From 3ebfb369530e28ca3246c5cd2833e666edce9c90 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 13 Mar 2017 10:14:16 -0400
Subject: Implement compliance endpoints for APIv4 (#5683)

* Implement compliance endpoints for APIv4

* Add paging to get reports endpoint
---
 api4/compliance.go | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 127 insertions(+)
 create mode 100644 api4/compliance.go

(limited to 'api4/compliance.go')

diff --git a/api4/compliance.go b/api4/compliance.go
new file mode 100644
index 000000000..37196c853
--- /dev/null
+++ b/api4/compliance.go
@@ -0,0 +1,127 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"net/http"
+	"strconv"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+	"github.com/mssola/user_agent"
+)
+
+func InitCompliance() {
+	l4g.Debug(utils.T("api.compliance.init.debug"))
+
+	BaseRoutes.Compliance.Handle("/reports", ApiSessionRequired(createComplianceReport)).Methods("POST")
+	BaseRoutes.Compliance.Handle("/reports", ApiSessionRequired(getComplianceReports)).Methods("GET")
+	BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}", ApiSessionRequired(getComplianceReport)).Methods("GET")
+	BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}/download", ApiSessionRequired(downloadComplianceReport)).Methods("GET")
+}
+
+func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
+	job := model.ComplianceFromJson(r.Body)
+	if job == nil {
+		c.SetInvalidParam("compliance")
+		return
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	job.UserId = c.Session.UserId
+
+	rjob, err := app.SaveComplianceReport(job)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("")
+	w.WriteHeader(http.StatusCreated)
+	w.Write([]byte(rjob.ToJson()))
+}
+
+func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	crs, err := app.GetComplianceReports(c.Params.Page, c.Params.PerPage)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(crs.ToJson()))
+}
+
+func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireReportId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	job, err := app.GetComplianceReport(c.Params.ReportId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(job.ToJson()))
+}
+
+func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireReportId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	job, err := app.GetComplianceReport(c.Params.ReportId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	reportBytes, err := app.GetComplianceFile(job)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("downloaded " + job.Desc)
+
+	w.Header().Set("Cache-Control", "max-age=2592000, public")
+	w.Header().Set("Content-Length", strconv.Itoa(len(reportBytes)))
+	w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
+
+	// attach extra headers to trigger a download on IE, Edge, and Safari
+	ua := user_agent.New(r.UserAgent())
+	bname, _ := ua.Browser()
+
+	w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"")
+
+	if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" {
+		// trim off anything before the final / so we just get the file's name
+		w.Header().Set("Content-Type", "application/octet-stream")
+	}
+
+	w.Write(reportBytes)
+}
-- 
cgit v1.2.3-1-g7c22