APIv4 DELETE /users/{user_id}/posts/{post_id}/reactions/name (#6117)

* APIv4 DELETE /users/{user_id}/posts/{post_id}/reactions/name

* updated v3 deleteReaction endpoint

* update parameter of app.DeleteReactionForPost()

* update utils.IsValidAlphaNum, add utils.IsValidAlphaNumHyphenUnderscore, and add related tests

1 files changed, 42 insertions, 0 deletions

diff --git a/api4/reaction.go b/api4/reaction.go
index 7d5952eea..6605eb070 100644
--- a/api4/reaction.go
+++ b/api4/reaction.go
@@ -17,6 +17,7 @@ func InitReaction() {
 
 	BaseRoutes.Reactions.Handle("", ApiSessionRequired(saveReaction)).Methods("POST")
 	BaseRoutes.Post.Handle("/reactions", ApiSessionRequired(getReactions)).Methods("GET")
+	BaseRoutes.ReactionByNameForPostForUser.Handle("", ApiSessionRequired(deleteReaction)).Methods("DELETE")
 }
 
 func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -71,3 +72,44 @@ func getReactions(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 }
+
+func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	c.RequirePostId()
+	if c.Err != nil {
+		return
+	}
+
+	c.RequireEmojiName()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if c.Params.UserId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	reaction := &model.Reaction{
+		UserId:    c.Params.UserId,
+		PostId:    c.Params.PostId,
+		EmojiName: c.Params.EmojiName,
+	}
+
+	err := app.DeleteReactionForPost(reaction)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	ReturnStatusOK(w)
+}