diff options
Diffstat (limited to 'api4/channel.go')
| -rw-r--r-- | api4/channel.go | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/api4/channel.go b/api4/channel.go index 2ce9e23e5..10e59f49b 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -16,6 +16,7 @@ func InitChannel() { l4g.Debug(utils.T("api.channel.init.debug")) BaseRoutes.Channels.Handle("", ApiSessionRequired(createChannel)).Methods("POST") + BaseRoutes.Channels.Handle("/direct", ApiSessionRequired(createDirectChannel)).Methods("POST") } func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { @@ -40,6 +41,45 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } else { c.LogAudit("name=" + channel.Name) + w.WriteHeader(http.StatusCreated) + w.Write([]byte(sc.ToJson())) + } +} + +func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { + userIds := model.ArrayFromJson(r.Body) + allowed := false + + if len(userIds) != 2 { + c.SetInvalidParam("user_ids") + return + } + + for _, id := range userIds { + if len(id) != 26 { + c.SetInvalidParam("user_id") + return + } + if id == c.Session.UserId { + allowed = true + } + } + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { + c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) + return + } + + if !allowed && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + if sc, err := app.CreateDirectChannel(userIds[0], userIds[1]); err != nil { + c.Err = err + return + } else { + w.WriteHeader(http.StatusCreated) w.Write([]byte(sc.ToJson())) } } |