mirror of
https://github.com/mattermost/mattermost.git
synced 2026-03-02 05:10:30 -05:00
280 lines
8 KiB
Go
280 lines
8 KiB
Go
// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package api
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
l4g "github.com/alecthomas/log4go"
|
|
"github.com/gorilla/mux"
|
|
"github.com/mattermost/platform/model"
|
|
"github.com/mattermost/platform/utils"
|
|
)
|
|
|
|
type CommandProvider interface {
|
|
GetCommand() *model.Command
|
|
DoCommand(c *Context, channelId string, message string) *model.CommandResponse
|
|
}
|
|
|
|
var commandProviders = make(map[string]CommandProvider)
|
|
|
|
func RegisterCommandProvider(newProvider CommandProvider) {
|
|
commandProviders[newProvider.GetCommand().Trigger] = newProvider
|
|
}
|
|
|
|
func GetCommandProvidersProvider(name string) CommandProvider {
|
|
provider, ok := commandProviders[name]
|
|
if ok {
|
|
return provider
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func InitCommand(r *mux.Router) {
|
|
l4g.Debug("Initializing command api routes")
|
|
|
|
sr := r.PathPrefix("/commands").Subrouter()
|
|
|
|
sr.Handle("/execute", ApiUserRequired(executeCommand)).Methods("POST")
|
|
sr.Handle("/list", ApiUserRequired(listCommands)).Methods("GET")
|
|
|
|
sr.Handle("/create", ApiUserRequired(createCommand)).Methods("POST")
|
|
sr.Handle("/list_team_commands", ApiUserRequired(listTeamCommands)).Methods("GET")
|
|
sr.Handle("/regen_token", ApiUserRequired(regenCommandToken)).Methods("POST")
|
|
sr.Handle("/delete", ApiUserRequired(deleteCommand)).Methods("POST")
|
|
}
|
|
|
|
func listCommands(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
commands := make([]*model.Command, 0, 32)
|
|
seen := make(map[string]bool)
|
|
for _, value := range commandProviders {
|
|
cpy := *value.GetCommand()
|
|
if cpy.AutoComplete && !seen[cpy.Id] {
|
|
cpy.Sanatize()
|
|
seen[cpy.Trigger] = true
|
|
commands = append(commands, &cpy)
|
|
}
|
|
}
|
|
|
|
if result := <-Srv.Store.Command().GetByTeam(c.Session.TeamId); result.Err != nil {
|
|
c.Err = result.Err
|
|
return
|
|
} else {
|
|
teamCmds := result.Data.([]*model.Command)
|
|
for _, cmd := range teamCmds {
|
|
if cmd.AutoComplete && !seen[cmd.Id] {
|
|
cmd.Sanatize()
|
|
seen[cmd.Trigger] = true
|
|
commands = append(commands, cmd)
|
|
}
|
|
}
|
|
}
|
|
|
|
w.Write([]byte(model.CommandListToJson(commands)))
|
|
}
|
|
|
|
func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
props := model.MapFromJson(r.Body)
|
|
command := strings.TrimSpace(props["command"])
|
|
channelId := strings.TrimSpace(props["channelId"])
|
|
|
|
if len(command) <= 1 || strings.Index(command, "/") != 0 {
|
|
c.Err = model.NewAppError("command", "Command must start with /", "")
|
|
return
|
|
}
|
|
|
|
if len(channelId) > 0 {
|
|
cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, channelId, c.Session.UserId)
|
|
|
|
if !c.HasPermissionsToChannel(cchan, "checkCommand") {
|
|
return
|
|
}
|
|
}
|
|
|
|
parts := strings.Split(command, " ")
|
|
trigger := parts[0][1:]
|
|
provider := GetCommandProvidersProvider(trigger)
|
|
|
|
if provider != nil {
|
|
message := strings.Join(parts[1:], " ")
|
|
response := provider.DoCommand(c, channelId, message)
|
|
|
|
if response.ResponseType == model.COMMAND_RESPONSE_TYPE_IN_CHANNEL {
|
|
post := &model.Post{}
|
|
post.ChannelId = channelId
|
|
post.Message = response.Text
|
|
if _, err := CreatePost(c, post, true); err != nil {
|
|
c.Err = model.NewAppError("command", "An error while saving the command response to the channel", "")
|
|
}
|
|
} else if response.ResponseType == model.COMMAND_RESPONSE_TYPE_EPHEMERAL {
|
|
post := &model.Post{}
|
|
post.ChannelId = channelId
|
|
post.Message = "TODO_EPHEMERAL: " + response.Text
|
|
if _, err := CreatePost(c, post, true); err != nil {
|
|
c.Err = model.NewAppError("command", "An error while saving the command response to the channel", "")
|
|
}
|
|
}
|
|
|
|
w.Write([]byte(response.ToJson()))
|
|
} else {
|
|
c.Err = model.NewAppError("command", "Command with a trigger of '"+trigger+"' not found", "")
|
|
}
|
|
}
|
|
|
|
func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !*utils.Cfg.ServiceSettings.EnableCommands {
|
|
c.Err = model.NewAppError("createCommand", "Commands have been disabled by the system admin.", "")
|
|
c.Err.StatusCode = http.StatusNotImplemented
|
|
return
|
|
}
|
|
|
|
if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
|
|
if !(c.IsSystemAdmin() || c.IsTeamAdmin()) {
|
|
c.Err = model.NewAppError("createCommand", "Integrations have been limited to admins only.", "")
|
|
c.Err.StatusCode = http.StatusForbidden
|
|
return
|
|
}
|
|
}
|
|
|
|
c.LogAudit("attempt")
|
|
|
|
cmd := model.CommandFromJson(r.Body)
|
|
|
|
if cmd == nil {
|
|
c.SetInvalidParam("createCommand", "command")
|
|
return
|
|
}
|
|
|
|
cmd.CreatorId = c.Session.UserId
|
|
cmd.TeamId = c.Session.TeamId
|
|
|
|
if result := <-Srv.Store.Command().Save(cmd); result.Err != nil {
|
|
c.Err = result.Err
|
|
return
|
|
} else {
|
|
c.LogAudit("success")
|
|
rcmd := result.Data.(*model.Command)
|
|
w.Write([]byte(rcmd.ToJson()))
|
|
}
|
|
}
|
|
|
|
func listTeamCommands(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !*utils.Cfg.ServiceSettings.EnableCommands {
|
|
c.Err = model.NewAppError("createCommand", "Commands have been disabled by the system admin.", "")
|
|
c.Err.StatusCode = http.StatusNotImplemented
|
|
return
|
|
}
|
|
|
|
if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
|
|
if !(c.IsSystemAdmin() || c.IsTeamAdmin()) {
|
|
c.Err = model.NewAppError("createCommand", "Integrations have been limited to admins only.", "")
|
|
c.Err.StatusCode = http.StatusForbidden
|
|
return
|
|
}
|
|
}
|
|
|
|
if result := <-Srv.Store.Command().GetByTeam(c.Session.TeamId); result.Err != nil {
|
|
c.Err = result.Err
|
|
return
|
|
} else {
|
|
cmds := result.Data.([]*model.Command)
|
|
w.Write([]byte(model.CommandListToJson(cmds)))
|
|
}
|
|
}
|
|
|
|
func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !*utils.Cfg.ServiceSettings.EnableCommands {
|
|
c.Err = model.NewAppError("createCommand", "Commands have been disabled by the system admin.", "")
|
|
c.Err.StatusCode = http.StatusNotImplemented
|
|
return
|
|
}
|
|
|
|
if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
|
|
if !(c.IsSystemAdmin() || c.IsTeamAdmin()) {
|
|
c.Err = model.NewAppError("createCommand", "Integrations have been limited to admins only.", "")
|
|
c.Err.StatusCode = http.StatusForbidden
|
|
return
|
|
}
|
|
}
|
|
|
|
c.LogAudit("attempt")
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
id := props["id"]
|
|
if len(id) == 0 {
|
|
c.SetInvalidParam("regenCommandToken", "id")
|
|
return
|
|
}
|
|
|
|
var cmd *model.Command
|
|
if result := <-Srv.Store.Command().Get(id); result.Err != nil {
|
|
c.Err = result.Err
|
|
return
|
|
} else {
|
|
cmd = result.Data.(*model.Command)
|
|
|
|
if c.Session.TeamId != cmd.TeamId && c.Session.UserId != cmd.CreatorId && !c.IsTeamAdmin() {
|
|
c.LogAudit("fail - inappropriate permissions")
|
|
c.Err = model.NewAppError("regenToken", "Inappropriate permissions to regenerate command token", "user_id="+c.Session.UserId)
|
|
return
|
|
}
|
|
}
|
|
|
|
cmd.Token = model.NewId()
|
|
|
|
if result := <-Srv.Store.Command().Update(cmd); result.Err != nil {
|
|
c.Err = result.Err
|
|
return
|
|
} else {
|
|
w.Write([]byte(result.Data.(*model.Command).ToJson()))
|
|
}
|
|
}
|
|
|
|
func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !*utils.Cfg.ServiceSettings.EnableCommands {
|
|
c.Err = model.NewAppError("createCommand", "Commands have been disabled by the system admin.", "")
|
|
c.Err.StatusCode = http.StatusNotImplemented
|
|
return
|
|
}
|
|
|
|
if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
|
|
if !(c.IsSystemAdmin() || c.IsTeamAdmin()) {
|
|
c.Err = model.NewAppError("createCommand", "Integrations have been limited to admins only.", "")
|
|
c.Err.StatusCode = http.StatusForbidden
|
|
return
|
|
}
|
|
}
|
|
|
|
c.LogAudit("attempt")
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
id := props["id"]
|
|
if len(id) == 0 {
|
|
c.SetInvalidParam("deleteCommand", "id")
|
|
return
|
|
}
|
|
|
|
if result := <-Srv.Store.Command().Get(id); result.Err != nil {
|
|
c.Err = result.Err
|
|
return
|
|
} else {
|
|
if c.Session.TeamId != result.Data.(*model.Command).TeamId && c.Session.UserId != result.Data.(*model.Command).CreatorId && !c.IsTeamAdmin() {
|
|
c.LogAudit("fail - inappropriate permissions")
|
|
c.Err = model.NewAppError("deleteCommand", "Inappropriate permissions to delete command", "user_id="+c.Session.UserId)
|
|
return
|
|
}
|
|
}
|
|
|
|
if err := (<-Srv.Store.Command().Delete(id, model.GetMillis())).Err; err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
c.LogAudit("success")
|
|
w.Write([]byte(model.MapToJson(props)))
|
|
}
|