diff options
author | Saturnino Abril <saturnino.abril@gmail.com> | 2017-03-12 07:24:44 +0900 |
---|---|---|
committer | enahum <nahumhbl@gmail.com> | 2017-03-11 19:24:44 -0300 |
commit | d32334cdfb09b25a97c4731721ce9be836f95300 (patch) | |
tree | f9da2fa15b6b70d2b27e8a98b868b0377a6b70d9 /api4 | |
parent | ce772b87da3266f7261986ed2c9048c3d3d5ebe0 (diff) | |
download | chat-d32334cdfb09b25a97c4731721ce9be836f95300.tar.gz chat-d32334cdfb09b25a97c4731721ce9be836f95300.tar.bz2 chat-d32334cdfb09b25a97c4731721ce9be836f95300.zip |
Endpoint for APIv4: /files/{file_id}/link (#5607)
* APIv4: /files/{file_id}/link
* updated public link
Diffstat (limited to 'api4')
-rw-r--r-- | api4/file.go | 36 | ||||
-rw-r--r-- | api4/file_test.go | 76 |
2 files changed, 112 insertions, 0 deletions
diff --git a/api4/file.go b/api4/file.go index 924f7e416..566878156 100644 --- a/api4/file.go +++ b/api4/file.go @@ -24,6 +24,7 @@ func InitFile() { BaseRoutes.Files.Handle("", ApiSessionRequired(uploadFile)).Methods("POST") BaseRoutes.File.Handle("", ApiSessionRequired(getFile)).Methods("GET") BaseRoutes.File.Handle("/thumbnail", ApiSessionRequired(getFileThumbnail)).Methods("GET") + BaseRoutes.File.Handle("/link", ApiSessionRequired(getFileLink)).Methods("GET") } @@ -125,6 +126,41 @@ func getFileThumbnail(c *Context, w http.ResponseWriter, r *http.Request) { } } +func getFileLink(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireFileId() + if c.Err != nil { + return + } + + if !utils.Cfg.FileSettings.EnablePublicLink { + c.Err = model.NewLocAppError("getPublicLink", "api.file.get_public_link.disabled.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + info, err := app.GetFileInfo(c.Params.FileId) + if err != nil { + c.Err = err + return + } + + if info.CreatorId != c.Session.UserId && !app.SessionHasPermissionToChannelByPost(c.Session, info.PostId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + if len(info.PostId) == 0 { + c.Err = model.NewLocAppError("getPublicLink", "api.file.get_public_link.no_post.app_error", nil, "file_id="+info.Id) + c.Err.StatusCode = http.StatusBadRequest + return + } + + resp := make(map[string]string) + resp["link"] = app.GeneratePublicLink(c.GetSiteURL(), info) + + w.Write([]byte(model.MapToJson(resp))) +} + func writeFileResponse(filename string, contentType string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError { w.Header().Set("Cache-Control", "max-age=2592000, public") w.Header().Set("Content-Length", strconv.Itoa(len(bytes))) diff --git a/api4/file_test.go b/api4/file_test.go index f8f57cdb8..d6de56b7d 100644 --- a/api4/file_test.go +++ b/api4/file_test.go @@ -10,6 +10,7 @@ import ( "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -201,3 +202,78 @@ func TestGetFileThumbnail(t *testing.T) { _, resp = th.SystemAdminClient.GetFileThumbnail(fileId) CheckNoError(t, resp) } + +func TestGetFileLink(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + channel := th.BasicChannel + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + + enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink + publicLinkSalt := *utils.Cfg.FileSettings.PublicLinkSalt + defer func() { + utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink + *utils.Cfg.FileSettings.PublicLinkSalt = publicLinkSalt + }() + utils.Cfg.FileSettings.EnablePublicLink = true + *utils.Cfg.FileSettings.PublicLinkSalt = model.NewId() + + fileId := "" + if data, err := readTestFile("test.png"); err != nil { + t.Fatal(err) + } else { + fileResp, resp := Client.UploadFile(data, channel.Id, "test.png") + CheckNoError(t, resp) + + fileId = fileResp.FileInfos[0].Id + } + + link, resp := Client.GetFileLink(fileId) + CheckBadRequestStatus(t, resp) + + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(app.Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) + + utils.Cfg.FileSettings.EnablePublicLink = false + _, resp = Client.GetFileLink(fileId) + CheckNotImplementedStatus(t, resp) + + // Wait a bit for files to ready + time.Sleep(2 * time.Second) + + utils.Cfg.FileSettings.EnablePublicLink = true + link, resp = Client.GetFileLink(fileId) + CheckNoError(t, resp) + if link == "" { + t.Fatal("should've received public link") + } + + _, resp = Client.GetFileLink("junk") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetFileLink(model.NewId()) + CheckNotFoundStatus(t, resp) + + Client.Logout() + _, resp = Client.GetFileLink(fileId) + CheckUnauthorizedStatus(t, resp) + + otherUser := th.CreateUser() + Client.Login(otherUser.Email, otherUser.Password) + _, resp = Client.GetFileLink(fileId) + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = th.SystemAdminClient.GetFileLink(fileId) + CheckNoError(t, resp) + + if result := <-app.Srv.Store.FileInfo().Get(fileId); result.Err != nil { + t.Fatal(result.Err) + } else { + cleanupTestFile(result.Data.(*model.FileInfo)) + } +} |