From d2b86f1b8de4784baf578b611cf80779ccfa722a Mon Sep 17 00:00:00 2001
From: Saturnino Abril <saturnino.abril@gmail.com>
Date: Wed, 19 Apr 2017 05:15:15 +0900
Subject: APIv4 POST /reactions (#6092)

* APIv4 POST /reactions

* update corresponding V3 endpoint
---
 api4/reaction.go | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'api4/reaction.go')

diff --git a/api4/reaction.go b/api4/reaction.go
index 4deae4370..7d5952eea 100644
--- a/api4/reaction.go
+++ b/api4/reaction.go
@@ -15,9 +15,43 @@ import (
 func InitReaction() {
 	l4g.Debug(utils.T("api.reaction.init.debug"))
 
+	BaseRoutes.Reactions.Handle("", ApiSessionRequired(saveReaction)).Methods("POST")
 	BaseRoutes.Post.Handle("/reactions", ApiSessionRequired(getReactions)).Methods("GET")
 }
 
+func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) {
+	reaction := model.ReactionFromJson(r.Body)
+	if reaction == nil {
+		c.SetInvalidParam("reaction")
+		return
+	}
+
+	if len(reaction.UserId) != 26 || len(reaction.PostId) != 26 || len(reaction.EmojiName) == 0 || len(reaction.EmojiName) > 64 {
+		c.Err = model.NewLocAppError("saveReaction", "api.reaction.save_reaction.invalid.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
+		return
+	}
+
+	if reaction.UserId != c.Session.UserId {
+		c.Err = model.NewLocAppError("saveReaction", "api.reaction.save_reaction.user_id.app_error", nil, "")
+		c.Err.StatusCode = http.StatusForbidden
+		return
+	}
+
+	if !app.SessionHasPermissionToChannelByPost(c.Session, reaction.PostId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if reaction, err := app.SaveReactionForPost(reaction); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.Write([]byte(reaction.ToJson()))
+		return
+	}
+}
+
 func getReactions(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequirePostId()
 	if c.Err != nil {
-- 
cgit v1.2.3-1-g7c22