github.com/turgay/mattermost-server@v5.3.2-0.20181002173352-2945e8a2b0ce+incompatible/api4/channel.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/mattermost/mattermost-server/mlog" 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitChannel() { 14 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST") 15 api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST") 16 api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST") 17 api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST") 18 api.BaseRoutes.Channels.Handle("/{channel_id:[A-Za-z0-9]+}/scheme", api.ApiSessionRequired(updateChannelScheme)).Methods("PUT") 19 20 api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET") 21 api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET") 22 api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST") 23 api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST") 24 api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET") 25 api.BaseRoutes.ChannelsForTeam.Handle("/search_autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeamForSearch)).Methods("GET") 26 api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET") 27 28 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET") 29 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT") 30 api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT") 31 api.BaseRoutes.Channel.Handle("/convert", api.ApiSessionRequired(convertChannelToPrivate)).Methods("POST") 32 api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST") 33 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE") 34 api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET") 35 api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET") 36 37 api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET") 38 39 api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET") 40 api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") 41 42 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET") 43 api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST") 44 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST") 45 api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET") 46 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET") 47 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE") 48 api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") 49 api.BaseRoutes.ChannelMember.Handle("/schemeRoles", api.ApiSessionRequired(updateChannelMemberSchemeRoles)).Methods("PUT") 50 api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT") 51 } 52 53 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 54 channel := model.ChannelFromJson(r.Body) 55 if channel == nil { 56 c.SetInvalidParam("channel") 57 return 58 } 59 60 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 61 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 62 return 63 } 64 65 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 66 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 67 return 68 } 69 70 sc, err := c.App.CreateChannelWithUser(channel, c.Session.UserId) 71 if err != nil { 72 c.Err = err 73 return 74 } 75 76 c.LogAudit("name=" + channel.Name) 77 w.WriteHeader(http.StatusCreated) 78 w.Write([]byte(sc.ToJson())) 79 } 80 81 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 82 c.RequireChannelId() 83 if c.Err != nil { 84 return 85 } 86 87 channel := model.ChannelFromJson(r.Body) 88 89 if channel == nil { 90 c.SetInvalidParam("channel") 91 return 92 } 93 94 // The channel being updated in the payload must be the same one as indicated in the URL. 95 if channel.Id != c.Params.ChannelId { 96 c.SetInvalidParam("channel_id") 97 return 98 } 99 100 var oldChannel *model.Channel 101 if originalOldChannel, err := c.App.GetChannel(channel.Id); err != nil { 102 c.Err = err 103 return 104 } else { 105 oldChannel = originalOldChannel.DeepCopy() 106 } 107 108 switch oldChannel.Type { 109 case model.CHANNEL_OPEN: 110 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 111 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 112 return 113 } 114 115 case model.CHANNEL_PRIVATE: 116 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 117 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 118 return 119 } 120 121 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 122 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 123 if _, err := c.App.GetChannelMember(channel.Id, c.Session.UserId); err != nil { 124 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 125 return 126 } 127 128 default: 129 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 130 return 131 } 132 133 if oldChannel.DeleteAt > 0 { 134 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 135 return 136 } 137 138 if oldChannel.Name == model.DEFAULT_CHANNEL { 139 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 140 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 141 return 142 } 143 } 144 145 oldChannel.Header = channel.Header 146 oldChannel.Purpose = channel.Purpose 147 148 oldChannelDisplayName := oldChannel.DisplayName 149 150 if len(channel.DisplayName) > 0 { 151 oldChannel.DisplayName = channel.DisplayName 152 } 153 154 if len(channel.Name) > 0 { 155 oldChannel.Name = channel.Name 156 } 157 158 if len(channel.Type) > 0 { 159 oldChannel.Type = channel.Type 160 } 161 162 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 163 c.Err = err 164 return 165 } 166 167 if oldChannelDisplayName != channel.DisplayName { 168 if err := c.App.PostUpdateChannelDisplayNameMessage(c.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 169 mlog.Error(err.Error()) 170 } 171 } 172 173 c.LogAudit("name=" + channel.Name) 174 w.Write([]byte(oldChannel.ToJson())) 175 } 176 177 func convertChannelToPrivate(c *Context, w http.ResponseWriter, r *http.Request) { 178 c.RequireChannelId() 179 if c.Err != nil { 180 return 181 } 182 183 oldPublicChannel, err := c.App.GetChannel(c.Params.ChannelId) 184 if err != nil { 185 c.Err = err 186 return 187 } 188 189 if !c.App.SessionHasPermissionToTeam(c.Session, oldPublicChannel.TeamId, model.PERMISSION_MANAGE_TEAM) { 190 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 191 return 192 } 193 194 if oldPublicChannel.Type == model.CHANNEL_PRIVATE { 195 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.private_channel_error", nil, "", http.StatusBadRequest) 196 return 197 } 198 199 if oldPublicChannel.Name == model.DEFAULT_CHANNEL { 200 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.default_channel_error", nil, "", http.StatusBadRequest) 201 return 202 } 203 204 var user *model.User 205 if user, err = c.App.GetUser(c.Session.UserId); err != nil { 206 c.Err = err 207 return 208 } 209 210 oldPublicChannel.Type = model.CHANNEL_PRIVATE 211 212 rchannel, err := c.App.UpdateChannelPrivacy(oldPublicChannel, user) 213 if err != nil { 214 c.Err = err 215 return 216 } 217 218 c.LogAudit("name=" + rchannel.Name) 219 w.Write([]byte(rchannel.ToJson())) 220 } 221 222 func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { 223 c.RequireChannelId() 224 if c.Err != nil { 225 return 226 } 227 228 patch := model.ChannelPatchFromJson(r.Body) 229 if patch == nil { 230 c.SetInvalidParam("channel") 231 return 232 } 233 234 var oldChannel *model.Channel 235 if originalOldChannel, err := c.App.GetChannel(c.Params.ChannelId); err != nil { 236 c.Err = err 237 return 238 } else { 239 oldChannel = originalOldChannel.DeepCopy() 240 } 241 242 switch oldChannel.Type { 243 case model.CHANNEL_OPEN: 244 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 245 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 246 return 247 } 248 249 case model.CHANNEL_PRIVATE: 250 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 251 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 252 return 253 } 254 255 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 256 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 257 if _, err := c.App.GetChannelMember(c.Params.ChannelId, c.Session.UserId); err != nil { 258 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 259 return 260 } 261 262 default: 263 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 264 return 265 } 266 267 rchannel, err := c.App.PatchChannel(oldChannel, patch, c.Session.UserId) 268 if err != nil { 269 c.Err = err 270 return 271 } 272 273 err = c.App.FillInChannelProps(rchannel) 274 if err != nil { 275 c.Err = err 276 return 277 } 278 279 c.LogAudit("") 280 w.Write([]byte(rchannel.ToJson())) 281 } 282 283 func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { 284 c.RequireChannelId() 285 if c.Err != nil { 286 return 287 } 288 289 var channel *model.Channel 290 var err *model.AppError 291 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 292 c.Err = err 293 return 294 } 295 teamId := channel.TeamId 296 297 if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) { 298 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 299 return 300 } 301 302 channel, err = c.App.RestoreChannel(channel) 303 if err != nil { 304 c.Err = err 305 return 306 } 307 308 c.LogAudit("name=" + channel.Name) 309 w.Write([]byte(channel.ToJson())) 310 311 } 312 313 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 314 userIds := model.ArrayFromJson(r.Body) 315 allowed := false 316 317 if len(userIds) != 2 { 318 c.SetInvalidParam("user_ids") 319 return 320 } 321 322 for _, id := range userIds { 323 if len(id) != 26 { 324 c.SetInvalidParam("user_id") 325 return 326 } 327 if id == c.Session.UserId { 328 allowed = true 329 } 330 } 331 332 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 333 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 334 return 335 } 336 337 if !allowed && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 338 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 339 return 340 } 341 342 sc, err := c.App.CreateDirectChannel(userIds[0], userIds[1]) 343 if err != nil { 344 c.Err = err 345 return 346 } 347 348 w.WriteHeader(http.StatusCreated) 349 w.Write([]byte(sc.ToJson())) 350 } 351 352 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 353 userIds := model.ArrayFromJson(r.Body) 354 355 if len(userIds) == 0 { 356 c.SetInvalidParam("user_ids") 357 return 358 } 359 360 found := false 361 for _, id := range userIds { 362 if len(id) != 26 { 363 c.SetInvalidParam("user_id") 364 return 365 } 366 if id == c.Session.UserId { 367 found = true 368 } 369 } 370 371 if !found { 372 userIds = append(userIds, c.Session.UserId) 373 } 374 375 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 376 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 377 return 378 } 379 380 groupChannel, err := c.App.CreateGroupChannel(userIds, c.Session.UserId) 381 if err != nil { 382 c.Err = err 383 return 384 } 385 386 w.WriteHeader(http.StatusCreated) 387 w.Write([]byte(groupChannel.ToJson())) 388 } 389 390 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 391 c.RequireChannelId() 392 if c.Err != nil { 393 return 394 } 395 396 channel, err := c.App.GetChannel(c.Params.ChannelId) 397 if err != nil { 398 c.Err = err 399 return 400 } 401 402 if channel.Type == model.CHANNEL_OPEN { 403 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 404 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 405 return 406 } 407 } else { 408 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 409 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 410 return 411 } 412 } 413 414 err = c.App.FillInChannelProps(channel) 415 if err != nil { 416 c.Err = err 417 return 418 } 419 420 w.Write([]byte(channel.ToJson())) 421 } 422 423 func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { 424 c.RequireChannelId().RequireUserId() 425 if c.Err != nil { 426 return 427 } 428 429 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 430 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 431 return 432 } 433 434 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 435 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 436 return 437 } 438 439 channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId) 440 if err != nil { 441 c.Err = err 442 return 443 } 444 445 w.Write([]byte(channelUnread.ToJson())) 446 } 447 448 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 449 c.RequireChannelId() 450 if c.Err != nil { 451 return 452 } 453 454 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 455 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 456 return 457 } 458 459 memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId) 460 461 if err != nil { 462 c.Err = err 463 return 464 } 465 466 stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount} 467 w.Write([]byte(stats.ToJson())) 468 } 469 470 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 471 c.RequireChannelId() 472 if c.Err != nil { 473 return 474 } 475 476 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 477 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 478 return 479 } 480 481 posts, err := c.App.GetPinnedPosts(c.Params.ChannelId) 482 if err != nil { 483 c.Err = err 484 return 485 } 486 487 if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) { 488 return 489 } 490 491 w.Header().Set(model.HEADER_ETAG_SERVER, posts.Etag()) 492 w.Write([]byte(c.App.PostListWithProxyAddedToImageURLs(posts).ToJson())) 493 } 494 495 func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 496 c.RequireTeamId() 497 if c.Err != nil { 498 return 499 } 500 501 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 502 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 503 return 504 } 505 506 channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 507 if err != nil { 508 c.Err = err 509 return 510 } 511 512 err = c.App.FillInChannelsProps(channels) 513 if err != nil { 514 c.Err = err 515 return 516 } 517 518 w.Write([]byte(channels.ToJson())) 519 } 520 521 func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 522 c.RequireTeamId() 523 if c.Err != nil { 524 return 525 } 526 527 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 528 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 529 return 530 } 531 532 channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 533 if err != nil { 534 c.Err = err 535 return 536 } 537 538 err = c.App.FillInChannelsProps(channels) 539 if err != nil { 540 c.Err = err 541 return 542 } 543 544 w.Write([]byte(channels.ToJson())) 545 } 546 547 func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 548 c.RequireTeamId() 549 if c.Err != nil { 550 return 551 } 552 553 channelIds := model.ArrayFromJson(r.Body) 554 if len(channelIds) == 0 { 555 c.SetInvalidParam("channel_ids") 556 return 557 } 558 559 for _, cid := range channelIds { 560 if len(cid) != 26 { 561 c.SetInvalidParam("channel_id") 562 return 563 } 564 } 565 566 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 567 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 568 return 569 } 570 571 channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds) 572 if err != nil { 573 c.Err = err 574 return 575 } 576 577 err = c.App.FillInChannelsProps(channels) 578 if err != nil { 579 c.Err = err 580 return 581 } 582 583 w.Write([]byte(channels.ToJson())) 584 } 585 586 func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 587 c.RequireUserId().RequireTeamId() 588 if c.Err != nil { 589 return 590 } 591 592 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 593 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 594 return 595 } 596 597 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 598 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 599 return 600 } 601 602 channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId, false) 603 if err != nil { 604 c.Err = err 605 return 606 } 607 608 if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 609 return 610 } 611 612 err = c.App.FillInChannelsProps(channels) 613 if err != nil { 614 c.Err = err 615 return 616 } 617 618 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 619 w.Write([]byte(channels.ToJson())) 620 } 621 622 func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 623 c.RequireTeamId() 624 if c.Err != nil { 625 return 626 } 627 628 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 629 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 630 return 631 } 632 633 name := r.URL.Query().Get("name") 634 635 channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name) 636 if err != nil { 637 c.Err = err 638 return 639 } 640 641 // Don't fill in channels props, since unused by client and potentially expensive. 642 643 w.Write([]byte(channels.ToJson())) 644 } 645 646 func autocompleteChannelsForTeamForSearch(c *Context, w http.ResponseWriter, r *http.Request) { 647 c.RequireTeamId() 648 if c.Err != nil { 649 return 650 } 651 652 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 653 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 654 return 655 } 656 657 name := r.URL.Query().Get("name") 658 659 channels, err := c.App.AutocompleteChannelsForSearch(c.Params.TeamId, c.Session.UserId, name) 660 if err != nil { 661 c.Err = err 662 return 663 } 664 665 // Don't fill in channels props, since unused by client and potentially expensive. 666 667 w.Write([]byte(channels.ToJson())) 668 } 669 670 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 671 c.RequireTeamId() 672 if c.Err != nil { 673 return 674 } 675 676 props := model.ChannelSearchFromJson(r.Body) 677 if props == nil { 678 c.SetInvalidParam("channel_search") 679 return 680 } 681 682 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 683 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 684 return 685 } 686 687 channels, err := c.App.SearchChannels(c.Params.TeamId, props.Term) 688 if err != nil { 689 c.Err = err 690 return 691 } 692 693 // Don't fill in channels props, since unused by client and potentially expensive. 694 695 w.Write([]byte(channels.ToJson())) 696 } 697 698 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 699 c.RequireChannelId() 700 if c.Err != nil { 701 return 702 } 703 704 var channel *model.Channel 705 var err *model.AppError 706 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 707 c.Err = err 708 return 709 } 710 711 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 712 c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest) 713 return 714 } 715 716 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 717 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 718 return 719 } 720 721 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 722 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 723 return 724 } 725 726 err = c.App.DeleteChannel(channel, c.Session.UserId) 727 if err != nil { 728 c.Err = err 729 return 730 } 731 732 c.LogAudit("name=" + channel.Name) 733 734 ReturnStatusOK(w) 735 } 736 737 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 738 c.RequireTeamId().RequireChannelName() 739 if c.Err != nil { 740 return 741 } 742 743 var channel *model.Channel 744 var err *model.AppError 745 746 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 747 748 if channel, err = c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId, includeDeleted); err != nil { 749 c.Err = err 750 return 751 } 752 753 if channel.Type == model.CHANNEL_OPEN { 754 if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { 755 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 756 return 757 } 758 } else { 759 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 760 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 761 return 762 } 763 } 764 765 err = c.App.FillInChannelProps(channel) 766 if err != nil { 767 c.Err = err 768 return 769 } 770 771 w.Write([]byte(channel.ToJson())) 772 } 773 774 func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { 775 c.RequireTeamName().RequireChannelName() 776 if c.Err != nil { 777 return 778 } 779 780 var channel *model.Channel 781 var err *model.AppError 782 783 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 784 785 if channel, err = c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName, includeDeleted); err != nil { 786 c.Err = err 787 return 788 } 789 790 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 791 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 792 return 793 } 794 795 err = c.App.FillInChannelProps(channel) 796 if err != nil { 797 c.Err = err 798 return 799 } 800 801 w.Write([]byte(channel.ToJson())) 802 } 803 804 func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 805 c.RequireChannelId() 806 if c.Err != nil { 807 return 808 } 809 810 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 811 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 812 return 813 } 814 815 members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage) 816 if err != nil { 817 c.Err = err 818 return 819 } 820 821 w.Write([]byte(members.ToJson())) 822 } 823 824 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 825 c.RequireChannelId() 826 if c.Err != nil { 827 return 828 } 829 830 userIds := model.ArrayFromJson(r.Body) 831 if len(userIds) == 0 { 832 c.SetInvalidParam("user_ids") 833 return 834 } 835 836 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 837 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 838 return 839 } 840 841 members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds) 842 if err != nil { 843 c.Err = err 844 return 845 } 846 847 w.Write([]byte(members.ToJson())) 848 } 849 850 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 851 c.RequireChannelId().RequireUserId() 852 if c.Err != nil { 853 return 854 } 855 856 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 857 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 858 return 859 } 860 861 member, err := c.App.GetChannelMember(c.Params.ChannelId, c.Params.UserId) 862 if err != nil { 863 c.Err = err 864 return 865 } 866 867 w.Write([]byte(member.ToJson())) 868 } 869 870 func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 871 c.RequireUserId().RequireTeamId() 872 if c.Err != nil { 873 return 874 } 875 876 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 877 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 878 return 879 } 880 881 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { 882 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 883 return 884 } 885 886 members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId) 887 if err != nil { 888 c.Err = err 889 return 890 } 891 892 w.Write([]byte(members.ToJson())) 893 } 894 895 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 896 c.RequireUserId() 897 if c.Err != nil { 898 return 899 } 900 901 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 902 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 903 return 904 } 905 906 view := model.ChannelViewFromJson(r.Body) 907 if view == nil { 908 c.SetInvalidParam("channel_view") 909 return 910 } 911 912 times, err := c.App.ViewChannel(view, c.Params.UserId, !c.Session.IsMobileApp()) 913 914 if err != nil { 915 c.Err = err 916 return 917 } 918 919 c.App.UpdateLastActivityAtIfNeeded(c.Session) 920 921 // Returning {"status": "OK", ...} for backwards compatibility 922 resp := &model.ChannelViewResponse{ 923 Status: "OK", 924 LastViewedAtTimes: times, 925 } 926 927 w.Write([]byte(resp.ToJson())) 928 } 929 930 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 931 c.RequireChannelId().RequireUserId() 932 if c.Err != nil { 933 return 934 } 935 936 props := model.MapFromJson(r.Body) 937 938 newRoles := props["roles"] 939 if !(model.IsValidUserRoles(newRoles)) { 940 c.SetInvalidParam("roles") 941 return 942 } 943 944 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 945 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 946 return 947 } 948 949 if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { 950 c.Err = err 951 return 952 } 953 954 ReturnStatusOK(w) 955 } 956 957 func updateChannelMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.Request) { 958 c.RequireChannelId().RequireUserId() 959 if c.Err != nil { 960 return 961 } 962 963 schemeRoles := model.SchemeRolesFromJson(r.Body) 964 if schemeRoles == nil { 965 c.SetInvalidParam("scheme_roles") 966 return 967 } 968 969 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 970 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 971 return 972 } 973 974 if _, err := c.App.UpdateChannelMemberSchemeRoles(c.Params.ChannelId, c.Params.UserId, schemeRoles.SchemeUser, schemeRoles.SchemeAdmin); err != nil { 975 c.Err = err 976 return 977 } 978 979 ReturnStatusOK(w) 980 } 981 982 func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 983 c.RequireChannelId().RequireUserId() 984 if c.Err != nil { 985 return 986 } 987 988 props := model.MapFromJson(r.Body) 989 if props == nil { 990 c.SetInvalidParam("notify_props") 991 return 992 } 993 994 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 995 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 996 return 997 } 998 999 _, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId) 1000 if err != nil { 1001 c.Err = err 1002 return 1003 } 1004 1005 ReturnStatusOK(w) 1006 } 1007 1008 func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 1009 c.RequireChannelId() 1010 if c.Err != nil { 1011 return 1012 } 1013 1014 props := model.StringInterfaceFromJson(r.Body) 1015 userId, ok := props["user_id"].(string) 1016 if !ok || len(userId) != 26 { 1017 c.SetInvalidParam("user_id") 1018 return 1019 } 1020 1021 member := &model.ChannelMember{ 1022 ChannelId: c.Params.ChannelId, 1023 UserId: userId, 1024 } 1025 1026 postRootId, ok := props["post_root_id"].(string) 1027 if ok && len(postRootId) != 0 && len(postRootId) != 26 { 1028 c.SetInvalidParam("post_root_id") 1029 return 1030 } 1031 1032 var err *model.AppError 1033 if ok && len(postRootId) == 26 { 1034 rootPost, err := c.App.GetSinglePost(postRootId) 1035 if err != nil { 1036 c.Err = err 1037 return 1038 } 1039 if rootPost.ChannelId != member.ChannelId { 1040 c.SetInvalidParam("post_root_id") 1041 return 1042 } 1043 } 1044 1045 var channel *model.Channel 1046 if channel, err = c.App.GetChannel(member.ChannelId); err != nil { 1047 c.Err = err 1048 return 1049 } 1050 1051 // Check join permission if adding yourself, otherwise check manage permission 1052 if channel.Type == model.CHANNEL_OPEN { 1053 if member.UserId == c.Session.UserId { 1054 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 1055 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 1056 return 1057 } 1058 } else { 1059 if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1060 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1061 return 1062 } 1063 } 1064 } 1065 1066 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1067 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1068 return 1069 } 1070 1071 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 1072 c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) 1073 return 1074 } 1075 1076 cm, err := c.App.AddChannelMember(member.UserId, channel, c.Session.UserId, postRootId, !c.Session.IsMobileApp()) 1077 if err != nil { 1078 c.Err = err 1079 return 1080 } 1081 1082 c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId) 1083 w.WriteHeader(http.StatusCreated) 1084 w.Write([]byte(cm.ToJson())) 1085 } 1086 1087 func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 1088 c.RequireChannelId().RequireUserId() 1089 if c.Err != nil { 1090 return 1091 } 1092 1093 var channel *model.Channel 1094 var err *model.AppError 1095 if channel, err = c.App.GetChannel(c.Params.ChannelId); err != nil { 1096 c.Err = err 1097 return 1098 } 1099 1100 if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) { 1101 c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest) 1102 return 1103 } 1104 1105 if c.Params.UserId != c.Session.UserId { 1106 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1107 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1108 return 1109 } 1110 1111 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1112 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1113 return 1114 } 1115 } 1116 1117 if err = c.App.RemoveUserFromChannel(c.Params.UserId, c.Session.UserId, channel); err != nil { 1118 c.Err = err 1119 return 1120 } 1121 1122 c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) 1123 1124 ReturnStatusOK(w) 1125 } 1126 1127 func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) { 1128 c.RequireChannelId() 1129 if c.Err != nil { 1130 return 1131 } 1132 1133 schemeID := model.SchemeIDFromJson(r.Body) 1134 if schemeID == nil || len(*schemeID) != 26 { 1135 c.SetInvalidParam("scheme_id") 1136 return 1137 } 1138 1139 if c.App.License() == nil { 1140 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusNotImplemented) 1141 return 1142 } 1143 1144 if !c.App.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_SYSTEM) { 1145 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 1146 return 1147 } 1148 1149 scheme, err := c.App.GetScheme(*schemeID) 1150 if err != nil { 1151 c.Err = err 1152 return 1153 } 1154 1155 if scheme.Scope != model.SCHEME_SCOPE_CHANNEL { 1156 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.scheme_scope.error", nil, "", http.StatusBadRequest) 1157 return 1158 } 1159 1160 channel, err := c.App.GetChannel(c.Params.ChannelId) 1161 if err != nil { 1162 c.Err = err 1163 return 1164 } 1165 1166 channel.SchemeId = &scheme.Id 1167 1168 _, err = c.App.UpdateChannelScheme(channel) 1169 if err != nil { 1170 c.Err = err 1171 return 1172 } 1173 1174 ReturnStatusOK(w) 1175 }