summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--api4/webhook.go40
-rw-r--r--api4/webhook_test.go62
-rw-r--r--model/client4.go10
3 files changed, 110 insertions, 2 deletions
diff --git a/api4/webhook.go b/api4/webhook.go
index 8d2c4874f..86f8bcc2e 100644
--- a/api4/webhook.go
+++ b/api4/webhook.go
@@ -23,8 +23,9 @@ func InitWebhook() {
BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(createOutgoingHook)).Methods("POST")
BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(getOutgoingHooks)).Methods("GET")
- BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(updateOutcomingHook)).Methods("PUT")
BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(getOutgoingHook)).Methods("GET")
+ BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(updateOutgoingHook)).Methods("PUT")
+ BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(deleteOutgoingHook)).Methods("DELETE")
BaseRoutes.OutgoingHook.Handle("/regen_token", ApiSessionRequired(regenOutgoingHookToken)).Methods("POST")
}
@@ -226,7 +227,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
}
}
-func updateOutcomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
+func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequireHookId()
if c.Err != nil {
return
@@ -395,3 +396,38 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request)
w.Write([]byte(rhook.ToJson()))
}
}
+
+func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireHookId()
+ if c.Err != nil {
+ return
+ }
+
+ hook, err := app.GetOutgoingWebhook(c.Params.HookId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("attempt")
+
+ if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
+ return
+ }
+
+ if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ c.LogAudit("fail - inappropriate permissions")
+ c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
+ return
+ }
+
+ if err := app.DeleteOutgoingWebhook(hook.Id); err != nil {
+ c.LogAudit("fail")
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("success")
+ ReturnStatusOK(w)
+}
diff --git a/api4/webhook_test.go b/api4/webhook_test.go
index 80b03c5aa..1691b27e5 100644
--- a/api4/webhook_test.go
+++ b/api4/webhook_test.go
@@ -831,3 +831,65 @@ func TestUpdateOutgoingHook(t *testing.T) {
CheckUnauthorizedStatus(t, resp)
})
}
+
+func TestDeleteOutgoingHook(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.SystemAdminClient
+
+ enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks
+ enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks
+ utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks
+ utils.SetDefaultRolesBasedOnConfig()
+ }()
+ utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+ utils.SetDefaultRolesBasedOnConfig()
+
+ var resp *model.Response
+ var rhook *model.OutgoingWebhook
+ var hook *model.OutgoingWebhook
+ var status bool
+
+ t.Run("WhenInvalidHookID", func(t *testing.T) {
+ status, resp = Client.DeleteOutgoingWebhook("abc")
+ CheckBadRequestStatus(t, resp)
+ })
+
+ t.Run("WhenHookDoesNotExist", func(t *testing.T) {
+ status, resp = Client.DeleteOutgoingWebhook(model.NewId())
+ CheckInternalErrorStatus(t, resp)
+ })
+
+ t.Run("WhenHookExists", func(t *testing.T) {
+ hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
+ CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}}
+ rhook, resp = Client.CreateOutgoingWebhook(hook)
+ CheckNoError(t, resp)
+
+ if status, resp = Client.DeleteOutgoingWebhook(rhook.Id); !status {
+ t.Fatal("Delete should have succeeded")
+ } else {
+ CheckOKStatus(t, resp)
+ }
+
+ // Get now should not return this deleted hook
+ _, resp = Client.GetIncomingWebhook(rhook.Id, "")
+ CheckNotFoundStatus(t, resp)
+ })
+
+ t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) {
+ hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
+ CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"dogs"}}
+ rhook, resp = Client.CreateOutgoingWebhook(hook)
+ CheckNoError(t, resp)
+
+ th.LoginBasic()
+ Client = th.Client
+
+ _, resp = Client.DeleteOutgoingWebhook(rhook.Id)
+ CheckForbiddenStatus(t, resp)
+ })
+}
diff --git a/model/client4.go b/model/client4.go
index 5b7f502e1..ae20d5293 100644
--- a/model/client4.go
+++ b/model/client4.go
@@ -1383,6 +1383,16 @@ func (c *Client4) RegenOutgoingHookToken(hookId string) (*OutgoingWebhook, *Resp
}
}
+// DeleteOutgoingWebhook delete the outgoing webhook on the system requested by Hook Id.
+func (c *Client4) DeleteOutgoingWebhook(hookId string) (bool, *Response) {
+ if r, err := c.DoApiDelete(c.GetOutgoingWebhookRoute(hookId)); err != nil {
+ return false, &Response{StatusCode: r.StatusCode, Error: err}
+ } else {
+ defer closeBody(r)
+ return CheckStatusOK(r), BuildResponse(r)
+ }
+}
+
// Preferences Section
// GetPreferences returns the user's preferences.