Move remaining actions over to use redux and v4 endpoints (#6720)

author: Joram Wilander <jwawilander@gmail.com> 2017-06-26 08:16:57 -0400
committer: GitHub <noreply@github.com> 2017-06-26 08:16:57 -0400
commit: 23ccfc845ca2350075f6027e16c6206fc7b71716 (patch)
tree: 3fd1f896a5a24b43913be03b21c85638dd7c356e /api4
parent: fe7e9d95b30ae2195fcba68db960866db91ce045 (diff)
download: chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.gz
chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.bz2
chat-23ccfc845ca2350075f6027e16c6206fc7b71716.zip
7 files changed, 140 insertions, 45 deletions
diff --git a/api4/channel_test.go b/api4/channel_test.go
index f25cbf706..e1b5ee5a7 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -1091,7 +1091,7 @@ func TestRestoreChannel(t *testing.T) {
 
 	_, resp = Client.RestoreChannel(privateChannel1.Id)
 	CheckOKStatus(t, resp)
-	}
+}
 
 func TestGetChannelByName(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
@@ -1684,7 +1684,7 @@ func TestAddChannelMember(t *testing.T) {
 	privateChannel := th.CreatePrivateChannel()
 
 	user3 := th.CreateUserWithClient(th.SystemAdminClient)
-	_, resp := th.SystemAdminClient.AddTeamMember(team.Id, user3.Id, "", "", team.InviteId)
+	_, resp := th.SystemAdminClient.AddTeamMember(team.Id, user3.Id)
 	CheckNoError(t, resp)
 
 	cm, resp := Client.AddChannelMember(publicChannel.Id, user2.Id)
diff --git a/api4/emoji.go b/api4/emoji.go
index a9bfae924..1d9188af0 100644
--- a/api4/emoji.go
+++ b/api4/emoji.go
@@ -55,9 +55,14 @@ func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
 	m := r.MultipartForm
 	props := m.Value
 
+	if len(props["emoji"]) == 0 {
+		c.SetInvalidParam("emoji")
+		return
+	}
+
 	emoji := model.EmojiFromJson(strings.NewReader(props["emoji"][0]))
 	if emoji == nil {
-		c.SetInvalidParam("createEmoji")
+		c.SetInvalidParam("emoji")
 		return
 	}
 
diff --git a/api4/post.go b/api4/post.go
index f8e4cc54b..7bfe5ad64 100644
--- a/api4/post.go
+++ b/api4/post.go
@@ -167,15 +167,32 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
-		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+	var post *model.Post
+	var err *model.AppError
+	if post, err = app.GetSinglePost(c.Params.PostId); err != nil {
+		c.Err = err
 		return
 	}
 
-	if post, err := app.GetSinglePost(c.Params.PostId); err != nil {
+	var channel *model.Channel
+	if channel, err = app.GetChannel(post.ChannelId); err != nil {
 		c.Err = err
 		return
-	} else if HandleEtag(post.Etag(), "Get Post", w, r) {
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
+		if channel.Type == model.CHANNEL_OPEN {
+			if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+				c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
+				return
+			}
+		} else {
+			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+			return
+		}
+	}
+
+	if HandleEtag(post.Etag(), "Get Post", w, r) {
 		return
 	} else {
 		w.Header().Set(model.HEADER_ETAG_SERVER, post.Etag())
@@ -208,15 +225,40 @@ func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
-		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+	var list *model.PostList
+	var err *model.AppError
+	if list, err = app.GetPostThread(c.Params.PostId); err != nil {
+		c.Err = err
+		return
+	}
+
+	var post *model.Post
+	if val, ok := list.Posts[c.Params.PostId]; ok {
+		post = val
+	} else {
+		c.SetInvalidUrlParam("post_id")
 		return
 	}
 
-	if list, err := app.GetPostThread(c.Params.PostId); err != nil {
+	var channel *model.Channel
+	if channel, err = app.GetChannel(post.ChannelId); err != nil {
 		c.Err = err
 		return
-	} else if HandleEtag(list.Etag(), "Get Post Thread", w, r) {
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
+		if channel.Type == model.CHANNEL_OPEN {
+			if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+				c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
+				return
+			}
+		} else {
+			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+			return
+		}
+	}
+
+	if HandleEtag(list.Etag(), "Get Post Thread", w, r) {
 		return
 	} else {
 		w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag())
diff --git a/api4/post_test.go b/api4/post_test.go
index bfc0c286a..abfd83989 100644
--- a/api4/post_test.go
+++ b/api4/post_test.go
@@ -752,6 +752,23 @@ func TestGetPost(t *testing.T) {
 	CheckBadRequestStatus(t, resp)
 
 	_, resp = Client.GetPost(model.NewId(), "")
+	CheckNotFoundStatus(t, resp)
+
+	Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id)
+
+	// Channel is public, should be able to read post
+	post, resp = Client.GetPost(th.BasicPost.Id, "")
+	CheckNoError(t, resp)
+
+	privatePost := th.CreatePostWithClient(Client, th.BasicPrivateChannel)
+
+	post, resp = Client.GetPost(privatePost.Id, "")
+	CheckNoError(t, resp)
+
+	Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id)
+
+	// Channel is private, should not be able to read post
+	post, resp = Client.GetPost(privatePost.Id, "")
 	CheckForbiddenStatus(t, resp)
 
 	Client.Logout()
@@ -831,6 +848,23 @@ func TestGetPostThread(t *testing.T) {
 	CheckBadRequestStatus(t, resp)
 
 	_, resp = Client.GetPostThread(model.NewId(), "")
+	CheckNotFoundStatus(t, resp)
+
+	Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id)
+
+	// Channel is public, should be able to read post
+	_, resp = Client.GetPostThread(th.BasicPost.Id, "")
+	CheckNoError(t, resp)
+
+	privatePost := th.CreatePostWithClient(Client, th.BasicPrivateChannel)
+
+	_, resp = Client.GetPostThread(privatePost.Id, "")
+	CheckNoError(t, resp)
+
+	Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id)
+
+	// Channel is private, should not be able to read post
+	_, resp = Client.GetPostThread(privatePost.Id, "")
 	CheckForbiddenStatus(t, resp)
 
 	Client.Logout()
diff --git a/api4/team.go b/api4/team.go
index 00a16d5c1..e51dcc16b 100644
--- a/api4/team.go
+++ b/api4/team.go
@@ -37,6 +37,7 @@ func InitTeam() {
 	BaseRoutes.TeamMembers.Handle("/ids", ApiSessionRequired(getTeamMembersByIds)).Methods("POST")
 	BaseRoutes.TeamMembersForUser.Handle("", ApiSessionRequired(getTeamMembersForUser)).Methods("GET")
 	BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(addTeamMember)).Methods("POST")
+	BaseRoutes.Teams.Handle("/members/invite", ApiSessionRequired(addUserToTeamFromInvite)).Methods("POST")
 	BaseRoutes.TeamMembers.Handle("/batch", ApiSessionRequired(addTeamMembers)).Methods("POST")
 	BaseRoutes.TeamMember.Handle("", ApiSessionRequired(removeTeamMember)).Methods("DELETE")
 
@@ -341,23 +342,36 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(member.UserId) != 26 {
+		c.SetInvalidParam("user_id")
+		return
+	}
+
+	if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
+		c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM)
+		return
+	}
+
+	member, err = app.AddTeamMember(member.TeamId, member.UserId)
+
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	w.Write([]byte(member.ToJson()))
+}
+
+func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) {
 	hash := r.URL.Query().Get("hash")
 	data := r.URL.Query().Get("data")
 	inviteId := r.URL.Query().Get("invite_id")
 
-	if len(member.UserId) > 0 {
-		if len(member.UserId) != 26 {
-			c.SetInvalidParam("user_id")
-			return
-		}
-
-		if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
-			c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM)
-			return
-		}
+	var member *model.TeamMember
+	var err *model.AppError
 
-		member, err = app.AddTeamMember(member.TeamId, member.UserId)
-	} else if len(hash) > 0 && len(data) > 0 {
+	if len(hash) > 0 && len(data) > 0 {
 		member, err = app.AddTeamMemberByHash(c.Session.UserId, hash, data)
 		if err != nil {
 			err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_data.app_error", nil, "", http.StatusNotFound)
diff --git a/api4/team_test.go b/api4/team_test.go
index 78ddc8e84..f21a93449 100644
--- a/api4/team_test.go
+++ b/api4/team_test.go
@@ -778,7 +778,7 @@ func TestAddTeamMember(t *testing.T) {
 
 	// Regular user can't add a member to a team they don't belong to.
 	th.LoginBasic2()
-	tm, resp := Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	tm, resp := Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckForbiddenStatus(t, resp)
 	if resp.Error == nil {
 		t.Fatalf("ERror is nhul")
@@ -787,7 +787,7 @@ func TestAddTeamMember(t *testing.T) {
 
 	// Regular user can add a member to a team they belong to.
 	th.LoginBasic()
-	tm, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	tm, resp = Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckNoError(t, resp)
 	CheckCreatedStatus(t, resp)
 
@@ -805,20 +805,20 @@ func TestAddTeamMember(t *testing.T) {
 	}
 
 	// Check with various invalid requests.
-	tm, resp = Client.AddTeamMember(team.Id, "junk", "", "", "")
+	tm, resp = Client.AddTeamMember(team.Id, "junk")
 	CheckBadRequestStatus(t, resp)
 
 	if tm != nil {
 		t.Fatal("should have not returned team member")
 	}
 
-	_, resp = Client.AddTeamMember("junk", otherUser.Id, "", "", "")
+	_, resp = Client.AddTeamMember("junk", otherUser.Id)
 	CheckBadRequestStatus(t, resp)
 
-	_, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id, "", "", "")
+	_, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id)
 	CheckForbiddenStatus(t, resp)
 
-	_, resp = Client.AddTeamMember(team.Id, GenerateTestId(), "", "", "")
+	_, resp = Client.AddTeamMember(team.Id, GenerateTestId())
 	CheckNotFoundStatus(t, resp)
 
 	Client.Logout()
@@ -840,7 +840,7 @@ func TestAddTeamMember(t *testing.T) {
 	th.LoginBasic()
 
 	// Test without the EE license to see that the permission restriction is ignored.
-	_, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckNoError(t, resp)
 
 	// Add an EE license.
@@ -851,7 +851,7 @@ func TestAddTeamMember(t *testing.T) {
 	th.LoginBasic()
 
 	// Check that a regular user can't add someone to the team.
-	_, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckForbiddenStatus(t, resp)
 
 	// Update user to team admin
@@ -865,7 +865,7 @@ func TestAddTeamMember(t *testing.T) {
 	th.LoginBasic()
 
 	// Should work as a team admin.
-	_, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckNoError(t, resp)
 
 	// Change permission level to System Admin
@@ -873,11 +873,11 @@ func TestAddTeamMember(t *testing.T) {
 	utils.SetDefaultRolesBasedOnConfig()
 
 	// Should not work as team admin.
-	_, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckForbiddenStatus(t, resp)
 
 	// Should work as system admin.
-	_, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	_, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id)
 	CheckNoError(t, resp)
 
 	// Change permission level to All
@@ -891,7 +891,7 @@ func TestAddTeamMember(t *testing.T) {
 	th.LoginBasic()
 
 	// Should work as a regular user.
-	_, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckNoError(t, resp)
 
 	// Reset config and license.
@@ -911,7 +911,7 @@ func TestAddTeamMember(t *testing.T) {
 	data := model.MapToJson(dataObject)
 	hashed := utils.HashSha256(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt))
 
-	tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "")
+	tm, resp = Client.AddTeamMemberFromInvite(hashed, data, "")
 	CheckNoError(t, resp)
 
 	if tm == nil {
@@ -926,14 +926,14 @@ func TestAddTeamMember(t *testing.T) {
 		t.Fatal("team ids should have matched")
 	}
 
-	tm, resp = Client.AddTeamMember(team.Id, "", "junk", data, "")
+	tm, resp = Client.AddTeamMemberFromInvite("junk", data, "")
 	CheckNotFoundStatus(t, resp)
 
 	if tm != nil {
 		t.Fatal("should have not returned team member")
 	}
 
-	_, resp = Client.AddTeamMember(team.Id, "", hashed, "junk", "")
+	_, resp = Client.AddTeamMemberFromInvite(hashed, "junk", "")
 	CheckNotFoundStatus(t, resp)
 
 	// expired data of more than 50 hours
@@ -941,7 +941,7 @@ func TestAddTeamMember(t *testing.T) {
 	data = model.MapToJson(dataObject)
 	hashed = utils.HashSha256(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt))
 
-	tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "")
+	tm, resp = Client.AddTeamMemberFromInvite(hashed, data, "")
 	CheckNotFoundStatus(t, resp)
 
 	// invalid team id
@@ -949,13 +949,13 @@ func TestAddTeamMember(t *testing.T) {
 	data = model.MapToJson(dataObject)
 	hashed = utils.HashSha256(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt))
 
-	tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "")
+	tm, resp = Client.AddTeamMemberFromInvite(hashed, data, "")
 	CheckNotFoundStatus(t, resp)
 
 	// by invite_id
 	Client.Login(otherUser.Email, otherUser.Password)
 
-	tm, resp = Client.AddTeamMember(team.Id, "", "", "", team.InviteId)
+	tm, resp = Client.AddTeamMemberFromInvite("", "", team.InviteId)
 	CheckNoError(t, resp)
 
 	if tm == nil {
@@ -970,14 +970,14 @@ func TestAddTeamMember(t *testing.T) {
 		t.Fatal("team ids should have matched")
 	}
 
-	tm, resp = Client.AddTeamMember(team.Id, "", "", "", "junk")
+	tm, resp = Client.AddTeamMemberFromInvite("", "", "junk")
 	CheckNotFoundStatus(t, resp)
 
 	if tm != nil {
 		t.Fatal("should have not returned team member")
 	}
 
-	_, resp = Client.AddTeamMember(team.Id, "", "", "", "junk")
+	_, resp = Client.AddTeamMemberFromInvite("", "", "junk")
 	CheckNotFoundStatus(t, resp)
 }
 
@@ -1124,7 +1124,7 @@ func TestRemoveTeamMember(t *testing.T) {
 		t.Fatal("should have passed")
 	}
 
-	_, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "", "", "")
+	_, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id)
 	CheckNoError(t, resp)
 
 	_, resp = Client.RemoveTeamMember(th.BasicTeam.Id, "junk")
diff --git a/api4/user_test.go b/api4/user_test.go
index 1598d2951..b3fd83760 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -649,7 +649,7 @@ func TestSearchUsers(t *testing.T) {
 		t.Fatal("should have found user")
 	}
 
-	_, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, oddUser.Id, "", "", th.BasicTeam.InviteId)
+	_, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, oddUser.Id)
 	CheckNoError(t, resp)
 
 	users, resp = Client.SearchUsers(search)
author	Joram Wilander <jwawilander@gmail.com>	2017-06-26 08:16:57 -0400
committer	GitHub <noreply@github.com>	2017-06-26 08:16:57 -0400
commit	23ccfc845ca2350075f6027e16c6206fc7b71716 (patch)
tree	3fd1f896a5a24b43913be03b21c85638dd7c356e /api4
parent	fe7e9d95b30ae2195fcba68db960866db91ce045 (diff)
download	chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.gz chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.bz2 chat-23ccfc845ca2350075f6027e16c6206fc7b71716.zip