diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/webhook.go | 40 | ||||
-rw-r--r-- | api4/webhook_test.go | 62 |
2 files changed, 100 insertions, 2 deletions
diff --git a/api4/webhook.go b/api4/webhook.go index 8d2c4874f..86f8bcc2e 100644 --- a/api4/webhook.go +++ b/api4/webhook.go @@ -23,8 +23,9 @@ func InitWebhook() { BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(createOutgoingHook)).Methods("POST") BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(getOutgoingHooks)).Methods("GET") - BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(updateOutcomingHook)).Methods("PUT") BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(getOutgoingHook)).Methods("GET") + BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(updateOutgoingHook)).Methods("PUT") + BaseRoutes.OutgoingHook.Handle("", ApiSessionRequired(deleteOutgoingHook)).Methods("DELETE") BaseRoutes.OutgoingHook.Handle("/regen_token", ApiSessionRequired(regenOutgoingHookToken)).Methods("POST") } @@ -226,7 +227,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { } } -func updateOutcomingHook(c *Context, w http.ResponseWriter, r *http.Request) { +func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireHookId() if c.Err != nil { return @@ -395,3 +396,38 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) w.Write([]byte(rhook.ToJson())) } } + +func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireHookId() + if c.Err != nil { + return + } + + hook, err := app.GetOutgoingWebhook(c.Params.HookId) + if err != nil { + c.Err = err + return + } + + c.LogAudit("attempt") + + if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) + return + } + + if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) + return + } + + if err := app.DeleteOutgoingWebhook(hook.Id); err != nil { + c.LogAudit("fail") + c.Err = err + return + } + + c.LogAudit("success") + ReturnStatusOK(w) +} diff --git a/api4/webhook_test.go b/api4/webhook_test.go index 80b03c5aa..1691b27e5 100644 --- a/api4/webhook_test.go +++ b/api4/webhook_test.go @@ -831,3 +831,65 @@ func TestUpdateOutgoingHook(t *testing.T) { CheckUnauthorizedStatus(t, resp) }) } + +func TestDeleteOutgoingHook(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.SystemAdminClient + + enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations + defer func() { + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks + utils.SetDefaultRolesBasedOnConfig() + }() + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true + utils.SetDefaultRolesBasedOnConfig() + + var resp *model.Response + var rhook *model.OutgoingWebhook + var hook *model.OutgoingWebhook + var status bool + + t.Run("WhenInvalidHookID", func(t *testing.T) { + status, resp = Client.DeleteOutgoingWebhook("abc") + CheckBadRequestStatus(t, resp) + }) + + t.Run("WhenHookDoesNotExist", func(t *testing.T) { + status, resp = Client.DeleteOutgoingWebhook(model.NewId()) + CheckInternalErrorStatus(t, resp) + }) + + t.Run("WhenHookExists", func(t *testing.T) { + hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, + CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}} + rhook, resp = Client.CreateOutgoingWebhook(hook) + CheckNoError(t, resp) + + if status, resp = Client.DeleteOutgoingWebhook(rhook.Id); !status { + t.Fatal("Delete should have succeeded") + } else { + CheckOKStatus(t, resp) + } + + // Get now should not return this deleted hook + _, resp = Client.GetIncomingWebhook(rhook.Id, "") + CheckNotFoundStatus(t, resp) + }) + + t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) { + hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, + CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"dogs"}} + rhook, resp = Client.CreateOutgoingWebhook(hook) + CheckNoError(t, resp) + + th.LoginBasic() + Client = th.Client + + _, resp = Client.DeleteOutgoingWebhook(rhook.Id) + CheckForbiddenStatus(t, resp) + }) +} |