Adding Permissions check and reactions function to plugins API (#9273)

* Adding reactions functions

* Adding permissions checking in the plugins api

3 files changed, 301 insertions, 0 deletions

diff --git a/plugin/api.go b/plugin/api.go
index 256ac9f81..370c28268 100644
--- a/plugin/api.go
+++ b/plugin/api.go
@@ -143,6 +143,15 @@ type API interface {
 	// CreatePost creates a post.
 	CreatePost(post *model.Post) (*model.Post, *model.AppError)
 
+	// AddReaction add a reaction to a post.
+	AddReaction(reaction *model.Reaction) (*model.Reaction, *model.AppError)
+
+	// RemoveReaction remove a reaction from a post.
+	RemoveReaction(reaction *model.Reaction) *model.AppError
+
+	// GetReaction get the reactions of a post.
+	GetReactions(postId string) ([]*model.Reaction, *model.AppError)
+
 	// SendEphemeralPost creates an ephemeral post.
 	SendEphemeralPost(userId string, post *model.Post) *model.Post
 
@@ -184,6 +193,15 @@ type API interface {
 	// broadcast determines to which users to send the event
 	PublishWebSocketEvent(event string, payload map[string]interface{}, broadcast *model.WebsocketBroadcast)
 
+	// HasPermissionTo check if the user has the permission at system scope.
+	HasPermissionTo(userId string, permission *model.Permission) bool
+
+	// HasPermissionToTeam check if the user has the permission at team scope.
+	HasPermissionToTeam(userId, teamId string, permission *model.Permission) bool
+
+	// HasPermissionToChannel check if the user has the permission at channel scope.
+	HasPermissionToChannel(userId, channelId string, permission *model.Permission) bool
+
 	// LogDebug writes a log message to the Mattermost server log file.
 	// Appropriate context such as the plugin name will already be added as fields so plugins
 	// do not need to add that info.
diff --git a/plugin/client_rpc_generated.go b/plugin/client_rpc_generated.go
index 3fc03ec3f..ab41c66d9 100644
--- a/plugin/client_rpc_generated.go
+++ b/plugin/client_rpc_generated.go
@@ -1705,6 +1705,92 @@ func (s *apiRPCServer) CreatePost(args *Z_CreatePostArgs, returns *Z_CreatePostR
 	return nil
 }
 
+type Z_AddReactionArgs struct {
+	A *model.Reaction
+}
+
+type Z_AddReactionReturns struct {
+	A *model.Reaction
+	B *model.AppError
+}
+
+func (g *apiRPCClient) AddReaction(reaction *model.Reaction) (*model.Reaction, *model.AppError) {
+	_args := &Z_AddReactionArgs{reaction}
+	_returns := &Z_AddReactionReturns{}
+	if err := g.client.Call("Plugin.AddReaction", _args, _returns); err != nil {
+		log.Printf("RPC call to AddReaction API failed: %s", err.Error())
+	}
+	return _returns.A, _returns.B
+}
+
+func (s *apiRPCServer) AddReaction(args *Z_AddReactionArgs, returns *Z_AddReactionReturns) error {
+	if hook, ok := s.impl.(interface {
+		AddReaction(reaction *model.Reaction) (*model.Reaction, *model.AppError)
+	}); ok {
+		returns.A, returns.B = hook.AddReaction(args.A)
+	} else {
+		return fmt.Errorf("API AddReaction called but not implemented.")
+	}
+	return nil
+}
+
+type Z_RemoveReactionArgs struct {
+	A *model.Reaction
+}
+
+type Z_RemoveReactionReturns struct {
+	A *model.AppError
+}
+
+func (g *apiRPCClient) RemoveReaction(reaction *model.Reaction) *model.AppError {
+	_args := &Z_RemoveReactionArgs{reaction}
+	_returns := &Z_RemoveReactionReturns{}
+	if err := g.client.Call("Plugin.RemoveReaction", _args, _returns); err != nil {
+		log.Printf("RPC call to RemoveReaction API failed: %s", err.Error())
+	}
+	return _returns.A
+}
+
+func (s *apiRPCServer) RemoveReaction(args *Z_RemoveReactionArgs, returns *Z_RemoveReactionReturns) error {
+	if hook, ok := s.impl.(interface {
+		RemoveReaction(reaction *model.Reaction) *model.AppError
+	}); ok {
+		returns.A = hook.RemoveReaction(args.A)
+	} else {
+		return fmt.Errorf("API RemoveReaction called but not implemented.")
+	}
+	return nil
+}
+
+type Z_GetReactionsArgs struct {
+	A string
+}
+
+type Z_GetReactionsReturns struct {
+	A []*model.Reaction
+	B *model.AppError
+}
+
+func (g *apiRPCClient) GetReactions(postId string) ([]*model.Reaction, *model.AppError) {
+	_args := &Z_GetReactionsArgs{postId}
+	_returns := &Z_GetReactionsReturns{}
+	if err := g.client.Call("Plugin.GetReactions", _args, _returns); err != nil {
+		log.Printf("RPC call to GetReactions API failed: %s", err.Error())
+	}
+	return _returns.A, _returns.B
+}
+
+func (s *apiRPCServer) GetReactions(args *Z_GetReactionsArgs, returns *Z_GetReactionsReturns) error {
+	if hook, ok := s.impl.(interface {
+		GetReactions(postId string) ([]*model.Reaction, *model.AppError)
+	}); ok {
+		returns.A, returns.B = hook.GetReactions(args.A)
+	} else {
+		return fmt.Errorf("API GetReactions called but not implemented.")
+	}
+	return nil
+}
+
 type Z_SendEphemeralPostArgs struct {
 	A string
 	B *model.Post
@@ -2023,6 +2109,95 @@ func (s *apiRPCServer) PublishWebSocketEvent(args *Z_PublishWebSocketEventArgs,
 	return nil
 }
 
+type Z_HasPermissionToArgs struct {
+	A string
+	B *model.Permission
+}
+
+type Z_HasPermissionToReturns struct {
+	A bool
+}
+
+func (g *apiRPCClient) HasPermissionTo(userId string, permission *model.Permission) bool {
+	_args := &Z_HasPermissionToArgs{userId, permission}
+	_returns := &Z_HasPermissionToReturns{}
+	if err := g.client.Call("Plugin.HasPermissionTo", _args, _returns); err != nil {
+		log.Printf("RPC call to HasPermissionTo API failed: %s", err.Error())
+	}
+	return _returns.A
+}
+
+func (s *apiRPCServer) HasPermissionTo(args *Z_HasPermissionToArgs, returns *Z_HasPermissionToReturns) error {
+	if hook, ok := s.impl.(interface {
+		HasPermissionTo(userId string, permission *model.Permission) bool
+	}); ok {
+		returns.A = hook.HasPermissionTo(args.A, args.B)
+	} else {
+		return fmt.Errorf("API HasPermissionTo called but not implemented.")
+	}
+	return nil
+}
+
+type Z_HasPermissionToTeamArgs struct {
+	A string
+	B string
+	C *model.Permission
+}
+
+type Z_HasPermissionToTeamReturns struct {
+	A bool
+}
+
+func (g *apiRPCClient) HasPermissionToTeam(userId, teamId string, permission *model.Permission) bool {
+	_args := &Z_HasPermissionToTeamArgs{userId, teamId, permission}
+	_returns := &Z_HasPermissionToTeamReturns{}
+	if err := g.client.Call("Plugin.HasPermissionToTeam", _args, _returns); err != nil {
+		log.Printf("RPC call to HasPermissionToTeam API failed: %s", err.Error())
+	}
+	return _returns.A
+}
+
+func (s *apiRPCServer) HasPermissionToTeam(args *Z_HasPermissionToTeamArgs, returns *Z_HasPermissionToTeamReturns) error {
+	if hook, ok := s.impl.(interface {
+		HasPermissionToTeam(userId, teamId string, permission *model.Permission) bool
+	}); ok {
+		returns.A = hook.HasPermissionToTeam(args.A, args.B, args.C)
+	} else {
+		return fmt.Errorf("API HasPermissionToTeam called but not implemented.")
+	}
+	return nil
+}
+
+type Z_HasPermissionToChannelArgs struct {
+	A string
+	B string
+	C *model.Permission
+}
+
+type Z_HasPermissionToChannelReturns struct {
+	A bool
+}
+
+func (g *apiRPCClient) HasPermissionToChannel(userId, channelId string, permission *model.Permission) bool {
+	_args := &Z_HasPermissionToChannelArgs{userId, channelId, permission}
+	_returns := &Z_HasPermissionToChannelReturns{}
+	if err := g.client.Call("Plugin.HasPermissionToChannel", _args, _returns); err != nil {
+		log.Printf("RPC call to HasPermissionToChannel API failed: %s", err.Error())
+	}
+	return _returns.A
+}
+
+func (s *apiRPCServer) HasPermissionToChannel(args *Z_HasPermissionToChannelArgs, returns *Z_HasPermissionToChannelReturns) error {
+	if hook, ok := s.impl.(interface {
+		HasPermissionToChannel(userId, channelId string, permission *model.Permission) bool
+	}); ok {
+		returns.A = hook.HasPermissionToChannel(args.A, args.B, args.C)
+	} else {
+		return fmt.Errorf("API HasPermissionToChannel called but not implemented.")
+	}
+	return nil
+}
+
 type Z_LogDebugArgs struct {
 	A string
 	B []interface{}
diff --git a/plugin/plugintest/api.go b/plugin/plugintest/api.go
index 3c2716778..e84ceffd8 100644
--- a/plugin/plugintest/api.go
+++ b/plugin/plugintest/api.go
@@ -37,6 +37,31 @@ func (_m *API) AddChannelMember(channelId string, userId string) (*model.Channel
 	return r0, r1
 }
 
+// AddReaction provides a mock function with given fields: reaction
+func (_m *API) AddReaction(reaction *model.Reaction) (*model.Reaction, *model.AppError) {
+	ret := _m.Called(reaction)
+
+	var r0 *model.Reaction
+	if rf, ok := ret.Get(0).(func(*model.Reaction) *model.Reaction); ok {
+		r0 = rf(reaction)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*model.Reaction)
+		}
+	}
+
+	var r1 *model.AppError
+	if rf, ok := ret.Get(1).(func(*model.Reaction) *model.AppError); ok {
+		r1 = rf(reaction)
+	} else {
+		if ret.Get(1) != nil {
+			r1 = ret.Get(1).(*model.AppError)
+		}
+	}
+
+	return r0, r1
+}
+
 // CopyFileInfos provides a mock function with given fields: userId, fileIds
 func (_m *API) CopyFileInfos(userId string, fileIds []string) ([]string, *model.AppError) {
 	ret := _m.Called(userId, fileIds)
@@ -549,6 +574,31 @@ func (_m *API) GetPublicChannelsForTeam(teamId string, offset int, limit int) (*
 	return r0, r1
 }
 
+// GetReactions provides a mock function with given fields: postId
+func (_m *API) GetReactions(postId string) ([]*model.Reaction, *model.AppError) {
+	ret := _m.Called(postId)
+
+	var r0 []*model.Reaction
+	if rf, ok := ret.Get(0).(func(string) []*model.Reaction); ok {
+		r0 = rf(postId)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*model.Reaction)
+		}
+	}
+
+	var r1 *model.AppError
+	if rf, ok := ret.Get(1).(func(string) *model.AppError); ok {
+		r1 = rf(postId)
+	} else {
+		if ret.Get(1) != nil {
+			r1 = ret.Get(1).(*model.AppError)
+		}
+	}
+
+	return r0, r1
+}
+
 // GetSession provides a mock function with given fields: sessionId
 func (_m *API) GetSession(sessionId string) (*model.Session, *model.AppError) {
 	ret := _m.Called(sessionId)
@@ -824,6 +874,48 @@ func (_m *API) GetUserStatusesByIds(userIds []string) ([]*model.Status, *model.A
 	return r0, r1
 }
 
+// HasPermissionTo provides a mock function with given fields: userId, permission
+func (_m *API) HasPermissionTo(userId string, permission *model.Permission) bool {
+	ret := _m.Called(userId, permission)
+
+	var r0 bool
+	if rf, ok := ret.Get(0).(func(string, *model.Permission) bool); ok {
+		r0 = rf(userId, permission)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	return r0
+}
+
+// HasPermissionToChannel provides a mock function with given fields: userId, channelId, permission
+func (_m *API) HasPermissionToChannel(userId string, channelId string, permission *model.Permission) bool {
+	ret := _m.Called(userId, channelId, permission)
+
+	var r0 bool
+	if rf, ok := ret.Get(0).(func(string, string, *model.Permission) bool); ok {
+		r0 = rf(userId, channelId, permission)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	return r0
+}
+
+// HasPermissionToTeam provides a mock function with given fields: userId, teamId, permission
+func (_m *API) HasPermissionToTeam(userId string, teamId string, permission *model.Permission) bool {
+	ret := _m.Called(userId, teamId, permission)
+
+	var r0 bool
+	if rf, ok := ret.Get(0).(func(string, string, *model.Permission) bool); ok {
+		r0 = rf(userId, teamId, permission)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	return r0
+}
+
 // KVDelete provides a mock function with given fields: key
 func (_m *API) KVDelete(key string) *model.AppError {
 	ret := _m.Called(key)
@@ -971,6 +1063,22 @@ func (_m *API) RegisterCommand(command *model.Command) error {
 	return r0
 }
 
+// RemoveReaction provides a mock function with given fields: reaction
+func (_m *API) RemoveReaction(reaction *model.Reaction) *model.AppError {
+	ret := _m.Called(reaction)
+
+	var r0 *model.AppError
+	if rf, ok := ret.Get(0).(func(*model.Reaction) *model.AppError); ok {
+		r0 = rf(reaction)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*model.AppError)
+		}
+	}
+
+	return r0
+}
+
 // SaveConfig provides a mock function with given fields: config
 func (_m *API) SaveConfig(config *model.Config) *model.AppError {
 	ret := _m.Called(config)