implement POST /commands for apiv4 (#5849)

api4/api.go

@@ -170,6 +170,7 @@ func InitApi(full bool) {
 	InitCluster()
 	InitLdap()
 	InitBrand()
+	InitCommand()
 
 	app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))
 

api4/command.go

@@ -0,0 +1,45 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"net/http"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func InitCommand() {
+	l4g.Debug(utils.T("api.command.init.debug"))
+
+	BaseRoutes.Commands.Handle("", ApiSessionRequired(createCommand)).Methods("POST")
+}
+
+func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
+	cmd := model.CommandFromJson(r.Body)
+	if cmd == nil {
+		c.SetInvalidParam("command")
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
+		return
+	}
+
+	cmd.CreatorId = c.Session.UserId
+
+	rcmd, err := app.CreateCommand(cmd)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("success")
+	w.Write([]byte(rcmd.ToJson()))
+}

api4/command_test.go

@@ -0,0 +1,60 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"testing"
+	// "time"
+
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func TestCreateCommand(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	enableCommands := *utils.Cfg.ServiceSettings.EnableCommands
+	defer func() {
+		utils.Cfg.ServiceSettings.EnableCommands = &enableCommands
+	}()
+	*utils.Cfg.ServiceSettings.EnableCommands = true
+
+	newCmd := &model.Command{
+		CreatorId: th.BasicUser.Id,
+		TeamId:    th.BasicTeam.Id,
+		URL:       "http://nowhere.com",
+		Method:    model.COMMAND_METHOD_POST,
+		Trigger:   "trigger"}
+
+	_, resp := Client.CreateCommand(newCmd)
+	CheckForbiddenStatus(t, resp)
+
+	createdCmd, resp := th.SystemAdminClient.CreateCommand(newCmd)
+	CheckNoError(t, resp)
+	if createdCmd.CreatorId != th.SystemAdminUser.Id {
+		t.Fatal("user ids didn't match")
+	}
+	if createdCmd.TeamId != th.BasicTeam.Id {
+		t.Fatal("team ids didn't match")
+	}
+
+	_, resp = th.SystemAdminClient.CreateCommand(newCmd)
+	CheckBadRequestStatus(t, resp)
+	CheckErrorMessage(t, resp, "api.command.duplicate_trigger.app_error")
+
+	newCmd.Method = "Wrong"
+	newCmd.Trigger = "test"
+	_, resp = th.SystemAdminClient.CreateCommand(newCmd)
+	CheckInternalErrorStatus(t, resp)
+	CheckErrorMessage(t, resp, "model.command.is_valid.method.app_error")
+
+	*utils.Cfg.ServiceSettings.EnableCommands = false
+	newCmd.Method = "P"
+	newCmd.Trigger = "test"
+	_, resp = th.SystemAdminClient.CreateCommand(newCmd)
+	CheckNotImplementedStatus(t, resp)
+	CheckErrorMessage(t, resp, "api.command.disabled.app_error")
+}

model/client4.go

@@ -202,6 +202,10 @@ func (c *Client4) GetBrandRoute() string {
 	return fmt.Sprintf("/brand")
 }
 
+func (c *Client4) GetCommandsRoute() string {
+	return fmt.Sprintf("/commands")
+}
+
 func (c *Client4) DoApiGet(url string, etag string) (*http.Response, *AppError) {
 	return c.DoApiRequest(http.MethodGet, url, "", etag)
 }
@@ -1716,3 +1720,15 @@ func (c *Client4) GetLogs(page, perPage int) ([]string, *Response) {
 		return ArrayFromJson(r.Body), BuildResponse(r)
 	}
 }
+
+// Commands Section
+
+// CreateCommand will create a new command if the user have the right permissions.
+func (c *Client4) CreateCommand(cmd *Command) (*Command, *Response) {
+	if r, err := c.DoApiPost(c.GetCommandsRoute(), cmd.ToJson()); err != nil {
+		return nil, &Response{StatusCode: r.StatusCode, Error: err}
+	} else {
+		defer closeBody(r)
+		return CommandFromJson(r.Body), BuildResponse(r)
+	}
+}