github.com/turgay/mattermost-server@v5.3.2-0.20181002173352-2945e8a2b0ce+incompatible/api4/emoji.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "io" 8 "io/ioutil" 9 "net/http" 10 "strings" 11 12 "github.com/mattermost/mattermost-server/app" 13 "github.com/mattermost/mattermost-server/model" 14 "github.com/mattermost/mattermost-server/web" 15 ) 16 17 const ( 18 EMOJI_MAX_AUTOCOMPLETE_ITEMS = 100 19 ) 20 21 func (api *API) InitEmoji() { 22 api.BaseRoutes.Emojis.Handle("", api.ApiSessionRequired(createEmoji)).Methods("POST") 23 api.BaseRoutes.Emojis.Handle("", api.ApiSessionRequired(getEmojiList)).Methods("GET") 24 api.BaseRoutes.Emojis.Handle("/search", api.ApiSessionRequired(searchEmojis)).Methods("POST") 25 api.BaseRoutes.Emojis.Handle("/autocomplete", api.ApiSessionRequired(autocompleteEmojis)).Methods("GET") 26 api.BaseRoutes.Emoji.Handle("", api.ApiSessionRequired(deleteEmoji)).Methods("DELETE") 27 api.BaseRoutes.Emoji.Handle("", api.ApiSessionRequired(getEmoji)).Methods("GET") 28 api.BaseRoutes.EmojiByName.Handle("", api.ApiSessionRequired(getEmojiByName)).Methods("GET") 29 api.BaseRoutes.Emoji.Handle("/image", api.ApiSessionRequiredTrustRequester(getEmojiImage)).Methods("GET") 30 } 31 32 func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) { 33 defer io.Copy(ioutil.Discard, r.Body) 34 35 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 36 c.Err = model.NewAppError("createEmoji", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 37 return 38 } 39 40 if len(*c.App.Config().FileSettings.DriverName) == 0 { 41 c.Err = model.NewAppError("createEmoji", "api.emoji.storage.app_error", nil, "", http.StatusNotImplemented) 42 return 43 } 44 45 if r.ContentLength > app.MaxEmojiFileSize { 46 c.Err = model.NewAppError("createEmoji", "api.emoji.create.too_large.app_error", nil, "", http.StatusRequestEntityTooLarge) 47 return 48 } 49 50 if err := r.ParseMultipartForm(app.MaxEmojiFileSize); err != nil { 51 c.Err = model.NewAppError("createEmoji", "api.emoji.create.parse.app_error", nil, err.Error(), http.StatusBadRequest) 52 return 53 } 54 55 // Allow any user with MANAGE_EMOJIS permission at Team level to manage emojis at system level 56 memberships, err := c.App.GetTeamMembersForUser(c.Session.UserId) 57 58 if err != nil { 59 c.Err = err 60 return 61 } 62 63 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_EMOJIS) { 64 hasPermission := false 65 for _, membership := range memberships { 66 if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_EMOJIS) { 67 hasPermission = true 68 break 69 } 70 } 71 if !hasPermission { 72 c.SetPermissionError(model.PERMISSION_MANAGE_EMOJIS) 73 return 74 } 75 } 76 77 m := r.MultipartForm 78 props := m.Value 79 80 if len(props["emoji"]) == 0 { 81 c.SetInvalidParam("emoji") 82 return 83 } 84 85 emoji := model.EmojiFromJson(strings.NewReader(props["emoji"][0])) 86 if emoji == nil { 87 c.SetInvalidParam("emoji") 88 return 89 } 90 91 newEmoji, err := c.App.CreateEmoji(c.Session.UserId, emoji, m) 92 if err != nil { 93 c.Err = err 94 return 95 } 96 97 w.Write([]byte(newEmoji.ToJson())) 98 } 99 100 func getEmojiList(c *Context, w http.ResponseWriter, r *http.Request) { 101 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 102 c.Err = model.NewAppError("getEmoji", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 103 return 104 } 105 106 sort := r.URL.Query().Get("sort") 107 if sort != "" && sort != model.EMOJI_SORT_BY_NAME { 108 c.SetInvalidUrlParam("sort") 109 return 110 } 111 112 listEmoji, err := c.App.GetEmojiList(c.Params.Page, c.Params.PerPage, sort) 113 if err != nil { 114 c.Err = err 115 return 116 } 117 118 w.Write([]byte(model.EmojiListToJson(listEmoji))) 119 } 120 121 func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) { 122 c.RequireEmojiId() 123 if c.Err != nil { 124 return 125 } 126 127 emoji, err := c.App.GetEmoji(c.Params.EmojiId) 128 if err != nil { 129 c.Err = err 130 return 131 } 132 133 // Allow any user with MANAGE_EMOJIS permission at Team level to manage emojis at system level 134 memberships, err := c.App.GetTeamMembersForUser(c.Session.UserId) 135 136 if err != nil { 137 c.Err = err 138 return 139 } 140 141 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_EMOJIS) { 142 hasPermission := false 143 for _, membership := range memberships { 144 if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_EMOJIS) { 145 hasPermission = true 146 break 147 } 148 } 149 if !hasPermission { 150 c.SetPermissionError(model.PERMISSION_MANAGE_EMOJIS) 151 return 152 } 153 } 154 155 if c.Session.UserId != emoji.CreatorId { 156 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OTHERS_EMOJIS) { 157 hasPermission := false 158 for _, membership := range memberships { 159 if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_OTHERS_EMOJIS) { 160 hasPermission = true 161 break 162 } 163 } 164 165 if !hasPermission { 166 c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_EMOJIS) 167 return 168 } 169 } 170 } 171 172 err = c.App.DeleteEmoji(emoji) 173 if err != nil { 174 c.Err = err 175 return 176 } 177 178 ReturnStatusOK(w) 179 } 180 181 func getEmoji(c *Context, w http.ResponseWriter, r *http.Request) { 182 c.RequireEmojiId() 183 if c.Err != nil { 184 return 185 } 186 187 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 188 c.Err = model.NewAppError("getEmoji", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 189 return 190 } 191 192 emoji, err := c.App.GetEmoji(c.Params.EmojiId) 193 if err != nil { 194 c.Err = err 195 return 196 } 197 198 w.Write([]byte(emoji.ToJson())) 199 } 200 201 func getEmojiByName(c *Context, w http.ResponseWriter, r *http.Request) { 202 c.RequireEmojiName() 203 if c.Err != nil { 204 return 205 } 206 207 emoji, err := c.App.GetEmojiByName(c.Params.EmojiName) 208 if err != nil { 209 c.Err = err 210 return 211 } 212 213 w.Write([]byte(emoji.ToJson())) 214 } 215 216 func getEmojiImage(c *Context, w http.ResponseWriter, r *http.Request) { 217 c.RequireEmojiId() 218 if c.Err != nil { 219 return 220 } 221 222 if !*c.App.Config().ServiceSettings.EnableCustomEmoji { 223 c.Err = model.NewAppError("getEmojiImage", "api.emoji.disabled.app_error", nil, "", http.StatusNotImplemented) 224 return 225 } 226 227 if len(*c.App.Config().FileSettings.DriverName) == 0 { 228 c.Err = model.NewAppError("getEmojiImage", "api.emoji.storage.app_error", nil, "", http.StatusNotImplemented) 229 return 230 } 231 232 image, imageType, err := c.App.GetEmojiImage(c.Params.EmojiId) 233 if err != nil { 234 c.Err = err 235 return 236 } 237 238 w.Header().Set("Content-Type", "image/"+imageType) 239 w.Header().Set("Cache-Control", "max-age=2592000, public") 240 w.Write(image) 241 } 242 243 func searchEmojis(c *Context, w http.ResponseWriter, r *http.Request) { 244 emojiSearch := model.EmojiSearchFromJson(r.Body) 245 if emojiSearch == nil { 246 c.SetInvalidParam("term") 247 return 248 } 249 250 if emojiSearch.Term == "" { 251 c.SetInvalidParam("term") 252 return 253 } 254 255 emojis, err := c.App.SearchEmoji(emojiSearch.Term, emojiSearch.PrefixOnly, web.PER_PAGE_MAXIMUM) 256 if err != nil { 257 c.Err = err 258 return 259 } 260 261 w.Write([]byte(model.EmojiListToJson(emojis))) 262 } 263 264 func autocompleteEmojis(c *Context, w http.ResponseWriter, r *http.Request) { 265 name := r.URL.Query().Get("name") 266 267 if name == "" { 268 c.SetInvalidUrlParam("name") 269 return 270 } 271 272 emojis, err := c.App.SearchEmoji(name, true, EMOJI_MAX_AUTOCOMPLETE_ITEMS) 273 if err != nil { 274 c.Err = err 275 return 276 } 277 278 w.Write([]byte(model.EmojiListToJson(emojis))) 279 }