diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2017-03-13 10:14:16 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-13 10:14:16 -0400 |
| commit | 3ebfb369530e28ca3246c5cd2833e666edce9c90 (patch) | |
| tree | a91ef74768301db727ca062354af9cac2b444001 /api4/compliance.go | |
| parent | a284cd8c1817bb5419cb9eae118c85cd7e99c039 (diff) | |
| download | chat-3ebfb369530e28ca3246c5cd2833e666edce9c90.tar.gz chat-3ebfb369530e28ca3246c5cd2833e666edce9c90.tar.bz2 chat-3ebfb369530e28ca3246c5cd2833e666edce9c90.zip | |
Implement compliance endpoints for APIv4 (#5683)
* Implement compliance endpoints for APIv4
* Add paging to get reports endpoint
Diffstat (limited to 'api4/compliance.go')
| -rw-r--r-- | api4/compliance.go | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/api4/compliance.go b/api4/compliance.go new file mode 100644 index 000000000..37196c853 --- /dev/null +++ b/api4/compliance.go @@ -0,0 +1,127 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package api4 + +import ( + "net/http" + "strconv" + + l4g "github.com/alecthomas/log4go" + "github.com/mattermost/platform/app" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" + "github.com/mssola/user_agent" +) + +func InitCompliance() { + l4g.Debug(utils.T("api.compliance.init.debug")) + + BaseRoutes.Compliance.Handle("/reports", ApiSessionRequired(createComplianceReport)).Methods("POST") + BaseRoutes.Compliance.Handle("/reports", ApiSessionRequired(getComplianceReports)).Methods("GET") + BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}", ApiSessionRequired(getComplianceReport)).Methods("GET") + BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}/download", ApiSessionRequired(downloadComplianceReport)).Methods("GET") +} + +func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { + job := model.ComplianceFromJson(r.Body) + if job == nil { + c.SetInvalidParam("compliance") + return + } + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + job.UserId = c.Session.UserId + + rjob, err := app.SaveComplianceReport(job) + if err != nil { + c.Err = err + return + } + + c.LogAudit("") + w.WriteHeader(http.StatusCreated) + w.Write([]byte(rjob.ToJson())) +} + +func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) { + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + crs, err := app.GetComplianceReports(c.Params.Page, c.Params.PerPage) + if err != nil { + c.Err = err + return + } + + w.Write([]byte(crs.ToJson())) +} + +func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireReportId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + job, err := app.GetComplianceReport(c.Params.ReportId) + if err != nil { + c.Err = err + return + } + + w.Write([]byte(job.ToJson())) +} + +func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireReportId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + job, err := app.GetComplianceReport(c.Params.ReportId) + if err != nil { + c.Err = err + return + } + + reportBytes, err := app.GetComplianceFile(job) + if err != nil { + c.Err = err + return + } + + c.LogAudit("downloaded " + job.Desc) + + w.Header().Set("Cache-Control", "max-age=2592000, public") + w.Header().Set("Content-Length", strconv.Itoa(len(reportBytes))) + w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer + + // attach extra headers to trigger a download on IE, Edge, and Safari + ua := user_agent.New(r.UserAgent()) + bname, _ := ua.Browser() + + w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"") + + if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" { + // trim off anything before the final / so we just get the file's name + w.Header().Set("Content-Type", "application/octet-stream") + } + + w.Write(reportBytes) +} |