2019-11-29 12:59:40 +01:00
|
|
|
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
|
|
|
// See LICENSE.txt for license information.
|
2018-05-03 14:00:26 +01:00
|
|
|
|
|
|
|
|
package api4
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
"github.com/mattermost/mattermost-server/v5/audit"
|
2019-11-28 14:39:38 +01:00
|
|
|
"github.com/mattermost/mattermost-server/v5/model"
|
2018-05-03 14:00:26 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (api *API) InitScheme() {
|
|
|
|
|
api.BaseRoutes.Schemes.Handle("", api.ApiSessionRequired(getSchemes)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Schemes.Handle("", api.ApiSessionRequired(createScheme)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}", api.ApiSessionRequired(deleteScheme)).Methods("DELETE")
|
|
|
|
|
api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}", api.ApiSessionRequiredTrustRequester(getScheme)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}/patch", api.ApiSessionRequired(patchScheme)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequiredTrustRequester(getTeamsForScheme)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Schemes.Handle("/{scheme_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequiredTrustRequester(getChannelsForScheme)).Methods("GET")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
scheme := model.SchemeFromJson(r.Body)
|
|
|
|
|
if scheme == nil {
|
|
|
|
|
c.SetInvalidParam("scheme")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("createScheme", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("scheme", scheme)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2020-06-12 13:43:50 +02:00
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.CustomPermissionsSchemes {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = model.NewAppError("Api4.CreateScheme", "api.scheme.create_scheme.license.error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS)
|
2018-05-03 14:00:26 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
scheme, err := c.App.CreateScheme(scheme)
|
|
|
|
|
if err != nil {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("scheme", scheme) // overwrite meta
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
w.WriteHeader(http.StatusCreated)
|
|
|
|
|
w.Write([]byte(scheme.ToJson()))
|
2018-05-03 14:00:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireSchemeId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS)
|
2018-05-03 14:00:26 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
scheme, err := c.App.GetScheme(c.Params.SchemeId)
|
|
|
|
|
if err != nil {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(scheme.ToJson()))
|
2018-05-03 14:00:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getSchemes(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_PERMISSIONS)
|
2018-05-03 14:00:26 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
scope := c.Params.Scope
|
|
|
|
|
if scope != "" && scope != model.SCHEME_SCOPE_TEAM && scope != model.SCHEME_SCOPE_CHANNEL {
|
|
|
|
|
c.SetInvalidParam("scope")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
schemes, err := c.App.GetSchemesPage(c.Params.Scope, c.Params.Page, c.Params.PerPage)
|
|
|
|
|
if err != nil {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.SchemesToJson(schemes)))
|
2018-05-03 14:00:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getTeamsForScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireSchemeId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_TEAMS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_TEAMS)
|
2018-05-03 14:00:26 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
scheme, err := c.App.GetScheme(c.Params.SchemeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if scheme.Scope != model.SCHEME_SCOPE_TEAM {
|
|
|
|
|
c.Err = model.NewAppError("Api4.GetTeamsForScheme", "api.scheme.get_teams_for_scheme.scope.error", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
teams, err := c.App.GetTeamsForSchemePage(scheme, c.Params.Page, c.Params.PerPage)
|
|
|
|
|
if err != nil {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.TeamListToJson(teams)))
|
2018-05-03 14:00:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getChannelsForScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireSchemeId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS)
|
2018-05-03 14:00:26 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
scheme, err := c.App.GetScheme(c.Params.SchemeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if scheme.Scope != model.SCHEME_SCOPE_CHANNEL {
|
|
|
|
|
c.Err = model.NewAppError("Api4.GetChannelsForScheme", "api.scheme.get_channels_for_scheme.scope.error", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
channels, err := c.App.GetChannelsForSchemePage(scheme, c.Params.Page, c.Params.PerPage)
|
|
|
|
|
if err != nil {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(channels.ToJson()))
|
2018-05-03 14:00:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func patchScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireSchemeId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
patch := model.SchemePatchFromJson(r.Body)
|
|
|
|
|
if patch == nil {
|
|
|
|
|
c.SetInvalidParam("scheme")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("patchScheme", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-06-12 13:43:50 +02:00
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.CustomPermissionsSchemes {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = model.NewAppError("Api4.PatchScheme", "api.scheme.patch_scheme.license.error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
scheme, err := c.App.GetScheme(c.Params.SchemeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("scheme", scheme)
|
2018-05-03 14:00:26 +01:00
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS)
|
2018-05-03 14:00:26 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
scheme, err = c.App.PatchScheme(scheme, patch)
|
|
|
|
|
if err != nil {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("patch", scheme)
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2018-08-01 16:55:18 +02:00
|
|
|
c.LogAudit("")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Write([]byte(scheme.ToJson()))
|
2018-05-03 14:00:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func deleteScheme(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireSchemeId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("deleteScheme", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-06-12 13:43:50 +02:00
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.CustomPermissionsSchemes {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = model.NewAppError("Api4.DeleteScheme", "api.scheme.delete_scheme.license.error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS)
|
2018-05-03 14:00:26 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
scheme, err := c.App.DeleteScheme(c.Params.SchemeId)
|
|
|
|
|
if err != nil {
|
2018-05-03 14:00:26 +01:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("scheme", scheme)
|
|
|
|
|
|
2018-05-03 14:00:26 +01:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
