From 3d14573b8c4df6f293fdac9933aa270b541234ec Mon Sep 17 00:00:00 2001
From: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Date: Mon, 20 Mar 2017 13:56:23 +0100
Subject: [APIV4] POST /hooks/outgoing/{hook_id}/regen_token  - regentoken
 endpoint for apiV4 (#5783)

---
 api4/webhook.go | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'api4/webhook.go')

diff --git a/api4/webhook.go b/api4/webhook.go
index feecdbd0f..b1c013843 100644
--- a/api4/webhook.go
+++ b/api4/webhook.go
@@ -23,6 +23,7 @@ func InitWebhook() {
 
 	BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(createOutgoingHook)).Methods("POST")
 	BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(getOutgoingHooks)).Methods("GET")
+	BaseRoutes.OutgoingHook.Handle("/regen_token", ApiSessionRequired(regenOutgoingHookToken)).Methods("POST")
 }
 
 func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -287,3 +288,36 @@ func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	w.Write([]byte(model.OutgoingWebhookListToJson(hooks)))
 }
+
+func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireHookId()
+	if c.Err != nil {
+		return
+	}
+
+	hook, err := app.GetOutgoingWebhook(c.Params.HookId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
+		return
+	}
+
+	if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+		c.LogAudit("fail - inappropriate permissions")
+		c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
+		return
+	}
+
+	if rhook, err := app.RegenOutgoingWebhookToken(hook); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.Write([]byte(rhook.ToJson()))
+	}
+}
-- 
cgit v1.2.3-1-g7c22