summaryrefslogtreecommitdiffstats
path: root/api4
diff options
context:
space:
mode:
Diffstat (limited to 'api4')
-rw-r--r--api4/api.go4
-rw-r--r--api4/brand.go70
-rw-r--r--api4/brand_test.go69
3 files changed, 143 insertions, 0 deletions
diff --git a/api4/api.go b/api4/api.go
index 53d7394c7..422af7b7b 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -69,6 +69,8 @@ type Routes struct {
LDAP *mux.Router // 'api/v4/ldap'
+ Brand *mux.Router // 'api/v4/brand'
+
System *mux.Router // 'api/v4/system'
Preferences *mux.Router // 'api/v4/preferences'
@@ -142,6 +144,7 @@ func InitApi(full bool) {
BaseRoutes.Compliance = BaseRoutes.ApiRoot.PathPrefix("/compliance").Subrouter()
BaseRoutes.Cluster = BaseRoutes.ApiRoot.PathPrefix("/cluster").Subrouter()
BaseRoutes.LDAP = BaseRoutes.ApiRoot.PathPrefix("/ldap").Subrouter()
+ BaseRoutes.Brand = BaseRoutes.ApiRoot.PathPrefix("/brand").Subrouter()
BaseRoutes.System = BaseRoutes.ApiRoot.PathPrefix("/system").Subrouter()
BaseRoutes.Preferences = BaseRoutes.User.PathPrefix("/preferences").Subrouter()
BaseRoutes.License = BaseRoutes.ApiRoot.PathPrefix("/license").Subrouter()
@@ -164,6 +167,7 @@ func InitApi(full bool) {
InitCompliance()
InitCluster()
InitLdap()
+ InitBrand()
app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))
diff --git a/api4/brand.go b/api4/brand.go
new file mode 100644
index 000000000..00e6bbbff
--- /dev/null
+++ b/api4/brand.go
@@ -0,0 +1,70 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+ "net/http"
+
+ l4g "github.com/alecthomas/log4go"
+ "github.com/mattermost/platform/app"
+ "github.com/mattermost/platform/model"
+ "github.com/mattermost/platform/utils"
+)
+
+func InitBrand() {
+ l4g.Debug(utils.T("api.brand.init.debug"))
+
+ BaseRoutes.Brand.Handle("/image", ApiHandlerTrustRequester(getBrandImage)).Methods("GET")
+ BaseRoutes.Brand.Handle("/image", ApiSessionRequired(uploadBrandImage)).Methods("POST")
+}
+
+func getBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
+ // No permission check required
+
+ if img, err := app.GetBrandImage(); err != nil {
+ w.Write(nil)
+ } else {
+ w.Header().Set("Content-Type", "image/png")
+ w.Write(img)
+ }
+}
+
+func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
+ if r.ContentLength > *utils.Cfg.FileSettings.MaxFileSize {
+ c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.too_large.app_error", nil, "", http.StatusRequestEntityTooLarge)
+ return
+ }
+
+ if err := r.ParseMultipartForm(*utils.Cfg.FileSettings.MaxFileSize); err != nil {
+ c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.parse.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+
+ m := r.MultipartForm
+
+ imageArray, ok := m.File["image"]
+ if !ok {
+ c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.no_file.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+
+ if len(imageArray) <= 0 {
+ c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.array.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+ return
+ }
+
+ if err := app.SaveBrandImage(imageArray[0]); err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("")
+
+ ReturnStatusOK(w)
+}
diff --git a/api4/brand_test.go b/api4/brand_test.go
new file mode 100644
index 000000000..fd5e472a8
--- /dev/null
+++ b/api4/brand_test.go
@@ -0,0 +1,69 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+ "net/http"
+ "testing"
+)
+
+func TestGetBrandImage(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+
+ data, resp := Client.GetBrandImage()
+ CheckNoError(t, resp)
+
+ if len(data) != 0 {
+ t.Fatal("no image uploaded - should be empty")
+ }
+
+ Client.Logout()
+ data, resp = Client.GetBrandImage()
+ CheckNoError(t, resp)
+
+ if len(data) != 0 {
+ t.Fatal("no image uploaded - should be empty")
+ }
+
+ data, resp = th.SystemAdminClient.GetBrandImage()
+ CheckNoError(t, resp)
+
+ if len(data) != 0 {
+ t.Fatal("no image uploaded - should be empty")
+ }
+}
+
+func TestUploadBrandImage(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+
+ data, err := readTestFile("test.png")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ok, resp := Client.UploadBrandImage(data)
+ CheckForbiddenStatus(t, resp)
+ if ok {
+ t.Fatal("Should return false, set brand image not allowed")
+ }
+
+ // status code returns either forbidden or unauthorized
+ // note: forbidden is set as default at Client4.SetProfileImage when request is terminated early by server
+ Client.Logout()
+ _, resp = Client.UploadBrandImage(data)
+ if resp.StatusCode == http.StatusForbidden {
+ CheckForbiddenStatus(t, resp)
+ } else if resp.StatusCode == http.StatusUnauthorized {
+ CheckUnauthorizedStatus(t, resp)
+ } else {
+ t.Fatal("Should have failed either forbidden or unauthorized")
+ }
+
+ _, resp = th.SystemAdminClient.UploadBrandImage(data)
+ CheckNotImplementedStatus(t, resp)
+}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-16 17:21:48 +0000