mattermost/api4/team.go

// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.

package api4

import (
	"net/http"

	l4g "github.com/alecthomas/log4go"
	"github.com/mattermost/platform/app"
	"github.com/mattermost/platform/model"
	"github.com/mattermost/platform/utils"
)

func InitTeam() {
	l4g.Debug(utils.T("api.team.init.debug"))

	BaseRoutes.Teams.Handle("", ApiSessionRequired(createTeam)).Methods("POST")
	BaseRoutes.Teams.Handle("", ApiSessionRequired(getAllTeams)).Methods("GET")
	BaseRoutes.TeamsForUser.Handle("", ApiSessionRequired(getTeamsForUser)).Methods("GET")
	BaseRoutes.TeamsForUser.Handle("/unread", ApiSessionRequired(getTeamsUnreadForUser)).Methods("GET")

	BaseRoutes.Team.Handle("", ApiSessionRequired(getTeam)).Methods("GET")
	BaseRoutes.Team.Handle("/stats", ApiSessionRequired(getTeamStats)).Methods("GET")
	BaseRoutes.Team.Handle("/members", ApiSessionRequired(getTeamMembers)).Methods("GET")

	BaseRoutes.TeamByName.Handle("", ApiSessionRequired(getTeamByName)).Methods("GET")
	BaseRoutes.TeamMember.Handle("", ApiSessionRequired(getTeamMember)).Methods("GET")
	BaseRoutes.TeamMember.Handle("/roles", ApiSessionRequired(updateTeamMemberRoles)).Methods("PUT")
}

func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
	team := model.TeamFromJson(r.Body)
	if team == nil {
		c.SetInvalidParam("team")
		return
	}

	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {
		c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden)
		return
	}

	rteam, err := app.CreateTeamWithUser(team, c.Session.UserId)
	if err != nil {
		c.Err = err
		return
	}

	w.WriteHeader(http.StatusCreated)
	w.Write([]byte(rteam.ToJson()))
}

func getTeam(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireTeamId()
	if c.Err != nil {
		return
	}

	if team, err := app.GetTeam(c.Params.TeamId); err != nil {
		c.Err = err
		return
	} else {
		if team.Type != model.TEAM_OPEN && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {
			c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
			return
		}

		w.Write([]byte(team.ToJson()))
		return
	}
}

func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
	if team, err := app.GetTeamByName(c.Params.TeamName); err != nil {
		c.Err = err
		return
	} else {
		if team.Type != model.TEAM_OPEN && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {
			c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
			return
		}

		w.Write([]byte(team.ToJson()))
		return
	}
}

func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireUserId()
	if c.Err != nil {
		return
	}

	if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
		return
	}

	if teams, err := app.GetTeamsForUser(c.Params.UserId); err != nil {
		c.Err = err
		return
	} else {
		w.Write([]byte(model.TeamListToJson(teams)))
	}
}

func getTeamsUnreadForUser(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireUserId()
	if c.Err != nil {
		return
	}

	if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
		return
	}

	// optional team id to be excluded from the result
	teamId := r.URL.Query().Get("exclude_team")

	unreadTeamsList, err := app.GetTeamsUnreadForUser(teamId, c.Params.UserId)
	if err != nil {
		c.Err = err
		return
	}

	w.Write([]byte(model.TeamsUnreadToJson(unreadTeamsList)))
}

func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireTeamId().RequireUserId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
		return
	}

	if team, err := app.GetTeamMember(c.Params.TeamId, c.Params.UserId); err != nil {
		c.Err = err
		return
	} else {
		w.Write([]byte(team.ToJson()))
		return
	}
}

func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireTeamId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
		return
	}

	if members, err := app.GetTeamMembers(c.Params.TeamId, c.Params.Page, c.Params.PerPage); err != nil {
		c.Err = err
		return
	} else {
		w.Write([]byte(model.TeamMembersToJson(members)))
		return
	}
}

func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireTeamId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
		return
	}

	if stats, err := app.GetTeamStats(c.Params.TeamId); err != nil {
		c.Err = err
		return
	} else {
		w.Write([]byte(stats.ToJson()))
		return
	}
}

func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireTeamId().RequireUserId()
	if c.Err != nil {
		return
	}

	props := model.MapFromJson(r.Body)

	newRoles := props["roles"]
	if !model.IsValidUserRoles(newRoles) {
		c.SetInvalidParam("team_member_roles")
		return
	}

	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) {
		c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES)
		return
	}

	if _, err := app.UpdateTeamMemberRoles(c.Params.TeamId, c.Params.UserId, newRoles); err != nil {
		c.Err = err
		return
	}

	ReturnStatusOK(w)
}

func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) {
	var teams []*model.Team
	var err *model.AppError

	if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
		teams, err = app.GetAllTeamsPage(c.Params.Page, c.Params.PerPage)
	} else {
		teams, err = app.GetAllOpenTeamsPage(c.Params.Page, c.Params.PerPage)
	}

	if err != nil {
		c.Err = err
		return
	}

	w.Write([]byte(model.TeamListToJson(teams)))
}
Implement POST /teams endpoint (#5220) 2017-01-31 07:59:36 -05:00			`// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.`
			`// See License.txt for license information.`

			`package api4`

			`import (`
			`"net/http"`

			`l4g "github.com/alecthomas/log4go"`
			`"github.com/mattermost/platform/app"`
			`"github.com/mattermost/platform/model"`
			`"github.com/mattermost/platform/utils"`
			`)`

			`func InitTeam() {`
			`l4g.Debug(utils.T("api.team.init.debug"))`

			`BaseRoutes.Teams.Handle("", ApiSessionRequired(createTeam)).Methods("POST")`
Get all teams api4 (#5542) 2017-02-28 10:41:38 +02:00			`BaseRoutes.Teams.Handle("", ApiSessionRequired(getAllTeams)).Methods("GET")`
Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 2017-02-07 08:57:41 -08:00			`BaseRoutes.TeamsForUser.Handle("", ApiSessionRequired(getTeamsForUser)).Methods("GET")`
ApiV4: GET /users/{user_id}/teams/unread (#5539) 2017-02-28 17:47:30 +02:00			`BaseRoutes.TeamsForUser.Handle("/unread", ApiSessionRequired(getTeamsUnreadForUser)).Methods("GET")`
Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 2017-02-07 08:57:41 -08:00
			`BaseRoutes.Team.Handle("", ApiSessionRequired(getTeam)).Methods("GET")`
Various APIv4 fixes (#5474) 2017-02-20 15:35:02 -05:00			`BaseRoutes.Team.Handle("/stats", ApiSessionRequired(getTeamStats)).Methods("GET")`
APIv4: GET /teams/{team_id}/members (#5460) * APIv4: GET /teams/{team_id}/members * removed unecessary comment * changed route to session required, and logout test to unauthorized Signed-off-by: Saturnino Abril <saturnino.abril@gmail.com> 2017-02-23 08:55:31 +09:00			`BaseRoutes.Team.Handle("/members", ApiSessionRequired(getTeamMembers)).Methods("GET")`
Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 2017-02-07 08:57:41 -08:00
Implementation endpoint for APIv4: GET /teams/name/{name} (#5473) * APIv4: GET /teams/name/{name} Signed-off-by: Saturnino Abril <saturnino.abril@gmail.com> * reorganized test with SystemAdminClient Signed-off-by: Saturnino Abril <saturnino.abril@gmail.com> 2017-02-21 01:27:57 +09:00			`BaseRoutes.TeamByName.Handle("", ApiSessionRequired(getTeamByName)).Methods("GET")`
Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 2017-02-07 08:57:41 -08:00			`BaseRoutes.TeamMember.Handle("", ApiSessionRequired(getTeamMember)).Methods("GET")`
Implement endpoint for APIv4: PUT /teams/{team_id}/members/{user_id}/roles (#5471) 2017-02-21 21:13:26 +09:00			`BaseRoutes.TeamMember.Handle("/roles", ApiSessionRequired(updateTeamMemberRoles)).Methods("PUT")`
Implement POST /teams endpoint (#5220) 2017-01-31 07:59:36 -05:00			`}`

			`func createTeam(c Context, w http.ResponseWriter, r http.Request) {`
			`team := model.TeamFromJson(r.Body)`
			`if team == nil {`
			`c.SetInvalidParam("team")`
			`return`
			`}`

			`if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {`
			`c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden)`
			`return`
			`}`

			`rteam, err := app.CreateTeamWithUser(team, c.Session.UserId)`
			`if err != nil {`
			`c.Err = err`
			`return`
			`}`

			`w.WriteHeader(http.StatusCreated)`
			`w.Write([]byte(rteam.ToJson()))`
			`}`
Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 2017-02-07 08:57:41 -08:00
			`func getTeam(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireTeamId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if team, err := app.GetTeam(c.Params.TeamId); err != nil {`
			`c.Err = err`
			`return`
			`} else {`
			`if team.Type != model.TEAM_OPEN && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {`
			`c.SetPermissionError(model.PERMISSION_VIEW_TEAM)`
			`return`
			`}`

			`w.Write([]byte(team.ToJson()))`
			`return`
			`}`
			`}`

Implementation endpoint for APIv4: GET /teams/name/{name} (#5473) * APIv4: GET /teams/name/{name} Signed-off-by: Saturnino Abril <saturnino.abril@gmail.com> * reorganized test with SystemAdminClient Signed-off-by: Saturnino Abril <saturnino.abril@gmail.com> 2017-02-21 01:27:57 +09:00			`func getTeamByName(c Context, w http.ResponseWriter, r http.Request) {`
			`if team, err := app.GetTeamByName(c.Params.TeamName); err != nil {`
			`c.Err = err`
			`return`
			`} else {`
			`if team.Type != model.TEAM_OPEN && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {`
			`c.SetPermissionError(model.PERMISSION_VIEW_TEAM)`
			`return`
			`}`

			`w.Write([]byte(team.ToJson()))`
			`return`
			`}`
			`}`

Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 2017-02-07 08:57:41 -08:00			`func getTeamsForUser(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireUserId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {`
			`c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)`
			`return`
			`}`

			`if teams, err := app.GetTeamsForUser(c.Params.UserId); err != nil {`
			`c.Err = err`
			`return`
			`} else {`
			`w.Write([]byte(model.TeamListToJson(teams)))`
			`}`
			`}`

ApiV4: GET /users/{user_id}/teams/unread (#5539) 2017-02-28 17:47:30 +02:00			`func getTeamsUnreadForUser(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireUserId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {`
			`c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)`
			`return`
			`}`

			`// optional team id to be excluded from the result`
			`teamId := r.URL.Query().Get("exclude_team")`

			`unreadTeamsList, err := app.GetTeamsUnreadForUser(teamId, c.Params.UserId)`
			`if err != nil {`
			`c.Err = err`
			`return`
			`}`

			`w.Write([]byte(model.TeamsUnreadToJson(unreadTeamsList)))`
			`}`

Implement a few team endpoints for APIv4 (#5296) * Implement GET /teams/{team_id} endpoint for APIv4 * Implement GET /users/{user_id}/teams endpoint for APIv4 * Implement GET /teams/{team_id}/members/{user_id} endpoint for APIv4 2017-02-07 08:57:41 -08:00			`func getTeamMember(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireTeamId().RequireUserId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {`
			`c.SetPermissionError(model.PERMISSION_VIEW_TEAM)`
			`return`
			`}`

			`if team, err := app.GetTeamMember(c.Params.TeamId, c.Params.UserId); err != nil {`
			`c.Err = err`
			`return`
			`} else {`
			`w.Write([]byte(team.ToJson()))`
			`return`
			`}`
			`}`
Implement GET teams/{team_id}/stats - apiv4 (#5453) * api4 GET teams/{team_id}/stats * api4 GET teams/{team_id}/stats * moved TeamStats router to team.go 2017-02-18 05:50:17 +09:00
APIv4: GET /teams/{team_id}/members (#5460) * APIv4: GET /teams/{team_id}/members * removed unecessary comment * changed route to session required, and logout test to unauthorized Signed-off-by: Saturnino Abril <saturnino.abril@gmail.com> 2017-02-23 08:55:31 +09:00			`func getTeamMembers(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireTeamId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {`
			`c.SetPermissionError(model.PERMISSION_VIEW_TEAM)`
			`return`
			`}`

			`if members, err := app.GetTeamMembers(c.Params.TeamId, c.Params.Page, c.Params.PerPage); err != nil {`
			`c.Err = err`
			`return`
			`} else {`
			`w.Write([]byte(model.TeamMembersToJson(members)))`
			`return`
			`}`
			`}`

Implement GET teams/{team_id}/stats - apiv4 (#5453) * api4 GET teams/{team_id}/stats * api4 GET teams/{team_id}/stats * moved TeamStats router to team.go 2017-02-18 05:50:17 +09:00			`func getTeamStats(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireTeamId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {`
			`c.SetPermissionError(model.PERMISSION_VIEW_TEAM)`
			`return`
			`}`

			`if stats, err := app.GetTeamStats(c.Params.TeamId); err != nil {`
			`c.Err = err`
			`return`
			`} else {`
			`w.Write([]byte(stats.ToJson()))`
			`return`
			`}`
			`}`
Implement endpoint for APIv4: PUT /teams/{team_id}/members/{user_id}/roles (#5471) 2017-02-21 21:13:26 +09:00
			`func updateTeamMemberRoles(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireTeamId().RequireUserId()`
			`if c.Err != nil {`
			`return`
			`}`

			`props := model.MapFromJson(r.Body)`

			`newRoles := props["roles"]`
			`if !model.IsValidUserRoles(newRoles) {`
			`c.SetInvalidParam("team_member_roles")`
			`return`
			`}`

			`if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) {`
			`c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES)`
			`return`
			`}`

			`if _, err := app.UpdateTeamMemberRoles(c.Params.TeamId, c.Params.UserId, newRoles); err != nil {`
			`c.Err = err`
			`return`
			`}`

			`ReturnStatusOK(w)`
			`}`
Get all teams api4 (#5542) 2017-02-28 10:41:38 +02:00
			`func getAllTeams(c Context, w http.ResponseWriter, r http.Request) {`
			`var teams []*model.Team`
			`var err *model.AppError`

			`if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {`
			`teams, err = app.GetAllTeamsPage(c.Params.Page, c.Params.PerPage)`
			`} else {`
			`teams, err = app.GetAllOpenTeamsPage(c.Params.Page, c.Params.PerPage)`
			`}`

			`if err != nil {`
			`c.Err = err`
			`return`
			`}`

			`w.Write([]byte(model.TeamListToJson(teams)))`
			`}`