implement PUT /hooks/outgoing/{hook_id} - update outgoing hook (#5793)

1 files changed, 44 insertions, 0 deletions

diff --git a/api4/webhook.go b/api4/webhook.go
index b1c013843..aaaf6f396 100644
--- a/api4/webhook.go
+++ b/api4/webhook.go
@@ -23,6 +23,7 @@ func InitWebhook() {
 
 	BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(createOutgoingHook)).Methods("POST")
 	BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(getOutgoingHooks)).Methods("GET")
+	BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(updateOutcomingHook)).Methods("PUT")
 	BaseRoutes.OutgoingHook.Handle("/regen_token", ApiSessionRequired(regenOutgoingHookToken)).Methods("POST")
 }
 
@@ -224,6 +225,49 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func updateOutcomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireHookId()
+	if c.Err != nil {
+		return
+	}
+
+	toUpdateHook := model.OutgoingWebhookFromJson(r.Body)
+	if toUpdateHook == nil {
+		c.SetInvalidParam("outgoing_webhook")
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	toUpdateHook.CreatorId = c.Session.UserId
+
+	if !app.SessionHasPermissionToTeam(c.Session, toUpdateHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
+		return
+	}
+
+	oldHook, err := app.GetOutgoingWebhook(toUpdateHook.Id)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	if c.Session.UserId != oldHook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+		c.LogAudit("fail - inappropriate permissions")
+		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
+		return
+	}
+
+	rhook, err := app.UpdateOutgoingWebhook(oldHook, toUpdateHook)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("success")
+	w.Write([]byte(rhook.ToJson()))
+}
+
 func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
 	hook := model.OutgoingWebhookFromJson(r.Body)
 	if hook == nil {