func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) { if !*utils.Cfg.ServiceSettings.EnableCommands { c.Err = model.NewLocAppError("updateCommand", "api.command.disabled.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_SLASH_COMMANDS) { c.Err = model.NewLocAppError("updateCommand", "api.command.admin_only.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return } c.LogAudit("attempt") cmd := model.CommandFromJson(r.Body) if cmd == nil { c.SetInvalidParam("updateCommand", "command") return } cmd.Trigger = strings.ToLower(cmd.Trigger) var oldCmd *model.Command if result := <-Srv.Store.Command().Get(cmd.Id); result.Err != nil { c.Err = result.Err return } else { oldCmd = result.Data.(*model.Command) if c.Session.UserId != oldCmd.CreatorId && !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { c.LogAudit("fail - inappropriate permissions") c.Err = model.NewLocAppError("updateCommand", "api.command.update.app_error", nil, "user_id="+c.Session.UserId) return } if c.TeamId != oldCmd.TeamId { c.Err = model.NewLocAppError("updateCommand", "api.command.team_mismatch.app_error", nil, "user_id="+c.Session.UserId) return } cmd.Id = oldCmd.Id cmd.Token = oldCmd.Token cmd.CreateAt = oldCmd.CreateAt cmd.UpdateAt = model.GetMillis() cmd.DeleteAt = oldCmd.DeleteAt cmd.CreatorId = oldCmd.CreatorId cmd.TeamId = oldCmd.TeamId } if result := <-Srv.Store.Command().Update(cmd); result.Err != nil { c.Err = result.Err return } else { w.Write([]byte(result.Data.(*model.Command).ToJson())) } }
func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { if !*utils.Cfg.ServiceSettings.EnableCommands { c.Err = model.NewLocAppError("createCommand", "api.command.disabled.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations { if !(c.IsSystemAdmin() || c.IsTeamAdmin()) { c.Err = model.NewLocAppError("createCommand", "api.command.admin_only.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return } } c.LogAudit("attempt") cmd := model.CommandFromJson(r.Body) if cmd == nil { c.SetInvalidParam("createCommand", "command") return } cmd.Trigger = strings.ToLower(cmd.Trigger) cmd.CreatorId = c.Session.UserId cmd.TeamId = c.TeamId if result := <-Srv.Store.Command().GetByTeam(c.TeamId); result.Err != nil { c.Err = result.Err return } else { teamCmds := result.Data.([]*model.Command) for _, existingCommand := range teamCmds { if cmd.Trigger == existingCommand.Trigger { c.Err = model.NewLocAppError("createCommand", "api.command.duplicate_trigger.app_error", nil, "") return } } for _, builtInProvider := range commandProviders { builtInCommand := *builtInProvider.GetCommand(c) if cmd.Trigger == builtInCommand.Trigger { c.Err = model.NewLocAppError("createCommand", "api.command.duplicate_trigger.app_error", nil, "") return } } } if result := <-Srv.Store.Command().Save(cmd); result.Err != nil { c.Err = result.Err return } else { c.LogAudit("success") rcmd := result.Data.(*model.Command) w.Write([]byte(rcmd.ToJson())) } }
func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { if !*utils.Cfg.ServiceSettings.EnableCommands { c.Err = model.NewLocAppError("createCommand", "api.command.disabled.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations { if !(c.IsSystemAdmin() || c.IsTeamAdmin()) { c.Err = model.NewLocAppError("createCommand", "api.command.admin_only.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return } } c.LogAudit("attempt") cmd := model.CommandFromJson(r.Body) if cmd == nil { c.SetInvalidParam("createCommand", "command") return } cmd.CreatorId = c.Session.UserId cmd.TeamId = c.Session.TeamId if result := <-Srv.Store.Command().Save(cmd); result.Err != nil { c.Err = result.Err return } else { c.LogAudit("success") rcmd := result.Data.(*model.Command) w.Write([]byte(rcmd.ToJson())) } }