github.com/wgh-/mattermost-server@v4.8.0-rc2+incompatible/api4/team.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "bytes" 8 "encoding/base64" 9 "net/http" 10 "strconv" 11 12 "github.com/mattermost/mattermost-server/model" 13 ) 14 15 const ( 16 MAX_ADD_MEMBERS_BATCH = 20 17 ) 18 19 func (api *API) InitTeam() { 20 api.BaseRoutes.Teams.Handle("", api.ApiSessionRequired(createTeam)).Methods("POST") 21 api.BaseRoutes.Teams.Handle("", api.ApiSessionRequired(getAllTeams)).Methods("GET") 22 api.BaseRoutes.Teams.Handle("/search", api.ApiSessionRequired(searchTeams)).Methods("POST") 23 api.BaseRoutes.TeamsForUser.Handle("", api.ApiSessionRequired(getTeamsForUser)).Methods("GET") 24 api.BaseRoutes.TeamsForUser.Handle("/unread", api.ApiSessionRequired(getTeamsUnreadForUser)).Methods("GET") 25 26 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(getTeam)).Methods("GET") 27 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(updateTeam)).Methods("PUT") 28 api.BaseRoutes.Team.Handle("", api.ApiSessionRequired(deleteTeam)).Methods("DELETE") 29 api.BaseRoutes.Team.Handle("/patch", api.ApiSessionRequired(patchTeam)).Methods("PUT") 30 api.BaseRoutes.Team.Handle("/stats", api.ApiSessionRequired(getTeamStats)).Methods("GET") 31 api.BaseRoutes.TeamMembers.Handle("", api.ApiSessionRequired(getTeamMembers)).Methods("GET") 32 api.BaseRoutes.TeamMembers.Handle("/ids", api.ApiSessionRequired(getTeamMembersByIds)).Methods("POST") 33 api.BaseRoutes.TeamMembersForUser.Handle("", api.ApiSessionRequired(getTeamMembersForUser)).Methods("GET") 34 api.BaseRoutes.TeamMembers.Handle("", api.ApiSessionRequired(addTeamMember)).Methods("POST") 35 api.BaseRoutes.Teams.Handle("/members/invite", api.ApiSessionRequired(addUserToTeamFromInvite)).Methods("POST") 36 api.BaseRoutes.TeamMembers.Handle("/batch", api.ApiSessionRequired(addTeamMembers)).Methods("POST") 37 api.BaseRoutes.TeamMember.Handle("", api.ApiSessionRequired(removeTeamMember)).Methods("DELETE") 38 39 api.BaseRoutes.TeamForUser.Handle("/unread", api.ApiSessionRequired(getTeamUnread)).Methods("GET") 40 41 api.BaseRoutes.TeamByName.Handle("", api.ApiSessionRequired(getTeamByName)).Methods("GET") 42 api.BaseRoutes.TeamMember.Handle("", api.ApiSessionRequired(getTeamMember)).Methods("GET") 43 api.BaseRoutes.TeamByName.Handle("/exists", api.ApiSessionRequired(teamExists)).Methods("GET") 44 api.BaseRoutes.TeamMember.Handle("/roles", api.ApiSessionRequired(updateTeamMemberRoles)).Methods("PUT") 45 46 api.BaseRoutes.Team.Handle("/import", api.ApiSessionRequired(importTeam)).Methods("POST") 47 api.BaseRoutes.Team.Handle("/invite/email", api.ApiSessionRequired(inviteUsersToTeam)).Methods("POST") 48 api.BaseRoutes.Teams.Handle("/invite/{invite_id:[A-Za-z0-9]+}", api.ApiHandler(getInviteInfo)).Methods("GET") 49 } 50 51 func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { 52 team := model.TeamFromJson(r.Body) 53 if team == nil { 54 c.SetInvalidParam("team") 55 return 56 } 57 58 if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) { 59 c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden) 60 return 61 } 62 63 rteam, err := c.App.CreateTeamWithUser(team, c.Session.UserId) 64 if err != nil { 65 c.Err = err 66 return 67 } 68 69 // Don't sanitize the team here since the user will be a team admin and their session won't reflect that yet 70 71 w.WriteHeader(http.StatusCreated) 72 w.Write([]byte(rteam.ToJson())) 73 } 74 75 func getTeam(c *Context, w http.ResponseWriter, r *http.Request) { 76 c.RequireTeamId() 77 if c.Err != nil { 78 return 79 } 80 81 if team, err := c.App.GetTeam(c.Params.TeamId); err != nil { 82 c.Err = err 83 return 84 } else { 85 if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { 86 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 87 return 88 } 89 90 c.App.SanitizeTeam(c.Session, team) 91 92 w.Write([]byte(team.ToJson())) 93 return 94 } 95 } 96 97 func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { 98 c.RequireTeamName() 99 if c.Err != nil { 100 return 101 } 102 103 if team, err := c.App.GetTeamByName(c.Params.TeamName); err != nil { 104 c.Err = err 105 return 106 } else { 107 if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { 108 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 109 return 110 } 111 112 c.App.SanitizeTeam(c.Session, team) 113 114 w.Write([]byte(team.ToJson())) 115 return 116 } 117 } 118 119 func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) { 120 c.RequireTeamId() 121 if c.Err != nil { 122 return 123 } 124 125 team := model.TeamFromJson(r.Body) 126 127 if team == nil { 128 c.SetInvalidParam("team") 129 return 130 } 131 132 team.Id = c.Params.TeamId 133 134 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 135 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 136 return 137 } 138 139 updatedTeam, err := c.App.UpdateTeam(team) 140 141 if err != nil { 142 c.Err = err 143 return 144 } 145 146 c.App.SanitizeTeam(c.Session, updatedTeam) 147 148 w.Write([]byte(updatedTeam.ToJson())) 149 } 150 151 func patchTeam(c *Context, w http.ResponseWriter, r *http.Request) { 152 c.RequireTeamId() 153 if c.Err != nil { 154 return 155 } 156 157 team := model.TeamPatchFromJson(r.Body) 158 159 if team == nil { 160 c.SetInvalidParam("team") 161 return 162 } 163 164 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 165 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 166 return 167 } 168 169 patchedTeam, err := c.App.PatchTeam(c.Params.TeamId, team) 170 171 if err != nil { 172 c.Err = err 173 return 174 } 175 176 c.App.SanitizeTeam(c.Session, patchedTeam) 177 178 c.LogAudit("") 179 w.Write([]byte(patchedTeam.ToJson())) 180 } 181 182 func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) { 183 c.RequireTeamId() 184 if c.Err != nil { 185 return 186 } 187 188 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 189 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 190 return 191 } 192 193 var err *model.AppError 194 if c.Params.Permanent { 195 err = c.App.PermanentDeleteTeamId(c.Params.TeamId) 196 } else { 197 err = c.App.SoftDeleteTeam(c.Params.TeamId) 198 } 199 200 if err != nil { 201 c.Err = err 202 return 203 } 204 205 ReturnStatusOK(w) 206 } 207 208 func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) { 209 c.RequireUserId() 210 if c.Err != nil { 211 return 212 } 213 214 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 215 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 216 return 217 } 218 219 if teams, err := c.App.GetTeamsForUser(c.Params.UserId); err != nil { 220 c.Err = err 221 return 222 } else { 223 c.App.SanitizeTeams(c.Session, teams) 224 225 w.Write([]byte(model.TeamListToJson(teams))) 226 } 227 } 228 229 func getTeamsUnreadForUser(c *Context, w http.ResponseWriter, r *http.Request) { 230 c.RequireUserId() 231 if c.Err != nil { 232 return 233 } 234 235 if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 236 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 237 return 238 } 239 240 // optional team id to be excluded from the result 241 teamId := r.URL.Query().Get("exclude_team") 242 243 unreadTeamsList, err := c.App.GetTeamsUnreadForUser(teamId, c.Params.UserId) 244 if err != nil { 245 c.Err = err 246 return 247 } 248 249 w.Write([]byte(model.TeamsUnreadToJson(unreadTeamsList))) 250 } 251 252 func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 253 c.RequireTeamId().RequireUserId() 254 if c.Err != nil { 255 return 256 } 257 258 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 259 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 260 return 261 } 262 263 if team, err := c.App.GetTeamMember(c.Params.TeamId, c.Params.UserId); err != nil { 264 c.Err = err 265 return 266 } else { 267 w.Write([]byte(team.ToJson())) 268 return 269 } 270 } 271 272 func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { 273 c.RequireTeamId() 274 if c.Err != nil { 275 return 276 } 277 278 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 279 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 280 return 281 } 282 283 if members, err := c.App.GetTeamMembers(c.Params.TeamId, c.Params.Page, c.Params.PerPage); err != nil { 284 c.Err = err 285 return 286 } else { 287 w.Write([]byte(model.TeamMembersToJson(members))) 288 return 289 } 290 } 291 292 func getTeamMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 293 c.RequireUserId() 294 if c.Err != nil { 295 return 296 } 297 298 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 299 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 300 return 301 } 302 303 members, err := c.App.GetTeamMembersForUser(c.Params.UserId) 304 if err != nil { 305 c.Err = err 306 return 307 } 308 309 w.Write([]byte(model.TeamMembersToJson(members))) 310 } 311 312 func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 313 c.RequireTeamId() 314 if c.Err != nil { 315 return 316 } 317 318 userIds := model.ArrayFromJson(r.Body) 319 320 if len(userIds) == 0 { 321 c.SetInvalidParam("user_ids") 322 return 323 } 324 325 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 326 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 327 return 328 } 329 330 members, err := c.App.GetTeamMembersByIds(c.Params.TeamId, userIds) 331 if err != nil { 332 c.Err = err 333 return 334 } 335 336 w.Write([]byte(model.TeamMembersToJson(members))) 337 } 338 339 func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 340 c.RequireTeamId() 341 if c.Err != nil { 342 return 343 } 344 345 var err *model.AppError 346 member := model.TeamMemberFromJson(r.Body) 347 if member.TeamId != c.Params.TeamId { 348 c.SetInvalidParam("team_id") 349 return 350 } 351 352 if len(member.UserId) != 26 { 353 c.SetInvalidParam("user_id") 354 return 355 } 356 357 if !c.App.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 358 c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) 359 return 360 } 361 362 member, err = c.App.AddTeamMember(member.TeamId, member.UserId) 363 364 if err != nil { 365 c.Err = err 366 return 367 } 368 369 w.WriteHeader(http.StatusCreated) 370 w.Write([]byte(member.ToJson())) 371 } 372 373 func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) { 374 hash := r.URL.Query().Get("hash") 375 data := r.URL.Query().Get("data") 376 inviteId := r.URL.Query().Get("invite_id") 377 378 var member *model.TeamMember 379 var err *model.AppError 380 381 if len(hash) > 0 && len(data) > 0 { 382 member, err = c.App.AddTeamMemberByHash(c.Session.UserId, hash, data) 383 } else if len(inviteId) > 0 { 384 member, err = c.App.AddTeamMemberByInviteId(inviteId, c.Session.UserId) 385 } else { 386 err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.missing_parameter.app_error", nil, "", http.StatusBadRequest) 387 } 388 389 if err != nil { 390 c.Err = err 391 return 392 } 393 394 w.WriteHeader(http.StatusCreated) 395 w.Write([]byte(member.ToJson())) 396 } 397 398 func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { 399 c.RequireTeamId() 400 if c.Err != nil { 401 return 402 } 403 404 var err *model.AppError 405 members := model.TeamMembersFromJson(r.Body) 406 407 if len(members) > MAX_ADD_MEMBERS_BATCH || len(members) == 0 { 408 c.SetInvalidParam("too many members in batch") 409 return 410 } 411 412 var userIds []string 413 for _, member := range members { 414 if member.TeamId != c.Params.TeamId { 415 c.SetInvalidParam("team_id for member with user_id=" + member.UserId) 416 return 417 } 418 419 if len(member.UserId) != 26 { 420 c.SetInvalidParam("user_id") 421 return 422 } 423 424 userIds = append(userIds, member.UserId) 425 } 426 427 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 428 c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) 429 return 430 } 431 432 members, err = c.App.AddTeamMembers(c.Params.TeamId, userIds, c.Session.UserId) 433 434 if err != nil { 435 c.Err = err 436 return 437 } 438 439 w.WriteHeader(http.StatusCreated) 440 w.Write([]byte(model.TeamMembersToJson(members))) 441 } 442 443 func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { 444 c.RequireTeamId().RequireUserId() 445 if c.Err != nil { 446 return 447 } 448 449 if c.Session.UserId != c.Params.UserId { 450 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) { 451 c.SetPermissionError(model.PERMISSION_REMOVE_USER_FROM_TEAM) 452 return 453 } 454 } 455 456 if err := c.App.RemoveUserFromTeam(c.Params.TeamId, c.Params.UserId, c.Session.UserId); err != nil { 457 c.Err = err 458 return 459 } 460 461 ReturnStatusOK(w) 462 } 463 464 func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) { 465 c.RequireTeamId().RequireUserId() 466 if c.Err != nil { 467 return 468 } 469 470 if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { 471 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 472 return 473 } 474 475 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 476 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 477 return 478 } 479 480 unreadTeam, err := c.App.GetTeamUnread(c.Params.TeamId, c.Params.UserId) 481 if err != nil { 482 c.Err = err 483 return 484 } 485 486 w.Write([]byte(unreadTeam.ToJson())) 487 } 488 489 func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) { 490 c.RequireTeamId() 491 if c.Err != nil { 492 return 493 } 494 495 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 496 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 497 return 498 } 499 500 if stats, err := c.App.GetTeamStats(c.Params.TeamId); err != nil { 501 c.Err = err 502 return 503 } else { 504 w.Write([]byte(stats.ToJson())) 505 return 506 } 507 } 508 509 func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 510 c.RequireTeamId().RequireUserId() 511 if c.Err != nil { 512 return 513 } 514 515 props := model.MapFromJson(r.Body) 516 517 newRoles := props["roles"] 518 if !model.IsValidUserRoles(newRoles) { 519 c.SetInvalidParam("team_member_roles") 520 return 521 } 522 523 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) { 524 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES) 525 return 526 } 527 528 if _, err := c.App.UpdateTeamMemberRoles(c.Params.TeamId, c.Params.UserId, newRoles); err != nil { 529 c.Err = err 530 return 531 } 532 533 ReturnStatusOK(w) 534 } 535 536 func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) { 537 var teams []*model.Team 538 var err *model.AppError 539 540 if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 541 teams, err = c.App.GetAllTeamsPage(c.Params.Page, c.Params.PerPage) 542 } else { 543 teams, err = c.App.GetAllOpenTeamsPage(c.Params.Page, c.Params.PerPage) 544 } 545 546 if err != nil { 547 c.Err = err 548 return 549 } 550 551 c.App.SanitizeTeams(c.Session, teams) 552 553 w.Write([]byte(model.TeamListToJson(teams))) 554 } 555 556 func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) { 557 props := model.TeamSearchFromJson(r.Body) 558 if props == nil { 559 c.SetInvalidParam("team_search") 560 return 561 } 562 563 if len(props.Term) == 0 { 564 c.SetInvalidParam("term") 565 return 566 } 567 568 var teams []*model.Team 569 var err *model.AppError 570 571 if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { 572 teams, err = c.App.SearchAllTeams(props.Term) 573 } else { 574 teams, err = c.App.SearchOpenTeams(props.Term) 575 } 576 577 if err != nil { 578 c.Err = err 579 return 580 } 581 582 c.App.SanitizeTeams(c.Session, teams) 583 584 w.Write([]byte(model.TeamListToJson(teams))) 585 } 586 587 func teamExists(c *Context, w http.ResponseWriter, r *http.Request) { 588 c.RequireTeamName() 589 if c.Err != nil { 590 return 591 } 592 593 resp := make(map[string]bool) 594 595 if _, err := c.App.GetTeamByName(c.Params.TeamName); err != nil { 596 resp["exists"] = false 597 } else { 598 resp["exists"] = true 599 } 600 601 w.Write([]byte(model.MapBoolToJson(resp))) 602 } 603 604 func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { 605 c.RequireTeamId() 606 if c.Err != nil { 607 return 608 } 609 610 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_IMPORT_TEAM) { 611 c.SetPermissionError(model.PERMISSION_IMPORT_TEAM) 612 return 613 } 614 615 if err := r.ParseMultipartForm(10000000); err != nil { 616 c.Err = model.NewAppError("importTeam", "api.team.import_team.parse.app_error", nil, err.Error(), http.StatusInternalServerError) 617 return 618 } 619 620 importFromArray, ok := r.MultipartForm.Value["importFrom"] 621 if !ok || len(importFromArray) < 1 { 622 c.Err = model.NewAppError("importTeam", "api.team.import_team.no_import_from.app_error", nil, "", http.StatusBadRequest) 623 return 624 } 625 importFrom := importFromArray[0] 626 627 fileSizeStr, ok := r.MultipartForm.Value["filesize"] 628 if !ok || len(fileSizeStr) < 1 { 629 c.Err = model.NewAppError("importTeam", "api.team.import_team.unavailable.app_error", nil, "", http.StatusBadRequest) 630 return 631 } 632 633 fileSize, err := strconv.ParseInt(fileSizeStr[0], 10, 64) 634 if err != nil { 635 c.Err = model.NewAppError("importTeam", "api.team.import_team.integer.app_error", nil, "", http.StatusBadRequest) 636 return 637 } 638 639 fileInfoArray, ok := r.MultipartForm.File["file"] 640 if !ok { 641 c.Err = model.NewAppError("importTeam", "api.team.import_team.no_file.app_error", nil, "", http.StatusBadRequest) 642 return 643 } 644 645 if len(fileInfoArray) <= 0 { 646 c.Err = model.NewAppError("importTeam", "api.team.import_team.array.app_error", nil, "", http.StatusBadRequest) 647 return 648 } 649 650 fileInfo := fileInfoArray[0] 651 652 fileData, err := fileInfo.Open() 653 if err != nil { 654 c.Err = model.NewAppError("importTeam", "api.team.import_team.open.app_error", nil, err.Error(), http.StatusBadRequest) 655 return 656 } 657 defer fileData.Close() 658 659 var log *bytes.Buffer 660 switch importFrom { 661 case "slack": 662 var err *model.AppError 663 if err, log = c.App.SlackImport(fileData, fileSize, c.Params.TeamId); err != nil { 664 c.Err = err 665 c.Err.StatusCode = http.StatusBadRequest 666 } 667 } 668 669 data := map[string]string{} 670 data["results"] = base64.StdEncoding.EncodeToString([]byte(log.Bytes())) 671 if c.Err != nil { 672 w.WriteHeader(c.Err.StatusCode) 673 } 674 w.Write([]byte(model.MapToJson(data))) 675 } 676 677 func inviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) { 678 c.RequireTeamId() 679 if c.Err != nil { 680 return 681 } 682 683 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_INVITE_USER) { 684 c.SetPermissionError(model.PERMISSION_INVITE_USER) 685 return 686 } 687 688 if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { 689 c.SetPermissionError(model.PERMISSION_INVITE_USER) 690 return 691 } 692 693 emailList := model.ArrayFromJson(r.Body) 694 695 if len(emailList) == 0 { 696 c.SetInvalidParam("user_email") 697 return 698 } 699 700 err := c.App.InviteNewUsersToTeam(emailList, c.Params.TeamId, c.Session.UserId) 701 if err != nil { 702 c.Err = err 703 return 704 } 705 706 ReturnStatusOK(w) 707 } 708 709 func getInviteInfo(c *Context, w http.ResponseWriter, r *http.Request) { 710 c.RequireInviteId() 711 if c.Err != nil { 712 return 713 } 714 715 if team, err := c.App.GetTeamByInviteId(c.Params.InviteId); err != nil { 716 c.Err = err 717 return 718 } else { 719 if !(team.Type == model.TEAM_OPEN) { 720 c.Err = model.NewAppError("getInviteInfo", "api.team.get_invite_info.not_open_team", nil, "id="+c.Params.InviteId, http.StatusForbidden) 721 return 722 } 723 724 result := map[string]string{} 725 result["display_name"] = team.DisplayName 726 result["description"] = team.Description 727 result["name"] = team.Name 728 result["id"] = team.Id 729 w.Write([]byte(model.MapToJson(result))) 730 } 731 }