 err = c.App.FillInChannelsProps(channels) 540 if err != nil { 541 c.Err = err 542 return 543 } 544 545 w.Write([]byte(channels.ToJson())) 546 } 547 548 func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 549 c.RequireTeamId() 550 if c.Err != nil { 551 return 552 } 553 554 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 555 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 556 return 557 } 558 559 channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 560 if err != nil { 561 c.Err = err 562 return 563 } 564 565 err = c.App.FillInChannelsProps(channels) 566 if err != nil { 567 c.Err = err 568 return 569 } 570 571 w.Write([]byte(channels.ToJson())) 572 } 573 574 func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 575 c.RequireTeamId() 576 if c.Err != nil { 577 return 578 } 579 580 channelIds := model.ArrayFromJson(r.Body) 581 if len(channelIds) == 0 { 582 c.SetInvalidParam("channel_ids") 583 return 584 } 585 586 for _, cid := range channelIds { 587 if len(cid) != 26 { 588 c.SetInvalidParam("channel_id") 589 return 590 } 591 } 592 593 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 594 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 595 return 596 } 597 598 channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds) 599 if err != nil { 600 c.Err = err 601 return 602 } 603 604 err = c.App.FillInChannelsProps(channels) 605 if err != nil { 606 c.Err = err 607 return 608 } 609 610 w.Write([]byte(channels.ToJson())) 611 } 612 613 func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 614 c.RequireUserId().RequireTeamId() 615 if c.Err != nil { 616 return 617 } 618 619 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 620 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 621 return 622 } 623 624 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 625 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 626 return 627 } 628 629 channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId, false) 630 if err != nil { 631 c.Err = err 632 return 633 } 634 635 if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 636 return 637 } 638 639 err = c.App.FillInChannelsProps(channels) 640 if err != nil { 641 c.Err = err 642 return 643 } 644 645 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 646 w.Write([]byte(channels.ToJson())) 647 } 648 649 func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 650 c.RequireTeamId() 651 if c.Err != nil { 652 return 653 } 654 655 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 656 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 657 return 658 } 659 660 name := r.URL.Query().Get("name") 661 662 channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name) 663 if err != nil { 664 c.Err = err 665 return 666 } 667 668 // Don't fill in channels props, since unused by client and potentially expensive. 669 670 w.Write([]byte(channels.ToJson())) 671 } 672 673 func autocompleteChannelsForTeamForSearch(c *Context, w http.ResponseWriter, r *http.Request) { 674 c.RequireTeamId() 675 if c.Err != nil { 676 return 677 } 678 679 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 680 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 681 return 682 } 683 684 name := r.URL.Query().Get("name") 685 686 channels, err := c.App.AutocompleteChannelsForSearch(c.Params.TeamId, c.App.Session.UserId, name) 687 if err != nil { 688 c.Err = err 689 return 690 } 691 692 // Don't fill in channels props, since unused by client and potentially expensive. 693 694 w.Write([]byte(channels.ToJson())) 695 } 696 697 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 698 c.RequireTeamId() 699 if c.Err != nil { 700 return 701 } 702 703 props := model.ChannelSearchFromJson(r.Body) 704 if props == nil { 705 c.SetInvalidParam("channel_search") 706 return 707 } 708 709 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 710 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 711 return 712 } 713 714 channels, err := c.App.SearchChannels(c.Params.TeamId, props.Term) 715 if err != nil { 716 c.Err = err 717 return 718 } 719 720 // Don't fill in channels props, since unused by client and potentially expensive. 721 722 w.Write([]byte(channels.ToJson())) 723 } 724 725 func searchAllChannels(c *Context, w http.ResponseWriter, r *http.Request) { 726 props := model.ChannelSearchFromJson(r.Body) 727 if props == nil { 728 c.SetInvalidParam("channel_search") 729 return 730 } 731 732 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 733 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 734 return 735 } 736 737 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 738 739 channels, err := c.App.SearchAllChannels(props.Term, includeDeleted) 740 if err != nil { 741 c.Err = err 742 return 743 } 744 745 // Don't fill in channels props, since unused by client and potentially expensive. 746 747 w.Write([]byte(channels.ToJson())) 748 } 749 750 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 751 c.RequireChannelId() 752 if c.Err != nil { 753 return 754 } 755 756 channel, err := c.App.GetChannel(c.Params.ChannelId) 757 if err != nil { 758 c.Err = err 759 return 760 } 761 762 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 763 c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest) 764 return 765 } 766 767 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 768 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 769 return 770 } 771 772 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 773 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 774 return 775 } 776 777 err = c.App.DeleteChannel(channel, c.App.Session.UserId) 778 if err != nil { 779 c.Err = err 780 return 781 } 782 783 c.LogAudit("name=" + channel.Name) 784 785 ReturnStatusOK(w) 786 } 787 788 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 789 c.RequireTeamId().RequireChannelName() 790 if c.Err != nil { 791 return 792 } 793 794 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 795 796 channel, err := c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId, includeDeleted) 797 if err != nil { 798 c.Err = err 799 return 800 } 801 802 if channel.Type == model.CHANNEL_OPEN { 803 if !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 804 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 805 return 806 } 807 } else { 808 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 809 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 810 return 811 } 812 } 813 814 err = c.App.FillInChannelProps(channel) 815 if err != nil { 816 c.Err = err 817 return 818 } 819 820 w.Write([]byte(channel.ToJson())) 821 } 822 823 func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { 824 c.RequireTeamName().RequireChannelName() 825 if c.Err != nil { 826 return 827 } 828 829 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 830 831 channel, err := c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName, includeDeleted) 832 if err != nil { 833 c.Err = err 834 return 835 } 836 837 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 838 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 839 return 840 } 841 842 err = c.App.FillInChannelProps(channel) 843 if err != nil { 844 c.Err = err 845 return 846 } 847 848 w.Write([]byte(channel.ToJson())) 849 } 850 851 func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 852 c.RequireChannelId() 853 if c.Err != nil { 854 return 855 } 856 857 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 858 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 859 return 860 } 861 862 members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage) 863 if err != nil { 864 c.Err = err 865 return 866 } 867 868 w.Write([]byte(members.ToJson())) 869 } 870 871 func getChannelMembersTimezones(c *Context, w http.ResponseWriter, r *http.Request) { 872 c.RequireChannelId() 873 if c.Err != nil { 874 return 875 } 876 877 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 878 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 879 return 880 } 881 882 membersTimezones, err := c.App.GetChannelMembersTimezones(c.Params.ChannelId) 883 if err != nil { 884 c.Err = err 885 return 886 } 887 888 w.Write([]byte(model.ArrayToJson(membersTimezones))) 889 } 890 891 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 892 c.RequireChannelId() 893 if c.Err != nil { 894 return 895 } 896 897 userIds := model.ArrayFromJson(r.Body) 898 if len(userIds) == 0 { 899 c.SetInvalidParam("user_ids") 900 return 901 } 902 903 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 904 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 905 return 906 } 907 908 members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds) 909 if err != nil { 910 c.Err = err 911 return 912 } 913 914 w.Write([]byte(members.ToJson())) 915 } 916 917 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 918 c.RequireChannelId().RequireUserId() 919 if c.Err != nil { 920 return 921 } 922 923 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 924 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 925 return 926 } 927 928 member, err := c.App.GetChannelMember(c.Params.ChannelId, c.Params.UserId) 929 if err != nil { 930 c.Err = err 931 return 932 } 933 934 w.Write([]byte(member.ToJson())) 935 } 936 937 func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 938 c.RequireUserId().RequireTeamId() 939 if c.Err != nil { 940 return 941 } 942 943 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 944 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 945 return 946 } 947 948 if c.App.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { 949 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 950 return 951 } 952 953 members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId) 954 if err != nil { 955 c.Err = err 956 return 957 } 958 959 w.Write([]byte(members.ToJson())) 960 } 961 962 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 963 c.RequireUserId() 964 if c.Err != nil { 965 return 966 } 967 968 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 969 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 970 return 971 } 972 973 view := model.ChannelViewFromJson(r.Body) 974 if view == nil { 975 c.SetInvalidParam("channel_view") 976 return 977 } 978 979 // Validate view struct 980 // Check IDs are valid or blank. Blank IDs are used to denote focus loss or inital channel view. 981 if view.ChannelId != "" && !model.IsValidId(view.ChannelId) { 982 c.SetInvalidParam("channel_view.channel_id") 983 return 984 } 985 if view.PrevChannelId != "" && !model.IsValidId(view.PrevChannelId) { 986 c.SetInvalidParam("channel_view.prev_channel_id") 987 return 988 } 989 990 times, err := c.App.ViewChannel(view, c.Params.UserId, c.App.Session.Id) 991 if err != nil { 992 c.Err = err 993 return 994 } 995 996 c.App.UpdateLastActivityAtIfNeeded(c.App.Session) 997 998 // Returning {"status": "OK", ...} for backwards compatibility 999 resp := &model.ChannelViewResponse{ 1000 Status: "OK", 1001 LastViewedAtTimes: times, 1002 } 1003 1004 w.Write([]byte(resp.ToJson())) 1005 } 1006 1007 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 1008 c.RequireChannelId().RequireUserId() 1009 if c.Err != nil { 1010 return 1011 } 1012 1013 props := model.MapFromJson(r.Body) 1014 1015 newRoles := props["roles"] 1016 if !(model.IsValidUserRoles(newRoles)) { 1017 c.SetInvalidParam("roles") 1018 return 1019 } 1020 1021 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 1022 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 1023 return 1024 } 1025 1026 if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { 1027 c.Err = err 1028 return 1029 } 1030 1031 ReturnStatusOK(w) 1032 } 1033 1034 func updateChannelMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.Request) { 1035 c.RequireChannelId().RequireUserId() 1036 if c.Err != nil { 1037 return 1038 } 1039 1040 schemeRoles := model.SchemeRolesFromJson(r.Body) 1041 if schemeRoles == nil { 1042 c.SetInvalidParam("scheme_roles") 1043 return 1044 } 1045 1046 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 1047 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 1048 return 1049 } 1050 1051 if _, err := c.App.UpdateChannelMemberSchemeRoles(c.Params.ChannelId, c.Params.UserId, schemeRoles.SchemeUser, schemeRoles.SchemeAdmin); err != nil { 1052 c.Err = err 1053 return 1054 } 1055 1056 ReturnStatusOK(w) 1057 } 1058 1059 func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 1060 c.RequireChannelId().RequireUserId() 1061 if c.Err != nil { 1062 return 1063 } 1064 1065 props := model.MapFromJson(r.Body) 1066 if props == nil { 1067 c.SetInvalidParam("notify_props") 1068 return 1069 } 1070 1071 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 1072 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 1073 return 1074 } 1075 1076 _, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId) 1077 if err != nil { 1078 c.Err = err 1079 return 1080 } 1081 1082 ReturnStatusOK(w) 1083 } 1084 1085 func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 1086 c.RequireChannelId() 1087 if c.Err != nil { 1088 return 1089 } 1090 1091 props := model.StringInterfaceFromJson(r.Body) 1092 userId, ok := props["user_id"].(string) 1093 if !ok || len(userId) != 26 { 1094 c.SetInvalidParam("user_id") 1095 return 1096 } 1097 1098 member := &model.ChannelMember{ 1099 ChannelId: c.Params.ChannelId, 1100 UserId: userId, 1101 } 1102 1103 postRootId, ok := props["post_root_id"].(string) 1104 if ok && len(postRootId) != 0 && len(postRootId) != 26 { 1105 c.SetInvalidParam("post_root_id") 1106 return 1107 } 1108 1109 if ok && len(postRootId) == 26 { 1110 rootPost, err := c.App.GetSinglePost(postRootId) 1111 if err != nil { 1112 c.Err = err 1113 return 1114 } 1115 if rootPost.ChannelId != member.ChannelId { 1116 c.SetInvalidParam("post_root_id") 1117 return 1118 } 1119 } 1120 1121 channel, err := c.App.GetChannel(member.ChannelId) 1122 if err != nil { 1123 c.Err = err 1124 return 1125 } 1126 1127 // Check join permission if adding yourself, otherwise check manage permission 1128 if channel.Type == model.CHANNEL_OPEN { 1129 if member.UserId == c.App.Session.UserId { 1130 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 1131 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 1132 return 1133 } 1134 } else { 1135 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1136 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1137 return 1138 } 1139 } 1140 } 1141 1142 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1143 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1144 return 1145 } 1146 1147 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 1148 c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) 1149 return 1150 } 1151 1152 cm, err := c.App.AddChannelMember(member.UserId, channel, c.App.Session.UserId, postRootId) 1153 if err != nil { 1154 c.Err = err 1155 return 1156 } 1157 1158 c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId) 1159 w.WriteHeader(http.StatusCreated) 1160 w.Write([]byte(cm.ToJson())) 1161 } 1162 1163 func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 1164 c.RequireChannelId().RequireUserId() 1165 if c.Err != nil { 1166 return 1167 } 1168 1169 channel, err := c.App.GetChannel(c.Params.ChannelId) 1170 if err != nil { 1171 c.Err = err 1172 return 1173 } 1174 1175 if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) { 1176 c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest) 1177 return 1178 } 1179 1180 if c.Params.UserId != c.App.Session.UserId { 1181 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1182 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1183 return 1184 } 1185 1186 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1187 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1188 return 1189 } 1190 } 1191 1192 if err = c.App.RemoveUserFromChannel(c.Params.UserId, c.App.Session.UserId, channel); err != nil { 1193 c.Err = err 1194 return 1195 } 1196 1197 c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) 1198 1199 ReturnStatusOK(w) 1200 } 1201 1202 func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) { 1203 c.RequireChannelId() 1204 if c.Err != nil { 1205 return 1206 } 1207 1208 schemeID := model.SchemeIDFromJson(r.Body) 1209 if schemeID == nil || len(*schemeID) != 26 { 1210 c.SetInvalidParam("scheme_id") 1211 return 1212 } 1213 1214 if c.App.License() == nil { 1215 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusNotImplemented) 1216 return 1217 } 1218 1219 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_SYSTEM) { 1220 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 1221 return 1222 } 1223 1224 scheme, err := c.App.GetScheme(*schemeID) 1225 if err != nil { 1226 c.Err = err 1227 return 1228 } 1229 1230 if scheme.Scope != model.SCHEME_SCOPE_CHANNEL { 1231 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.scheme_scope.error", nil, "", http.StatusBadRequest) 1232 return 1233 } 1234 1235 channel, err := c.App.GetChannel(c.Params.ChannelId) 1236 if err != nil { 1237 c.Err = err 1238 return 1239 } 1240 1241 channel.SchemeId = &scheme.Id 1242 1243 _, err = c.App.UpdateChannelScheme(channel) 1244 if err != nil { 1245 c.Err = err 1246 return 1247 } 1248 1249 ReturnStatusOK(w) 1250 }