Implement some post endpoints for APIv4 (#5353)

* Implement POST /posts endpoint for APIv4

* Implement GET /channels/{channel_id}/posts endpoint for APIv4

* Implement GET /posts/{post_id} endpoint for APIv4

* Implement GET /posts/{post_id}/thread endpoint for APIv4

* Skip team get if it's a DM channel in handlePostEvents

6 files changed, 409 insertions, 2 deletions

diff --git a/api4/api.go b/api4/api.go
index 6c2faa96b..6348714b2 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -140,6 +140,7 @@ func InitApi(full bool) {
 	InitUser()
 	InitTeam()
 	InitChannel()
+	InitPost()
 
 	app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))
 
diff --git a/api4/apitestlib.go b/api4/apitestlib.go
index 25bfe6f75..0761a8b15 100644
--- a/api4/apitestlib.go
+++ b/api4/apitestlib.go
@@ -26,6 +26,8 @@ type TestHelper struct {
 	TeamAdminUser *model.User
 	BasicTeam     *model.Team
 	BasicChannel  *model.Channel
+	BasicChannel2 *model.Channel
+	BasicPost     *model.Post
 
 	SystemAdminClient *model.Client4
 	SystemAdminUser   *model.User
@@ -97,12 +99,16 @@ func (me *TestHelper) InitBasic() *TestHelper {
 	me.LoginTeamAdmin()
 	me.BasicTeam = me.CreateTeam()
 	me.BasicChannel = me.CreatePublicChannel()
+	me.BasicChannel2 = me.CreatePublicChannel()
+	me.BasicPost = me.CreatePost()
 	me.BasicUser = me.CreateUser()
 	LinkUserToTeam(me.BasicUser, me.BasicTeam)
 	me.BasicUser2 = me.CreateUser()
 	LinkUserToTeam(me.BasicUser2, me.BasicTeam)
 	app.AddUserToChannel(me.BasicUser, me.BasicChannel)
 	app.AddUserToChannel(me.BasicUser2, me.BasicChannel)
+	app.AddUserToChannel(me.BasicUser, me.BasicChannel2)
+	app.AddUserToChannel(me.BasicUser2, me.BasicChannel2)
 	app.UpdateUserRoles(me.BasicUser.Id, model.ROLE_SYSTEM_USER.Id)
 	me.LoginBasic()
 
@@ -188,6 +194,27 @@ func (me *TestHelper) CreateChannelWithClient(client *model.Client4, channelType
 	return rchannel
 }
 
+func (me *TestHelper) CreatePost() *model.Post {
+	return me.CreatePostWithClient(me.Client, me.BasicChannel)
+}
+
+func (me *TestHelper) CreatePostWithClient(client *model.Client4, channel *model.Channel) *model.Post {
+	id := model.NewId()
+
+	post := &model.Post{
+		ChannelId: channel.Id,
+		Message:   "message_" + id,
+	}
+
+	utils.DisableDebugLogForTest()
+	rpost, resp := client.CreatePost(post)
+	if resp.Error != nil {
+		panic(resp.Error)
+	}
+	utils.EnableDebugLogForTest()
+	return rpost
+}
+
 func (me *TestHelper) LoginBasic() {
 	me.LoginBasicWithClient(me.Client)
 }
diff --git a/api4/channel_test.go b/api4/channel_test.go
index d5bc1d971..91d055bff 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -331,8 +331,8 @@ func TestGetChannelMembersForUser(t *testing.T) {
 	members, resp := Client.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "")
 	CheckNoError(t, resp)
 
-	if len(*members) != 3 {
-		t.Fatal("should have 3 members on team")
+	if len(*members) != 4 {
+		t.Fatal("should have 4 members on team")
 	}
 
 	_, resp = Client.GetChannelMembersForUser("", th.BasicTeam.Id, "")
diff --git a/api4/context.go b/api4/context.go
index 6a22b4103..06523152f 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -375,6 +375,17 @@ func (c *Context) RequireUsername() *Context {
 	return c
 }
 
+func (c *Context) RequirePostId() *Context {
+	if c.Err != nil {
+		return c
+	}
+
+	if len(c.Params.PostId) != 26 {
+		c.SetInvalidUrlParam("post_id")
+	}
+	return c
+}
+
 func (c *Context) RequireEmail() *Context {
 	if c.Err != nil {
 		return c
diff --git a/api4/post.go b/api4/post.go
new file mode 100644
index 000000000..9510fe0c6
--- /dev/null
+++ b/api4/post.go
@@ -0,0 +1,119 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"net/http"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func InitPost() {
+	l4g.Debug(utils.T("api.post.init.debug"))
+
+	BaseRoutes.Posts.Handle("", ApiSessionRequired(createPost)).Methods("POST")
+	BaseRoutes.Post.Handle("", ApiSessionRequired(getPost)).Methods("GET")
+	BaseRoutes.Post.Handle("/thread", ApiSessionRequired(getPostThread)).Methods("GET")
+	BaseRoutes.PostsForChannel.Handle("", ApiSessionRequired(getPostsForChannel)).Methods("GET")
+}
+
+func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
+	post := model.PostFromJson(r.Body)
+	if post == nil {
+		c.SetInvalidParam("post")
+		return
+	}
+
+	post.UserId = c.Session.UserId
+
+	if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) {
+		c.SetPermissionError(model.PERMISSION_CREATE_POST)
+		return
+	}
+
+	if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		post.CreateAt = 0
+	}
+
+	rp, err := app.CreatePostAsUser(post)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(rp.ToJson()))
+}
+
+func getPostsForChannel(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireChannelId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	etag := app.GetPostsEtag(c.Params.ChannelId)
+
+	if HandleEtag(etag, "Get Posts", w, r) {
+		return
+	}
+
+	if list, err := app.GetPostsPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
+		w.Write([]byte(list.ToJson()))
+	}
+}
+
+func getPost(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequirePostId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if post, err := app.GetSinglePost(c.Params.PostId); err != nil {
+		c.Err = err
+		return
+	} else if HandleEtag(post.Etag(), "Get Post", w, r) {
+		return
+	} else {
+		w.Header().Set(model.HEADER_ETAG_SERVER, post.Etag())
+		w.Write([]byte(post.ToJson()))
+	}
+}
+
+func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequirePostId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if list, err := app.GetPostThread(c.Params.PostId); err != nil {
+		c.Err = err
+		return
+	} else if HandleEtag(list.Etag(), "Get Post Thread", w, r) {
+		return
+	} else {
+		w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag())
+		w.Write([]byte(list.ToJson()))
+	}
+}
diff --git a/api4/post_test.go b/api4/post_test.go
new file mode 100644
index 000000000..32f259d3d
--- /dev/null
+++ b/api4/post_test.go
@@ -0,0 +1,249 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"net/http"
+	"strconv"
+	"testing"
+
+	"github.com/mattermost/platform/model"
+)
+
+func TestCreatePost(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	post := &model.Post{ChannelId: th.BasicChannel.Id, Message: "#hashtag a" + model.NewId() + "a"}
+	rpost, resp := Client.CreatePost(post)
+	CheckNoError(t, resp)
+
+	if rpost.Message != post.Message {
+		t.Fatal("message didn't match")
+	}
+
+	if rpost.Hashtags != "#hashtag" {
+		t.Fatal("hashtag didn't match")
+	}
+
+	if len(rpost.FileIds) != 0 {
+		t.Fatal("shouldn't have files")
+	}
+
+	if rpost.EditAt != 0 {
+		t.Fatal("newly created post shouldn't have EditAt set")
+	}
+
+	post.RootId = rpost.Id
+	post.ParentId = rpost.Id
+	_, resp = Client.CreatePost(post)
+	CheckNoError(t, resp)
+
+	post.RootId = "junk"
+	_, resp = Client.CreatePost(post)
+	CheckBadRequestStatus(t, resp)
+
+	post.RootId = rpost.Id
+	post.ParentId = "junk"
+	_, resp = Client.CreatePost(post)
+	CheckBadRequestStatus(t, resp)
+
+	post2 := &model.Post{ChannelId: th.BasicChannel2.Id, Message: "a" + model.NewId() + "a", CreateAt: 123}
+	rpost2, resp := Client.CreatePost(post2)
+
+	if rpost2.CreateAt == post2.CreateAt {
+		t.Fatal("create at should not match")
+	}
+
+	post.RootId = rpost2.Id
+	post.ParentId = rpost2.Id
+	_, resp = Client.CreatePost(post)
+	CheckBadRequestStatus(t, resp)
+
+	post.RootId = ""
+	post.ParentId = ""
+	post.ChannelId = "junk"
+	_, resp = Client.CreatePost(post)
+	CheckForbiddenStatus(t, resp)
+
+	post.ChannelId = model.NewId()
+	_, resp = Client.CreatePost(post)
+	CheckForbiddenStatus(t, resp)
+
+	if r, err := Client.DoApiPost("/posts", "garbage"); err == nil {
+		t.Fatal("should have errored")
+	} else {
+		if r.StatusCode != http.StatusBadRequest {
+			t.Log("actual: " + strconv.Itoa(r.StatusCode))
+			t.Log("expected: " + strconv.Itoa(http.StatusBadRequest))
+			t.Fatal("wrong status code")
+		}
+	}
+
+	Client.Logout()
+	_, resp = Client.CreatePost(post)
+	CheckUnauthorizedStatus(t, resp)
+
+	post.ChannelId = th.BasicChannel.Id
+	post.CreateAt = 123
+	rpost, resp = th.SystemAdminClient.CreatePost(post)
+	CheckNoError(t, resp)
+
+	if rpost.CreateAt != post.CreateAt {
+		t.Fatal("create at should match")
+	}
+}
+
+func TestGetPostsForChannel(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	post1 := th.CreatePost()
+	post2 := th.CreatePost()
+	post3 := th.CreatePost()
+	post4 := &model.Post{ChannelId: th.BasicChannel.Id, Message: "a" + model.NewId() + "a", RootId: post1.Id}
+	post4, _ = Client.CreatePost(post4)
+
+	posts, resp := Client.GetPostsForChannel(th.BasicChannel.Id, 0, 60, "")
+	CheckNoError(t, resp)
+
+	if posts.Order[0] != post4.Id {
+		t.Fatal("wrong order")
+	}
+
+	if posts.Order[1] != post3.Id {
+		t.Fatal("wrong order")
+	}
+
+	if posts.Order[2] != post2.Id {
+		t.Fatal("wrong order")
+	}
+
+	if posts.Order[3] != post1.Id {
+		t.Fatal("wrong order")
+	}
+
+	posts, resp = Client.GetPostsForChannel(th.BasicChannel.Id, 0, 3, resp.Etag)
+	CheckEtag(t, posts, resp)
+
+	posts, resp = Client.GetPostsForChannel(th.BasicChannel.Id, 0, 3, "")
+	CheckNoError(t, resp)
+
+	if len(posts.Order) != 3 {
+		t.Fatal("wrong number returned")
+	}
+
+	if _, ok := posts.Posts[post4.Id]; !ok {
+		t.Fatal("missing comment")
+	}
+
+	if _, ok := posts.Posts[post1.Id]; !ok {
+		t.Fatal("missing root post")
+	}
+
+	posts, resp = Client.GetPostsForChannel(th.BasicChannel.Id, 1, 1, "")
+	CheckNoError(t, resp)
+
+	if posts.Order[0] != post3.Id {
+		t.Fatal("wrong order")
+	}
+
+	posts, resp = Client.GetPostsForChannel(th.BasicChannel.Id, 10000, 10000, "")
+	CheckNoError(t, resp)
+
+	if len(posts.Order) != 0 {
+		t.Fatal("should be no posts")
+	}
+
+	_, resp = Client.GetPostsForChannel("", 0, 60, "")
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.GetPostsForChannel("junk", 0, 60, "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetPostsForChannel(model.NewId(), 0, 60, "")
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetPostsForChannel(model.NewId(), 0, 60, "")
+	CheckUnauthorizedStatus(t, resp)
+
+	_, resp = th.SystemAdminClient.GetPostsForChannel(th.BasicChannel.Id, 0, 60, "")
+	CheckNoError(t, resp)
+}
+
+func TestGetPost(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	post, resp := Client.GetPost(th.BasicPost.Id, "")
+	CheckNoError(t, resp)
+
+	if post.Id != th.BasicPost.Id {
+		t.Fatal("post ids don't match")
+	}
+
+	post, resp = Client.GetPost(th.BasicPost.Id, resp.Etag)
+	CheckEtag(t, post, resp)
+
+	_, resp = Client.GetPost("", "")
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.GetPost("junk", "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetPost(model.NewId(), "")
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetPost(model.NewId(), "")
+	CheckUnauthorizedStatus(t, resp)
+
+	post, resp = th.SystemAdminClient.GetPost(th.BasicPost.Id, "")
+	CheckNoError(t, resp)
+}
+
+func TestGetPostThread(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	post := &model.Post{ChannelId: th.BasicChannel.Id, Message: "a" + model.NewId() + "a", RootId: th.BasicPost.Id}
+	post, _ = Client.CreatePost(post)
+
+	list, resp := Client.GetPostThread(th.BasicPost.Id, "")
+	CheckNoError(t, resp)
+
+	var list2 *model.PostList
+	list2, resp = Client.GetPostThread(th.BasicPost.Id, resp.Etag)
+	CheckEtag(t, list2, resp)
+
+	if list.Order[0] != th.BasicPost.Id {
+		t.Fatal("wrong order")
+	}
+
+	if _, ok := list.Posts[th.BasicPost.Id]; !ok {
+		t.Fatal("should have had post")
+	}
+
+	if _, ok := list.Posts[post.Id]; !ok {
+		t.Fatal("should have had post")
+	}
+
+	_, resp = Client.GetPostThread("junk", "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetPostThread(model.NewId(), "")
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetPostThread(model.NewId(), "")
+	CheckUnauthorizedStatus(t, resp)
+
+	list, resp = th.SystemAdminClient.GetPostThread(th.BasicPost.Id, "")
+	CheckNoError(t, resp)
+}