diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/api.go | 7 | ||||
-rw-r--r-- | api4/team.go | 64 | ||||
-rw-r--r-- | api4/team_test.go | 118 |
3 files changed, 185 insertions, 4 deletions
diff --git a/api4/api.go b/api4/api.go index 2293cdec5..5ad410cb3 100644 --- a/api4/api.go +++ b/api4/api.go @@ -94,7 +94,7 @@ func InitApi(full bool) { BaseRoutes.UserByEmail = BaseRoutes.Users.PathPrefix("/email/{email}").Subrouter() BaseRoutes.Teams = BaseRoutes.ApiRoot.PathPrefix("/teams").Subrouter() - BaseRoutes.TeamsForUser = BaseRoutes.Users.PathPrefix("/teams").Subrouter() + BaseRoutes.TeamsForUser = BaseRoutes.User.PathPrefix("/teams").Subrouter() BaseRoutes.Team = BaseRoutes.Teams.PathPrefix("/{team_id:[A-Za-z0-9]+}").Subrouter() BaseRoutes.TeamByName = BaseRoutes.Teams.PathPrefix("/name/{team_name:[A-Za-z0-9_-]+}").Subrouter() BaseRoutes.TeamMembers = BaseRoutes.Team.PathPrefix("/members").Subrouter() @@ -141,11 +141,10 @@ func InitApi(full bool) { InitTeam() InitChannel() + app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404)) + // REMOVE CONDITION WHEN APIv3 REMOVED if full { - // 404 on any api route before web.go has a chance to serve it - app.Srv.Router.Handle("/api/{anything:.*}", http.HandlerFunc(Handle404)) - utils.InitHTML() app.InitEmailBatching() diff --git a/api4/team.go b/api4/team.go index 6365ff6de..8564029b0 100644 --- a/api4/team.go +++ b/api4/team.go @@ -16,6 +16,11 @@ func InitTeam() { l4g.Debug(utils.T("api.team.init.debug")) BaseRoutes.Teams.Handle("", ApiSessionRequired(createTeam)).Methods("POST") + BaseRoutes.TeamsForUser.Handle("", ApiSessionRequired(getTeamsForUser)).Methods("GET") + + BaseRoutes.Team.Handle("", ApiSessionRequired(getTeam)).Methods("GET") + + BaseRoutes.TeamMember.Handle("", ApiSessionRequired(getTeamMember)).Methods("GET") } @@ -40,3 +45,62 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusCreated) w.Write([]byte(rteam.ToJson())) } + +func getTeam(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId() + if c.Err != nil { + return + } + + if team, err := app.GetTeam(c.Params.TeamId); err != nil { + c.Err = err + return + } else { + if team.Type != model.TEAM_OPEN && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + + w.Write([]byte(team.ToJson())) + return + } +} + +func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + if teams, err := app.GetTeamsForUser(c.Params.UserId); err != nil { + c.Err = err + return + } else { + w.Write([]byte(model.TeamListToJson(teams))) + } +} + +func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId().RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + + if team, err := app.GetTeamMember(c.Params.TeamId, c.Params.UserId); err != nil { + c.Err = err + return + } else { + w.Write([]byte(team.ToJson())) + return + } +} diff --git a/api4/team_test.go b/api4/team_test.go index 90f237151..5c6d64ace 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -74,3 +74,121 @@ func TestCreateTeam(t *testing.T) { _, resp = Client.CreateTeam(team) CheckForbiddenStatus(t, resp) } + +func TestGetTeam(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + team := th.BasicTeam + + rteam, resp := Client.GetTeam(team.Id, "") + CheckNoError(t, resp) + + if rteam.Id != team.Id { + t.Fatal("wrong team") + } + + _, resp = Client.GetTeam("junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeam("", "") + CheckNotFoundStatus(t, resp) + + _, resp = Client.GetTeam(model.NewId(), "") + CheckNotFoundStatus(t, resp) + + th.LoginTeamAdmin() + + team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: GenerateTestEmail(), Type: model.TEAM_INVITE} + rteam2, _ := Client.CreateTeam(team2) + + th.LoginBasic() + _, resp = Client.GetTeam(rteam2.Id, "") + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = Client.GetTeam(team.Id, "") + CheckUnauthorizedStatus(t, resp) + + _, resp = th.SystemAdminClient.GetTeam(rteam2.Id, "") + CheckNoError(t, resp) +} + +func TestGetTeamsForUser(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: GenerateTestEmail(), Type: model.TEAM_INVITE} + rteam2, _ := Client.CreateTeam(team2) + + teams, resp := Client.GetTeamsForUser(th.BasicUser.Id, "") + CheckNoError(t, resp) + + if len(teams) != 2 { + t.Fatal("wrong number of teams") + } + + found1 := false + found2 := false + for _, t := range teams { + if t.Id == th.BasicTeam.Id { + found1 = true + } else if t.Id == rteam2.Id { + found2 = true + } + } + + if !found1 || !found2 { + t.Fatal("missing team") + } + + _, resp = Client.GetTeamsForUser("junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamsForUser(model.NewId(), "") + CheckForbiddenStatus(t, resp) + + _, resp = Client.GetTeamsForUser(th.BasicUser2.Id, "") + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.GetTeamsForUser(th.BasicUser2.Id, "") + CheckNoError(t, resp) +} + +func TestGetTeamMember(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + team := th.BasicTeam + user := th.BasicUser + + rmember, resp := Client.GetTeamMember(team.Id, user.Id, "") + CheckNoError(t, resp) + + if rmember.TeamId != team.Id { + t.Fatal("wrong team id") + } + + if rmember.UserId != user.Id { + t.Fatal("wrong team id") + } + + _, resp = Client.GetTeamMember("junk", user.Id, "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamMember(team.Id, "junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamMember("junk", "junk", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.GetTeamMember(team.Id, model.NewId(), "") + CheckNotFoundStatus(t, resp) + + _, resp = Client.GetTeamMember(model.NewId(), user.Id, "") + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.GetTeamMember(team.Id, user.Id, "") + CheckNoError(t, resp) +} |