mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
92837fa1ee
* Posts * Add missing translation * Fix internal store marshaling * [MM-22051] Remove To/From JSON (Channels) (#18116) * Channels * Channel members * ChannelSearch * Channel categories, list, sidebar, stats, view * Fix conversions * [MM-22051] Remove To/From JSON (Users) (#18121) * User related structs * Fix return * Team related structures (#18127) * [MM-22051] Remove To/From JSON (Status, Bot, Reaction, Thread, FileInfo) (#18130) * Status * Bot * Reaction * Thread * FileInfo * Some fixes * Translations update from Weblate (#18143) * Translated using Weblate (German) Currently translated at 100.0% (2309 of 2309 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/de/ * Translated using Weblate (Turkish) Currently translated at 100.0% (2309 of 2309 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/tr/ * Translated using Weblate (Hungarian) Currently translated at 100.0% (2309 of 2309 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/hu/ * Update translation files Updated by "Cleanup translation files" hook in Weblate. Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/ Update translation files Updated by "Cleanup translation files" hook in Weblate. Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/ Update translation files Updated by "Cleanup translation files" hook in Weblate. Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/ Update translation files Updated by "Cleanup translation files" hook in Weblate. Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/ * Translated using Weblate (German) Currently translated at 100.0% (2301 of 2301 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/de/ * Translated using Weblate (Turkish) Currently translated at 100.0% (2301 of 2301 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/tr/ * Translated using Weblate (Hungarian) Currently translated at 100.0% (2301 of 2301 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/hu/ * Translated using Weblate (English (Australia)) Currently translated at 100.0% (2301 of 2301 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/en_AU/ * Translated using Weblate (Bulgarian) Currently translated at 100.0% (2301 of 2301 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/bg/ * Translated using Weblate (Japanese) Currently translated at 100.0% (2301 of 2301 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/ja/ * Translated using Weblate (Chinese (Simplified)) Currently translated at 100.0% (2301 of 2301 strings) Translation: mattermost-languages-shipped/mattermost-server Translate-URL: https://translate.mattermost.com/projects/mattermost/mattermost-server_master/zh_Hans/ Co-authored-by: JtheBAB <srast@bioc.uzh.ch> Co-authored-by: Kaya Zeren <kayazeren@gmail.com> Co-authored-by: Tóth Csaba // Online ERP Hungary Kft <csaba.toth@online-erp.hu> Co-authored-by: Matthew Williams <Matthew.Williams@outlook.com.au> Co-authored-by: Nikolai Zahariev <nikolaiz@yahoo.com> Co-authored-by: kaakaa <stooner.hoe@gmail.com> Co-authored-by: aeomin <lin@aeomin.net> Co-authored-by: Weblate (bot) <hosted@weblate.org> Co-authored-by: JtheBAB <srast@bioc.uzh.ch> Co-authored-by: Kaya Zeren <kayazeren@gmail.com> Co-authored-by: Tóth Csaba // Online ERP Hungary Kft <csaba.toth@online-erp.hu> Co-authored-by: Matthew Williams <Matthew.Williams@outlook.com.au> Co-authored-by: Nikolai Zahariev <nikolaiz@yahoo.com> Co-authored-by: kaakaa <stooner.hoe@gmail.com> Co-authored-by: aeomin <lin@aeomin.net> * [MM-22051] Remove To/From JSON methods from model (#18138) * Scheme * Role * Session * Config * Status * Fix logic * Emoji * GuestsInvite * Group * Command * ClusterInfo * License * Job * System * Plugin * Command2 * IncomingWebhook * OutgoingWebhook * Fix tests * Update traslation * Some fixes * Add missing return * Simplify * Make Config.ToJSONFiltered() return []byte * Make Busy.ToJSON() return []byte * Include error in log * Split logic * [MM-22051] Remove To/From JSON (final) (#18150) * SwitchRequest * PluginEventData * Permalink * PushNotification * SuggestCommand * PluginsResponse * WebSocketMessage * RemoteCluster * SharedChannel * PluginStatuses * InitialLoad * ClusterDiscovery * ClusterStats * MfaSecret * GroupSyncable * SAML * WebSocketRequest * TypingRequest * SecurityBulletin * OAuthApp * IntegrationAction * DataRetention * Preference * FileInfoList * Compliance * Preferences * FileInfoSearchResults * TermsOfService * InstallMarketplacePluginRequest * GitLabUser * UploadSessions * Remove unused helpers * Fix tests * [MM-23280] Fix linting for ToJSON/FromJSON (#18153) * SwitchRequest * PluginEventData * Permalink * PushNotification * SuggestCommand * PluginsResponse * WebSocketMessage * RemoteCluster * SharedChannel * PluginStatuses * InitialLoad * ClusterDiscovery * ClusterStats * MfaSecret * GroupSyncable * SAML * WebSocketRequest * TypingRequest * SecurityBulletin * OAuthApp * IntegrationAction * DataRetention * Preference * FileInfoList * Compliance * Preferences * FileInfoSearchResults * TermsOfService * InstallMarketplacePluginRequest * GitLabUser * UploadSessions * Remove unused helpers * Fix tests * Fix linting for ToJSON/FromJSON * Fix conversions Co-authored-by: Weblate (bot) <hosted@weblate.org> Co-authored-by: JtheBAB <srast@bioc.uzh.ch> Co-authored-by: Kaya Zeren <kayazeren@gmail.com> Co-authored-by: Tóth Csaba // Online ERP Hungary Kft <csaba.toth@online-erp.hu> Co-authored-by: Matthew Williams <Matthew.Williams@outlook.com.au> Co-authored-by: Nikolai Zahariev <nikolaiz@yahoo.com> Co-authored-by: kaakaa <stooner.hoe@gmail.com> Co-authored-by: aeomin <lin@aeomin.net> Co-authored-by: Mattermod <mattermod@users.noreply.github.com>
315 lines
8.3 KiB
Go
315 lines
8.3 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/mattermost/mattermost-server/v6/audit"
|
|
"github.com/mattermost/mattermost-server/v6/model"
|
|
"github.com/mattermost/mattermost-server/v6/shared/mlog"
|
|
)
|
|
|
|
func (api *API) InitBot() {
|
|
api.BaseRoutes.Bots.Handle("", api.APISessionRequired(createBot)).Methods("POST")
|
|
api.BaseRoutes.Bot.Handle("", api.APISessionRequired(patchBot)).Methods("PUT")
|
|
api.BaseRoutes.Bot.Handle("", api.APISessionRequired(getBot)).Methods("GET")
|
|
api.BaseRoutes.Bots.Handle("", api.APISessionRequired(getBots)).Methods("GET")
|
|
api.BaseRoutes.Bot.Handle("/disable", api.APISessionRequired(disableBot)).Methods("POST")
|
|
api.BaseRoutes.Bot.Handle("/enable", api.APISessionRequired(enableBot)).Methods("POST")
|
|
api.BaseRoutes.Bot.Handle("/convert_to_user", api.APISessionRequired(convertBotToUser)).Methods("POST")
|
|
api.BaseRoutes.Bot.Handle("/assign/{user_id:[A-Za-z0-9]+}", api.APISessionRequired(assignBot)).Methods("POST")
|
|
}
|
|
|
|
func createBot(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
var botPatch *model.BotPatch
|
|
err := json.NewDecoder(r.Body).Decode(&botPatch)
|
|
if err != nil {
|
|
c.SetInvalidParam("bot")
|
|
return
|
|
}
|
|
|
|
bot := &model.Bot{
|
|
OwnerId: c.AppContext.Session().UserId,
|
|
}
|
|
bot.Patch(botPatch)
|
|
|
|
auditRec := c.MakeAuditRecord("createBot", audit.Fail)
|
|
defer c.LogAuditRec(auditRec)
|
|
auditRec.AddMeta("bot", bot)
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateBot) {
|
|
c.SetPermissionError(model.PermissionCreateBot)
|
|
return
|
|
}
|
|
|
|
if user, err := c.App.GetUser(c.AppContext.Session().UserId); err == nil {
|
|
if user.IsBot {
|
|
c.SetPermissionError(model.PermissionCreateBot)
|
|
return
|
|
}
|
|
}
|
|
|
|
if !*c.App.Config().ServiceSettings.EnableBotAccountCreation {
|
|
c.Err = model.NewAppError("createBot", "api.bot.create_disabled", nil, "", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
createdBot, appErr := c.App.CreateBot(c.AppContext, bot)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
auditRec.AddMeta("bot", createdBot) // overwrite meta
|
|
|
|
w.WriteHeader(http.StatusCreated)
|
|
if err := json.NewEncoder(w).Encode(createdBot); err != nil {
|
|
mlog.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func patchBot(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
c.RequireBotUserId()
|
|
if c.Err != nil {
|
|
return
|
|
}
|
|
botUserId := c.Params.BotUserId
|
|
|
|
var botPatch *model.BotPatch
|
|
err := json.NewDecoder(r.Body).Decode(&botPatch)
|
|
if err != nil {
|
|
c.SetInvalidParam("bot")
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord("patchBot", audit.Fail)
|
|
defer c.LogAuditRec(auditRec)
|
|
auditRec.AddMeta("bot_id", botUserId)
|
|
|
|
if err := c.App.SessionHasPermissionToManageBot(*c.AppContext.Session(), botUserId); err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
updatedBot, appErr := c.App.PatchBot(botUserId, botPatch)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
auditRec.AddMeta("bot", updatedBot)
|
|
|
|
if err := json.NewEncoder(w).Encode(updatedBot); err != nil {
|
|
mlog.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func getBot(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
c.RequireBotUserId()
|
|
if c.Err != nil {
|
|
return
|
|
}
|
|
botUserId := c.Params.BotUserId
|
|
|
|
includeDeleted, _ := strconv.ParseBool(r.URL.Query().Get("include_deleted"))
|
|
|
|
bot, appErr := c.App.GetBot(botUserId, includeDeleted)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadOthersBots) {
|
|
// Allow access to any bot.
|
|
} else if bot.OwnerId == c.AppContext.Session().UserId {
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadBots) {
|
|
// Pretend like the bot doesn't exist at all to avoid revealing that the
|
|
// user is a bot. It's kind of silly in this case, sine we created the bot,
|
|
// but we don't have read bot permissions.
|
|
c.Err = model.MakeBotNotFoundError(botUserId)
|
|
return
|
|
}
|
|
} else {
|
|
// Pretend like the bot doesn't exist at all, to avoid revealing that the
|
|
// user is a bot.
|
|
c.Err = model.MakeBotNotFoundError(botUserId)
|
|
return
|
|
}
|
|
|
|
if c.HandleEtag(bot.Etag(), "Get Bot", w, r) {
|
|
return
|
|
}
|
|
|
|
if err := json.NewEncoder(w).Encode(bot); err != nil {
|
|
mlog.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func getBots(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
includeDeleted, _ := strconv.ParseBool(r.URL.Query().Get("include_deleted"))
|
|
onlyOrphaned, _ := strconv.ParseBool(r.URL.Query().Get("only_orphaned"))
|
|
|
|
var OwnerId string
|
|
if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadOthersBots) {
|
|
// Get bots created by any user.
|
|
OwnerId = ""
|
|
} else if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadBots) {
|
|
// Only get bots created by this user.
|
|
OwnerId = c.AppContext.Session().UserId
|
|
} else {
|
|
c.SetPermissionError(model.PermissionReadBots)
|
|
return
|
|
}
|
|
|
|
bots, appErr := c.App.GetBots(&model.BotGetOptions{
|
|
Page: c.Params.Page,
|
|
PerPage: c.Params.PerPage,
|
|
OwnerId: OwnerId,
|
|
IncludeDeleted: includeDeleted,
|
|
OnlyOrphaned: onlyOrphaned,
|
|
})
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
if c.HandleEtag(bots.Etag(), "Get Bots", w, r) {
|
|
return
|
|
}
|
|
|
|
if err := json.NewEncoder(w).Encode(bots); err != nil {
|
|
mlog.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func disableBot(c *Context, w http.ResponseWriter, _ *http.Request) {
|
|
updateBotActive(c, w, false)
|
|
}
|
|
|
|
func enableBot(c *Context, w http.ResponseWriter, _ *http.Request) {
|
|
updateBotActive(c, w, true)
|
|
}
|
|
|
|
func updateBotActive(c *Context, w http.ResponseWriter, active bool) {
|
|
c.RequireBotUserId()
|
|
if c.Err != nil {
|
|
return
|
|
}
|
|
botUserId := c.Params.BotUserId
|
|
|
|
auditRec := c.MakeAuditRecord("updateBotActive", audit.Fail)
|
|
defer c.LogAuditRec(auditRec)
|
|
auditRec.AddMeta("bot_id", botUserId)
|
|
auditRec.AddMeta("enable", active)
|
|
|
|
if err := c.App.SessionHasPermissionToManageBot(*c.AppContext.Session(), botUserId); err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
bot, err := c.App.UpdateBotActive(c.AppContext, botUserId, active)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
auditRec.AddMeta("bot", bot)
|
|
|
|
if err := json.NewEncoder(w).Encode(bot); err != nil {
|
|
mlog.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func assignBot(c *Context, w http.ResponseWriter, _ *http.Request) {
|
|
c.RequireUserId()
|
|
c.RequireBotUserId()
|
|
if c.Err != nil {
|
|
return
|
|
}
|
|
botUserId := c.Params.BotUserId
|
|
userId := c.Params.UserId
|
|
|
|
auditRec := c.MakeAuditRecord("assignBot", audit.Fail)
|
|
defer c.LogAuditRec(auditRec)
|
|
auditRec.AddMeta("bot_id", botUserId)
|
|
auditRec.AddMeta("assign_user_id", userId)
|
|
|
|
if err := c.App.SessionHasPermissionToManageBot(*c.AppContext.Session(), botUserId); err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
if user, err := c.App.GetUser(userId); err == nil {
|
|
if user.IsBot {
|
|
c.SetPermissionError(model.PermissionAssignBot)
|
|
return
|
|
}
|
|
}
|
|
|
|
bot, err := c.App.UpdateBotOwner(botUserId, userId)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
auditRec.AddMeta("bot", bot)
|
|
|
|
if err := json.NewEncoder(w).Encode(bot); err != nil {
|
|
mlog.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func convertBotToUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
c.RequireBotUserId()
|
|
if c.Err != nil {
|
|
return
|
|
}
|
|
|
|
bot, err := c.App.GetBot(c.Params.BotUserId, false)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
var userPatch model.UserPatch
|
|
jsonErr := json.NewDecoder(r.Body).Decode(&userPatch)
|
|
if jsonErr != nil || userPatch.Password == nil || *userPatch.Password == "" {
|
|
c.SetInvalidParam("userPatch")
|
|
return
|
|
}
|
|
|
|
systemAdmin, _ := strconv.ParseBool(r.URL.Query().Get("set_system_admin"))
|
|
|
|
auditRec := c.MakeAuditRecord("convertBotToUser", audit.Fail)
|
|
defer c.LogAuditRec(auditRec)
|
|
auditRec.AddMeta("bot", bot)
|
|
auditRec.AddMeta("userPatch", userPatch)
|
|
auditRec.AddMeta("set_system_admin", systemAdmin)
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
user, err := c.App.ConvertBotToUser(bot, &userPatch, systemAdmin)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
auditRec.AddMeta("convertedTo", user)
|
|
|
|
if err := json.NewEncoder(w).Encode(user); err != nil {
|
|
mlog.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|