diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/admin.go | 35 | ||||
-rw-r--r-- | api/command_test.go | 3 | ||||
-rw-r--r-- | api/context.go | 27 | ||||
-rw-r--r-- | api/file.go | 2 | ||||
-rw-r--r-- | api/post.go | 4 | ||||
-rw-r--r-- | api/team.go | 13 | ||||
-rw-r--r-- | api/user.go | 11 | ||||
-rw-r--r-- | api/webhook.go | 2 |
8 files changed, 58 insertions, 39 deletions
diff --git a/api/admin.go b/api/admin.go index 568d8f6e8..d9714d6d2 100644 --- a/api/admin.go +++ b/api/admin.go @@ -23,8 +23,10 @@ func InitAdmin(r *mux.Router) { sr.Handle("/logs", ApiUserRequired(getLogs)).Methods("GET") sr.Handle("/config", ApiUserRequired(getConfig)).Methods("GET") sr.Handle("/save_config", ApiUserRequired(saveConfig)).Methods("POST") - sr.Handle("/client_props", ApiAppHandler(getClientProperties)).Methods("GET") sr.Handle("/test_email", ApiUserRequired(testEmail)).Methods("POST") + sr.Handle("/client_props", ApiAppHandler(getClientProperties)).Methods("GET") + sr.Handle("/log_client", ApiAppHandler(logClient)).Methods("POST") + } func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { @@ -59,6 +61,26 @@ func getClientProperties(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.MapToJson(utils.ClientProperties))) } +func logClient(c *Context, w http.ResponseWriter, r *http.Request) { + m := model.MapFromJson(r.Body) + + lvl := m["level"] + msg := m["message"] + + if len(msg) > 400 { + msg = msg[0:399] + } + + if lvl == "ERROR" { + err := model.NewAppError("client", msg, "") + c.LogError(err) + } + + rm := make(map[string]string) + rm["SUCCESS"] = "true" + w.Write([]byte(model.MapToJson(rm))) +} + func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { if !c.HasSystemAdminPermissions("getConfig") { return @@ -82,18 +104,11 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - if len(cfg.ServiceSettings.ListenAddress) == 0 { - c.SetInvalidParam("saveConfig", "config") - return - } - - if cfg.TeamSettings.MaxUsersPerTeam == 0 { - c.SetInvalidParam("saveConfig", "config") + if err := cfg.IsValid(); err != nil { + c.Err = err return } - // TODO run some cleanup validators - utils.SaveConfig(utils.CfgFileName, cfg) utils.LoadConfig(utils.CfgFileName) json := utils.Cfg.ToJson() diff --git a/api/command_test.go b/api/command_test.go index d70729448..360c4da58 100644 --- a/api/command_test.go +++ b/api/command_test.go @@ -6,6 +6,7 @@ package api import ( "strings" "testing" + "time" "github.com/mattermost/platform/model" "github.com/mattermost/platform/store" @@ -176,6 +177,8 @@ func TestEchoCommand(t *testing.T) { t.Fatal("Echo command failed to execute") } + time.Sleep(100 * time.Millisecond) + p1 := Client.Must(Client.GetPosts(channel1.Id, 0, 2, "")).Data.(*model.PostList) if len(p1.Order) != 1 { t.Fatal("Echo command failed to send") diff --git a/api/context.go b/api/context.go index d90fbd9ee..02c3dc902 100644 --- a/api/context.go +++ b/api/context.go @@ -292,14 +292,6 @@ func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) b return true } -func (c *Context) IsSystemAdmin() bool { - // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) - if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { - return true - } - return false -} - func (c *Context) HasSystemAdminPermissions(where string) bool { if c.IsSystemAdmin() { return true @@ -310,14 +302,19 @@ func (c *Context) HasSystemAdminPermissions(where string) bool { return false } -func (c *Context) IsTeamAdmin(userId string) bool { - if uresult := <-Srv.Store.User().Get(userId); uresult.Err != nil { - c.Err = uresult.Err - return false - } else { - user := uresult.Data.(*model.User) - return model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && user.TeamId == c.Session.TeamId +func (c *Context) IsSystemAdmin() bool { + // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) + if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { + return true + } + return false +} + +func (c *Context) IsTeamAdmin() bool { + if model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) || c.IsSystemAdmin() { + return true } + return false } func (c *Context) RemoveSessionCookie(w http.ResponseWriter) { diff --git a/api/file.go b/api/file.go index be8fc5456..5dc1db650 100644 --- a/api/file.go +++ b/api/file.go @@ -488,7 +488,7 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) { } func getExport(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() { c.Err = model.NewAppError("getExport", "Only a team admin can retrieve exported data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/post.go b/api/post.go index 0379f6af5..2b683fb7d 100644 --- a/api/post.go +++ b/api/post.go @@ -633,7 +633,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { post := result.Data.(*model.PostList).Posts[postId] - if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin(post.UserId) { + if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin() { return } @@ -648,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if post.UserId != c.Session.UserId && !c.IsTeamAdmin() { c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "") c.Err.StatusCode = http.StatusForbidden return diff --git a/api/team.go b/api/team.go index 4794b66df..8e5d634aa 100644 --- a/api/team.go +++ b/api/team.go @@ -75,7 +75,10 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - m["follow_link"] = bodyPage.Props["Link"] + if !utils.Cfg.EmailSettings.RequireEmailVerification { + m["follow_link"] = bodyPage.Props["Link"] + } + w.Header().Set("Access-Control-Allow-Origin", " *") w.Write([]byte(model.MapToJson(m))) } @@ -506,7 +509,7 @@ func InviteMembers(c *Context, team *model.Team, user *model.User, invites []str sender := user.GetDisplayName() senderRole := "" - if model.IsInRole(user.Roles, model.ROLE_TEAM_ADMIN) || model.IsInRole(user.Roles, model.ROLE_SYSTEM_ADMIN) { + if c.IsTeamAdmin() { senderRole = "administrator" } else { senderRole = "member" @@ -566,7 +569,7 @@ func updateTeamDisplayName(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateTeamDisplayName", "You do not have the appropriate permissions", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return @@ -600,7 +603,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) { } func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin() { c.Err = model.NewAppError("importTeam", "Only a team admin can import data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return @@ -667,7 +670,7 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { } func exportTeam(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() { c.Err = model.NewAppError("exportTeam", "Only a team admin can export data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/user.go b/api/user.go index 4240a795e..ed3576a30 100644 --- a/api/user.go +++ b/api/user.go @@ -198,7 +198,7 @@ func CreateUser(c *Context, team *model.Team, user *model.User) *model.User { l4g.Error("Encountered an issue joining default channels user_id=%s, team_id=%s, err=%v", ruser.Id, ruser.TeamId, err) } - fireAndForgetWelcomeEmail(ruser.Email, team.DisplayName, c.GetTeamURLFromTeam(team)) + fireAndForgetWelcomeEmail(ruser.Email, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) if user.EmailVerified { if cresult := <-Srv.Store.User().VerifyEmail(ruser.Id); cresult.Err != nil { l4g.Error("Failed to set email verified err=%v", cresult.Err) @@ -218,12 +218,13 @@ func CreateUser(c *Context, team *model.Team, user *model.User) *model.User { } } -func fireAndForgetWelcomeEmail(email, teamDisplayName, teamURL string) { +func fireAndForgetWelcomeEmail(email, teamDisplayName, siteURL, teamURL string) { go func() { subjectPage := NewServerTemplatePage("welcome_subject") subjectPage.Props["TeamDisplayName"] = teamDisplayName bodyPage := NewServerTemplatePage("welcome_body") + bodyPage.Props["SiteURL"] = siteURL bodyPage.Props["TeamURL"] = teamURL if err := utils.SendMail(email, subjectPage.Render(), bodyPage.Render()); err != nil { @@ -972,7 +973,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateRoles", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return @@ -997,7 +998,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { } else { sessions := result.Data.([]*model.Session) for _, s := range sessions { - sessionCache.Remove(s.Id) + sessionCache.Remove(s.Token) } } @@ -1069,7 +1070,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateActive", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/webhook.go b/api/webhook.go index b67655ff5..e694b202c 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -86,7 +86,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = result.Err return } else { - if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !c.IsTeamAdmin() { c.LogAudit("fail - inappropriate conditions") c.Err = model.NewAppError("deleteIncomingHook", "Inappropriate permissions to delete incoming webhook", "user_id="+c.Session.UserId) return |