Implement POST /channels/direct endpoint for APIv4 (#5283)

1 files changed, 40 insertions, 0 deletions

diff --git a/api4/channel.go b/api4/channel.go
index 2ce9e23e5..10e59f49b 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -16,6 +16,7 @@ func InitChannel() {
 	l4g.Debug(utils.T("api.channel.init.debug"))
 
 	BaseRoutes.Channels.Handle("", ApiSessionRequired(createChannel)).Methods("POST")
+	BaseRoutes.Channels.Handle("/direct", ApiSessionRequired(createDirectChannel)).Methods("POST")
 }
 
 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -40,6 +41,45 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	} else {
 		c.LogAudit("name=" + channel.Name)
+		w.WriteHeader(http.StatusCreated)
+		w.Write([]byte(sc.ToJson()))
+	}
+}
+
+func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
+	userIds := model.ArrayFromJson(r.Body)
+	allowed := false
+
+	if len(userIds) != 2 {
+		c.SetInvalidParam("user_ids")
+		return
+	}
+
+	for _, id := range userIds {
+		if len(id) != 26 {
+			c.SetInvalidParam("user_id")
+			return
+		}
+		if id == c.Session.UserId {
+			allowed = true
+		}
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL)
+		return
+	}
+
+	if !allowed && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	if sc, err := app.CreateDirectChannel(userIds[0], userIds[1]); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.WriteHeader(http.StatusCreated)
 		w.Write([]byte(sc.ToJson()))
 	}
 }