func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.disabled.app_error", nil, "")
c.Err.StatusCode = http.StatusNotImplemented
return
}
c.LogAudit("attempt")
hook := model.OutgoingWebhookFromJson(r.Body)
if hook == nil {
c.SetInvalidParam("createOutgoingHook", "webhook")
return
}
hook.CreatorId = c.Session.UserId
hook.TeamId = c.Session.TeamId
if len(hook.ChannelId) != 0 {
cchan := Srv.Store.Channel().Get(hook.ChannelId)
pchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, hook.ChannelId, c.Session.UserId)
var channel *model.Channel
if result := <-cchan; result.Err != nil {
c.Err = result.Err
return
} else {
channel = result.Data.(*model.Channel)
}
if channel.Type != model.CHANNEL_OPEN {
c.LogAudit("fail - not open channel")
}
if !c.HasPermissionsToChannel(pchan, "createOutgoingHook") {
if channel.Type != model.CHANNEL_OPEN || channel.TeamId != c.Session.TeamId {
c.LogAudit("fail - bad channel permissions")
return
}
}
} else if len(hook.TriggerWords) == 0 {
c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.triggers.app_error", nil, "")
return
}
if result := <-Srv.Store.Webhook().SaveOutgoing(hook); result.Err != nil {
c.Err = result.Err
return
} else {
c.LogAudit("success")
rhook := result.Data.(*model.OutgoingWebhook)
w.Write([]byte(rhook.ToJson()))
}
}
func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.disabled.app_error", nil, "")
c.Err.StatusCode = http.StatusNotImplemented
return
}
if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_WEBHOOKS) {
c.Err = model.NewLocAppError("createOutgoingHook", "api.command.admin_only.app_error", nil, "")
c.Err.StatusCode = http.StatusForbidden
return
}
c.LogAudit("attempt")
hook := model.OutgoingWebhookFromJson(r.Body)
if hook == nil {
c.SetInvalidParam("createOutgoingHook", "webhook")
return
}
hook.CreatorId = c.Session.UserId
hook.TeamId = c.TeamId
if len(hook.ChannelId) != 0 {
cchan := app.Srv.Store.Channel().Get(hook.ChannelId, true)
var channel *model.Channel
if result := <-cchan; result.Err != nil {
c.Err = result.Err
return
} else {
channel = result.Data.(*model.Channel)
}
if channel.Type != model.CHANNEL_OPEN {
c.LogAudit("fail - not open channel")
c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.not_open.app_error", nil, "")
return
}
if channel.Type != model.CHANNEL_OPEN || channel.TeamId != c.TeamId {
c.LogAudit("fail - bad channel permissions")
c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.permissions.app_error", nil, "")
return
}
} else if len(hook.TriggerWords) == 0 {
c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.triggers.app_error", nil, "")
return
}
if result := <-app.Srv.Store.Webhook().GetOutgoingByTeam(c.TeamId); result.Err != nil {
c.Err = result.Err
return
} else {
allHooks := result.Data.([]*model.OutgoingWebhook)
for _, existingOutHook := range allHooks {
urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, hook.CallbackURLs)
triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, hook.TriggerWords)
if existingOutHook.ChannelId == hook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 {
c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.intersect.app_error", nil, "")
return
}
}
}
if result := <-app.Srv.Store.Webhook().SaveOutgoing(hook); result.Err != nil {
c.Err = result.Err
return
} else {
c.LogAudit("success")
rhook := result.Data.(*model.OutgoingWebhook)
w.Write([]byte(rhook.ToJson()))
}
}
