github.com/xzl8028/xenia-server@v0.0.0-20190809101854-18450a97da63/api4/channel.go (about) 1 // Copyright (c) 2017-present Xenia, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "encoding/json" 8 "net/http" 9 "strings" 10 11 "github.com/xzl8028/xenia-server/mlog" 12 "github.com/xzl8028/xenia-server/model" 13 "github.com/xzl8028/xenia-server/store" 14 ) 15 16 func (api *API) InitChannel() { 17 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(getAllChannels)).Methods("GET") 18 api.BaseRoutes.Channels.Handle("", api.ApiSessionRequired(createChannel)).Methods("POST") 19 api.BaseRoutes.Channels.Handle("/direct", api.ApiSessionRequired(createDirectChannel)).Methods("POST") 20 api.BaseRoutes.Channels.Handle("/search", api.ApiSessionRequired(searchAllChannels)).Methods("POST") 21 api.BaseRoutes.Channels.Handle("/group/search", api.ApiSessionRequired(searchGroupChannels)).Methods("POST") 22 api.BaseRoutes.Channels.Handle("/group", api.ApiSessionRequired(createGroupChannel)).Methods("POST") 23 api.BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", api.ApiSessionRequired(viewChannel)).Methods("POST") 24 api.BaseRoutes.Channels.Handle("/{channel_id:[A-Za-z0-9]+}/scheme", api.ApiSessionRequired(updateChannelScheme)).Methods("PUT") 25 26 api.BaseRoutes.ChannelsForTeam.Handle("", api.ApiSessionRequired(getPublicChannelsForTeam)).Methods("GET") 27 api.BaseRoutes.ChannelsForTeam.Handle("/deleted", api.ApiSessionRequired(getDeletedChannelsForTeam)).Methods("GET") 28 api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST") 29 api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST") 30 api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET") 31 api.BaseRoutes.ChannelsForTeam.Handle("/search_autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeamForSearch)).Methods("GET") 32 api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET") 33 34 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET") 35 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(updateChannel)).Methods("PUT") 36 api.BaseRoutes.Channel.Handle("/patch", api.ApiSessionRequired(patchChannel)).Methods("PUT") 37 api.BaseRoutes.Channel.Handle("/convert", api.ApiSessionRequired(convertChannelToPrivate)).Methods("POST") 38 api.BaseRoutes.Channel.Handle("/restore", api.ApiSessionRequired(restoreChannel)).Methods("POST") 39 api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(deleteChannel)).Methods("DELETE") 40 api.BaseRoutes.Channel.Handle("/stats", api.ApiSessionRequired(getChannelStats)).Methods("GET") 41 api.BaseRoutes.Channel.Handle("/pinned", api.ApiSessionRequired(getPinnedPosts)).Methods("GET") 42 api.BaseRoutes.Channel.Handle("/timezones", api.ApiSessionRequired(getChannelMembersTimezones)).Methods("GET") 43 api.BaseRoutes.Channel.Handle("/members_minus_group_members", api.ApiSessionRequired(channelMembersMinusGroupMembers)).Methods("GET") 44 api.BaseRoutes.ChannelForUser.Handle("/unread", api.ApiSessionRequired(getChannelUnread)).Methods("GET") 45 46 api.BaseRoutes.ChannelByName.Handle("", api.ApiSessionRequired(getChannelByName)).Methods("GET") 47 api.BaseRoutes.ChannelByNameForTeamName.Handle("", api.ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") 48 49 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(getChannelMembers)).Methods("GET") 50 api.BaseRoutes.ChannelMembers.Handle("/ids", api.ApiSessionRequired(getChannelMembersByIds)).Methods("POST") 51 api.BaseRoutes.ChannelMembers.Handle("", api.ApiSessionRequired(addChannelMember)).Methods("POST") 52 api.BaseRoutes.ChannelMembersForUser.Handle("", api.ApiSessionRequired(getChannelMembersForUser)).Methods("GET") 53 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(getChannelMember)).Methods("GET") 54 api.BaseRoutes.ChannelMember.Handle("", api.ApiSessionRequired(removeChannelMember)).Methods("DELETE") 55 api.BaseRoutes.ChannelMember.Handle("/roles", api.ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") 56 api.BaseRoutes.ChannelMember.Handle("/schemeRoles", api.ApiSessionRequired(updateChannelMemberSchemeRoles)).Methods("PUT") 57 api.BaseRoutes.ChannelMember.Handle("/notify_props", api.ApiSessionRequired(updateChannelMemberNotifyProps)).Methods("PUT") 58 } 59 60 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { 61 channel := model.ChannelFromJson(r.Body) 62 if channel == nil { 63 c.SetInvalidParam("channel") 64 return 65 } 66 67 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { 68 c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) 69 return 70 } 71 72 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { 73 c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) 74 return 75 } 76 77 sc, err := c.App.CreateChannelWithUser(channel, c.App.Session.UserId) 78 if err != nil { 79 c.Err = err 80 return 81 } 82 83 c.LogAudit("name=" + channel.Name) 84 w.WriteHeader(http.StatusCreated) 85 w.Write([]byte(sc.ToJson())) 86 } 87 88 func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { 89 c.RequireChannelId() 90 if c.Err != nil { 91 return 92 } 93 94 channel := model.ChannelFromJson(r.Body) 95 96 if channel == nil { 97 c.SetInvalidParam("channel") 98 return 99 } 100 101 // The channel being updated in the payload must be the same one as indicated in the URL. 102 if channel.Id != c.Params.ChannelId { 103 c.SetInvalidParam("channel_id") 104 return 105 } 106 107 originalOldChannel, err := c.App.GetChannel(channel.Id) 108 if err != nil { 109 c.Err = err 110 return 111 } 112 oldChannel := originalOldChannel.DeepCopy() 113 114 switch oldChannel.Type { 115 case model.CHANNEL_OPEN: 116 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 117 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 118 return 119 } 120 121 case model.CHANNEL_PRIVATE: 122 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 123 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 124 return 125 } 126 127 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 128 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 129 if _, err := c.App.GetChannelMember(channel.Id, c.App.Session.UserId); err != nil { 130 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 131 return 132 } 133 134 default: 135 c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 136 return 137 } 138 139 if oldChannel.DeleteAt > 0 { 140 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.deleted.app_error", nil, "", http.StatusBadRequest) 141 return 142 } 143 144 if oldChannel.Name == model.DEFAULT_CHANNEL { 145 if (len(channel.Name) > 0 && channel.Name != oldChannel.Name) || (len(channel.Type) > 0 && channel.Type != oldChannel.Type) { 146 c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.tried.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "", http.StatusBadRequest) 147 return 148 } 149 } 150 151 oldChannel.Header = channel.Header 152 oldChannel.Purpose = channel.Purpose 153 154 oldChannelDisplayName := oldChannel.DisplayName 155 156 if len(channel.DisplayName) > 0 { 157 oldChannel.DisplayName = channel.DisplayName 158 } 159 160 if len(channel.Name) > 0 { 161 oldChannel.Name = channel.Name 162 } 163 164 if len(channel.Type) > 0 { 165 oldChannel.Type = channel.Type 166 } 167 168 if channel.GroupConstrained != nil { 169 oldChannel.GroupConstrained = channel.GroupConstrained 170 } 171 172 if _, err := c.App.UpdateChannel(oldChannel); err != nil { 173 c.Err = err 174 return 175 } 176 177 if oldChannelDisplayName != channel.DisplayName { 178 if err := c.App.PostUpdateChannelDisplayNameMessage(c.App.Session.UserId, channel, oldChannelDisplayName, channel.DisplayName); err != nil { 179 mlog.Error(err.Error()) 180 } 181 } 182 183 c.LogAudit("name=" + channel.Name) 184 w.Write([]byte(oldChannel.ToJson())) 185 } 186 187 func convertChannelToPrivate(c *Context, w http.ResponseWriter, r *http.Request) { 188 c.RequireChannelId() 189 if c.Err != nil { 190 return 191 } 192 193 oldPublicChannel, err := c.App.GetChannel(c.Params.ChannelId) 194 if err != nil { 195 c.Err = err 196 return 197 } 198 199 if !c.App.SessionHasPermissionToTeam(c.App.Session, oldPublicChannel.TeamId, model.PERMISSION_MANAGE_TEAM) { 200 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 201 return 202 } 203 204 if oldPublicChannel.Type == model.CHANNEL_PRIVATE { 205 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.private_channel_error", nil, "", http.StatusBadRequest) 206 return 207 } 208 209 if oldPublicChannel.Name == model.DEFAULT_CHANNEL { 210 c.Err = model.NewAppError("convertChannelToPrivate", "api.channel.convert_channel_to_private.default_channel_error", nil, "", http.StatusBadRequest) 211 return 212 } 213 214 user, err := c.App.GetUser(c.App.Session.UserId) 215 if err != nil { 216 c.Err = err 217 return 218 } 219 220 oldPublicChannel.Type = model.CHANNEL_PRIVATE 221 222 rchannel, err := c.App.UpdateChannelPrivacy(oldPublicChannel, user) 223 if err != nil { 224 c.Err = err 225 return 226 } 227 228 c.LogAudit("name=" + rchannel.Name) 229 w.Write([]byte(rchannel.ToJson())) 230 } 231 232 func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { 233 c.RequireChannelId() 234 if c.Err != nil { 235 return 236 } 237 238 patch := model.ChannelPatchFromJson(r.Body) 239 if patch == nil { 240 c.SetInvalidParam("channel") 241 return 242 } 243 244 originalOldChannel, err := c.App.GetChannel(c.Params.ChannelId) 245 if err != nil { 246 c.Err = err 247 return 248 } 249 oldChannel := originalOldChannel.DeepCopy() 250 251 switch oldChannel.Type { 252 case model.CHANNEL_OPEN: 253 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { 254 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) 255 return 256 } 257 258 case model.CHANNEL_PRIVATE: 259 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { 260 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) 261 return 262 } 263 264 case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: 265 // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. 266 if _, err = c.App.GetChannelMember(c.Params.ChannelId, c.App.Session.UserId); err != nil { 267 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 268 return 269 } 270 271 default: 272 c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden) 273 return 274 } 275 276 rchannel, err := c.App.PatchChannel(oldChannel, patch, c.App.Session.UserId) 277 if err != nil { 278 c.Err = err 279 return 280 } 281 282 err = c.App.FillInChannelProps(rchannel) 283 if err != nil { 284 c.Err = err 285 return 286 } 287 288 c.LogAudit("") 289 w.Write([]byte(rchannel.ToJson())) 290 } 291 292 func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { 293 c.RequireChannelId() 294 if c.Err != nil { 295 return 296 } 297 298 channel, err := c.App.GetChannel(c.Params.ChannelId) 299 if err != nil { 300 c.Err = err 301 return 302 } 303 teamId := channel.TeamId 304 305 if !c.App.SessionHasPermissionToTeam(c.App.Session, teamId, model.PERMISSION_MANAGE_TEAM) { 306 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 307 return 308 } 309 310 channel, err = c.App.RestoreChannel(channel) 311 if err != nil { 312 c.Err = err 313 return 314 } 315 316 c.LogAudit("name=" + channel.Name) 317 w.Write([]byte(channel.ToJson())) 318 319 } 320 321 func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { 322 userIds := model.ArrayFromJson(r.Body) 323 allowed := false 324 325 if len(userIds) != 2 { 326 c.SetInvalidParam("user_ids") 327 return 328 } 329 330 for _, id := range userIds { 331 if len(id) != 26 { 332 c.SetInvalidParam("user_id") 333 return 334 } 335 if id == c.App.Session.UserId { 336 allowed = true 337 } 338 } 339 340 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { 341 c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) 342 return 343 } 344 345 if !allowed && !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 346 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 347 return 348 } 349 350 sc, err := c.App.GetOrCreateDirectChannel(userIds[0], userIds[1]) 351 if err != nil { 352 c.Err = err 353 return 354 } 355 356 w.WriteHeader(http.StatusCreated) 357 w.Write([]byte(sc.ToJson())) 358 } 359 360 func searchGroupChannels(c *Context, w http.ResponseWriter, r *http.Request) { 361 props := model.ChannelSearchFromJson(r.Body) 362 if props == nil { 363 c.SetInvalidParam("channel_search") 364 return 365 } 366 367 groupChannels, err := c.App.SearchGroupChannels(c.App.Session.UserId, props.Term) 368 if err != nil { 369 c.Err = err 370 return 371 } 372 373 w.Write([]byte(groupChannels.ToJson())) 374 } 375 376 func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { 377 userIds := model.ArrayFromJson(r.Body) 378 379 if len(userIds) == 0 { 380 c.SetInvalidParam("user_ids") 381 return 382 } 383 384 found := false 385 for _, id := range userIds { 386 if len(id) != 26 { 387 c.SetInvalidParam("user_id") 388 return 389 } 390 if id == c.App.Session.UserId { 391 found = true 392 } 393 } 394 395 if !found { 396 userIds = append(userIds, c.App.Session.UserId) 397 } 398 399 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { 400 c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) 401 return 402 } 403 404 groupChannel, err := c.App.CreateGroupChannel(userIds, c.App.Session.UserId) 405 if err != nil { 406 c.Err = err 407 return 408 } 409 410 w.WriteHeader(http.StatusCreated) 411 w.Write([]byte(groupChannel.ToJson())) 412 } 413 414 func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { 415 c.RequireChannelId() 416 if c.Err != nil { 417 return 418 } 419 420 channel, err := c.App.GetChannel(c.Params.ChannelId) 421 if err != nil { 422 c.Err = err 423 return 424 } 425 426 if channel.Type == model.CHANNEL_OPEN { 427 if !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) && !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 428 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 429 return 430 } 431 } else { 432 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 433 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 434 return 435 } 436 } 437 438 err = c.App.FillInChannelProps(channel) 439 if err != nil { 440 c.Err = err 441 return 442 } 443 444 w.Write([]byte(channel.ToJson())) 445 } 446 447 func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { 448 c.RequireChannelId().RequireUserId() 449 if c.Err != nil { 450 return 451 } 452 453 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 454 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 455 return 456 } 457 458 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 459 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 460 return 461 } 462 463 channelUnread, err := c.App.GetChannelUnread(c.Params.ChannelId, c.Params.UserId) 464 if err != nil { 465 c.Err = err 466 return 467 } 468 469 w.Write([]byte(channelUnread.ToJson())) 470 } 471 472 func getChannelStats(c *Context, w http.ResponseWriter, r *http.Request) { 473 c.RequireChannelId() 474 if c.Err != nil { 475 return 476 } 477 478 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 479 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 480 return 481 } 482 483 memberCount, err := c.App.GetChannelMemberCount(c.Params.ChannelId) 484 if err != nil { 485 c.Err = err 486 return 487 } 488 489 stats := model.ChannelStats{ChannelId: c.Params.ChannelId, MemberCount: memberCount} 490 w.Write([]byte(stats.ToJson())) 491 } 492 493 func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { 494 c.RequireChannelId() 495 if c.Err != nil { 496 return 497 } 498 499 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 500 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 501 return 502 } 503 504 posts, err := c.App.GetPinnedPosts(c.Params.ChannelId) 505 if err != nil { 506 c.Err = err 507 return 508 } 509 510 if c.HandleEtag(posts.Etag(), "Get Pinned Posts", w, r) { 511 return 512 } 513 514 clientPostList := c.App.PreparePostListForClient(posts) 515 516 w.Header().Set(model.HEADER_ETAG_SERVER, clientPostList.Etag()) 517 w.Write([]byte(clientPostList.ToJson())) 518 } 519 520 func getAllChannels(c *Context, w http.ResponseWriter, r *http.Request) { 521 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 522 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 523 return 524 } 525 526 opts := model.ChannelSearchOpts{ 527 NotAssociatedToGroup: c.Params.NotAssociatedToGroup, 528 ExcludeDefaultChannels: c.Params.ExcludeDefaultChannels, 529 } 530 531 channels, err := c.App.GetAllChannels(c.Params.Page, c.Params.PerPage, opts) 532 if err != nil { 533 c.Err = err 534 return 535 } 536 537 var payload []byte 538 if c.Params.IncludeTotalCount { 539 totalCount, err := c.App.GetAllChannelsCount(opts) 540 if err != nil { 541 c.Err = err 542 return 543 } 544 cwc := &model.ChannelsWithCount{ 545 Channels: channels, 546 TotalCount: totalCount, 547 } 548 payload = cwc.ToJson() 549 } else { 550 payload = []byte(channels.ToJson()) 551 } 552 553 w.Write(payload) 554 } 555 556 func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 557 c.RequireTeamId() 558 if c.Err != nil { 559 return 560 } 561 562 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 563 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 564 return 565 } 566 567 channels, err := c.App.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 568 if err != nil { 569 c.Err = err 570 return 571 } 572 573 err = c.App.FillInChannelsProps(channels) 574 if err != nil { 575 c.Err = err 576 return 577 } 578 579 w.Write([]byte(channels.ToJson())) 580 } 581 582 func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 583 c.RequireTeamId() 584 if c.Err != nil { 585 return 586 } 587 588 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { 589 c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) 590 return 591 } 592 593 channels, err := c.App.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage) 594 if err != nil { 595 c.Err = err 596 return 597 } 598 599 err = c.App.FillInChannelsProps(channels) 600 if err != nil { 601 c.Err = err 602 return 603 } 604 605 w.Write([]byte(channels.ToJson())) 606 } 607 608 func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 609 c.RequireTeamId() 610 if c.Err != nil { 611 return 612 } 613 614 channelIds := model.ArrayFromJson(r.Body) 615 if len(channelIds) == 0 { 616 c.SetInvalidParam("channel_ids") 617 return 618 } 619 620 for _, cid := range channelIds { 621 if len(cid) != 26 { 622 c.SetInvalidParam("channel_id") 623 return 624 } 625 } 626 627 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 628 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 629 return 630 } 631 632 channels, err := c.App.GetPublicChannelsByIdsForTeam(c.Params.TeamId, channelIds) 633 if err != nil { 634 c.Err = err 635 return 636 } 637 638 err = c.App.FillInChannelsProps(channels) 639 if err != nil { 640 c.Err = err 641 return 642 } 643 644 w.Write([]byte(channels.ToJson())) 645 } 646 647 func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { 648 c.RequireUserId().RequireTeamId() 649 if c.Err != nil { 650 return 651 } 652 653 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 654 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 655 return 656 } 657 658 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 659 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 660 return 661 } 662 663 channels, err := c.App.GetChannelsForUser(c.Params.TeamId, c.Params.UserId, false) 664 if err != nil { 665 c.Err = err 666 return 667 } 668 669 if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { 670 return 671 } 672 673 err = c.App.FillInChannelsProps(channels) 674 if err != nil { 675 c.Err = err 676 return 677 } 678 679 w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) 680 w.Write([]byte(channels.ToJson())) 681 } 682 683 func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 684 c.RequireTeamId() 685 if c.Err != nil { 686 return 687 } 688 689 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 690 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 691 return 692 } 693 694 name := r.URL.Query().Get("name") 695 696 channels, err := c.App.AutocompleteChannels(c.Params.TeamId, name) 697 if err != nil { 698 c.Err = err 699 return 700 } 701 702 // Don't fill in channels props, since unused by client and potentially expensive. 703 704 w.Write([]byte(channels.ToJson())) 705 } 706 707 func autocompleteChannelsForTeamForSearch(c *Context, w http.ResponseWriter, r *http.Request) { 708 c.RequireTeamId() 709 if c.Err != nil { 710 return 711 } 712 713 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 714 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 715 return 716 } 717 718 name := r.URL.Query().Get("name") 719 720 channels, err := c.App.AutocompleteChannelsForSearch(c.Params.TeamId, c.App.Session.UserId, name) 721 if err != nil { 722 c.Err = err 723 return 724 } 725 726 // Don't fill in channels props, since unused by client and potentially expensive. 727 728 w.Write([]byte(channels.ToJson())) 729 } 730 731 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { 732 c.RequireTeamId() 733 if c.Err != nil { 734 return 735 } 736 737 props := model.ChannelSearchFromJson(r.Body) 738 if props == nil { 739 c.SetInvalidParam("channel_search") 740 return 741 } 742 743 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { 744 c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) 745 return 746 } 747 748 channels, err := c.App.SearchChannels(c.Params.TeamId, props.Term) 749 if err != nil { 750 c.Err = err 751 return 752 } 753 754 // Don't fill in channels props, since unused by client and potentially expensive. 755 756 w.Write([]byte(channels.ToJson())) 757 } 758 759 func searchAllChannels(c *Context, w http.ResponseWriter, r *http.Request) { 760 props := model.ChannelSearchFromJson(r.Body) 761 if props == nil { 762 c.SetInvalidParam("channel_search") 763 return 764 } 765 766 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 767 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 768 return 769 } 770 771 opts := model.ChannelSearchOpts{ 772 NotAssociatedToGroup: props.NotAssociatedToGroup, 773 ExcludeDefaultChannels: props.ExcludeDefaultChannels, 774 IncludeDeleted: r.URL.Query().Get("include_deleted") == "true", 775 } 776 777 channels, err := c.App.SearchAllChannels(props.Term, opts) 778 if err != nil { 779 c.Err = err 780 return 781 } 782 783 // Don't fill in channels props, since unused by client and potentially expensive. 784 785 w.Write([]byte(channels.ToJson())) 786 } 787 788 func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { 789 c.RequireChannelId() 790 if c.Err != nil { 791 return 792 } 793 794 channel, err := c.App.GetChannel(c.Params.ChannelId) 795 if err != nil { 796 c.Err = err 797 return 798 } 799 800 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 801 c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest) 802 return 803 } 804 805 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { 806 c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) 807 return 808 } 809 810 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { 811 c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) 812 return 813 } 814 815 err = c.App.DeleteChannel(channel, c.App.Session.UserId) 816 if err != nil { 817 c.Err = err 818 return 819 } 820 821 c.LogAudit("name=" + channel.Name) 822 823 ReturnStatusOK(w) 824 } 825 826 func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { 827 c.RequireTeamId().RequireChannelName() 828 if c.Err != nil { 829 return 830 } 831 832 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 833 834 channel, err := c.App.GetChannelByName(c.Params.ChannelName, c.Params.TeamId, includeDeleted) 835 if err != nil { 836 c.Err = err 837 return 838 } 839 840 if channel.Type == model.CHANNEL_OPEN { 841 if !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 842 c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) 843 return 844 } 845 } else { 846 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 847 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 848 return 849 } 850 } 851 852 err = c.App.FillInChannelProps(channel) 853 if err != nil { 854 c.Err = err 855 return 856 } 857 858 w.Write([]byte(channel.ToJson())) 859 } 860 861 func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { 862 c.RequireTeamName().RequireChannelName() 863 if c.Err != nil { 864 return 865 } 866 867 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 868 869 channel, err := c.App.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName, includeDeleted) 870 if err != nil { 871 c.Err = err 872 return 873 } 874 875 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { 876 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 877 return 878 } 879 880 err = c.App.FillInChannelProps(channel) 881 if err != nil { 882 c.Err = err 883 return 884 } 885 886 w.Write([]byte(channel.ToJson())) 887 } 888 889 func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { 890 c.RequireChannelId() 891 if c.Err != nil { 892 return 893 } 894 895 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 896 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 897 return 898 } 899 900 members, err := c.App.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage) 901 if err != nil { 902 c.Err = err 903 return 904 } 905 906 w.Write([]byte(members.ToJson())) 907 } 908 909 func getChannelMembersTimezones(c *Context, w http.ResponseWriter, r *http.Request) { 910 c.RequireChannelId() 911 if c.Err != nil { 912 return 913 } 914 915 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 916 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 917 return 918 } 919 920 membersTimezones, err := c.App.GetChannelMembersTimezones(c.Params.ChannelId) 921 if err != nil { 922 c.Err = err 923 return 924 } 925 926 w.Write([]byte(model.ArrayToJson(membersTimezones))) 927 } 928 929 func getChannelMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 930 c.RequireChannelId() 931 if c.Err != nil { 932 return 933 } 934 935 userIds := model.ArrayFromJson(r.Body) 936 if len(userIds) == 0 { 937 c.SetInvalidParam("user_ids") 938 return 939 } 940 941 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 942 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 943 return 944 } 945 946 members, err := c.App.GetChannelMembersByIds(c.Params.ChannelId, userIds) 947 if err != nil { 948 c.Err = err 949 return 950 } 951 952 w.Write([]byte(members.ToJson())) 953 } 954 955 func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 956 c.RequireChannelId().RequireUserId() 957 if c.Err != nil { 958 return 959 } 960 961 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { 962 c.SetPermissionError(model.PERMISSION_READ_CHANNEL) 963 return 964 } 965 966 member, err := c.App.GetChannelMember(c.Params.ChannelId, c.Params.UserId) 967 if err != nil { 968 c.Err = err 969 return 970 } 971 972 w.Write([]byte(member.ToJson())) 973 } 974 975 func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { 976 c.RequireUserId().RequireTeamId() 977 if c.Err != nil { 978 return 979 } 980 981 if !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { 982 c.SetPermissionError(model.PERMISSION_VIEW_TEAM) 983 return 984 } 985 986 if c.App.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.App.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { 987 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 988 return 989 } 990 991 members, err := c.App.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId) 992 if err != nil { 993 c.Err = err 994 return 995 } 996 997 w.Write([]byte(members.ToJson())) 998 } 999 1000 func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { 1001 c.RequireUserId() 1002 if c.Err != nil { 1003 return 1004 } 1005 1006 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 1007 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 1008 return 1009 } 1010 1011 view := model.ChannelViewFromJson(r.Body) 1012 if view == nil { 1013 c.SetInvalidParam("channel_view") 1014 return 1015 } 1016 1017 // Validate view struct 1018 // Check IDs are valid or blank. Blank IDs are used to denote focus loss or inital channel view. 1019 if view.ChannelId != "" && !model.IsValidId(view.ChannelId) { 1020 c.SetInvalidParam("channel_view.channel_id") 1021 return 1022 } 1023 if view.PrevChannelId != "" && !model.IsValidId(view.PrevChannelId) { 1024 c.SetInvalidParam("channel_view.prev_channel_id") 1025 return 1026 } 1027 1028 times, err := c.App.ViewChannel(view, c.Params.UserId, c.App.Session.Id) 1029 if err != nil { 1030 c.Err = err 1031 return 1032 } 1033 1034 c.App.UpdateLastActivityAtIfNeeded(c.App.Session) 1035 1036 // Returning {"status": "OK", ...} for backwards compatibility 1037 resp := &model.ChannelViewResponse{ 1038 Status: "OK", 1039 LastViewedAtTimes: times, 1040 } 1041 1042 w.Write([]byte(resp.ToJson())) 1043 } 1044 1045 func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { 1046 c.RequireChannelId().RequireUserId() 1047 if c.Err != nil { 1048 return 1049 } 1050 1051 props := model.MapFromJson(r.Body) 1052 1053 newRoles := props["roles"] 1054 if !(model.IsValidUserRoles(newRoles)) { 1055 c.SetInvalidParam("roles") 1056 return 1057 } 1058 1059 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 1060 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 1061 return 1062 } 1063 1064 if _, err := c.App.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { 1065 c.Err = err 1066 return 1067 } 1068 1069 ReturnStatusOK(w) 1070 } 1071 1072 func updateChannelMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.Request) { 1073 c.RequireChannelId().RequireUserId() 1074 if c.Err != nil { 1075 return 1076 } 1077 1078 schemeRoles := model.SchemeRolesFromJson(r.Body) 1079 if schemeRoles == nil { 1080 c.SetInvalidParam("scheme_roles") 1081 return 1082 } 1083 1084 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { 1085 c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) 1086 return 1087 } 1088 1089 if _, err := c.App.UpdateChannelMemberSchemeRoles(c.Params.ChannelId, c.Params.UserId, schemeRoles.SchemeGuest, schemeRoles.SchemeUser, schemeRoles.SchemeAdmin); err != nil { 1090 c.Err = err 1091 return 1092 } 1093 1094 ReturnStatusOK(w) 1095 } 1096 1097 func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) { 1098 c.RequireChannelId().RequireUserId() 1099 if c.Err != nil { 1100 return 1101 } 1102 1103 props := model.MapFromJson(r.Body) 1104 if props == nil { 1105 c.SetInvalidParam("notify_props") 1106 return 1107 } 1108 1109 if !c.App.SessionHasPermissionToUser(c.App.Session, c.Params.UserId) { 1110 c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) 1111 return 1112 } 1113 1114 _, err := c.App.UpdateChannelMemberNotifyProps(props, c.Params.ChannelId, c.Params.UserId) 1115 if err != nil { 1116 c.Err = err 1117 return 1118 } 1119 1120 ReturnStatusOK(w) 1121 } 1122 1123 func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 1124 c.RequireChannelId() 1125 if c.Err != nil { 1126 return 1127 } 1128 1129 props := model.StringInterfaceFromJson(r.Body) 1130 userId, ok := props["user_id"].(string) 1131 if !ok || len(userId) != 26 { 1132 c.SetInvalidParam("user_id") 1133 return 1134 } 1135 1136 member := &model.ChannelMember{ 1137 ChannelId: c.Params.ChannelId, 1138 UserId: userId, 1139 } 1140 1141 postRootId, ok := props["post_root_id"].(string) 1142 if ok && len(postRootId) != 0 && len(postRootId) != 26 { 1143 c.SetInvalidParam("post_root_id") 1144 return 1145 } 1146 1147 if ok && len(postRootId) == 26 { 1148 rootPost, err := c.App.GetSinglePost(postRootId) 1149 if err != nil { 1150 c.Err = err 1151 return 1152 } 1153 if rootPost.ChannelId != member.ChannelId { 1154 c.SetInvalidParam("post_root_id") 1155 return 1156 } 1157 } 1158 1159 channel, err := c.App.GetChannel(member.ChannelId) 1160 if err != nil { 1161 c.Err = err 1162 return 1163 } 1164 1165 if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { 1166 c.Err = model.NewAppError("addUserToChannel", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) 1167 return 1168 } 1169 1170 isNewMembership := false 1171 if _, err = c.App.GetChannelMember(member.ChannelId, member.UserId); err != nil { 1172 if err.Id == store.MISSING_CHANNEL_MEMBER_ERROR { 1173 isNewMembership = true 1174 } else { 1175 c.Err = err 1176 return 1177 } 1178 } 1179 1180 isSelfAdd := member.UserId == c.App.Session.UserId 1181 1182 if channel.Type == model.CHANNEL_OPEN { 1183 if isSelfAdd && isNewMembership { 1184 if !c.App.SessionHasPermissionToTeam(c.App.Session, channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) { 1185 c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS) 1186 return 1187 } 1188 } else if isSelfAdd && !isNewMembership { 1189 // nothing to do, since already in the channel 1190 } else if !isSelfAdd { 1191 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1192 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1193 return 1194 } 1195 } 1196 } 1197 1198 if channel.Type == model.CHANNEL_PRIVATE { 1199 if isSelfAdd && isNewMembership { 1200 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1201 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1202 return 1203 } 1204 } else if isSelfAdd && !isNewMembership { 1205 // nothing to do, since already in the channel 1206 } else if !isSelfAdd { 1207 if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1208 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1209 return 1210 } 1211 } 1212 } 1213 1214 if channel.IsGroupConstrained() { 1215 nonMembers, err := c.App.FilterNonGroupChannelMembers([]string{member.UserId}, channel) 1216 if err != nil { 1217 if v, ok := err.(*model.AppError); ok { 1218 c.Err = v 1219 } else { 1220 c.Err = model.NewAppError("addChannelMember", "api.channel.add_members.error", nil, err.Error(), http.StatusBadRequest) 1221 } 1222 return 1223 } 1224 if len(nonMembers) > 0 { 1225 c.Err = model.NewAppError("addChannelMember", "api.channel.add_members.user_denied", map[string]interface{}{"UserIDs": nonMembers}, "", http.StatusBadRequest) 1226 return 1227 } 1228 } 1229 1230 cm, err := c.App.AddChannelMember(member.UserId, channel, c.App.Session.UserId, postRootId) 1231 if err != nil { 1232 c.Err = err 1233 return 1234 } 1235 1236 c.LogAudit("name=" + channel.Name + " user_id=" + cm.UserId) 1237 w.WriteHeader(http.StatusCreated) 1238 w.Write([]byte(cm.ToJson())) 1239 } 1240 1241 func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { 1242 c.RequireChannelId().RequireUserId() 1243 if c.Err != nil { 1244 return 1245 } 1246 1247 channel, err := c.App.GetChannel(c.Params.ChannelId) 1248 if err != nil { 1249 c.Err = err 1250 return 1251 } 1252 1253 if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) { 1254 c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest) 1255 return 1256 } 1257 1258 if channel.IsGroupConstrained() && (c.Params.UserId != c.App.Session.UserId) { 1259 c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_member.group_constrained.app_error", nil, "", http.StatusBadRequest) 1260 return 1261 } 1262 1263 if c.Params.UserId != c.App.Session.UserId { 1264 if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { 1265 c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) 1266 return 1267 } 1268 1269 if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { 1270 c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) 1271 return 1272 } 1273 } 1274 1275 if err = c.App.RemoveUserFromChannel(c.Params.UserId, c.App.Session.UserId, channel); err != nil { 1276 c.Err = err 1277 return 1278 } 1279 1280 c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) 1281 1282 ReturnStatusOK(w) 1283 } 1284 1285 func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) { 1286 c.RequireChannelId() 1287 if c.Err != nil { 1288 return 1289 } 1290 1291 schemeID := model.SchemeIDFromJson(r.Body) 1292 if schemeID == nil || len(*schemeID) != 26 { 1293 c.SetInvalidParam("scheme_id") 1294 return 1295 } 1296 1297 if c.App.License() == nil { 1298 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusNotImplemented) 1299 return 1300 } 1301 1302 if !c.App.SessionHasPermissionToChannel(c.App.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_SYSTEM) { 1303 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 1304 return 1305 } 1306 1307 scheme, err := c.App.GetScheme(*schemeID) 1308 if err != nil { 1309 c.Err = err 1310 return 1311 } 1312 1313 if scheme.Scope != model.SCHEME_SCOPE_CHANNEL { 1314 c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.scheme_scope.error", nil, "", http.StatusBadRequest) 1315 return 1316 } 1317 1318 channel, err := c.App.GetChannel(c.Params.ChannelId) 1319 if err != nil { 1320 c.Err = err 1321 return 1322 } 1323 1324 channel.SchemeId = &scheme.Id 1325 1326 _, err = c.App.UpdateChannelScheme(channel) 1327 if err != nil { 1328 c.Err = err 1329 return 1330 } 1331 1332 ReturnStatusOK(w) 1333 } 1334 1335 func channelMembersMinusGroupMembers(c *Context, w http.ResponseWriter, r *http.Request) { 1336 c.RequireChannelId() 1337 if c.Err != nil { 1338 return 1339 } 1340 1341 groupIDsParam := groupIDsQueryParamRegex.ReplaceAllString(c.Params.GroupIDs, "") 1342 1343 if len(groupIDsParam) < 26 { 1344 c.SetInvalidParam("group_ids") 1345 return 1346 } 1347 1348 groupIDs := []string{} 1349 for _, gid := range strings.Split(c.Params.GroupIDs, ",") { 1350 if len(gid) != 26 { 1351 c.SetInvalidParam("group_ids") 1352 return 1353 } 1354 groupIDs = append(groupIDs, gid) 1355 } 1356 1357 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 1358 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 1359 return 1360 } 1361 1362 users, totalCount, err := c.App.ChannelMembersMinusGroupMembers( 1363 c.Params.ChannelId, 1364 groupIDs, 1365 c.Params.Page, 1366 c.Params.PerPage, 1367 ) 1368 if err != nil { 1369 c.Err = err 1370 return 1371 } 1372 1373 b, marshalErr := json.Marshal(&model.UsersWithGroupsAndCount{ 1374 Users: users, 1375 Count: totalCount, 1376 }) 1377 if marshalErr != nil { 1378 c.Err = model.NewAppError("Api4.channelMembersMinusGroupMembers", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError) 1379 return 1380 } 1381 1382 w.Write(b) 1383 }