Implement POST /channels/direct endpoint for APIv4 (#5283)

2 files changed, 92 insertions, 0 deletions

diff --git a/api4/channel.go b/api4/channel.go
index 2ce9e23e5..10e59f49b 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -16,6 +16,7 @@ func InitChannel() {
 	l4g.Debug(utils.T("api.channel.init.debug"))
 
 	BaseRoutes.Channels.Handle("", ApiSessionRequired(createChannel)).Methods("POST")
+	BaseRoutes.Channels.Handle("/direct", ApiSessionRequired(createDirectChannel)).Methods("POST")
 }
 
 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -40,6 +41,45 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	} else {
 		c.LogAudit("name=" + channel.Name)
+		w.WriteHeader(http.StatusCreated)
+		w.Write([]byte(sc.ToJson()))
+	}
+}
+
+func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
+	userIds := model.ArrayFromJson(r.Body)
+	allowed := false
+
+	if len(userIds) != 2 {
+		c.SetInvalidParam("user_ids")
+		return
+	}
+
+	for _, id := range userIds {
+		if len(id) != 26 {
+			c.SetInvalidParam("user_id")
+			return
+		}
+		if id == c.Session.UserId {
+			allowed = true
+		}
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL)
+		return
+	}
+
+	if !allowed && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	if sc, err := app.CreateDirectChannel(userIds[0], userIds[1]); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.WriteHeader(http.StatusCreated)
 		w.Write([]byte(sc.ToJson()))
 	}
 }
diff --git a/api4/channel_test.go b/api4/channel_test.go
index e3d0a85bd..5123d7730 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -167,3 +167,55 @@ func TestCreateChannel(t *testing.T) {
 		}
 	}
 }
+
+func TestCreateDirectChannel(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+	user1 := th.BasicUser
+	user2 := th.BasicUser2
+	user3 := th.CreateUser()
+
+	dm, resp := Client.CreateDirectChannel(user1.Id, user2.Id)
+	CheckNoError(t, resp)
+
+	channelName := ""
+	if user2.Id > user1.Id {
+		channelName = user1.Id + "__" + user2.Id
+	} else {
+		channelName = user2.Id + "__" + user1.Id
+	}
+
+	if dm.Name != channelName {
+		t.Fatal("dm name didn't match")
+	}
+
+	_, resp = Client.CreateDirectChannel("junk", user2.Id)
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.CreateDirectChannel(user1.Id, model.NewId())
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.CreateDirectChannel(model.NewId(), user1.Id)
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.CreateDirectChannel(model.NewId(), user2.Id)
+	CheckForbiddenStatus(t, resp)
+
+	if r, err := Client.DoApiPost("/channels/direct", "garbage"); err == nil {
+		t.Fatal("should have errored")
+	} else {
+		if r.StatusCode != http.StatusBadRequest {
+			t.Log("actual: " + strconv.Itoa(r.StatusCode))
+			t.Log("expected: " + strconv.Itoa(http.StatusBadRequest))
+			t.Fatal("wrong status code")
+		}
+	}
+
+	Client.Logout()
+	_, resp = Client.CreateDirectChannel(model.NewId(), user2.Id)
+	CheckUnauthorizedStatus(t, resp)
+
+	_, resp = th.SystemAdminClient.CreateDirectChannel(user3.Id, user2.Id)
+	CheckNoError(t, resp)
+}