diff options
Diffstat (limited to 'api4/command.go')
-rw-r--r-- | api4/command.go | 128 |
1 files changed, 127 insertions, 1 deletions
diff --git a/api4/command.go b/api4/command.go index d6102bd70..f44363522 100644 --- a/api4/command.go +++ b/api4/command.go @@ -1,4 +1,4 @@ -// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. // See License.txt for license information. package api4 @@ -19,7 +19,11 @@ func InitCommand() { BaseRoutes.Commands.Handle("", ApiSessionRequired(createCommand)).Methods("POST") BaseRoutes.Commands.Handle("", ApiSessionRequired(listCommands)).Methods("GET") + BaseRoutes.Command.Handle("", ApiSessionRequired(updateCommand)).Methods("PUT") + BaseRoutes.Command.Handle("", ApiSessionRequired(deleteCommand)).Methods("DELETE") + BaseRoutes.Team.Handle("/commands/autocomplete", ApiSessionRequired(listAutocompleteCommands)).Methods("GET") + BaseRoutes.Command.Handle("/regen_token", ApiSessionRequired(regenCommandToken)).Methods("PUT") } func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { @@ -49,6 +53,91 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(rcmd.ToJson())) } +func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireCommandId() + if c.Err != nil { + return + } + + cmd := model.CommandFromJson(r.Body) + if cmd == nil || cmd.Id != c.Params.CommandId { + c.SetInvalidParam("command") + return + } + + c.LogAudit("attempt") + + oldCmd, err := app.GetCommand(c.Params.CommandId) + if err != nil { + c.Err = err + return + } + + if cmd.TeamId != oldCmd.TeamId { + c.Err = model.NewAppError("updateCommand", "api.command.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusBadRequest) + return + } + + if !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) + return + } + + if c.Session.UserId != oldCmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) + return + } + + rcmd, err := app.UpdateCommand(oldCmd, cmd) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success") + + w.Write([]byte(rcmd.ToJson())) +} + +func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireCommandId() + if c.Err != nil { + return + } + + c.LogAudit("attempt") + + cmd, err := app.GetCommand(c.Params.CommandId) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) + return + } + + if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) + return + } + + err = app.DeleteCommand(cmd.Id) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success") + + ReturnStatusOK(w) +} + func listCommands(c *Context, w http.ResponseWriter, r *http.Request) { customOnly, failConv := strconv.ParseBool(r.URL.Query().Get("custom_only")) if failConv != nil { @@ -113,3 +202,40 @@ func listAutocompleteCommands(c *Context, w http.ResponseWriter, r *http.Request w.Write([]byte(model.CommandListToJson(commands))) } + +func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireCommandId() + if c.Err != nil { + return + } + + c.LogAudit("attempt") + cmd, err := app.GetCommand(c.Params.CommandId) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) + return + } + + if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) + return + } + + rcmd, err := app.RegenCommandToken(cmd) + if err != nil { + c.Err = err + return + } + + resp := make(map[string]string) + resp["token"] = rcmd.Token + + w.Write([]byte(model.MapToJson(resp))) +} |