diff options
author | Poornima <mpoornima@users.noreply.github.com> | 2017-02-27 00:18:20 +0530 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2017-02-26 13:48:20 -0500 |
commit | 19b753467d37209f2227567637e60138d05dd405 (patch) | |
tree | 163ba0878c02267ecbbcb288e11d23e30ec9c8eb /api/webhook.go | |
parent | c0bb6f99f89259f6728856ace23d5dd505494b26 (diff) | |
download | chat-19b753467d37209f2227567637e60138d05dd405.tar.gz chat-19b753467d37209f2227567637e60138d05dd405.tar.bz2 chat-19b753467d37209f2227567637e60138d05dd405.zip |
Adding edit of incoming webhook (#5272)
Adding edit of outgoing webhook
Fixing spelling of error
Fixing style
Changing from PUT to POST for updates
Fixing test failures due to merge
Diffstat (limited to 'api/webhook.go')
-rw-r--r-- | api/webhook.go | 282 |
1 files changed, 226 insertions, 56 deletions
diff --git a/api/webhook.go b/api/webhook.go index 638607a32..c1e1ce974 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -21,10 +21,12 @@ func InitWebhook() { l4g.Debug(utils.T("api.webhook.init.debug")) BaseRoutes.Hooks.Handle("/incoming/create", ApiUserRequired(createIncomingHook)).Methods("POST") + BaseRoutes.Hooks.Handle("/incoming/update", ApiUserRequired(updateIncomingHook)).Methods("POST") BaseRoutes.Hooks.Handle("/incoming/delete", ApiUserRequired(deleteIncomingHook)).Methods("POST") BaseRoutes.Hooks.Handle("/incoming/list", ApiUserRequired(getIncomingHooks)).Methods("GET") BaseRoutes.Hooks.Handle("/outgoing/create", ApiUserRequired(createOutgoingHook)).Methods("POST") + BaseRoutes.Hooks.Handle("/outgoing/update", ApiUserRequired(updateOutgoingHook)).Methods("POST") BaseRoutes.Hooks.Handle("/outgoing/regen_token", ApiUserRequired(regenOutgoingHookToken)).Methods("POST") BaseRoutes.Hooks.Handle("/outgoing/delete", ApiUserRequired(deleteOutgoingHook)).Methods("POST") BaseRoutes.Hooks.Handle("/outgoing/list", ApiUserRequired(getOutgoingHooks)).Methods("GET") @@ -71,16 +73,86 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { } } +func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { + if err := checkIncomingWebHooks("updateIncomingHook", "api.webhook.update_incoming.disabled.app_error"); err != nil { + c.Err = err + return + } + + if err := checkManageWebhooksPermission(c, "updateIncomingHook", "api.command.admin_only.app_error"); err != nil { + c.Err = err + return + } + + c.LogAudit("attempt") + + hook := model.IncomingWebhookFromJson(r.Body) + + if hook == nil { + c.SetInvalidParam("updateIncomingHook", "webhook") + return + } + + var oldHook *model.IncomingWebhook + var result store.StoreResult + + if result = <-app.Srv.Store.Webhook().GetIncoming(hook.Id, true); result.Err != nil { + c.LogAudit("no existing incoming hook found") + c.Err = result.Err + return + } + + oldHook = result.Data.(*model.IncomingWebhook) + cchan := app.Srv.Store.Channel().Get(hook.ChannelId, true) + + var channel *model.Channel + if result = <-cchan; result.Err != nil { + c.Err = result.Err + return + } + + channel = result.Data.(*model.Channel) + if channel.Type != model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + c.LogAudit("fail - bad channel permissions") + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + if c.Session.UserId != oldHook.UserId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.Err = model.NewLocAppError("updateIncomingHook", "api.webhook.update_incoming.permissions.app_error", nil, "user_id="+c.Session.UserId) + return + } + + if c.TeamId != oldHook.TeamId { + c.Err = model.NewLocAppError("UpdateIncomingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId) + return + } + + hook.UserId = oldHook.UserId + hook.CreateAt = oldHook.CreateAt + hook.UpdateAt = model.GetMillis() + hook.TeamId = oldHook.TeamId + hook.DeleteAt = oldHook.DeleteAt + + if result = <-app.Srv.Store.Webhook().UpdateIncoming(hook); result.Err != nil { + c.Err = result.Err + return + } + + c.LogAudit("success") + rhook := result.Data.(*model.IncomingWebhook) + w.Write([]byte(rhook.ToJson())) +} + func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { - if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - c.Err = model.NewLocAppError("deleteIncomingHook", "api.webhook.delete_incoming.disabled.app_errror", nil, "") - c.Err.StatusCode = http.StatusNotImplemented + if err := checkIncomingWebHooks("deleteIncomingHook", "api.webhook.delete_incoming.disabled.app_error"); err != nil { + c.Err = err return } - if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { - c.Err = model.NewLocAppError("deleteIncomingHook", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden + if err := checkManageWebhooksPermission(c, "deleteIncomingHook", "api.command.admin_only.app_error"); err != nil { + c.Err = err return } @@ -100,7 +172,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { } else { if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { c.LogAudit("fail - inappropriate permissions") - c.Err = model.NewLocAppError("deleteIncomingHook", "api.webhook.delete_incoming.permissions.app_errror", nil, "user_id="+c.Session.UserId) + c.Err = model.NewLocAppError("deleteIncomingHook", "api.webhook.delete_incoming.permissions.app_error", nil, "user_id="+c.Session.UserId) return } } @@ -130,55 +202,89 @@ func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) { } } -func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { +func checkOutgoingWebHooks(where string, id string) *model.AppError { if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.disabled.app_error", nil, "") - c.Err.StatusCode = http.StatusNotImplemented - return + err := model.NewLocAppError(where, id, nil, "") + err.StatusCode = http.StatusNotImplemented + return err } - if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { - c.Err = model.NewLocAppError("createOutgoingHook", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden - return - } + return nil +} - c.LogAudit("attempt") +func checkIncomingWebHooks(where string, id string) *model.AppError { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + err := model.NewLocAppError(where, id, nil, "") + err.StatusCode = http.StatusNotImplemented + return err + } - hook := model.OutgoingWebhookFromJson(r.Body) + return nil +} - if hook == nil { - c.SetInvalidParam("createOutgoingHook", "webhook") - return +func checkManageWebhooksPermission(c *Context, where string, id string) *model.AppError { + if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + err := model.NewLocAppError(where, id, nil, "") + err.StatusCode = http.StatusForbidden + return err } - hook.CreatorId = c.Session.UserId - hook.TeamId = c.TeamId + return nil +} +func checkValidOutgoingHook(hook *model.OutgoingWebhook, c *Context, where string, id string) *model.AppError { if len(hook.ChannelId) != 0 { cchan := app.Srv.Store.Channel().Get(hook.ChannelId, true) var channel *model.Channel - if result := <-cchan; result.Err != nil { - c.Err = result.Err - return - } else { - channel = result.Data.(*model.Channel) + var result store.StoreResult + if result = <-cchan; result.Err != nil { + return result.Err } + channel = result.Data.(*model.Channel) + if channel.Type != model.CHANNEL_OPEN { c.LogAudit("fail - not open channel") - c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.not_open.app_error", nil, "") - return + return model.NewLocAppError(where, "api.webhook."+id+".not_open.app_error", nil, "") } - if channel.Type != model.CHANNEL_OPEN || channel.TeamId != c.TeamId { - c.LogAudit("fail - bad channel permissions") - c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.permissions.app_error", nil, "") - return + if channel.TeamId != c.TeamId { + c.LogAudit("fail - cannot update command to a different team") + return model.NewLocAppError(where, "api.webhook."+id+".permissions.app_error", nil, "") } } else if len(hook.TriggerWords) == 0 { - c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.triggers.app_error", nil, "") + return model.NewLocAppError(where, "api.webhook."+id+".triggers.app_error", nil, "") + } + + return nil +} + +func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { + if err := checkOutgoingWebHooks("createOutgoingHook", "api.webhook.create_outgoing.disabled.app_error"); err != nil { + c.Err = err + return + } + + if err := checkManageWebhooksPermission(c, "createOutgoingHook", "api.command.admin_only.app_error"); err != nil { + c.Err = err + return + } + + c.LogAudit("attempt") + + hook := model.OutgoingWebhookFromJson(r.Body) + + if hook == nil { + c.SetInvalidParam("createOutgoingHook", "webhook") + return + } + + hook.CreatorId = c.Session.UserId + hook.TeamId = c.TeamId + + if err := checkValidOutgoingHook(hook, c, "createOutgoingHook", "create_outgoing"); err != nil { + c.Err = err return } @@ -210,15 +316,13 @@ func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { } func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) { - if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - c.Err = model.NewLocAppError("getOutgoingHooks", "api.webhook.get_outgoing.disabled.app_error", nil, "") - c.Err.StatusCode = http.StatusNotImplemented + if err := checkOutgoingWebHooks("getOutgoingHooks", "api.webhook.get_outgoing.disabled.app_error"); err != nil { + c.Err = err return } - if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { - c.Err = model.NewLocAppError("getOutgoingHooks", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden + if err := checkManageWebhooksPermission(c, "getOutgoingHooks", "api.command.admin_only.app_error"); err != nil { + c.Err = err return } @@ -231,16 +335,85 @@ func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) { } } +func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { + if err := checkOutgoingWebHooks("updateOutgoingHook", "api.webhook.update_outgoing.disabled.app_error"); err != nil { + c.Err = err + return + } + + if err := checkManageWebhooksPermission(c, "updateOutgoingHook", "api.command.admin_only.app_error"); err != nil { + c.Err = err + return + } + + c.LogAudit("attempt") + + hook := model.OutgoingWebhookFromJson(r.Body) + + if hook == nil { + c.SetInvalidParam("updateOutgoingHook", "webhook") + return + } + + if err := checkValidOutgoingHook(hook, c, "updateOutgoingHook", "update_outgoing"); err != nil { + c.Err = err + return + } + + var result store.StoreResult + if result = <-app.Srv.Store.Webhook().GetOutgoingByTeam(c.TeamId); result.Err != nil { + c.Err = result.Err + return + } + + allHooks := result.Data.([]*model.OutgoingWebhook) + + for _, existingOutHook := range allHooks { + urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, hook.CallbackURLs) + triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, hook.TriggerWords) + + if existingOutHook.ChannelId == hook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 && existingOutHook.Id != hook.Id { + c.Err = model.NewLocAppError("updateOutgoingHook", "api.webhook.update_outgoing.intersect.app_error", nil, "") + return + } + } + + if result = <-app.Srv.Store.Webhook().GetOutgoing(hook.Id); result.Err != nil { + c.LogAudit("fail - no existing outgoing webhook found") + c.Err = result.Err + return + } + + oldHook := result.Data.(*model.OutgoingWebhook) + if c.TeamId != oldHook.TeamId { + c.Err = model.NewLocAppError("UpdateOutgoingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId) + return + } + + hook.CreatorId = oldHook.CreatorId + hook.CreateAt = oldHook.CreateAt + hook.DeleteAt = oldHook.DeleteAt + hook.TeamId = oldHook.TeamId + hook.UpdateAt = model.GetMillis() + + if result = <-app.Srv.Store.Webhook().UpdateOutgoing(hook); result.Err != nil { + c.Err = result.Err + return + } + + c.LogAudit("success") + rhook := result.Data.(*model.OutgoingWebhook) + w.Write([]byte(rhook.ToJson())) +} + func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { - if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - c.Err = model.NewLocAppError("deleteOutgoingHook", "api.webhook.delete_outgoing.disabled.app_error", nil, "") - c.Err.StatusCode = http.StatusNotImplemented + if err := checkOutgoingWebHooks("deleteOutgoingHook", "api.webhook.delete_outgoing.disabled.app_error"); err != nil { + c.Err = err return } - if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { - c.Err = model.NewLocAppError("deleteOutgoingHook", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden + if err := checkManageWebhooksPermission(c, "deleteOutgoingHook", "api.command.admin_only.app_error"); err != nil { + c.Err = err return } @@ -275,15 +448,13 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { } func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) { - if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - c.Err = model.NewLocAppError("regenOutgoingHookToken", "api.webhook.regen_outgoing_token.disabled.app_error", nil, "") - c.Err.StatusCode = http.StatusNotImplemented + if err := checkOutgoingWebHooks("regenOutgoingHookToken", "api.webhook.regen_outgoing_token.disabled.app_error"); err != nil { + c.Err = err return } - if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { - c.Err = model.NewLocAppError("regenOutgoingHookToken", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden + if err := checkManageWebhooksPermission(c, "regenOutgoingHookToken", "api.command.admin_only.app_error"); err != nil { + c.Err = err return } @@ -322,9 +493,8 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) } func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) { - if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.disabled.app_error", nil, "") - c.Err.StatusCode = http.StatusNotImplemented + if err := checkIncomingWebHooks("incomingWebhook", "web.incoming_webhook.disabled.app_error"); err != nil { + c.Err = err return } |