func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("createPost", "post")
return
}
// Create and save post object to channel
cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, post.ChannelId, c.Session.UserId)
if !c.HasPermissionsToChannel(cchan, "createPost") {
return
}
if rp, err := CreatePost(c, post, true); err != nil {
c.Err = err
if c.Err.Id == "api.post.create_post.root_id.app_error" ||
c.Err.Id == "api.post.create_post.channel_root_id.app_error" ||
c.Err.Id == "api.post.create_post.parent_id.app_error" {
c.Err.StatusCode = http.StatusBadRequest
}
return
} else {
if result := <-Srv.Store.Channel().UpdateLastViewedAt(post.ChannelId, c.Session.UserId); result.Err != nil {
l4g.Error(utils.T("api.post.create_post.last_viewed.error"), post.ChannelId, c.Session.UserId, result.Err)
}
w.Write([]byte(rp.ToJson()))
}
}
func (me *LoadTestProvider) JsonCommand(c *Context, channelId string, message string) *model.CommandResponse {
url := strings.TrimSpace(strings.TrimPrefix(message, "json"))
if len(url) == 0 {
return &model.CommandResponse{Text: "Command must contain a url", ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
}
// provide a shortcut to easily access tests stored in doc/developer/tests
if !strings.HasPrefix(url, "http") {
url = "https://raw.githubusercontent.com/mattermost/platform/master/tests/" + url
if path.Ext(url) == "" {
url += ".json"
}
}
var contents io.ReadCloser
if r, err := http.Get(url); err != nil {
return &model.CommandResponse{Text: "Unable to get file", ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
} else if r.StatusCode > 400 {
return &model.CommandResponse{Text: "Unable to get file", ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
} else {
contents = r.Body
}
post := model.PostFromJson(contents)
post.ChannelId = channelId
if post.Message == "" {
post.Message = message
}
if _, err := CreatePost(c, post, false); err != nil {
return &model.CommandResponse{Text: "Unable to create post", ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
}
return &model.CommandResponse{Text: "Loading data...", ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
}
func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("createPost", "post")
return
}
// Create and save post object to channel
cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, post.ChannelId, c.Session.UserId)
if !c.HasPermissionsToChannel(cchan, "createPost") {
return
}
if rp, err := CreatePost(c, post, true); err != nil {
c.Err = err
if strings.Contains(c.Err.Message, "parameter") {
c.Err.StatusCode = http.StatusBadRequest
}
return
} else {
if result := <-Srv.Store.Channel().UpdateLastViewedAt(post.ChannelId, c.Session.UserId); result.Err != nil {
l4g.Error("Encountered error updating last viewed, channel_id=%s, user_id=%s, err=%v", post.ChannelId, c.Session.UserId, result.Err)
}
w.Write([]byte(rp.ToJson()))
}
}
func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("createPost", "post")
return
}
// Create and save post object to channel
cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, post.ChannelId, c.Session.UserId)
if !c.HasPermissionsToChannel(cchan, "createPost") {
return
}
if rp, err := CreatePost(c, post, true); err != nil {
c.Err = err
if strings.Contains(c.Err.Message, "parameter") {
c.Err.StatusCode = http.StatusBadRequest
}
return
} else {
w.Write([]byte(rp.ToJson()))
}
}
func createValetPost(c *Context, w http.ResponseWriter, r *http.Request) {
if !utils.Cfg.TeamSettings.AllowValet {
c.Err = model.NewAppError("createValetPost", "The valet feature is currently turned off. Please contact your system administrator for details.", "")
c.Err.StatusCode = http.StatusNotImplemented
return
}
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("createValetPost", "post")
return
}
// Any one with access to the team can post as valet to any open channel
cchan := Srv.Store.Channel().CheckOpenChannelPermissions(c.Session.TeamId, post.ChannelId)
if !c.HasPermissionsToChannel(cchan, "createValetPost") {
return
}
if rp, err := CreateValetPost(c, post); err != nil {
c.Err = err
if strings.Contains(c.Err.Message, "parameter") {
c.Err.StatusCode = http.StatusBadRequest
}
return
} else {
w.Write([]byte(rp.ToJson()))
}
}
func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("updatePost", "post")
return
}
cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, post.ChannelId, c.Session.UserId)
pchan := Srv.Store.Post().Get(post.Id)
if !c.HasPermissionsToChannel(cchan, "updatePost") {
return
}
var oldPost *model.Post
if result := <-pchan; result.Err != nil {
c.Err = result.Err
return
} else {
oldPost = result.Data.(*model.PostList).Posts[post.Id]
if oldPost == nil {
c.Err = model.NewAppError("updatePost", "We couldn't find the existing post or comment to update.", "id="+post.Id)
c.Err.StatusCode = http.StatusBadRequest
return
}
if oldPost.UserId != c.Session.UserId {
c.Err = model.NewAppError("updatePost", "You do not have the appropriate permissions", "oldUserId="+oldPost.UserId)
c.Err.StatusCode = http.StatusForbidden
return
}
if oldPost.DeleteAt != 0 {
c.Err = model.NewAppError("updatePost", "You do not have the appropriate permissions", "Already delted id="+post.Id)
c.Err.StatusCode = http.StatusForbidden
return
}
}
hashtags, _ := model.ParseHashtags(post.Message)
if result := <-Srv.Store.Post().Update(oldPost, post.Message, hashtags); result.Err != nil {
c.Err = result.Err
return
} else {
rpost := result.Data.(*model.Post)
message := model.NewMessage(c.Session.TeamId, rpost.ChannelId, c.Session.UserId, model.ACTION_POST_EDITED)
message.Add("post_id", rpost.Id)
message.Add("channel_id", rpost.ChannelId)
message.Add("message", rpost.Message)
store.PublishAndForget(message)
w.Write([]byte(rpost.ToJson()))
}
}
func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("updatePost", "post")
return
}
cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, post.ChannelId, c.Session.UserId)
pchan := Srv.Store.Post().Get(post.Id)
if !c.HasPermissionsToChannel(cchan, "updatePost") {
return
}
var oldPost *model.Post
if result := <-pchan; result.Err != nil {
c.Err = result.Err
return
} else {
oldPost = result.Data.(*model.PostList).Posts[post.Id]
if oldPost == nil {
c.Err = model.NewLocAppError("updatePost", "api.post.update_post.find.app_error", nil, "id="+post.Id)
c.Err.StatusCode = http.StatusBadRequest
return
}
if oldPost.UserId != c.Session.UserId {
c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, "oldUserId="+oldPost.UserId)
c.Err.StatusCode = http.StatusForbidden
return
}
if oldPost.DeleteAt != 0 {
c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil,
c.T("api.post.update_post.permissions_details.app_error", map[string]interface{}{"PostId": post.Id}))
c.Err.StatusCode = http.StatusForbidden
return
}
}
hashtags, _ := model.ParseHashtags(post.Message)
if result := <-Srv.Store.Post().Update(oldPost, post.Message, hashtags); result.Err != nil {
c.Err = result.Err
return
} else {
rpost := result.Data.(*model.Post)
message := model.NewMessage(c.TeamId, rpost.ChannelId, c.Session.UserId, model.ACTION_POST_EDITED)
message.Add("post", rpost.ToJson())
PublishAndForget(message)
w.Write([]byte(rpost.ToJson()))
}
}
func (u *User) handleWsActionPost(rmsg *model.Message) {
data := model.PostFromJson(strings.NewReader(rmsg.Props["post"]))
logger.Debug("receiving userid", data.UserId)
if data.UserId == u.MmUser.Id {
// our own message
return
}
// we don't have the user, refresh the userlist
if u.MmUsers[data.UserId] == nil {
u.updateMMUsers()
}
ghost := u.createMMUser(u.MmUsers[data.UserId])
rcvchannel := u.getMMChannelName(data.ChannelId)
// direct message
if strings.Contains(rcvchannel, "__") {
logger.Debug("direct message")
var rcvuser string
rcvusers := strings.Split(rcvchannel, "__")
if rcvusers[0] != u.MmUser.Id {
rcvuser = u.MmUsers[rcvusers[0]].Username
} else {
rcvuser = u.MmUsers[rcvusers[1]].Username
}
msgs := strings.Split(data.Message, "\n")
for _, m := range msgs {
u.MsgSpoofUser(rcvuser, m)
}
return
}
logger.Debugf("channel id %#v, name %#v", data.ChannelId, u.getMMChannelName(data.ChannelId))
ch := u.Srv.Channel("#" + rcvchannel)
// join if not in channel
if !ch.HasUser(ghost) {
ch.Join(ghost)
}
msgs := strings.Split(data.Message, "\n")
for _, m := range msgs {
ch.Message(ghost, m)
}
if len(data.Filenames) > 0 {
logger.Debugf("files detected")
for _, fname := range data.Filenames {
logger.Debug("filename: ", fname)
ch.Message(ghost, "download file - https://"+u.Credentials.Server+"/api/v1/files/get"+fname)
}
}
logger.Debug(u.MmUsers[data.UserId].Username, ":", data.Message)
logger.Debugf("%#v", data)
// updatelastviewed
u.updateMMLastViewed(data.ChannelId)
return
}
func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("createPost", "post")
return
}
post.UserId = c.Session.UserId
cchan := app.Srv.Store.Channel().Get(post.ChannelId, true)
if !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_CREATE_POST) {
return
}
// Check that channel has not been deleted
var channel *model.Channel
if result := <-cchan; result.Err != nil {
c.SetInvalidParam("createPost", "post.channelId")
return
} else {
channel = result.Data.(*model.Channel)
}
if channel.DeleteAt != 0 {
c.Err = model.NewLocAppError("createPost", "api.post.create_post.can_not_post_to_deleted.error", nil, "")
c.Err.StatusCode = http.StatusBadRequest
return
}
if post.CreateAt != 0 && !HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM) {
post.CreateAt = 0
}
if rp, err := app.CreatePost(post, c.TeamId, true); err != nil {
c.Err = err
if c.Err.Id == "api.post.create_post.root_id.app_error" ||
c.Err.Id == "api.post.create_post.channel_root_id.app_error" ||
c.Err.Id == "api.post.create_post.parent_id.app_error" {
c.Err.StatusCode = http.StatusBadRequest
}
return
} else {
// Update the LastViewAt only if the post does not have from_webhook prop set (eg. Zapier app)
if _, ok := post.Props["from_webhook"]; !ok {
if result := <-app.Srv.Store.Channel().UpdateLastViewedAt([]string{post.ChannelId}, c.Session.UserId); result.Err != nil {
l4g.Error(utils.T("api.post.create_post.last_viewed.error"), post.ChannelId, c.Session.UserId, result.Err)
}
}
w.Write([]byte(rp.ToJson()))
}
}
func (m *MMClient) parseActionPost(rmsg *Message) {
data := model.PostFromJson(strings.NewReader(rmsg.Raw.Props["post"]))
// we don't have the user, refresh the userlist
if m.GetUser(data.UserId) == nil {
m.UpdateUsers()
}
rmsg.Username = m.GetUser(data.UserId).Username
rmsg.Channel = m.GetChannelName(data.ChannelId)
rmsg.Team = m.GetTeamName(rmsg.Raw.TeamId)
// direct message
if data.Type == "D" {
rmsg.Channel = m.GetUser(data.UserId).Username
}
rmsg.Text = data.Message
rmsg.Post = data
return
}
func createValetPost(c *Context, w http.ResponseWriter, r *http.Request) {
tchan := Srv.Store.Team().Get(c.Session.TeamId)
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("createValetPost", "post")
return
}
cchan := Srv.Store.Channel().CheckOpenChannelPermissions(c.Session.TeamId, post.ChannelId)
// Any one with access to the team can post as valet to any open channel
if !c.HasPermissionsToChannel(cchan, "createValetPost") {
return
}
// Make sure this team has the valet feature enabled
if tResult := <-tchan; tResult.Err != nil {
c.Err = model.NewAppError("createValetPost", "Could not find the team for this session, team_id="+c.Session.TeamId, "")
return
} else {
if !tResult.Data.(*model.Team).AllowValet {
c.Err = model.NewAppError("createValetPost", "The valet feature is currently turned off. Please contact your team administrator for details.", "")
c.Err.StatusCode = http.StatusNotImplemented
return
}
}
if rp, err := CreateValetPost(c, post); err != nil {
c.Err = err
if strings.Contains(c.Err.Message, "parameter") {
c.Err.StatusCode = http.StatusBadRequest
}
return
} else {
w.Write([]byte(rp.ToJson()))
}
}
func (m *MMClient) parseActionPost(rmsg *Message) {
data := model.PostFromJson(strings.NewReader(rmsg.Raw.Props["post"]))
// log.Println("receiving userid", data.UserId)
// we don't have the user, refresh the userlist
if m.Users[data.UserId] == nil {
m.UpdateUsers()
}
rmsg.Username = m.Users[data.UserId].Username
rmsg.Channel = m.GetChannelName(data.ChannelId)
// direct message
if strings.Contains(rmsg.Channel, "__") {
//log.Println("direct message")
rcvusers := strings.Split(rmsg.Channel, "__")
if rcvusers[0] != m.User.Id {
rmsg.Channel = m.Users[rcvusers[0]].Username
} else {
rmsg.Channel = m.Users[rcvusers[1]].Username
}
}
rmsg.Text = data.Message
rmsg.Post = data
return
}
func (u *User) handleWsActionPost(rmsg *model.Message) {
data := model.PostFromJson(strings.NewReader(rmsg.Props["post"]))
logger.Debug("receiving userid", data.UserId)
if data.UserId == u.mc.User.Id {
// space + ZWSP
if strings.Contains(data.Message, " ") {
logger.Debugf("message is sent from IRC, contains unicode, not relaying %#v", data.Message)
return
}
if data.Type == "system_join_leave" {
logger.Debugf("our own join/leave message. not relaying %#v", data.Message)
return
}
}
ghost := u.createMMUser(u.mc.Users[data.UserId])
// our own message, set our IRC self as user, not our mattermost self
if data.UserId == u.mc.User.Id {
ghost = u
}
rcvchannel := u.mc.GetChannelName(data.ChannelId)
// direct message
if strings.Contains(rcvchannel, "__") {
// our own message, ignore because we can't handle/fake those on IRC
if data.UserId == u.mc.User.Id {
return
}
logger.Debug("direct message")
rcvuser := u.mc.GetOtherUserDM(rcvchannel)
msgs := strings.Split(data.Message, "\n")
for _, m := range msgs {
u.MsgSpoofUser(rcvuser.Username, m)
}
return
}
logger.Debugf("channel id %#v, name %#v", data.ChannelId, u.mc.GetChannelName(data.ChannelId))
ch := u.Srv.Channel("#" + rcvchannel)
// join if not in channel
if !ch.HasUser(ghost) {
ch.Join(ghost)
}
msgs := strings.Split(data.Message, "\n")
// check if we have a override_username (from webhooks) and use it
props := map[string]interface{}(data.Props)
overrideUsername, _ := props["override_username"].(string)
for _, m := range msgs {
if overrideUsername != "" {
ch.SpoofMessage(overrideUsername, m)
} else {
ch.Message(ghost, m)
}
}
if len(data.Filenames) > 0 {
logger.Debugf("files detected")
for _, fname := range u.mc.GetPublicLinks(data.Filenames) {
ch.Message(ghost, "download file - "+fname)
}
}
logger.Debug(u.mc.Users[data.UserId].Username, ":", data.Message)
logger.Debugf("%#v", data)
// updatelastviewed
u.mc.UpdateLastViewed(data.ChannelId)
}
func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
post := model.PostFromJson(r.Body)
if post == nil {
c.SetInvalidParam("updatePost", "post")
return
}
pchan := app.Srv.Store.Post().Get(post.Id)
if !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_EDIT_POST) {
return
}
var oldPost *model.Post
if result := <-pchan; result.Err != nil {
c.Err = result.Err
return
} else {
oldPost = result.Data.(*model.PostList).Posts[post.Id]
if oldPost == nil {
c.Err = model.NewLocAppError("updatePost", "api.post.update_post.find.app_error", nil, "id="+post.Id)
c.Err.StatusCode = http.StatusBadRequest
return
}
if oldPost.UserId != c.Session.UserId {
c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, "oldUserId="+oldPost.UserId)
c.Err.StatusCode = http.StatusForbidden
return
}
if oldPost.DeleteAt != 0 {
c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil,
c.T("api.post.update_post.permissions_details.app_error", map[string]interface{}{"PostId": post.Id}))
c.Err.StatusCode = http.StatusForbidden
return
}
if oldPost.IsSystemMessage() {
c.Err = model.NewLocAppError("updatePost", "api.post.update_post.system_message.app_error", nil, "id="+post.Id)
c.Err.StatusCode = http.StatusForbidden
return
}
}
newPost := &model.Post{}
*newPost = *oldPost
newPost.Message = post.Message
newPost.EditAt = model.GetMillis()
newPost.Hashtags, _ = model.ParseHashtags(post.Message)
if result := <-app.Srv.Store.Post().Update(newPost, oldPost); result.Err != nil {
c.Err = result.Err
return
} else {
rpost := result.Data.(*model.Post)
message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_POST_EDITED, "", rpost.ChannelId, "", nil)
message.Add("post", rpost.ToJson())
go app.Publish(message)
app.InvalidateCacheForChannelPosts(rpost.ChannelId)
w.Write([]byte(rpost.ToJson()))
}
}
func (u *User) handleWsActionPost(rmsg *model.WebSocketEvent) {
var ch Channel
data := model.PostFromJson(strings.NewReader(rmsg.Data["post"].(string)))
props := rmsg.Data
extraProps := model.StringInterfaceFromJson(strings.NewReader(rmsg.Data["post"].(string)))["props"].(map[string]interface{})
logger.Debugf("handleWsActionPost() receiving userid %s", data.UserId)
if data.UserId == u.mc.User.Id {
// space + ZWSP
if strings.Contains(data.Message, " ") {
logger.Debugf("message is sent from IRC, contains unicode, not relaying %#v", data.Message)
return
}
if data.Type == "system_join_leave" {
logger.Debugf("our own join/leave message. not relaying %#v", data.Message)
return
}
}
// create new "ghost" user
ghost := u.createMMUser(u.mc.GetUser(data.UserId))
// our own message, set our IRC self as user, not our mattermost self
if data.UserId == u.mc.User.Id {
ghost = u
}
spoofUsername := ghost.Nick
// check if we have a override_username (from webhooks) and use it
overrideUsername, _ := extraProps["override_username"].(string)
if overrideUsername != "" {
// only allow valid irc nicks
re := regexp.MustCompile("^[a-zA-Z0-9_]*$")
if re.MatchString(overrideUsername) {
spoofUsername = overrideUsername
}
}
msgs := strings.Split(data.Message, "\n")
// direct message
if props["channel_type"] == "D" {
// our own message, ignore because we can't handle/fake those on IRC
if data.UserId == u.mc.User.Id {
return
}
}
// not a private message so do channel stuff
if props["channel_type"] != "D" {
ch = u.Srv.Channel(data.ChannelId)
// join if not in channel
if !ch.HasUser(ghost) {
ch.Join(ghost)
}
}
// check if we have a override_username (from webhooks) and use it
for _, m := range msgs {
if m == "" {
continue
}
if props["channel_type"] == "D" {
u.MsgSpoofUser(spoofUsername, m)
} else {
ch.SpoofMessage(spoofUsername, m)
}
}
if len(data.Filenames) > 0 {
logger.Debugf("files detected")
for _, fname := range u.mc.GetPublicLinks(data.Filenames) {
if props["channel_type"] == "D" {
u.MsgSpoofUser(spoofUsername, "download file - "+fname)
} else {
ch.SpoofMessage(spoofUsername, "download file - "+fname)
}
}
}
logger.Debugf("handleWsActionPost() user %s sent %s", u.mc.GetUser(data.UserId).Username, data.Message)
logger.Debugf("%#v", data)
// updatelastviewed
u.mc.UpdateLastViewed(data.ChannelId)
}
