mattermost/api4/post.go

// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.

package api4

import (
	"net/http"
	"strconv"

	l4g "github.com/alecthomas/log4go"
	"github.com/mattermost/platform/app"
	"github.com/mattermost/platform/model"
	"github.com/mattermost/platform/utils"
)

func InitPost() {
	l4g.Debug(utils.T("api.post.init.debug"))

	BaseRoutes.Posts.Handle("", ApiSessionRequired(createPost)).Methods("POST")
	BaseRoutes.Post.Handle("", ApiSessionRequired(getPost)).Methods("GET")
	BaseRoutes.Post.Handle("", ApiSessionRequired(deletePost)).Methods("DELETE")
	BaseRoutes.Post.Handle("/thread", ApiSessionRequired(getPostThread)).Methods("GET")
	BaseRoutes.Post.Handle("/files/info", ApiSessionRequired(getFileInfosForPost)).Methods("GET")
	BaseRoutes.PostsForChannel.Handle("", ApiSessionRequired(getPostsForChannel)).Methods("GET")

	BaseRoutes.Team.Handle("/posts/search", ApiSessionRequired(searchPosts)).Methods("POST")
}

func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
	post := model.PostFromJson(r.Body)
	if post == nil {
		c.SetInvalidParam("post")
		return
	}

	post.UserId = c.Session.UserId

	if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) {
		c.SetPermissionError(model.PERMISSION_CREATE_POST)
		return
	}

	if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
		post.CreateAt = 0
	}

	rp, err := app.CreatePostAsUser(post)
	if err != nil {
		c.Err = err
		return
	}

	w.Write([]byte(rp.ToJson()))
}

func getPostsForChannel(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireChannelId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
		return
	}

	etag := app.GetPostsEtag(c.Params.ChannelId)

	if HandleEtag(etag, "Get Posts", w, r) {
		return
	}

	if list, err := app.GetPostsPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage); err != nil {
		c.Err = err
		return
	} else {
		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
		w.Write([]byte(list.ToJson()))
	}
}

func getPost(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequirePostId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
		return
	}

	if post, err := app.GetSinglePost(c.Params.PostId); err != nil {
		c.Err = err
		return
	} else if HandleEtag(post.Etag(), "Get Post", w, r) {
		return
	} else {
		w.Header().Set(model.HEADER_ETAG_SERVER, post.Etag())
		w.Write([]byte(post.ToJson()))
	}
}

func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequirePostId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToPost(c.Session, c.Params.PostId, model.PERMISSION_DELETE_OTHERS_POSTS) {
		c.SetPermissionError(model.PERMISSION_DELETE_OTHERS_POSTS)
		return
	}

	if _, err := app.DeletePost(c.Params.PostId); err != nil {
		c.Err = err
		return
	}

	ReturnStatusOK(w)
}

func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequirePostId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
		return
	}

	if list, err := app.GetPostThread(c.Params.PostId); err != nil {
		c.Err = err
		return
	} else if HandleEtag(list.Etag(), "Get Post Thread", w, r) {
		return
	} else {
		w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag())
		w.Write([]byte(list.ToJson()))
	}
}

func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequireTeamId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
		return
	}

	props := model.MapFromJson(r.Body)
	terms := props["terms"]

	if len(terms) == 0 {
		c.SetInvalidParam("terms")
		return
	}

	isOrSearch := false
	if val, ok := props["is_or_search"]; ok && val != "" {
		isOrSearch, _ = strconv.ParseBool(val)
	}

	posts, err := app.SearchPostsInTeam(terms, c.Session.UserId, c.Params.TeamId, isOrSearch)
	if err != nil {
		c.Err = err
		return
	}

	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
	w.Write([]byte(posts.ToJson()))
}

func getFileInfosForPost(c *Context, w http.ResponseWriter, r *http.Request) {
	c.RequirePostId()
	if c.Err != nil {
		return
	}

	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
		return
	}

	if infos, err := app.GetFileInfosForPost(c.Params.PostId, false); err != nil {
		c.Err = err
		return
	} else if HandleEtag(model.GetEtagForFileInfos(infos), "Get File Infos For Post", w, r) {
		return
	} else {
		w.Header().Set("Cache-Control", "max-age=2592000, public")
		w.Header().Set(model.HEADER_ETAG_SERVER, model.GetEtagForFileInfos(infos))
		w.Write([]byte(model.FileInfosToJson(infos)))
	}
}
Implement some post endpoints for APIv4 (#5353) * Implement POST /posts endpoint for APIv4 * Implement GET /channels/{channel_id}/posts endpoint for APIv4 * Implement GET /posts/{post_id} endpoint for APIv4 * Implement GET /posts/{post_id}/thread endpoint for APIv4 * Skip team get if it's a DM channel in handlePostEvents 2017-02-13 10:52:50 -05:00			`// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.`
			`// See License.txt for license information.`

			`package api4`

			`import (`
			`"net/http"`
Implement posts endpoints for APIv4 (#5480) * Implement delete post endpoint for apiv4 * Implement POST search post endpoint for APIv4 * removed delete post quotes * rearrange formatting 2017-02-21 07:36:52 -05:00			`"strconv"`
Implement some post endpoints for APIv4 (#5353) * Implement POST /posts endpoint for APIv4 * Implement GET /channels/{channel_id}/posts endpoint for APIv4 * Implement GET /posts/{post_id} endpoint for APIv4 * Implement GET /posts/{post_id}/thread endpoint for APIv4 * Skip team get if it's a DM channel in handlePostEvents 2017-02-13 10:52:50 -05:00
			`l4g "github.com/alecthomas/log4go"`
			`"github.com/mattermost/platform/app"`
			`"github.com/mattermost/platform/model"`
			`"github.com/mattermost/platform/utils"`
			`)`

			`func InitPost() {`
			`l4g.Debug(utils.T("api.post.init.debug"))`

			`BaseRoutes.Posts.Handle("", ApiSessionRequired(createPost)).Methods("POST")`
			`BaseRoutes.Post.Handle("", ApiSessionRequired(getPost)).Methods("GET")`
Implement posts endpoints for APIv4 (#5480) * Implement delete post endpoint for apiv4 * Implement POST search post endpoint for APIv4 * removed delete post quotes * rearrange formatting 2017-02-21 07:36:52 -05:00			`BaseRoutes.Post.Handle("", ApiSessionRequired(deletePost)).Methods("DELETE")`
Implement some post endpoints for APIv4 (#5353) * Implement POST /posts endpoint for APIv4 * Implement GET /channels/{channel_id}/posts endpoint for APIv4 * Implement GET /posts/{post_id} endpoint for APIv4 * Implement GET /posts/{post_id}/thread endpoint for APIv4 * Skip team get if it's a DM channel in handlePostEvents 2017-02-13 10:52:50 -05:00			`BaseRoutes.Post.Handle("/thread", ApiSessionRequired(getPostThread)).Methods("GET")`
Implement GET /posts/{post_id}/files/info endpoint for APIv4 (#5519) 2017-02-24 06:15:13 -05:00			`BaseRoutes.Post.Handle("/files/info", ApiSessionRequired(getFileInfosForPost)).Methods("GET")`
Implement some post endpoints for APIv4 (#5353) * Implement POST /posts endpoint for APIv4 * Implement GET /channels/{channel_id}/posts endpoint for APIv4 * Implement GET /posts/{post_id} endpoint for APIv4 * Implement GET /posts/{post_id}/thread endpoint for APIv4 * Skip team get if it's a DM channel in handlePostEvents 2017-02-13 10:52:50 -05:00			`BaseRoutes.PostsForChannel.Handle("", ApiSessionRequired(getPostsForChannel)).Methods("GET")`
Implement posts endpoints for APIv4 (#5480) * Implement delete post endpoint for apiv4 * Implement POST search post endpoint for APIv4 * removed delete post quotes * rearrange formatting 2017-02-21 07:36:52 -05:00
			`BaseRoutes.Team.Handle("/posts/search", ApiSessionRequired(searchPosts)).Methods("POST")`
Implement some post endpoints for APIv4 (#5353) * Implement POST /posts endpoint for APIv4 * Implement GET /channels/{channel_id}/posts endpoint for APIv4 * Implement GET /posts/{post_id} endpoint for APIv4 * Implement GET /posts/{post_id}/thread endpoint for APIv4 * Skip team get if it's a DM channel in handlePostEvents 2017-02-13 10:52:50 -05:00			`}`

			`func createPost(c Context, w http.ResponseWriter, r http.Request) {`
			`post := model.PostFromJson(r.Body)`
			`if post == nil {`
			`c.SetInvalidParam("post")`
			`return`
			`}`

			`post.UserId = c.Session.UserId`

			`if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) {`
			`c.SetPermissionError(model.PERMISSION_CREATE_POST)`
			`return`
			`}`

			`if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {`
			`post.CreateAt = 0`
			`}`

			`rp, err := app.CreatePostAsUser(post)`
			`if err != nil {`
			`c.Err = err`
			`return`
			`}`

			`w.Write([]byte(rp.ToJson()))`
			`}`

			`func getPostsForChannel(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireChannelId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {`
			`c.SetPermissionError(model.PERMISSION_READ_CHANNEL)`
			`return`
			`}`

			`etag := app.GetPostsEtag(c.Params.ChannelId)`

			`if HandleEtag(etag, "Get Posts", w, r) {`
			`return`
			`}`

			`if list, err := app.GetPostsPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage); err != nil {`
			`c.Err = err`
			`return`
			`} else {`
			`w.Header().Set(model.HEADER_ETAG_SERVER, etag)`
			`w.Write([]byte(list.ToJson()))`
			`}`
			`}`

			`func getPost(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequirePostId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {`
			`c.SetPermissionError(model.PERMISSION_READ_CHANNEL)`
			`return`
			`}`

			`if post, err := app.GetSinglePost(c.Params.PostId); err != nil {`
			`c.Err = err`
			`return`
			`} else if HandleEtag(post.Etag(), "Get Post", w, r) {`
			`return`
			`} else {`
			`w.Header().Set(model.HEADER_ETAG_SERVER, post.Etag())`
			`w.Write([]byte(post.ToJson()))`
			`}`
			`}`

Implement posts endpoints for APIv4 (#5480) * Implement delete post endpoint for apiv4 * Implement POST search post endpoint for APIv4 * removed delete post quotes * rearrange formatting 2017-02-21 07:36:52 -05:00			`func deletePost(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequirePostId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToPost(c.Session, c.Params.PostId, model.PERMISSION_DELETE_OTHERS_POSTS) {`
			`c.SetPermissionError(model.PERMISSION_DELETE_OTHERS_POSTS)`
			`return`
			`}`

			`if _, err := app.DeletePost(c.Params.PostId); err != nil {`
			`c.Err = err`
			`return`
			`}`

			`ReturnStatusOK(w)`
			`}`

Implement some post endpoints for APIv4 (#5353) * Implement POST /posts endpoint for APIv4 * Implement GET /channels/{channel_id}/posts endpoint for APIv4 * Implement GET /posts/{post_id} endpoint for APIv4 * Implement GET /posts/{post_id}/thread endpoint for APIv4 * Skip team get if it's a DM channel in handlePostEvents 2017-02-13 10:52:50 -05:00			`func getPostThread(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequirePostId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {`
			`c.SetPermissionError(model.PERMISSION_READ_CHANNEL)`
			`return`
			`}`

			`if list, err := app.GetPostThread(c.Params.PostId); err != nil {`
			`c.Err = err`
			`return`
			`} else if HandleEtag(list.Etag(), "Get Post Thread", w, r) {`
			`return`
			`} else {`
			`w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag())`
			`w.Write([]byte(list.ToJson()))`
			`}`
			`}`
Implement posts endpoints for APIv4 (#5480) * Implement delete post endpoint for apiv4 * Implement POST search post endpoint for APIv4 * removed delete post quotes * rearrange formatting 2017-02-21 07:36:52 -05:00
			`func searchPosts(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequireTeamId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {`
			`c.SetPermissionError(model.PERMISSION_VIEW_TEAM)`
			`return`
			`}`

			`props := model.MapFromJson(r.Body)`
			`terms := props["terms"]`

			`if len(terms) == 0 {`
			`c.SetInvalidParam("terms")`
			`return`
			`}`

			`isOrSearch := false`
			`if val, ok := props["is_or_search"]; ok && val != "" {`
			`isOrSearch, _ = strconv.ParseBool(val)`
			`}`

			`posts, err := app.SearchPostsInTeam(terms, c.Session.UserId, c.Params.TeamId, isOrSearch)`
			`if err != nil {`
			`c.Err = err`
			`return`
			`}`

			`w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")`
			`w.Write([]byte(posts.ToJson()))`
			`}`
Implement GET /posts/{post_id}/files/info endpoint for APIv4 (#5519) 2017-02-24 06:15:13 -05:00
			`func getFileInfosForPost(c Context, w http.ResponseWriter, r http.Request) {`
			`c.RequirePostId()`
			`if c.Err != nil {`
			`return`
			`}`

			`if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {`
			`c.SetPermissionError(model.PERMISSION_READ_CHANNEL)`
			`return`
			`}`

			`if infos, err := app.GetFileInfosForPost(c.Params.PostId, false); err != nil {`
			`c.Err = err`
			`return`
			`} else if HandleEtag(model.GetEtagForFileInfos(infos), "Get File Infos For Post", w, r) {`
			`return`
			`} else {`
			`w.Header().Set("Cache-Control", "max-age=2592000, public")`
			`w.Header().Set(model.HEADER_ETAG_SERVER, model.GetEtagForFileInfos(infos))`
			`w.Write([]byte(model.FileInfosToJson(infos)))`
			`}`
			`}`