2019-11-29 06:59:40 -05:00
|
|
|
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
|
|
|
// See LICENSE.txt for license information.
|
2017-02-28 04:14:16 -05:00
|
|
|
|
|
|
|
|
package api4
|
|
|
|
|
|
|
|
|
|
import (
|
2021-07-26 04:11:02 -04:00
|
|
|
"encoding/json"
|
2017-02-28 04:14:16 -05:00
|
|
|
"net/http"
|
|
|
|
|
|
2023-06-11 01:24:35 -04:00
|
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
|
|
|
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
|
|
|
|
"github.com/mattermost/mattermost/server/v8/channels/audit"
|
2017-02-28 04:14:16 -05:00
|
|
|
)
|
|
|
|
|
|
2024-02-01 17:33:24 -05:00
|
|
|
const maxUpdatePreferences = 100
|
|
|
|
|
|
2017-09-22 13:54:27 -04:00
|
|
|
func (api *API) InitPreference() {
|
2021-08-16 13:46:44 -04:00
|
|
|
api.BaseRoutes.Preferences.Handle("", api.APISessionRequired(getPreferences)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Preferences.Handle("", api.APISessionRequired(updatePreferences)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.Preferences.Handle("/delete", api.APISessionRequired(deletePreferences)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", api.APISessionRequired(getPreferencesByCategory)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/name/{preference_name:[A-Za-z0-9_]+}", api.APISessionRequired(getPreferenceByCategoryAndName)).Methods("GET")
|
2017-02-28 04:14:16 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-11 06:00:44 -04:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
2021-07-12 14:05:36 -04:00
|
|
|
c.SetPermissionError(model.PermissionEditOtherUsers)
|
2017-02-28 04:14:16 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-03 12:25:53 -05:00
|
|
|
preferences, err := c.App.GetPreferencesForUser(c.AppContext, c.Params.UserId)
|
2018-08-01 10:55:18 -04:00
|
|
|
if err != nil {
|
2017-02-28 04:14:16 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 10:55:18 -04:00
|
|
|
|
2021-07-26 04:11:02 -04:00
|
|
|
if err := json.NewEncoder(w).Encode(preferences); err != nil {
|
2022-07-28 11:05:03 -04:00
|
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
2021-07-26 04:11:02 -04:00
|
|
|
}
|
2017-02-28 04:14:16 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId().RequireCategory()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-11 06:00:44 -04:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
2021-07-12 14:05:36 -04:00
|
|
|
c.SetPermissionError(model.PermissionEditOtherUsers)
|
2017-02-28 04:14:16 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-03 12:25:53 -05:00
|
|
|
preferences, err := c.App.GetPreferenceByCategoryForUser(c.AppContext, c.Params.UserId, c.Params.Category)
|
2018-08-01 10:55:18 -04:00
|
|
|
if err != nil {
|
2017-02-28 04:14:16 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 10:55:18 -04:00
|
|
|
|
2021-07-26 04:11:02 -04:00
|
|
|
if err := json.NewEncoder(w).Encode(preferences); err != nil {
|
2022-07-28 11:05:03 -04:00
|
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
2021-07-26 04:11:02 -04:00
|
|
|
}
|
2017-02-28 04:14:16 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId().RequireCategory().RequirePreferenceName()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-11 06:00:44 -04:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
2021-07-12 14:05:36 -04:00
|
|
|
c.SetPermissionError(model.PermissionEditOtherUsers)
|
2017-02-28 04:14:16 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-03 12:25:53 -05:00
|
|
|
preferences, err := c.App.GetPreferenceByCategoryAndNameForUser(c.AppContext, c.Params.UserId, c.Params.Category, c.Params.PreferenceName)
|
2018-08-01 10:55:18 -04:00
|
|
|
if err != nil {
|
2017-02-28 04:14:16 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 10:55:18 -04:00
|
|
|
|
2021-07-26 04:11:02 -04:00
|
|
|
if err := json.NewEncoder(w).Encode(preferences); err != nil {
|
2022-07-28 11:05:03 -04:00
|
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
2021-07-26 04:11:02 -04:00
|
|
|
}
|
2017-02-28 04:14:16 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("updatePreferences", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2021-05-11 06:00:44 -04:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
2021-07-12 14:05:36 -04:00
|
|
|
c.SetPermissionError(model.PermissionEditOtherUsers)
|
2017-02-28 04:14:16 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-01 08:43:12 -04:00
|
|
|
var preferences model.Preferences
|
2024-02-21 07:13:50 -05:00
|
|
|
err := model.StructFromJSONLimited(r.Body, &preferences)
|
2024-02-01 17:33:24 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParamWithErr("preferences", err)
|
|
|
|
|
return
|
|
|
|
|
} else if len(preferences) == 0 || len(preferences) > maxUpdatePreferences {
|
|
|
|
|
c.SetInvalidParam("preferences")
|
2017-02-28 04:14:16 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-26 14:02:46 -05:00
|
|
|
var sanitizedPreferences model.Preferences
|
|
|
|
|
|
|
|
|
|
for _, pref := range preferences {
|
2021-07-12 14:05:36 -04:00
|
|
|
if pref.Category == model.PreferenceCategoryFlaggedPost {
|
2024-05-24 10:05:48 -04:00
|
|
|
post, err := c.App.GetSinglePost(c.AppContext, pref.Name, false)
|
2019-01-26 14:02:46 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("preference.name")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-31 09:12:53 -04:00
|
|
|
if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), post.ChannelId, model.PermissionReadChannelContent) {
|
|
|
|
|
c.SetPermissionError(model.PermissionReadChannelContent)
|
2019-01-26 14:02:46 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sanitizedPreferences = append(sanitizedPreferences, pref)
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-03 12:25:53 -05:00
|
|
|
if err := c.App.UpdatePreferences(c.AppContext, c.Params.UserId, sanitizedPreferences); err != nil {
|
2017-02-28 04:14:16 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-02-28 04:14:16 -05:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("deletePreferences", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2021-05-11 06:00:44 -04:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
|
2021-07-12 14:05:36 -04:00
|
|
|
c.SetPermissionError(model.PermissionEditOtherUsers)
|
2017-02-28 04:14:16 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-01 08:43:12 -04:00
|
|
|
var preferences model.Preferences
|
2024-02-21 07:13:50 -05:00
|
|
|
err := model.StructFromJSONLimited(r.Body, &preferences)
|
2024-02-01 17:33:24 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParamWithErr("preferences", err)
|
|
|
|
|
return
|
|
|
|
|
} else if len(preferences) == 0 || len(preferences) > maxUpdatePreferences {
|
|
|
|
|
c.SetInvalidParam("preferences")
|
2017-02-28 04:14:16 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-03 12:25:53 -05:00
|
|
|
if err := c.App.DeletePreferences(c.AppContext, c.Params.UserId, preferences); err != nil {
|
2017-02-28 04:14:16 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-02-28 04:14:16 -05:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
