github.com/turgay/mattermost-server@v5.3.2-0.20181002173352-2945e8a2b0ce+incompatible/api4/compliance.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  	"strconv"
     9  
    10  	"github.com/avct/uasurfer"
    11  	"github.com/mattermost/mattermost-server/model"
    12  )
    13  
    14  func (api *API) InitCompliance() {
    15  	api.BaseRoutes.Compliance.Handle("/reports", api.ApiSessionRequired(createComplianceReport)).Methods("POST")
    16  	api.BaseRoutes.Compliance.Handle("/reports", api.ApiSessionRequired(getComplianceReports)).Methods("GET")
    17  	api.BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getComplianceReport)).Methods("GET")
    18  	api.BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}/download", api.ApiSessionRequiredTrustRequester(downloadComplianceReport)).Methods("GET")
    19  }
    20  
    21  func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
    22  	job := model.ComplianceFromJson(r.Body)
    23  	if job == nil {
    24  		c.SetInvalidParam("compliance")
    25  		return
    26  	}
    27  
    28  	if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
    29  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    30  		return
    31  	}
    32  
    33  	job.UserId = c.Session.UserId
    34  
    35  	rjob, err := c.App.SaveComplianceReport(job)
    36  	if err != nil {
    37  		c.Err = err
    38  		return
    39  	}
    40  
    41  	c.LogAudit("")
    42  	w.WriteHeader(http.StatusCreated)
    43  	w.Write([]byte(rjob.ToJson()))
    44  }
    45  
    46  func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
    47  	if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
    48  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    49  		return
    50  	}
    51  
    52  	crs, err := c.App.GetComplianceReports(c.Params.Page, c.Params.PerPage)
    53  	if err != nil {
    54  		c.Err = err
    55  		return
    56  	}
    57  
    58  	w.Write([]byte(crs.ToJson()))
    59  }
    60  
    61  func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
    62  	c.RequireReportId()
    63  	if c.Err != nil {
    64  		return
    65  	}
    66  
    67  	if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
    68  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    69  		return
    70  	}
    71  
    72  	job, err := c.App.GetComplianceReport(c.Params.ReportId)
    73  	if err != nil {
    74  		c.Err = err
    75  		return
    76  	}
    77  
    78  	w.Write([]byte(job.ToJson()))
    79  }
    80  
    81  func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
    82  	c.RequireReportId()
    83  	if c.Err != nil {
    84  		return
    85  	}
    86  
    87  	if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
    88  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    89  		return
    90  	}
    91  
    92  	job, err := c.App.GetComplianceReport(c.Params.ReportId)
    93  	if err != nil {
    94  		c.Err = err
    95  		return
    96  	}
    97  
    98  	reportBytes, err := c.App.GetComplianceFile(job)
    99  	if err != nil {
   100  		c.Err = err
   101  		return
   102  	}
   103  
   104  	c.LogAudit("downloaded " + job.Desc)
   105  
   106  	w.Header().Set("Cache-Control", "max-age=2592000, public")
   107  	w.Header().Set("Content-Length", strconv.Itoa(len(reportBytes)))
   108  	w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
   109  
   110  	// attach extra headers to trigger a download on IE, Edge, and Safari
   111  	ua := uasurfer.Parse(r.UserAgent())
   112  
   113  	w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"")
   114  
   115  	if ua.Browser.Name == uasurfer.BrowserIE || ua.Browser.Name == uasurfer.BrowserSafari {
   116  		// trim off anything before the final / so we just get the file's name
   117  		w.Header().Set("Content-Type", "application/octet-stream")
   118  	}
   119  
   120  	w.Write(reportBytes)
   121  }