github.com/spline-fu/mattermost-server@v4.10.10+incompatible/api4/preference.go (about) 1 // // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/model" 10 ) 11 12 func (api *API) InitPreference() { 13 api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(getPreferences)).Methods("GET") 14 api.BaseRoutes.Preferences.Handle("", api.ApiSessionRequired(updatePreferences)).Methods("PUT") 15 api.BaseRoutes.Preferences.Handle("/delete", api.ApiSessionRequired(deletePreferences)).Methods("POST") 16 api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferencesByCategory)).Methods("GET") 17 api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/name/{preference_name:[A-Za-z0-9_]+}", api.ApiSessionRequired(getPreferenceByCategoryAndName)).Methods("GET") 18 } 19 20 func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) { 21 c.RequireUserId() 22 if c.Err != nil { 23 return 24 } 25 26 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 27 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 28 return 29 } 30 31 if preferences, err := c.App.GetPreferencesForUser(c.Params.UserId); err != nil { 32 c.Err = err 33 return 34 } else { 35 w.Write([]byte(preferences.ToJson())) 36 return 37 } 38 } 39 40 func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request) { 41 c.RequireUserId().RequireCategory() 42 if c.Err != nil { 43 return 44 } 45 46 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 47 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 48 return 49 } 50 51 if preferences, err := c.App.GetPreferenceByCategoryForUser(c.Params.UserId, c.Params.Category); err != nil { 52 c.Err = err 53 return 54 } else { 55 w.Write([]byte(preferences.ToJson())) 56 return 57 } 58 } 59 60 func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.Request) { 61 c.RequireUserId().RequireCategory().RequirePreferenceName() 62 if c.Err != nil { 63 return 64 } 65 66 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 67 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 68 return 69 } 70 71 if preferences, err := c.App.GetPreferenceByCategoryAndNameForUser(c.Params.UserId, c.Params.Category, c.Params.PreferenceName); err != nil { 72 c.Err = err 73 return 74 } else { 75 w.Write([]byte(preferences.ToJson())) 76 return 77 } 78 } 79 80 func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) { 81 c.RequireUserId() 82 if c.Err != nil { 83 return 84 } 85 86 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 87 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 88 return 89 } 90 91 preferences, err := model.PreferencesFromJson(r.Body) 92 if err != nil { 93 c.SetInvalidParam("preferences") 94 return 95 } 96 97 var sanitizedPreferences model.Preferences 98 99 for _, pref := range preferences { 100 if pref.Category == model.PREFERENCE_CATEGORY_FLAGGED_POST { 101 post, err := c.App.GetSinglePost(pref.Name) 102 if err != nil { 103 c.SetInvalidParam("preference.name") 104 return 105 } 106 107 if !c.App.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_READ_CHANNEL) { 108 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 109 return 110 } 111 } 112 113 sanitizedPreferences = append(sanitizedPreferences, pref) 114 } 115 116 if err := c.App.UpdatePreferences(c.Params.UserId, sanitizedPreferences); err != nil { 117 c.Err = err 118 return 119 } 120 121 ReturnStatusOK(w) 122 } 123 124 func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) { 125 c.RequireUserId() 126 if c.Err != nil { 127 return 128 } 129 130 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 131 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 132 return 133 } 134 135 preferences, err := model.PreferencesFromJson(r.Body) 136 if err != nil { 137 c.SetInvalidParam("preferences") 138 return 139 } 140 141 if err := c.App.DeletePreferences(c.Params.UserId, preferences); err != nil { 142 c.Err = err 143 return 144 } 145 146 ReturnStatusOK(w) 147 }