2 files changed, 99 insertions, 0 deletions

diff --git a/api/command.go b/api/command.go
index e71661a67..ff0f72149 100644
--- a/api/command.go
+++ b/api/command.go
@@ -45,6 +45,7 @@ func InitCommand() {
 	BaseRoutes.Commands.Handle("/list", ApiUserRequired(listCommands)).Methods("GET")
 
 	BaseRoutes.Commands.Handle("/create", ApiUserRequired(createCommand)).Methods("POST")
+	BaseRoutes.Commands.Handle("/update", ApiUserRequired(updateCommand)).Methods("POST")
 	BaseRoutes.Commands.Handle("/list_team_commands", ApiUserRequired(listTeamCommands)).Methods("GET")
 	BaseRoutes.Commands.Handle("/regen_token", ApiUserRequired(regenCommandToken)).Methods("POST")
 	BaseRoutes.Commands.Handle("/delete", ApiUserRequired(deleteCommand)).Methods("POST")
@@ -319,6 +320,65 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !*utils.Cfg.ServiceSettings.EnableCommands {
+		c.Err = model.NewLocAppError("updateCommand", "api.command.disabled.app_error", nil, "")
+		c.Err.StatusCode = http.StatusNotImplemented
+		return
+	}
+
+	if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+		c.Err = model.NewLocAppError("updateCommand", "api.command.admin_only.app_error", nil, "")
+		c.Err.StatusCode = http.StatusForbidden
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	cmd := model.CommandFromJson(r.Body)
+
+	if cmd == nil {
+		c.SetInvalidParam("updateCommand", "command")
+		return
+	}
+
+	cmd.Trigger = strings.ToLower(cmd.Trigger)
+
+	var oldCmd *model.Command
+	if result := <-Srv.Store.Command().Get(cmd.Id); result.Err != nil {
+		c.Err = result.Err
+		return
+	} else {
+		oldCmd = result.Data.(*model.Command)
+
+		if c.Session.UserId != oldCmd.CreatorId && !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+			c.LogAudit("fail - inappropriate permissions")
+			c.Err = model.NewLocAppError("updateCommand", "api.command.update.app_error", nil, "user_id="+c.Session.UserId)
+			return
+		}
+
+		if c.TeamId != oldCmd.TeamId {
+			c.Err = model.NewLocAppError("updateCommand", "api.command.team_mismatch.app_error", nil, "user_id="+c.Session.UserId)
+			return
+		}
+
+		cmd.Id = oldCmd.Id
+		cmd.Token = oldCmd.Token
+		cmd.CreateAt = oldCmd.CreateAt
+		cmd.UpdateAt = model.GetMillis()
+		cmd.DeleteAt = oldCmd.DeleteAt
+		cmd.CreatorId = oldCmd.CreatorId
+		cmd.TeamId = oldCmd.TeamId
+	}
+
+	if result := <-Srv.Store.Command().Update(cmd); result.Err != nil {
+		c.Err = result.Err
+		return
+	} else {
+		w.Write([]byte(result.Data.(*model.Command).ToJson()))
+	}
+}
+
 func listTeamCommands(c *Context, w http.ResponseWriter, r *http.Request) {
 	if !*utils.Cfg.ServiceSettings.EnableCommands {
 		c.Err = model.NewLocAppError("listTeamCommands", "api.command.disabled.app_error", nil, "")
diff --git a/api/command_test.go b/api/command_test.go
index 7a78d350d..45268a9a5 100644
--- a/api/command_test.go
+++ b/api/command_test.go
@@ -120,6 +120,45 @@ func TestListTeamCommands(t *testing.T) {
 	}
 }
 
+func TestUpdateCommand(t *testing.T) {
+	th := Setup().InitSystemAdmin()
+	Client := th.SystemAdminClient
+	user := th.SystemAdminUser
+	team := th.SystemAdminTeam
+
+	enableCommands := *utils.Cfg.ServiceSettings.EnableCommands
+	defer func() {
+		utils.Cfg.ServiceSettings.EnableCommands = &enableCommands
+	}()
+	*utils.Cfg.ServiceSettings.EnableCommands = true
+
+	cmd1 := &model.Command{
+		CreatorId: user.Id,
+		TeamId:    team.Id,
+		URL:       "http://nowhere.com",
+		Method:    model.COMMAND_METHOD_POST,
+		Trigger:   "trigger"}
+
+	cmd1 = Client.Must(Client.CreateCommand(cmd1)).Data.(*model.Command)
+
+	cmd2 := &model.Command{
+		CreatorId: user.Id,
+		TeamId:    team.Id,
+		URL:       "http://nowhere.com",
+		Method:    model.COMMAND_METHOD_POST,
+		Trigger:   "trigger2",
+		Token:     cmd1.Token,
+		Id:        cmd1.Id}
+
+	if result, err := Client.UpdateCommand(cmd2); err != nil {
+		t.Fatal(err)
+	} else {
+		if result.Data.(*model.Command).Trigger == cmd1.Trigger {
+			t.Fatal("update didn't work properly")
+		}
+	}
+}
+
 func TestRegenToken(t *testing.T) {
 	th := Setup().InitSystemAdmin()
 	Client := th.SystemAdminClient