Implement some team endpoints for APIv4 (#5745)

* Implement PUT /teams/{team_id} endpoint for APIv4

* Implement GET /users/{user_id}/teams/{team_id}/unread endpoint for APIv4

* Implement POST /teams/{team_id}/members/ids endpoint for APIv4

* Remove debug statement

3 files changed, 259 insertions, 1 deletions

diff --git a/api4/api.go b/api4/api.go
index 223017151..289291951 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -28,6 +28,7 @@ type Routes struct {
 	Teams        *mux.Router // 'api/v4/teams'
 	TeamsForUser *mux.Router // 'api/v4/users/{user_id:[A-Za-z0-9]+}/teams'
 	Team         *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9]+}'
+	TeamForUser  *mux.Router // 'api/v4/users/{user_id:[A-Za-z0-9]+}/teams/{team_id:[A-Za-z0-9]+}'
 	TeamByName   *mux.Router // 'api/v4/teams/name/{team_name:[A-Za-z0-9_-]+}'
 	TeamMembers  *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9_-]+}/members'
 	TeamMember   *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9_-]+}/members/{user_id:[A-Za-z0-9_-]+}'
@@ -99,6 +100,7 @@ func InitApi(full bool) {
 	BaseRoutes.Teams = BaseRoutes.ApiRoot.PathPrefix("/teams").Subrouter()
 	BaseRoutes.TeamsForUser = BaseRoutes.User.PathPrefix("/teams").Subrouter()
 	BaseRoutes.Team = BaseRoutes.Teams.PathPrefix("/{team_id:[A-Za-z0-9]+}").Subrouter()
+	BaseRoutes.TeamForUser = BaseRoutes.TeamsForUser.PathPrefix("/{team_id:[A-Za-z0-9]+}").Subrouter()
 	BaseRoutes.TeamByName = BaseRoutes.Teams.PathPrefix("/name/{team_name:[A-Za-z0-9_-]+}").Subrouter()
 	BaseRoutes.TeamMembers = BaseRoutes.Team.PathPrefix("/members").Subrouter()
 	BaseRoutes.TeamMember = BaseRoutes.TeamMembers.PathPrefix("/{user_id:[A-Za-z0-9]+}").Subrouter()
diff --git a/api4/team.go b/api4/team.go
index 40f41aaab..ed4929326 100644
--- a/api4/team.go
+++ b/api4/team.go
@@ -21,8 +21,12 @@ func InitTeam() {
 	BaseRoutes.TeamsForUser.Handle("/unread", ApiSessionRequired(getTeamsUnreadForUser)).Methods("GET")
 
 	BaseRoutes.Team.Handle("", ApiSessionRequired(getTeam)).Methods("GET")
+	BaseRoutes.Team.Handle("", ApiSessionRequired(updateTeam)).Methods("PUT")
 	BaseRoutes.Team.Handle("/stats", ApiSessionRequired(getTeamStats)).Methods("GET")
-	BaseRoutes.Team.Handle("/members", ApiSessionRequired(getTeamMembers)).Methods("GET")
+	BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(getTeamMembers)).Methods("GET")
+	BaseRoutes.TeamMembers.Handle("/ids", ApiSessionRequired(getTeamMembersByIds)).Methods("POST")
+
+	BaseRoutes.TeamForUser.Handle("/unread", ApiSessionRequired(getTeamUnread)).Methods("GET")
 
 	BaseRoutes.TeamByName.Handle("", ApiSessionRequired(getTeamByName)).Methods("GET")
 	BaseRoutes.TeamMember.Handle("", ApiSessionRequired(getTeamMember)).Methods("GET")
@@ -92,6 +96,36 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireTeamId()
+	if c.Err != nil {
+		return
+	}
+
+	team := model.TeamFromJson(r.Body)
+
+	if team == nil {
+		c.SetInvalidParam("team")
+		return
+	}
+
+	team.Id = c.Params.TeamId
+
+	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
+		return
+	}
+
+	updatedTeam, err := app.UpdateTeam(team)
+
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(updatedTeam.ToJson()))
+}
+
 func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequireUserId()
 	if c.Err != nil {
@@ -174,6 +208,58 @@ func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireTeamId()
+	if c.Err != nil {
+		return
+	}
+
+	userIds := model.ArrayFromJson(r.Body)
+
+	if len(userIds) == 0 {
+		c.SetInvalidParam("user_ids")
+		return
+	}
+
+	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
+		return
+	}
+
+	members, err := app.GetTeamMembersByIds(c.Params.TeamId, userIds)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(model.TeamMembersToJson(members)))
+}
+
+func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireTeamId().RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
+		return
+	}
+
+	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
+		return
+	}
+
+	unreadTeam, err := app.GetTeamUnread(c.Params.TeamId, c.Params.UserId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(unreadTeam.ToJson()))
+}
+
 func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequireTeamId()
 	if c.Err != nil {
diff --git a/api4/team_test.go b/api4/team_test.go
index 1ace69685..4b69f5b62 100644
--- a/api4/team_test.go
+++ b/api4/team_test.go
@@ -114,6 +114,138 @@ func TestGetTeam(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestGetTeamUnread(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	teamUnread, resp := Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id)
+	CheckNoError(t, resp)
+	if teamUnread.TeamId != th.BasicTeam.Id {
+		t.Fatal("wrong team id returned for regular user call")
+	}
+
+	_, resp = Client.GetTeamUnread("junk", th.BasicUser.Id)
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetTeamUnread(th.BasicTeam.Id, "junk")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetTeamUnread(model.NewId(), th.BasicUser.Id)
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = Client.GetTeamUnread(th.BasicTeam.Id, model.NewId())
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id)
+	CheckUnauthorizedStatus(t, resp)
+
+	teamUnread, resp = th.SystemAdminClient.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id)
+	CheckNoError(t, resp)
+	if teamUnread.TeamId != th.BasicTeam.Id {
+		t.Fatal("wrong team id returned")
+	}
+}
+
+func TestUpdateTeam(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	team := &model.Team{DisplayName: "Name", Description: "Some description", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN}
+	team, _ = Client.CreateTeam(team)
+
+	team.Description = "updated description"
+	uteam, resp := Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.Description != "updated description" {
+		t.Fatal("Update failed")
+	}
+
+	team.DisplayName = "Updated Name"
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.DisplayName != "Updated Name" {
+		t.Fatal("Update failed")
+	}
+
+	team.AllowOpenInvite = true
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.AllowOpenInvite != true {
+		t.Fatal("Update failed")
+	}
+
+	team.InviteId = "inviteid1"
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.InviteId != "inviteid1" {
+		t.Fatal("Update failed")
+	}
+
+	team.Name = "Updated name"
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.Name == "Updated name" {
+		t.Fatal("Should not update name")
+	}
+
+	team.Email = "test@domain.com"
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.Email == "test@domain.com" {
+		t.Fatal("Should not update email")
+	}
+
+	team.Type = model.TEAM_INVITE
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.Type == model.TEAM_INVITE {
+		t.Fatal("Should not update type")
+	}
+
+	team.AllowedDomains = "domain"
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.AllowedDomains == "domain" {
+		t.Fatal("Should not update allowed_domains")
+	}
+
+	originalTeamId := team.Id
+	team.Id = model.NewId()
+
+	if r, err := Client.DoApiPut(Client.GetTeamRoute(originalTeamId), team.ToJson()); err != nil {
+		t.Fatal(err)
+	} else {
+		uteam = model.TeamFromJson(r.Body)
+	}
+
+	if uteam.Id != originalTeamId {
+		t.Fatal("wrong team id")
+	}
+
+	team.Id = "fake"
+	_, resp = Client.UpdateTeam(team)
+	CheckBadRequestStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.UpdateTeam(team)
+	CheckUnauthorizedStatus(t, resp)
+
+	team.Id = originalTeamId
+	_, resp = th.SystemAdminClient.UpdateTeam(team)
+	CheckNoError(t, resp)
+}
+
 func TestGetAllTeams(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer TearDown()
@@ -332,6 +464,44 @@ func TestGetTeamMembers(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestGetTeamMembersByIds(t *testing.T) {
+	th := Setup().InitBasic()
+	defer TearDown()
+	Client := th.Client
+
+	tm, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id})
+	CheckNoError(t, resp)
+
+	if tm[0].UserId != th.BasicUser.Id {
+		t.Fatal("returned wrong user")
+	}
+
+	_, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{})
+	CheckBadRequestStatus(t, resp)
+
+	tm1, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk"})
+	CheckNoError(t, resp)
+	if len(tm1) > 0 {
+		t.Fatal("no users should be returned")
+	}
+
+	tm1, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk", th.BasicUser.Id})
+	CheckNoError(t, resp)
+	if len(tm1) != 1 {
+		t.Fatal("1 user should be returned")
+	}
+
+	tm1, resp = Client.GetTeamMembersByIds("junk", []string{th.BasicUser.Id})
+	CheckBadRequestStatus(t, resp)
+
+	tm1, resp = Client.GetTeamMembersByIds(model.NewId(), []string{th.BasicUser.Id})
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id})
+	CheckUnauthorizedStatus(t, resp)
+}
+
 func TestGetTeamStats(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer TearDown()