Implement update IncomingHook for apiV4 (#5762)

3 files changed, 238 insertions, 0 deletions

diff --git a/api4/webhook.go b/api4/webhook.go
index 923f66ad3..feecdbd0f 100644
--- a/api4/webhook.go
+++ b/api4/webhook.go
@@ -18,6 +18,7 @@ func InitWebhook() {
 	BaseRoutes.IncomingHooks.Handle("", ApiSessionRequired(createIncomingHook)).Methods("POST")
 	BaseRoutes.IncomingHooks.Handle("", ApiSessionRequired(getIncomingHooks)).Methods("GET")
 	BaseRoutes.IncomingHook.Handle("", ApiSessionRequired(getIncomingHook)).Methods("GET")
+	BaseRoutes.IncomingHook.Handle("", ApiSessionRequired(updateIncomingHook)).Methods("PUT")
 	BaseRoutes.IncomingHook.Handle("", ApiSessionRequired(deleteIncomingHook)).Methods("DELETE")
 
 	BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(createOutgoingHook)).Methods("POST")
@@ -60,6 +61,66 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireHookId()
+	if c.Err != nil {
+		return
+	}
+
+	hookID := c.Params.HookId
+
+	updatedHook := model.IncomingWebhookFromJson(r.Body)
+	if updatedHook == nil {
+		c.SetInvalidParam("incoming_webhook")
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	oldHook, err := app.GetIncomingWebhook(hookID)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	if updatedHook.TeamId != oldHook.TeamId {
+		c.Err = model.NewAppError("updateIncomingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusBadRequest)
+		return
+	}
+
+	if !app.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
+		return
+	}
+
+	if c.Session.UserId != updatedHook.UserId && !app.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+		c.LogAudit("fail - inappropriate permissions")
+		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
+		return
+	}
+
+	channel, err := app.GetChannel(updatedHook.ChannelId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	if channel.Type != model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
+		c.LogAudit("fail - bad channel permissions")
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if incomingHook, err := app.UpdateIncomingWebhook(oldHook, updatedHook); err != nil {
+		c.Err = err
+		return
+	} else {
+		c.LogAudit("success")
+		w.WriteHeader(http.StatusCreated)
+		w.Write([]byte(incomingHook.ToJson()))
+	}
+}
+
 func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
 	teamId := r.URL.Query().Get("team_id")
 
diff --git a/api4/webhook_test.go b/api4/webhook_test.go
index 2d8a1e8f9..b488f432c 100644
--- a/api4/webhook_test.go
+++ b/api4/webhook_test.go
@@ -418,3 +418,169 @@ func TestGetOutgoingWebhooks(t *testing.T) {
 	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
 	CheckUnauthorizedStatus(t, resp)
 }
+
+func TestUpdateIncomingHook(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks
+	enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+	defer func() {
+		utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks
+		utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks
+		utils.SetDefaultRolesBasedOnConfig()
+	}()
+	utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+	utils.SetDefaultRolesBasedOnConfig()
+
+	hook1 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
+
+	createdHook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook1)
+	CheckNoError(t, resp)
+
+	t.Run("UpdateIncomingHook", func(t *testing.T) {
+		createdHook.DisplayName = "hook2"
+		createdHook.Description = "description"
+		createdHook.ChannelId = th.BasicChannel2.Id
+
+		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
+		CheckNoError(t, resp)
+		if updatedHook != nil {
+			if updatedHook.DisplayName != "hook2" {
+				t.Fatal("Hook name is not updated")
+			}
+
+			if updatedHook.Description != "description" {
+				t.Fatal("Hook description is not updated")
+			}
+
+			if updatedHook.ChannelId != th.BasicChannel2.Id {
+				t.Fatal("Hook channel is not updated")
+			}
+		} else {
+			t.Fatal("should not be nil")
+		}
+	})
+
+	t.Run("RetainCreateAt", func(t *testing.T) {
+		hook2 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, CreateAt: 100}
+
+		createdHook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook2)
+		CheckNoError(t, resp)
+
+		createdHook.DisplayName = "Name2"
+
+		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
+		CheckNoError(t, resp)
+		if updatedHook != nil {
+			if updatedHook.CreateAt != createdHook.CreateAt {
+				t.Fatal("failed - hook create at should not be changed")
+			}
+		} else {
+			t.Fatal("should not be nil")
+		}
+	})
+
+	t.Run("ModifyUpdateAt", func(t *testing.T) {
+		createdHook.DisplayName = "Name3"
+
+		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
+		CheckNoError(t, resp)
+		if updatedHook != nil {
+			if updatedHook.UpdateAt == createdHook.UpdateAt {
+				t.Fatal("failed - hook updateAt is not updated")
+			}
+		} else {
+			t.Fatal("should not be nil")
+		}
+	})
+
+	t.Run("UpdateNonExistentHook", func(t *testing.T) {
+		nonExistentHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
+
+		_, resp := th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook)
+		CheckNotFoundStatus(t, resp)
+
+		nonExistentHook.Id = model.NewId()
+		_, resp = th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook)
+		CheckNotFoundStatus(t, resp)
+	})
+
+	t.Run("UserIsNotAdminOfTeam", func(t *testing.T) {
+		_, resp := Client.UpdateIncomingWebhook(createdHook)
+		CheckForbiddenStatus(t, resp)
+	})
+
+	utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true
+
+	t.Run("OnlyAdminIntegrationsDisabled", func(t *testing.T) {
+		*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+		utils.SetDefaultRolesBasedOnConfig()
+
+		t.Run("UpdateHookOfSameUser", func(t *testing.T) {
+			sameUserHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, UserId: th.BasicUser2.Id}
+
+			sameUserHook, resp := Client.CreateIncomingWebhook(sameUserHook)
+			CheckNoError(t, resp)
+
+			_, resp = Client.UpdateIncomingWebhook(sameUserHook)
+			CheckNoError(t, resp)
+		})
+
+		t.Run("UpdateHookOfDifferentUser", func(t *testing.T) {
+			_, resp := Client.UpdateIncomingWebhook(createdHook)
+			CheckForbiddenStatus(t, resp)
+		})
+	})
+
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+	utils.SetDefaultRolesBasedOnConfig()
+
+	Client.Logout()
+	UpdateUserToTeamAdmin(th.BasicUser2, th.BasicTeam)
+	th.LoginBasic2()
+	t.Run("UpdateByDifferentUser", func(t *testing.T) {
+		updatedHook, resp := Client.UpdateIncomingWebhook(createdHook)
+		CheckNoError(t, resp)
+		if updatedHook.UserId == th.BasicUser2.Id {
+			t.Fatal("Hook's creator userId is not retained")
+		}
+	})
+
+	t.Run("IncomingHooksDisabled", func(t *testing.T) {
+		utils.Cfg.ServiceSettings.EnableIncomingWebhooks = false
+		_, resp := Client.UpdateIncomingWebhook(createdHook)
+		CheckNotImplementedStatus(t, resp)
+		CheckErrorMessage(t, resp, "api.incoming_webhook.disabled.app_error")
+	})
+
+	utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true
+
+	t.Run("PrivateChannel", func(t *testing.T) {
+		privateChannel := th.CreatePrivateChannel()
+		Client.Logout()
+		th.LoginBasic()
+		createdHook.ChannelId = privateChannel.Id
+
+		_, resp := Client.UpdateIncomingWebhook(createdHook)
+		CheckForbiddenStatus(t, resp)
+	})
+
+	t.Run("UpdateToNonExistentChannel", func(t *testing.T) {
+		createdHook.ChannelId = "junk"
+		_, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
+		CheckNotFoundStatus(t, resp)
+	})
+
+	team := th.CreateTeamWithClient(Client)
+	user := th.CreateUserWithClient(Client)
+	LinkUserToTeam(user, team)
+	Client.Logout()
+	Client.Login(user.Id, user.Password)
+	t.Run("UpdateToADifferentTeam", func(t *testing.T) {
+		_, resp := Client.UpdateIncomingWebhook(createdHook)
+		CheckUnauthorizedStatus(t, resp)
+	})
+}
diff --git a/model/client4.go b/model/client4.go
index 8f3328e80..2da69b6b4 100644
--- a/model/client4.go
+++ b/model/client4.go
@@ -1149,6 +1149,7 @@ func (c *Client4) ReloadConfig() (bool, *Response) {
 	}
 }
 
+// DatabaseRecycle will recycle the connections. Discard current connection and get new one.
 func (c *Client4) DatabaseRecycle() (bool, *Response) {
 	if r, err := c.DoApiPost(c.GetDatabaseRoute()+"/recycle", ""); err != nil {
 		return false, &Response{StatusCode: r.StatusCode, Error: err}
@@ -1179,6 +1180,16 @@ func (c *Client4) CreateIncomingWebhook(hook *IncomingWebhook) (*IncomingWebhook
 	}
 }
 
+// UpdateIncomingWebhook updates an incoming webhook for a channel.
+func (c *Client4) UpdateIncomingWebhook(hook *IncomingWebhook) (*IncomingWebhook, *Response) {
+	if r, err := c.DoApiPut(c.GetIncomingWebhookRoute(hook.Id), hook.ToJson()); err != nil {
+		return nil, &Response{StatusCode: r.StatusCode, Error: err}
+	} else {
+		defer closeBody(r)
+		return IncomingWebhookFromJson(r.Body), BuildResponse(r)
+	}
+}
+
 // GetIncomingWebhooks returns a page of incoming webhooks on the system. Page counting starts at 0.
 func (c *Client4) GetIncomingWebhooks(page int, perPage int, etag string) ([]*IncomingWebhook, *Response) {
 	query := fmt.Sprintf("?page=%v&per_page=%v", page, perPage)