diff options
author | Saturnino Abril <saturnino.abril@gmail.com> | 2017-04-10 22:27:10 +0900 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-04-10 09:27:10 -0400 |
commit | 3b1088f3bdb43125d81645697dfd70bdae033bfc (patch) | |
tree | 591eeb1c88b7db52f274db0594cfa3377df0f8d4 /api4/command.go | |
parent | 38eced02908ea95cc2a52167d48c086d09db3532 (diff) | |
download | chat-3b1088f3bdb43125d81645697dfd70bdae033bfc.tar.gz chat-3b1088f3bdb43125d81645697dfd70bdae033bfc.tar.bz2 chat-3b1088f3bdb43125d81645697dfd70bdae033bfc.zip |
APIv4 DELETE /commands/{command_id} (#6012)
Diffstat (limited to 'api4/command.go')
-rw-r--r-- | api4/command.go | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/api4/command.go b/api4/command.go index 2466567c1..0638edd38 100644 --- a/api4/command.go +++ b/api4/command.go @@ -20,6 +20,7 @@ func InitCommand() { BaseRoutes.Commands.Handle("", ApiSessionRequired(listCommands)).Methods("GET") BaseRoutes.Command.Handle("", ApiSessionRequired(updateCommand)).Methods("PUT") + BaseRoutes.Command.Handle("", ApiSessionRequired(deleteCommand)).Methods("DELETE") BaseRoutes.Team.Handle("/commands/autocomplete", ApiSessionRequired(listAutocompleteCommands)).Methods("GET") } @@ -99,6 +100,43 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(rcmd.ToJson())) } +func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireCommandId() + if c.Err != nil { + return + } + + c.LogAudit("attempt") + + cmd, err := app.GetCommand(c.Params.CommandId) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) + return + } + + if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) + return + } + + err = app.DeleteCommand(cmd.Id) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success") + + ReturnStatusOK(w) +} + func listCommands(c *Context, w http.ResponseWriter, r *http.Request) { customOnly, failConv := strconv.ParseBool(r.URL.Query().Get("custom_only")) if failConv != nil { |