github.com/turgay/mattermost-server@v5.3.2-0.20181002173352-2945e8a2b0ce+incompatible/api4/role.go (about) 1 // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "strings" 9 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitRole() { 14 api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}", api.ApiSessionRequiredTrustRequester(getRole)).Methods("GET") 15 api.BaseRoutes.Roles.Handle("/name/{role_name:[a-z0-9_]+}", api.ApiSessionRequiredTrustRequester(getRoleByName)).Methods("GET") 16 api.BaseRoutes.Roles.Handle("/names", api.ApiSessionRequiredTrustRequester(getRolesByNames)).Methods("POST") 17 api.BaseRoutes.Roles.Handle("/{role_id:[A-Za-z0-9]+}/patch", api.ApiSessionRequired(patchRole)).Methods("PUT") 18 } 19 20 func getRole(c *Context, w http.ResponseWriter, r *http.Request) { 21 c.RequireRoleId() 22 if c.Err != nil { 23 return 24 } 25 26 role, err := c.App.GetRole(c.Params.RoleId) 27 if err != nil { 28 c.Err = err 29 return 30 } 31 32 w.Write([]byte(role.ToJson())) 33 } 34 35 func getRoleByName(c *Context, w http.ResponseWriter, r *http.Request) { 36 c.RequireRoleName() 37 if c.Err != nil { 38 return 39 } 40 41 role, err := c.App.GetRoleByName(c.Params.RoleName) 42 if err != nil { 43 c.Err = err 44 return 45 } 46 47 w.Write([]byte(role.ToJson())) 48 } 49 50 func getRolesByNames(c *Context, w http.ResponseWriter, r *http.Request) { 51 rolenames := model.ArrayFromJson(r.Body) 52 53 if len(rolenames) == 0 { 54 c.SetInvalidParam("rolenames") 55 return 56 } 57 58 var cleanedRoleNames []string 59 for _, rolename := range rolenames { 60 if strings.TrimSpace(rolename) == "" { 61 continue 62 } 63 64 if !model.IsValidRoleName(rolename) { 65 c.SetInvalidParam("rolename") 66 return 67 } 68 69 cleanedRoleNames = append(cleanedRoleNames, rolename) 70 } 71 72 roles, err := c.App.GetRolesByNames(cleanedRoleNames) 73 if err != nil { 74 c.Err = err 75 return 76 } 77 78 w.Write([]byte(model.RoleListToJson(roles))) 79 } 80 81 func patchRole(c *Context, w http.ResponseWriter, r *http.Request) { 82 c.RequireRoleId() 83 if c.Err != nil { 84 return 85 } 86 87 patch := model.RolePatchFromJson(r.Body) 88 if patch == nil { 89 c.SetInvalidParam("role") 90 return 91 } 92 93 oldRole, err := c.App.GetRole(c.Params.RoleId) 94 if err != nil { 95 c.Err = err 96 return 97 } 98 99 if c.App.License() == nil && patch.Permissions != nil { 100 allowedPermissions := []string{ 101 model.PERMISSION_CREATE_TEAM.Id, 102 model.PERMISSION_MANAGE_WEBHOOKS.Id, 103 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 104 model.PERMISSION_MANAGE_OAUTH.Id, 105 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 106 model.PERMISSION_MANAGE_EMOJIS.Id, 107 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 108 } 109 110 changedPermissions := model.PermissionsChangedByPatch(oldRole, patch) 111 for _, permission := range changedPermissions { 112 allowed := false 113 for _, allowedPermission := range allowedPermissions { 114 if permission == allowedPermission { 115 allowed = true 116 } 117 } 118 119 if !allowed { 120 c.Err = model.NewAppError("Api4.PatchRoles", "api.roles.patch_roles.license.error", nil, "", http.StatusNotImplemented) 121 return 122 } 123 } 124 } 125 126 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 127 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 128 return 129 } 130 131 role, err := c.App.PatchRole(oldRole, patch) 132 if err != nil { 133 c.Err = err 134 return 135 } 136 137 c.LogAudit("") 138 w.Write([]byte(role.ToJson())) 139 }