From dd4d8440eac2e4b64bfb6b449cc0668b78ecba50 Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Mon, 20 Feb 2017 11:31:52 -0500 Subject: Implement a few channel member endpoints for APIv4 (#5444) * Implement POST /channels/members/{user_id}/view endpoint for APIv4 * Implement PUT /channels/{channel_id}/members/{user_id}/roles endpoint for APIv4 * Implement DELETE /channels/{channel_id}/members/{user_id} endpoint for APIv4 --- api/channel.go | 17 +---- api4/channel.go | 96 +++++++++++++++++++++++-- api4/channel_test.go | 199 ++++++++++++++++++++++++++++++++++++++++++++++++++- app/channel.go | 22 +++++- model/client4.go | 48 ++++++++++--- 5 files changed, 349 insertions(+), 33 deletions(-) diff --git a/api/channel.go b/api/channel.go index a5d42f151..6eda72dd9 100644 --- a/api/channel.go +++ b/api/channel.go @@ -649,25 +649,12 @@ func removeMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - if _, err = app.GetChannelMember(channel.Id, c.Session.UserId); err != nil { - c.Err = err - return - } - if err = app.RemoveUserFromChannel(userIdToRemove, c.Session.UserId, channel); err != nil { - c.Err = model.NewLocAppError("removeMember", "api.channel.remove_member.unable.app_error", nil, err.Message) - return - } - - c.LogAudit("name=" + channel.Name + " user_id=" + userIdToRemove) - - var user *model.User - if user, err = app.GetUser(userIdToRemove); err != nil { c.Err = err return } - go app.PostRemoveFromChannelMessage(c.Session.UserId, user, channel) + c.LogAudit("name=" + channel.Name + " user_id=" + userIdToRemove) result := make(map[string]string) result["channel_id"] = channel.Id @@ -753,7 +740,7 @@ func autocompleteChannels(c *Context, w http.ResponseWriter, r *http.Request) { func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { view := model.ChannelViewFromJson(r.Body) - if err := app.ViewChannel(view, c.TeamId, c.Session.UserId, !c.Session.IsMobileApp()); err != nil { + if err := app.ViewChannel(view, c.Session.UserId, !c.Session.IsMobileApp()); err != nil { c.Err = err return } diff --git a/api4/channel.go b/api4/channel.go index 938511c14..8be522484 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -25,6 +25,9 @@ func InitChannel() { BaseRoutes.ChannelMembers.Handle("", ApiSessionRequired(getChannelMembers)).Methods("GET") BaseRoutes.ChannelMembersForUser.Handle("", ApiSessionRequired(getChannelMembersForUser)).Methods("GET") BaseRoutes.ChannelMember.Handle("", ApiSessionRequired(getChannelMember)).Methods("GET") + BaseRoutes.ChannelMember.Handle("", ApiSessionRequired(removeChannelMember)).Methods("DELETE") + BaseRoutes.ChannelMember.Handle("/roles", ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT") + BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", ApiSessionRequired(viewChannel)).Methods("POST") } func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { @@ -101,7 +104,7 @@ func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { c.SetPermissionError(model.PERMISSION_READ_CHANNEL) return - } + } if channel, err := app.GetChannel(c.Params.ChannelId); err != nil { c.Err = err @@ -124,13 +127,13 @@ func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { if channel, err = app.GetChannelByName(c.Params.ChannelName, c.Params.TeamId); err != nil { c.Err = err return - } + } if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { c.SetPermissionError(model.PERMISSION_READ_CHANNEL) return } - + w.Write([]byte(channel.ToJson())) return } @@ -152,7 +155,7 @@ func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Requ if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { c.SetPermissionError(model.PERMISSION_READ_CHANNEL) return - } + } w.Write([]byte(channel.ToJson())) return @@ -219,3 +222,88 @@ func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request w.Write([]byte(members.ToJson())) } } + +func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + view := model.ChannelViewFromJson(r.Body) + if view == nil { + c.SetInvalidParam("channel_view") + return + } + + if err := app.ViewChannel(view, c.Params.UserId, !c.Session.IsMobileApp()); err != nil { + c.Err = err + return + } + + ReturnStatusOK(w) +} + +func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireChannelId().RequireUserId() + if c.Err != nil { + return + } + + props := model.MapFromJson(r.Body) + + newRoles := props["roles"] + if !(model.IsValidUserRoles(newRoles)) { + c.SetInvalidParam("roles") + return + } + + if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) { + c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES) + return + } + + if _, err := app.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil { + c.Err = err + return + } + + ReturnStatusOK(w) +} + +func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireChannelId().RequireUserId() + if c.Err != nil { + return + } + + var channel *model.Channel + var err *model.AppError + if channel, err = app.GetChannel(c.Params.ChannelId); err != nil { + c.Err = err + return + } + + if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { + c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) + return + } + + if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { + c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) + return + } + + if err = app.RemoveUserFromChannel(c.Params.UserId, c.Session.UserId, channel); err != nil { + c.Err = err + return + } + + c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId) + + ReturnStatusOK(w) +} diff --git a/api4/channel_test.go b/api4/channel_test.go index 7e59f60e8..7dcc8dc96 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -8,6 +8,7 @@ import ( "strconv" "testing" + "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" ) @@ -226,9 +227,13 @@ func TestGetChannel(t *testing.T) { defer TearDown() Client := th.Client - _, resp := Client.GetChannel(th.BasicChannel.Id, "") + channel, resp := Client.GetChannel(th.BasicChannel.Id, "") CheckNoError(t, resp) + if channel.Id != th.BasicChannel.Id { + t.Fatal("ids did not match") + } + _, resp = Client.GetChannel(model.NewId(), "") CheckForbiddenStatus(t, resp) @@ -253,9 +258,13 @@ func TestGetChannelByName(t *testing.T) { defer TearDown() Client := th.Client - _, resp := Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") + channel, resp := Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") CheckNoError(t, resp) + if channel.Name != th.BasicChannel.Name { + t.Fatal("names did not match") + } + _, resp = Client.GetChannelByName(GenerateTestChannelName(), th.BasicTeam.Id, "") CheckNotFoundStatus(t, resp) @@ -277,9 +286,13 @@ func TestGetChannelByNameForTeamName(t *testing.T) { defer TearDown() Client := th.Client - _, resp := th.SystemAdminClient.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "") + channel, resp := th.SystemAdminClient.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "") CheckNoError(t, resp) + if channel.Name != th.BasicChannel.Name { + t.Fatal("names did not match") + } + _, resp = Client.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "") CheckNoError(t, resp) @@ -443,3 +456,183 @@ func TestGetChannelMembersForUser(t *testing.T) { _, resp = th.SystemAdminClient.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "") CheckNoError(t, resp) } + +func TestViewChannel(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + view := &model.ChannelView{ + ChannelId: th.BasicChannel.Id, + } + + pass, resp := Client.ViewChannel(th.BasicUser.Id, view) + CheckNoError(t, resp) + + if !pass { + t.Fatal("should have passed") + } + + view.PrevChannelId = th.BasicChannel.Id + _, resp = Client.ViewChannel(th.BasicUser.Id, view) + CheckNoError(t, resp) + + view.PrevChannelId = "" + _, resp = Client.ViewChannel(th.BasicUser.Id, view) + CheckNoError(t, resp) + + view.PrevChannelId = "junk" + _, resp = Client.ViewChannel(th.BasicUser.Id, view) + CheckNoError(t, resp) + + member, resp := Client.GetChannelMember(th.BasicChannel.Id, th.BasicUser.Id, "") + CheckNoError(t, resp) + channel, resp := Client.GetChannel(th.BasicChannel.Id, "") + CheckNoError(t, resp) + + if member.MsgCount != channel.TotalMsgCount { + t.Fatal("should match message counts") + } + + if member.MentionCount != 0 { + t.Fatal("should have no mentions") + } + + _, resp = Client.ViewChannel("junk", view) + CheckBadRequestStatus(t, resp) + + _, resp = Client.ViewChannel(th.BasicUser2.Id, view) + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = Client.ViewChannel(th.BasicUser.Id, view) + CheckUnauthorizedStatus(t, resp) + + _, resp = th.SystemAdminClient.ViewChannel(th.BasicUser.Id, view) + CheckNoError(t, resp) +} + +func TestUpdateChannelRoles(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + const CHANNEL_ADMIN = "channel_admin channel_user" + const CHANNEL_MEMBER = "channel_user" + + // User 1 creates a channel, making them channel admin by default. + channel := th.CreatePublicChannel() + + // Adds User 2 to the channel, making them a channel member by default. + app.AddUserToChannel(th.BasicUser2, channel) + + // User 1 promotes User 2 + pass, resp := Client.UpdateChannelRoles(channel.Id, th.BasicUser2.Id, CHANNEL_ADMIN) + CheckNoError(t, resp) + + if !pass { + t.Fatal("should have passed") + } + + member, resp := Client.GetChannelMember(channel.Id, th.BasicUser2.Id, "") + CheckNoError(t, resp) + + if member.Roles != CHANNEL_ADMIN { + t.Fatal("roles don't match") + } + + // User 1 demotes User 2 + _, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser2.Id, CHANNEL_MEMBER) + CheckNoError(t, resp) + + th.LoginBasic2() + + // User 2 cannot demote User 1 + _, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_MEMBER) + CheckForbiddenStatus(t, resp) + + // User 2 cannot promote self + _, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser2.Id, CHANNEL_ADMIN) + CheckForbiddenStatus(t, resp) + + th.LoginBasic() + + // User 1 demotes self + _, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_MEMBER) + CheckNoError(t, resp) + + // System Admin promotes User 1 + _, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_ADMIN) + CheckNoError(t, resp) + + // System Admin demotes User 1 + _, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_MEMBER) + CheckNoError(t, resp) + + // System Admin promotes User 1 + pass, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_ADMIN) + CheckNoError(t, resp) + + th.LoginBasic() + + _, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser.Id, "junk") + CheckBadRequestStatus(t, resp) + + _, resp = Client.UpdateChannelRoles(channel.Id, "junk", CHANNEL_MEMBER) + CheckBadRequestStatus(t, resp) + + _, resp = Client.UpdateChannelRoles("junk", th.BasicUser.Id, CHANNEL_MEMBER) + CheckBadRequestStatus(t, resp) + + _, resp = Client.UpdateChannelRoles(channel.Id, model.NewId(), CHANNEL_MEMBER) + CheckNotFoundStatus(t, resp) + + _, resp = Client.UpdateChannelRoles(model.NewId(), th.BasicUser.Id, CHANNEL_MEMBER) + CheckForbiddenStatus(t, resp) +} + +func TestRemoveChannelMember(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + pass, resp := Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser2.Id) + CheckNoError(t, resp) + + if !pass { + t.Fatal("should have passed") + } + + _, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, "junk") + CheckBadRequestStatus(t, resp) + + _, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, model.NewId()) + CheckNotFoundStatus(t, resp) + + th.LoginBasic2() + _, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) + CheckForbiddenStatus(t, resp) + + app.AddUserToChannel(th.BasicUser2, th.BasicChannel) + _, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(th.BasicChannel2.Id, th.BasicUser.Id) + CheckNoError(t, resp) + + _, resp = th.SystemAdminClient.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) + CheckNoError(t, resp) + + th.LoginBasic() + private := th.CreatePrivateChannel() + app.AddUserToChannel(th.BasicUser2, private) + + _, resp = Client.RemoveUserFromChannel(private.Id, th.BasicUser2.Id) + CheckNoError(t, resp) + + _, resp = th.SystemAdminClient.RemoveUserFromChannel(private.Id, th.BasicUser.Id) + CheckNoError(t, resp) +} diff --git a/app/channel.go b/app/channel.go index 347c106a8..db007dd3b 100644 --- a/app/channel.go +++ b/app/channel.go @@ -700,7 +700,7 @@ func LeaveChannel(channelId string, userId string) *model.AppError { return err } - if err := RemoveUserFromChannel(userId, userId, channel); err != nil { + if err := removeUserFromChannel(userId, userId, channel); err != nil { return err } @@ -765,7 +765,7 @@ func PostRemoveFromChannelMessage(removerUserId string, removedUser *model.User, return nil } -func RemoveUserFromChannel(userIdToRemove string, removerUserId string, channel *model.Channel) *model.AppError { +func removeUserFromChannel(userIdToRemove string, removerUserId string, channel *model.Channel) *model.AppError { if channel.DeleteAt > 0 { err := model.NewLocAppError("RemoveUserFromChannel", "api.channel.remove_user_from_channel.deleted.app_error", nil, "") err.StatusCode = http.StatusBadRequest @@ -797,6 +797,22 @@ func RemoveUserFromChannel(userIdToRemove string, removerUserId string, channel return nil } +func RemoveUserFromChannel(userIdToRemove string, removerUserId string, channel *model.Channel) *model.AppError { + var err *model.AppError + if err = removeUserFromChannel(userIdToRemove, removerUserId, channel); err != nil { + return err + } + + var user *model.User + if user, err = GetUser(userIdToRemove); err != nil { + return err + } + + go PostRemoveFromChannelMessage(removerUserId, user, channel) + + return nil +} + func GetNumberOfChannelsOnTeam(teamId string) (int, *model.AppError) { // Get total number of channels on current team if result := <-Srv.Store.Channel().GetTeamChannels(teamId); result.Err != nil { @@ -847,7 +863,7 @@ func SearchChannelsUserNotIn(teamId string, userId string, term string) (*model. } } -func ViewChannel(view *model.ChannelView, teamId string, userId string, clearPushNotifications bool) *model.AppError { +func ViewChannel(view *model.ChannelView, userId string, clearPushNotifications bool) *model.AppError { if err := SetActiveChannel(userId, view.ChannelId); err != nil { return err } diff --git a/model/client4.go b/model/client4.go index c64b460e4..f4447b769 100644 --- a/model/client4.go +++ b/model/client4.go @@ -144,7 +144,7 @@ func (c *Client4) DoApiPut(url string, data string) (*http.Response, *AppError) return c.DoApiRequest(http.MethodPut, url, data, "") } -func (c *Client4) DoApiDelete(url string, data string) (*http.Response, *AppError) { +func (c *Client4) DoApiDelete(url string) (*http.Response, *AppError) { return c.DoApiRequest(http.MethodDelete, url, "", "") } @@ -407,7 +407,7 @@ func (c *Client4) UpdateUserRoles(userId, roles string) (bool, *Response) { // DeleteUser deactivates a user in the system based on the provided user id string. func (c *Client4) DeleteUser(userId string) (bool, *Response) { - if r, err := c.DoApiDelete(c.GetUserRoute(userId), ""); err != nil { + if r, err := c.DoApiDelete(c.GetUserRoute(userId)); err != nil { return false, &Response{StatusCode: r.StatusCode, Error: err} } else { defer closeBody(r) @@ -548,32 +548,32 @@ func (c *Client4) CreateDirectChannel(userId1, userId2 string) (*Channel, *Respo } // GetChannel returns a channel based on the provided channel id string. -func (c *Client4) GetChannel(channelId, etag string) (*User, *Response) { +func (c *Client4) GetChannel(channelId, etag string) (*Channel, *Response) { if r, err := c.DoApiGet(c.GetChannelRoute(channelId), etag); err != nil { return nil, &Response{StatusCode: r.StatusCode, Error: err} } else { defer closeBody(r) - return UserFromJson(r.Body), BuildResponse(r) + return ChannelFromJson(r.Body), BuildResponse(r) } } // GetChannelByName returns a channel based on the provided channel name and team id strings. -func (c *Client4) GetChannelByName(channelName, teamId string, etag string) (*User, *Response) { +func (c *Client4) GetChannelByName(channelName, teamId string, etag string) (*Channel, *Response) { if r, err := c.DoApiGet(c.GetChannelByNameRoute(channelName, teamId), etag); err != nil { return nil, &Response{StatusCode: r.StatusCode, Error: err} } else { defer closeBody(r) - return UserFromJson(r.Body), BuildResponse(r) + return ChannelFromJson(r.Body), BuildResponse(r) } } // GetChannelByNameForTeamName returns a channel based on the provided channel name and team name strings. -func (c *Client4) GetChannelByNameForTeamName(channelName, teamName string, etag string) (*User, *Response) { +func (c *Client4) GetChannelByNameForTeamName(channelName, teamName string, etag string) (*Channel, *Response) { if r, err := c.DoApiGet(c.GetChannelByNameForTeamNameRoute(channelName, teamName), etag); err != nil { return nil, &Response{StatusCode: r.StatusCode, Error: err} } else { defer closeBody(r) - return UserFromJson(r.Body), BuildResponse(r) + return ChannelFromJson(r.Body), BuildResponse(r) } } @@ -608,6 +608,38 @@ func (c *Client4) GetChannelMembersForUser(userId, teamId, etag string) (*Channe } } +// ViewChannel performs a view action for a user. Synonymous with switching channels or marking channels as read by a user. +func (c *Client4) ViewChannel(userId string, view *ChannelView) (bool, *Response) { + url := fmt.Sprintf(c.GetChannelsRoute()+"/members/%v/view", userId) + if r, err := c.DoApiPost(url, view.ToJson()); err != nil { + return false, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return CheckStatusOK(r), BuildResponse(r) + } +} + +// UpdateChannelRoles will update the roles on a channel for a user. +func (c *Client4) UpdateChannelRoles(channelId, userId, roles string) (bool, *Response) { + requestBody := map[string]string{"roles": roles} + if r, err := c.DoApiPut(c.GetChannelMemberRoute(channelId, userId)+"/roles", MapToJson(requestBody)); err != nil { + return false, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return CheckStatusOK(r), BuildResponse(r) + } +} + +// RemoveUserFromChannel will delete the channel member object for a user, effectively removing the user from a channel. +func (c *Client4) RemoveUserFromChannel(channelId, userId string) (bool, *Response) { + if r, err := c.DoApiDelete(c.GetChannelMemberRoute(channelId, userId)); err != nil { + return false, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return CheckStatusOK(r), BuildResponse(r) + } +} + // Post Section // CreatePost creates a post based on the provided post struct. -- cgit v1.2.3-1-g7c22