From ba18374bd1b2644e577247204fad17dd52913b9b Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Tue, 7 Feb 2017 08:57:41 -0800 Subject: Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 --- api/team.go | 2 +- api4/api.go | 7 ++- api4/team.go | 64 ++++++++++++++++++++++++++ api4/team_test.go | 118 ++++++++++++++++++++++++++++++++++++++++++++++++ model/client4.go | 43 ++++++++++++++++-- model/team.go | 20 ++++++++ store/sql_team_store.go | 4 +- 7 files changed, 247 insertions(+), 11 deletions(-) diff --git a/api/team.go b/api/team.go index 92f9ebaa4..3d6f18714 100644 --- a/api/team.go +++ b/api/team.go @@ -82,7 +82,7 @@ func GetAllTeamListings(c *Context, w http.ResponseWriter, r *http.Request) { m := make(map[string]*model.Team) for _, v := range teams { m[v.Id] = v - if !app.HasPermissionTo(c.Session.UserId, model.PERMISSION_MANAGE_SYSTEM) { + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { m[v.Id].Sanitize() } } diff --git a/api4/api.go b/api4/api.go index 2293cdec5..5ad410cb3 100644 --- a/api4/api.go +++ b/api4/api.go @@ -94,7 +94,7 @@ func InitApi(full bool) { BaseRoutes.UserByEmail = BaseRoutes.Users.PathPrefix("/email/{email}").Subrouter() BaseRoutes.Teams = BaseRoutes.ApiRoot.PathPrefix("/teams").Subrouter() - BaseRoutes.TeamsForUser = BaseRoutes.Users.PathPrefix("/teams").Subrouter() + BaseRoutes.TeamsForUser = BaseRoutes.User.PathPrefix("/teams").Subrouter() BaseRoutes.Team = BaseRoutes.Teams.PathPrefix("/{team_id:[A-Za-z0-9]+}").Subrouter() BaseRoutes.TeamByName = BaseRoutes.Teams.PathPrefix("/name/{team_name:[A-Za-z0-9_-]+}").Subrouter() BaseRoutes.TeamMembers = BaseRoutes.Team.PathPrefix("/members").Subrouter() @@ -141,11 +141,10 @@ func InitApi(full bool) { InitTeam() InitChannel() + app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404)) + // REMOVE CONDITION WHEN APIv3 REMOVED if full { - // 404 on any api route before web.go has a chance to serve it - app.Srv.Router.Handle("/api/{anything:.*}", http.HandlerFunc(Handle404)) - utils.InitHTML() app.InitEmailBatching() diff --git a/api4/team.go b/api4/team.go index 6365ff6de..8564029b0 100644 --- a/api4/team.go +++ b/api4/team.go @@ -16,6 +16,11 @@ func InitTeam() { l4g.Debug(utils.T("api.team.init.debug")) BaseRoutes.Teams.Handle("", ApiSessionRequired(createTeam)).Methods("POST") + BaseRoutes.TeamsForUser.Handle("", ApiSessionRequired(getTeamsForUser)).Methods("GET") + + BaseRoutes.Team.Handle("", ApiSessionRequired(getTeam)).Methods("GET") + + BaseRoutes.TeamMember.Handle("", ApiSessionRequired(getTeamMember)).Methods("GET") } @@ -40,3 +45,62 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusCreated) w.Write([]byte(rteam.ToJson())) } + +func getTeam(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId() + if c.Err != nil { + return + } + + if team, err := app.GetTeam(c.Params.TeamId); err != nil { + c.Err = err + return + } else { + if team.Type != model.TEAM_OPEN && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + + w.Write([]byte(team.ToJson())) + return + } +} + +func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + if teams, err := app.GetTeamsForUser(c.Params.UserId); err != nil { + c.Err = err + return + } else { + w.Write([]byte(model.TeamListToJson(teams))) + } +} + +func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId().RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + + if team, err := app.GetTeamMember(c.Params.TeamId, c.Params.UserId); err != nil { + c.Err = err + return + } else { + w.Write([]byte(team.ToJson())) + return + } +} diff --git a/api4/team_test.go b/api4/team_test.go index 90f237151..5c6d64ace 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -74,3 +74,121 @@ func TestCreateTeam(t *testing.T) { _, resp = Client.CreateTeam(team) CheckForbiddenStatus(t, resp) } + +func TestGetTeam(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + team := th.BasicTeam + + rteam, resp := Client.GetTeam(team.Id, "") + CheckNoError(t, resp) + + if rteam.Id != team.Id { + t.Fatal("wrong team") + } + + _, resp = Client.GetTeam("junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeam("", "") + CheckNotFoundStatus(t, resp) + + _, resp = Client.GetTeam(model.NewId(), "") + CheckNotFoundStatus(t, resp) + + th.LoginTeamAdmin() + + team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: GenerateTestEmail(), Type: model.TEAM_INVITE} + rteam2, _ := Client.CreateTeam(team2) + + th.LoginBasic() + _, resp = Client.GetTeam(rteam2.Id, "") + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = Client.GetTeam(team.Id, "") + CheckUnauthorizedStatus(t, resp) + + _, resp = th.SystemAdminClient.GetTeam(rteam2.Id, "") + CheckNoError(t, resp) +} + +func TestGetTeamsForUser(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: GenerateTestEmail(), Type: model.TEAM_INVITE} + rteam2, _ := Client.CreateTeam(team2) + + teams, resp := Client.GetTeamsForUser(th.BasicUser.Id, "") + CheckNoError(t, resp) + + if len(teams) != 2 { + t.Fatal("wrong number of teams") + } + + found1 := false + found2 := false + for _, t := range teams { + if t.Id == th.BasicTeam.Id { + found1 = true + } else if t.Id == rteam2.Id { + found2 = true + } + } + + if !found1 || !found2 { + t.Fatal("missing team") + } + + _, resp = Client.GetTeamsForUser("junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamsForUser(model.NewId(), "") + CheckForbiddenStatus(t, resp) + + _, resp = Client.GetTeamsForUser(th.BasicUser2.Id, "") + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.GetTeamsForUser(th.BasicUser2.Id, "") + CheckNoError(t, resp) +} + +func TestGetTeamMember(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + team := th.BasicTeam + user := th.BasicUser + + rmember, resp := Client.GetTeamMember(team.Id, user.Id, "") + CheckNoError(t, resp) + + if rmember.TeamId != team.Id { + t.Fatal("wrong team id") + } + + if rmember.UserId != user.Id { + t.Fatal("wrong team id") + } + + _, resp = Client.GetTeamMember("junk", user.Id, "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamMember(team.Id, "junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamMember("junk", "junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamMember(team.Id, model.NewId(), "") + CheckNotFoundStatus(t, resp) + + _, resp = Client.GetTeamMember(model.NewId(), user.Id, "") + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.GetTeamMember(team.Id, user.Id, "") + CheckNoError(t, resp) +} diff --git a/model/client4.go b/model/client4.go index 42b96a730..88082869e 100644 --- a/model/client4.go +++ b/model/client4.go @@ -64,6 +64,14 @@ func (c *Client4) GetTeamsRoute() string { return fmt.Sprintf("/teams") } +func (c *Client4) GetTeamRoute(teamId string) string { + return fmt.Sprintf(c.GetTeamsRoute()+"/%v", teamId) +} + +func (c *Client4) GetTeamMemberRoute(teamId, userId string) string { + return fmt.Sprintf(c.GetTeamRoute(teamId)+"/members/%v", userId) +} + func (c *Client4) GetChannelsRoute() string { return fmt.Sprintf("/channels") } @@ -72,10 +80,6 @@ func (c *Client4) GetChannelRoute(channelId string) string { return fmt.Sprintf(c.GetChannelsRoute()+"/%v", channelId) } -func (c *Client4) GetTeamRoute(teamId string) string { - return fmt.Sprintf(c.GetTeamsRoute()+"/%v", teamId) -} - func (c *Client4) DoApiGet(url string, etag string) (*http.Response, *AppError) { return c.DoApiRequest(http.MethodGet, url, "", etag) } @@ -321,6 +325,37 @@ func (c *Client4) CreateTeam(team *Team) (*Team, *Response) { } } +// GetTeam returns a team based on the provided team id string. +func (c *Client4) GetTeam(teamId, etag string) (*Team, *Response) { + if r, err := c.DoApiGet(c.GetTeamRoute(teamId), etag); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return TeamFromJson(r.Body), BuildResponse(r) + } +} + +// GetTeamsForUser returns a list of teams a user is on. Must be logged in as the user +// or be a system administrator. +func (c *Client4) GetTeamsForUser(userId, etag string) ([]*Team, *Response) { + if r, err := c.DoApiGet(c.GetUserRoute(userId)+"/teams", etag); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return TeamListFromJson(r.Body), BuildResponse(r) + } +} + +// GetTeamMember returns a team member based on the provided team and user id strings. +func (c *Client4) GetTeamMember(teamId, userId, etag string) (*TeamMember, *Response) { + if r, err := c.DoApiGet(c.GetTeamMemberRoute(teamId, userId), etag); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return TeamMemberFromJson(r.Body), BuildResponse(r) + } +} + // Channel Section // CreateChannel creates a channel based on the provided channel struct. diff --git a/model/team.go b/model/team.go index 6b02dbdee..310ad2d91 100644 --- a/model/team.go +++ b/model/team.go @@ -112,6 +112,26 @@ func TeamMapFromJson(data io.Reader) map[string]*Team { } } +func TeamListToJson(t []*Team) string { + b, err := json.Marshal(t) + if err != nil { + return "" + } else { + return string(b) + } +} + +func TeamListFromJson(data io.Reader) []*Team { + decoder := json.NewDecoder(data) + var teams []*Team + err := decoder.Decode(&teams) + if err == nil { + return teams + } else { + return nil + } +} + func (o *Team) Etag() string { return Etag(o.Id, o.UpdateAt) } diff --git a/store/sql_team_store.go b/store/sql_team_store.go index f1b023854..9ef420943 100644 --- a/store/sql_team_store.go +++ b/store/sql_team_store.go @@ -165,7 +165,7 @@ func (s SqlTeamStore) Get(id string) StoreChannel { if obj, err := s.GetReplica().Get(model.Team{}, id); err != nil { result.Err = model.NewLocAppError("SqlTeamStore.Get", "store.sql_team.get.finding.app_error", nil, "id="+id+", "+err.Error()) } else if obj == nil { - result.Err = model.NewLocAppError("SqlTeamStore.Get", "store.sql_team.get.find.app_error", nil, "id="+id) + result.Err = model.NewAppError("SqlTeamStore.Get", "store.sql_team.get.find.app_error", nil, "id="+id, http.StatusNotFound) } else { team := obj.(*model.Team) if len(team.InviteId) == 0 { @@ -455,7 +455,7 @@ func (s SqlTeamStore) GetMember(teamId string, userId string) StoreChannel { err := s.GetReplica().SelectOne(&member, "SELECT * FROM TeamMembers WHERE TeamId = :TeamId AND UserId = :UserId", map[string]interface{}{"TeamId": teamId, "UserId": userId}) if err != nil { if err == sql.ErrNoRows { - result.Err = model.NewLocAppError("SqlTeamStore.GetMember", "store.sql_team.get_member.missing.app_error", nil, "teamId="+teamId+" userId="+userId+" "+err.Error()) + result.Err = model.NewAppError("SqlTeamStore.GetMember", "store.sql_team.get_member.missing.app_error", nil, "teamId="+teamId+" userId="+userId+" "+err.Error(), http.StatusNotFound) } else { result.Err = model.NewLocAppError("SqlTeamStore.GetMember", "store.sql_team.get_member.app_error", nil, "teamId="+teamId+" userId="+userId+" "+err.Error()) } -- cgit v1.2.3-1-g7c22