APIv4 GET /users/{user_id}/posts/flagged (#5984)

* APIv4 GET /users/{user_id}/posts/flagged

* change permission check

3 files changed, 217 insertions, 0 deletions

diff --git a/api4/api.go b/api4/api.go
index dffed60e4..ea46c8ee5 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -47,6 +47,7 @@ type Routes struct {
 	Posts           *mux.Router // 'api/v4/posts'
 	Post            *mux.Router // 'api/v4/posts/{post_id:[A-Za-z0-9]+}'
 	PostsForChannel *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}/posts'
+	PostsForUser    *mux.Router // 'api/v4/users/{user_id:[A-Za-z0-9]+}/posts'
 
 	Files *mux.Router // 'api/v4/files'
 	File  *mux.Router // 'api/v4/files/{file_id:[A-Za-z0-9]+}'
@@ -126,6 +127,7 @@ func InitApi(full bool) {
 	BaseRoutes.Posts = BaseRoutes.ApiRoot.PathPrefix("/posts").Subrouter()
 	BaseRoutes.Post = BaseRoutes.Posts.PathPrefix("/{post_id:[A-Za-z0-9]+}").Subrouter()
 	BaseRoutes.PostsForChannel = BaseRoutes.Channel.PathPrefix("/posts").Subrouter()
+	BaseRoutes.PostsForUser = BaseRoutes.User.PathPrefix("/posts").Subrouter()
 
 	BaseRoutes.Files = BaseRoutes.ApiRoot.PathPrefix("/files").Subrouter()
 	BaseRoutes.File = BaseRoutes.Files.PathPrefix("/{file_id:[A-Za-z0-9]+}").Subrouter()
diff --git a/api4/post.go b/api4/post.go
index 5cbfeae92..3493945c9 100644
--- a/api4/post.go
+++ b/api4/post.go
@@ -22,6 +22,7 @@ func InitPost() {
 	BaseRoutes.Post.Handle("/thread", ApiSessionRequired(getPostThread)).Methods("GET")
 	BaseRoutes.Post.Handle("/files/info", ApiSessionRequired(getFileInfosForPost)).Methods("GET")
 	BaseRoutes.PostsForChannel.Handle("", ApiSessionRequired(getPostsForChannel)).Methods("GET")
+	BaseRoutes.PostsForUser.Handle("/flagged", ApiSessionRequired(getFlaggedPostsForUser)).Methods("GET")
 
 	BaseRoutes.Team.Handle("/posts/search", ApiSessionRequired(searchPosts)).Methods("POST")
 	BaseRoutes.Post.Handle("", ApiSessionRequired(updatePost)).Methods("PUT")
@@ -127,6 +128,39 @@ func getPostsForChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(list.ToJson()))
 }
 
+func getFlaggedPostsForUser(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
+		return
+	}
+
+	channelId := r.URL.Query().Get("in_channel")
+	teamId := r.URL.Query().Get("in_team")
+
+	var posts *model.PostList
+	var err *model.AppError
+
+	if len(channelId) > 0 {
+		posts, err = app.GetFlaggedPostsForChannel(c.Params.UserId, channelId, c.Params.Page, c.Params.PerPage)
+	} else if len(teamId) > 0 {
+		posts, err = app.GetFlaggedPostsForTeam(c.Params.UserId, teamId, c.Params.Page, c.Params.PerPage)
+	} else {
+		posts, err = app.GetFlaggedPosts(c.Params.UserId, c.Params.Page, c.Params.PerPage)
+	}
+
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(posts.ToJson()))
+}
+
 func getPost(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequirePostId()
 	if c.Err != nil {
diff --git a/api4/post_test.go b/api4/post_test.go
index e5c72ae9e..4a86e9f18 100644
--- a/api4/post_test.go
+++ b/api4/post_test.go
@@ -459,6 +459,187 @@ func TestGetPostsForChannel(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestGetFlaggedPostsForUser(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+	user := th.BasicUser
+	team1 := th.BasicTeam
+	channel1 := th.BasicChannel
+	post1 := th.CreatePost()
+	channel2 := th.CreatePublicChannel()
+	post2 := th.CreatePostWithClient(Client, channel2)
+
+	preference := model.Preference{
+		UserId:   user.Id,
+		Category: model.PREFERENCE_CATEGORY_FLAGGED_POST,
+		Name:     post1.Id,
+		Value:    "true",
+	}
+	Client.UpdatePreferences(user.Id, &model.Preferences{preference})
+	preference.Name = post2.Id
+	Client.UpdatePreferences(user.Id, &model.Preferences{preference})
+
+	opl := model.NewPostList()
+	opl.AddPost(post1)
+	opl.AddOrder(post1.Id)
+
+	rpl, resp := Client.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 10)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 1 {
+		t.Fatal("should have returned 1 post")
+	}
+
+	if !reflect.DeepEqual(rpl.Posts, opl.Posts) {
+		t.Fatal("posts should have matched")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 1)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 1 {
+		t.Fatal("should have returned 1 post")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 1, 1)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 0 {
+		t.Fatal("should be empty")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInChannel(user.Id, GenerateTestId(), 0, 10)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 0 {
+		t.Fatal("should be empty")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInChannel(user.Id, "junk", 0, 10)
+	CheckBadRequestStatus(t, resp)
+
+	if rpl != nil {
+		t.Fatal("should be nil")
+	}
+
+	opl.AddPost(post2)
+	opl.AddOrder(post2.Id)
+
+	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 10)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 2 {
+		t.Fatal("should have returned 2 posts")
+	}
+
+	if !reflect.DeepEqual(rpl.Posts, opl.Posts) {
+		t.Fatal("posts should have matched")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 1)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 1 {
+		t.Fatal("should have returned 1 post")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 1, 1)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 1 {
+		t.Fatal("should have returned 1 post")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 1000, 10)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 0 {
+		t.Fatal("should be empty")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, GenerateTestId(), 0, 10)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 0 {
+		t.Fatal("should be empty")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, "junk", 0, 10)
+	CheckBadRequestStatus(t, resp)
+
+	if rpl != nil {
+		t.Fatal("should be nil")
+	}
+
+	channel3 := th.CreatePrivateChannel()
+	post4 := th.CreatePostWithClient(Client, channel3)
+
+	preference.Name = post4.Id
+	Client.UpdatePreferences(user.Id, &model.Preferences{preference})
+
+	opl.AddPost(post4)
+	opl.AddOrder(post4.Id)
+
+	rpl, resp = Client.GetFlaggedPostsForUser(user.Id, 0, 10)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 3 {
+		t.Fatal("should have returned 3 posts")
+	}
+
+	if !reflect.DeepEqual(rpl.Posts, opl.Posts) {
+		t.Fatal("posts should have matched")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUser(user.Id, 0, 2)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 2 {
+		t.Fatal("should have returned 2 posts")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUser(user.Id, 2, 2)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 1 {
+		t.Fatal("should have returned 1 post")
+	}
+
+	rpl, resp = Client.GetFlaggedPostsForUser(user.Id, 1000, 10)
+	CheckNoError(t, resp)
+
+	if len(rpl.Posts) != 0 {
+		t.Fatal("should be empty")
+	}
+
+	_, resp = Client.GetFlaggedPostsForUser("junk", 0, 10)
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetFlaggedPostsForUser(GenerateTestId(), 0, 10)
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+
+	rpl, resp = Client.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 10)
+	CheckUnauthorizedStatus(t, resp)
+
+	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 10)
+	CheckUnauthorizedStatus(t, resp)
+
+	rpl, resp = Client.GetFlaggedPostsForUser(user.Id, 0, 10)
+	CheckUnauthorizedStatus(t, resp)
+
+	rpl, resp = th.SystemAdminClient.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 10)
+	CheckNoError(t, resp)
+
+	rpl, resp = th.SystemAdminClient.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 10)
+	CheckNoError(t, resp)
+
+	rpl, resp = th.SystemAdminClient.GetFlaggedPostsForUser(user.Id, 0, 10)
+	CheckNoError(t, resp)
+}
+
 func TestGetPostsAfterAndBefore(t *testing.T) {
 	th := Setup().InitBasic()
 	defer TearDown()