From 5462f0119edb788428f90fc61c8651e4a8cd9ad1 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Tue, 7 Feb 2017 14:58:27 -0800
Subject: Implement a few channel member endpoints for APIv4 (#5304)

* Implement GET /channels/{channel_id}/members

* Implement GET /channels/{channel_id}/members/{user_id} endpoint for APIv4

* Implement /users/{user_id}/teams/{team_id}/channels/members endpoint for APIv4

* Fix unit test
---
 api4/api.go          |   4 +-
 api4/channel.go      |  66 +++++++++++++++++++++++
 api4/channel_test.go | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 214 insertions(+), 2 deletions(-)

(limited to 'api4')

diff --git a/api4/api.go b/api4/api.go
index 5ad410cb3..a9f92c573 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -38,7 +38,7 @@ type Routes struct {
 	ChannelsForTeam       *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9]+}/channels'
 	ChannelMembers        *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}/members'
 	ChannelMember         *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}/members/{user_id:[A-Za-z0-9]+}'
-	ChannelMembersForUser *mux.Router // 'api/v4/users/{user_id:[A-Za-z0-9]+}/channels/members'
+	ChannelMembersForUser *mux.Router // 'api/v4/users/{user_id:[A-Za-z0-9]+}/teams/{team_id:[A-Za-z0-9]+}/channels/members'
 
 	Posts           *mux.Router // 'api/v4/posts'
 	Post            *mux.Router // 'api/v4/posts/{post_id:[A-Za-z0-9]+}'
@@ -106,7 +106,7 @@ func InitApi(full bool) {
 	BaseRoutes.ChannelsForTeam = BaseRoutes.Team.PathPrefix("/channels").Subrouter()
 	BaseRoutes.ChannelMembers = BaseRoutes.Channel.PathPrefix("/members").Subrouter()
 	BaseRoutes.ChannelMember = BaseRoutes.ChannelMembers.PathPrefix("/{user_id:[A-Za-z0-9]+}").Subrouter()
-	BaseRoutes.ChannelMembersForUser = BaseRoutes.User.PathPrefix("/channels/members").Subrouter()
+	BaseRoutes.ChannelMembersForUser = BaseRoutes.User.PathPrefix("/teams/{team_id:[A-Za-z0-9]+}/channels/members").Subrouter()
 
 	BaseRoutes.Posts = BaseRoutes.ApiRoot.PathPrefix("/posts").Subrouter()
 	BaseRoutes.Post = BaseRoutes.Posts.PathPrefix("/{post_id:[A-Za-z0-9]+}").Subrouter()
diff --git a/api4/channel.go b/api4/channel.go
index 10e59f49b..09ed4b571 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -17,6 +17,10 @@ func InitChannel() {
 
 	BaseRoutes.Channels.Handle("", ApiSessionRequired(createChannel)).Methods("POST")
 	BaseRoutes.Channels.Handle("/direct", ApiSessionRequired(createDirectChannel)).Methods("POST")
+
+	BaseRoutes.ChannelMembers.Handle("", ApiSessionRequired(getChannelMembers)).Methods("GET")
+	BaseRoutes.ChannelMembersForUser.Handle("", ApiSessionRequired(getChannelMembersForUser)).Methods("GET")
+	BaseRoutes.ChannelMember.Handle("", ApiSessionRequired(getChannelMember)).Methods("GET")
 }
 
 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -83,3 +87,65 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte(sc.ToJson()))
 	}
 }
+
+func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireChannelId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if members, err := app.GetChannelMembersPage(c.Params.ChannelId, c.Params.Page, c.Params.PerPage); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.Write([]byte(members.ToJson()))
+	}
+}
+
+func getChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireChannelId().RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if member, err := app.GetChannelMember(c.Params.ChannelId, c.Params.UserId); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.Write([]byte(member.ToJson()))
+	}
+}
+
+func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireUserId().RequireTeamId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+		c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
+		return
+	}
+
+	if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	if members, err := app.GetChannelMembersForUser(c.Params.TeamId, c.Params.UserId); err != nil {
+		c.Err = err
+		return
+	} else {
+		w.Write([]byte(members.ToJson()))
+	}
+}
diff --git a/api4/channel_test.go b/api4/channel_test.go
index 237d57f01..d5bc1d971 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -14,6 +14,7 @@ import (
 
 func TestCreateChannel(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
 	Client := th.Client
 	team := th.BasicTeam
 
@@ -219,3 +220,148 @@ func TestCreateDirectChannel(t *testing.T) {
 	_, resp = th.SystemAdminClient.CreateDirectChannel(user3.Id, user2.Id)
 	CheckNoError(t, resp)
 }
+
+func TestGetChannelMembers(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	members, resp := Client.GetChannelMembers(th.BasicChannel.Id, 0, 60, "")
+	CheckNoError(t, resp)
+
+	if len(*members) != 3 {
+		t.Fatal("should only be 3 users in channel")
+	}
+
+	members, resp = Client.GetChannelMembers(th.BasicChannel.Id, 0, 2, "")
+	CheckNoError(t, resp)
+
+	if len(*members) != 2 {
+		t.Fatal("should only be 2 users")
+	}
+
+	members, resp = Client.GetChannelMembers(th.BasicChannel.Id, 1, 1, "")
+	CheckNoError(t, resp)
+
+	if len(*members) != 1 {
+		t.Fatal("should only be 1 user")
+	}
+
+	members, resp = Client.GetChannelMembers(th.BasicChannel.Id, 1000, 100000, "")
+	CheckNoError(t, resp)
+
+	if len(*members) != 0 {
+		t.Fatal("should be 0 users")
+	}
+
+	_, resp = Client.GetChannelMembers("", 0, 60, "")
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.GetChannelMembers("junk", 0, 60, "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetChannelMembers(model.NewId(), 0, 60, "")
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetChannelMembers(th.BasicChannel.Id, 0, 60, "")
+	CheckUnauthorizedStatus(t, resp)
+
+	user := th.CreateUser()
+	Client.Login(user.Email, user.Password)
+	_, resp = Client.GetChannelMembers(th.BasicChannel.Id, 0, 60, "")
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = th.SystemAdminClient.GetChannelMembers(th.BasicChannel.Id, 0, 60, "")
+	CheckNoError(t, resp)
+}
+
+func TestGetChannelMember(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	member, resp := Client.GetChannelMember(th.BasicChannel.Id, th.BasicUser.Id, "")
+	CheckNoError(t, resp)
+
+	if member.ChannelId != th.BasicChannel.Id {
+		t.Fatal("wrong channel id")
+	}
+
+	if member.UserId != th.BasicUser.Id {
+		t.Fatal("wrong user id")
+	}
+
+	_, resp = Client.GetChannelMember("", th.BasicUser.Id, "")
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.GetChannelMember("junk", th.BasicUser.Id, "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetChannelMember(model.NewId(), th.BasicUser.Id, "")
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = Client.GetChannelMember(th.BasicChannel.Id, "", "")
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.GetChannelMember(th.BasicChannel.Id, "junk", "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetChannelMember(th.BasicChannel.Id, model.NewId(), "")
+	CheckNotFoundStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetChannelMember(th.BasicChannel.Id, th.BasicUser.Id, "")
+	CheckUnauthorizedStatus(t, resp)
+
+	user := th.CreateUser()
+	Client.Login(user.Email, user.Password)
+	_, resp = Client.GetChannelMember(th.BasicChannel.Id, th.BasicUser.Id, "")
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = th.SystemAdminClient.GetChannelMember(th.BasicChannel.Id, th.BasicUser.Id, "")
+	CheckNoError(t, resp)
+}
+
+func TestGetChannelMembersForUser(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	members, resp := Client.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "")
+	CheckNoError(t, resp)
+
+	if len(*members) != 3 {
+		t.Fatal("should have 3 members on team")
+	}
+
+	_, resp = Client.GetChannelMembersForUser("", th.BasicTeam.Id, "")
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.GetChannelMembersForUser("junk", th.BasicTeam.Id, "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetChannelMembersForUser(model.NewId(), th.BasicTeam.Id, "")
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = Client.GetChannelMembersForUser(th.BasicUser.Id, "", "")
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.GetChannelMembersForUser(th.BasicUser.Id, "junk", "")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.GetChannelMembersForUser(th.BasicUser.Id, model.NewId(), "")
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "")
+	CheckUnauthorizedStatus(t, resp)
+
+	user := th.CreateUser()
+	Client.Login(user.Email, user.Password)
+	_, resp = Client.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "")
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = th.SystemAdminClient.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "")
+	CheckNoError(t, resp)
+}
-- 
cgit v1.2.3-1-g7c22