focalboard/server/api/compliance.go

package api

import (
	"encoding/json"
	"fmt"
	"net/http"
	"strconv"

	"github.com/gorilla/mux"
	"github.com/mattermost/focalboard/server/model"

	mm_model "github.com/mattermost/mattermost-server/v6/model"
	"github.com/mattermost/mattermost-server/v6/shared/mlog"
)

const (
	complianceDefaultPage    = "0"
	complianceDefaultPerPage = "60"
)

func (a *API) registerComplianceRoutes(r *mux.Router) {
	// Compliance APIs
	r.HandleFunc("/admin/boards", a.sessionRequired(a.handleGetBoardsForCompliance)).Methods("GET")
	r.HandleFunc("/admin/boards_history", a.sessionRequired(a.handleGetBoardsComplianceHistory)).Methods("GET")
	r.HandleFunc("/admin/blocks_history", a.sessionRequired(a.handleGetBlocksComplianceHistory)).Methods("GET")
}

func (a *API) handleGetBoardsForCompliance(w http.ResponseWriter, r *http.Request) {
	// TODO(@pinjasaur): swagger

	query := r.URL.Query()
	teamID := query.Get("team_id")
	strPage := query.Get("page")
	strPerPage := query.Get("per_page")

	// Valid authorization (`manage_system`)?
	userID := getUserID(r)
	if !a.permissions.HasPermissionTo(userID, mm_model.PermissionManageSystem) {
		a.errorResponse(w, r, model.NewErrUnauthorized("access denied Compliance Export getAllBoards"))
		return
	}

	// Valid license feature (Compliance)?
	license := a.app.GetLicense()
	if license == nil || !(*license.Features.Compliance) {
		a.errorResponse(w, r, model.NewErrNotImplemented("insufficient license Compliance Export getAllBoards"))
		return
	}

	// check for valid team
	_, err := a.app.GetTeam(teamID)
	if err != nil {
		a.errorResponse(w, r, model.NewErrBadRequest("invalid team id: "+teamID))
		return
	}

	if strPage == "" {
		strPage = complianceDefaultPage
	}
	if strPerPage == "" {
		strPerPage = complianceDefaultPerPage
	}
	page, err := strconv.Atoi(strPage)
	if err != nil {
		message := fmt.Sprintf("invalid `page` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}
	perPage, err := strconv.Atoi(strPerPage)
	if err != nil {
		message := fmt.Sprintf("invalid `per_page` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}

	opts := model.QueryBoardsForComplianceOptions{
		TeamID:  teamID,
		Page:    page,
		PerPage: perPage,
	}

	boards, more, err := a.app.GetBoardsForCompliance(opts)
	if err != nil {
		a.errorResponse(w, r, err)
		return
	}

	a.logger.Debug("GetBoardsForCompliance",
		mlog.String("teamID", teamID),
		mlog.Int("boardsCount", len(boards)),
		mlog.Bool("hasNext", more),
	)

	response := model.BoardsComplianceResponse{
		HasNext: more,
		Results: boards,
	}
	data, err := json.Marshal(response)
	if err != nil {
		a.errorResponse(w, r, err)
		return
	}

	jsonBytesResponse(w, http.StatusOK, data)
}

func (a *API) handleGetBoardsComplianceHistory(w http.ResponseWriter, r *http.Request) {
	// TODO(@pinjasaur): swagger

	query := r.URL.Query()
	strModifiedSince := query.Get("modified_since") // required, everything else optional
	includeDeleted := query.Get("include_deleted") == "true"
	teamID := query.Get("team_id")
	strPage := query.Get("page")
	strPerPage := query.Get("per_page")

	if strModifiedSince == "" {
		a.errorResponse(w, r, model.NewErrBadRequest("`modified_since` parameter required"))
		return
	}

	// Valid authorization (`manage_system`)?
	userID := getUserID(r)
	if !a.permissions.HasPermissionTo(userID, mm_model.PermissionManageSystem) {
		a.errorResponse(w, r, model.NewErrUnauthorized("access denied Compliance Export getBoardsHistory"))
		return
	}

	// Valid license feature (Compliance)?
	license := a.app.GetLicense()
	if license == nil || !(*license.Features.Compliance) {
		a.errorResponse(w, r, model.NewErrNotImplemented("insufficient license Compliance Export getBoardsHistory"))
		return
	}

	// check for valid team
	_, err := a.app.GetTeam(teamID)
	if err != nil {
		a.errorResponse(w, r, model.NewErrBadRequest("invalid team id: "+teamID))
		return
	}

	if strPage == "" {
		strPage = complianceDefaultPage
	}
	if strPerPage == "" {
		strPerPage = complianceDefaultPerPage
	}
	page, err := strconv.Atoi(strPage)
	if err != nil {
		message := fmt.Sprintf("invalid `page` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}
	perPage, err := strconv.Atoi(strPerPage)
	if err != nil {
		message := fmt.Sprintf("invalid `per_page` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}
	modifiedSince, err := strconv.ParseInt(strModifiedSince, 10, 64)
	if err != nil {
		message := fmt.Sprintf("invalid `modified_since` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}

	opts := model.QueryBoardsComplianceHistoryOptions{
		ModifiedSince:  modifiedSince,
		IncludeDeleted: includeDeleted,
		TeamID:         teamID,
		Page:           page,
		PerPage:        perPage,
	}

	boards, more, err := a.app.GetBoardsComplianceHistory(opts)
	if err != nil {
		a.errorResponse(w, r, err)
		return
	}

	a.logger.Debug("GetBoardsComplianceHistory",
		mlog.String("teamID", teamID),
		mlog.Int("boardsCount", len(boards)),
		mlog.Bool("hasNext", more),
	)

	response := model.BoardsComplianceHistoryResponse{
		HasNext: more,
		Results: boards,
	}
	data, err := json.Marshal(response)
	if err != nil {
		a.errorResponse(w, r, err)
		return
	}

	jsonBytesResponse(w, http.StatusOK, data)
}

func (a *API) handleGetBlocksComplianceHistory(w http.ResponseWriter, r *http.Request) {
	// TODO(@pinjasaur): swagger

	query := r.URL.Query()
	strModifiedSince := query.Get("modified_since") // required, everything else optional
	includeDeleted := query.Get("include_deleted") == "true"
	teamID := query.Get("team_id")
	boardID := query.Get("board_id")
	strPage := query.Get("page")
	strPerPage := query.Get("per_page")

	if strModifiedSince == "" {
		a.errorResponse(w, r, model.NewErrBadRequest("`modified_since` parameter required"))
		return
	}

	// Valid authorization (`manage_system`)?
	userID := getUserID(r)
	if !a.permissions.HasPermissionTo(userID, mm_model.PermissionManageSystem) {
		a.errorResponse(w, r, model.NewErrUnauthorized("access denied Compliance Export getBlocksHistory"))
		return
	}

	// Valid license feature (Compliance)?
	license := a.app.GetLicense()
	if license == nil || !(*license.Features.Compliance) {
		a.errorResponse(w, r, model.NewErrNotImplemented("insufficient license Compliance Export getBlocksHistory"))
		return
	}

	// check for valid team
	_, err := a.app.GetTeam(teamID)
	if err != nil {
		a.errorResponse(w, r, model.NewErrBadRequest("invalid team id: "+teamID))
		return
	}

	// check for valid team
	_, err = a.app.GetBoard(boardID)
	if err != nil {
		a.errorResponse(w, r, model.NewErrBadRequest("invalid board id: "+boardID))
		return
	}

	if strPage == "" {
		strPage = complianceDefaultPage
	}
	if strPerPage == "" {
		strPerPage = complianceDefaultPerPage
	}
	page, err := strconv.Atoi(strPage)
	if err != nil {
		message := fmt.Sprintf("invalid `page` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}
	perPage, err := strconv.Atoi(strPerPage)
	if err != nil {
		message := fmt.Sprintf("invalid `per_page` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}
	modifiedSince, err := strconv.ParseInt(strModifiedSince, 10, 64)
	if err != nil {
		message := fmt.Sprintf("invalid `modified_since` parameter: %s", err)
		a.errorResponse(w, r, model.NewErrBadRequest(message))
		return
	}

	opts := model.QueryBlocksComplianceHistoryOptions{
		ModifiedSince:  modifiedSince,
		IncludeDeleted: includeDeleted,
		TeamID:         teamID,
		BoardID:        boardID,
		Page:           page,
		PerPage:        perPage,
	}

	blocks, more, err := a.app.GetBlocksComplianceHistory(opts)
	if err != nil {
		a.errorResponse(w, r, err)
		return
	}

	a.logger.Debug("GetBlocksComplianceHistory",
		mlog.String("teamID", teamID),
		mlog.String("boardID", boardID),
		mlog.Int("blocksCount", len(blocks)),
		mlog.Bool("hasNext", more),
	)

	response := model.BlocksComplianceHistoryResponse{
		HasNext: more,
		Results: blocks,
	}
	data, err := json.Marshal(response)
	if err != nil {
		a.errorResponse(w, r, err)
		return
	}

	jsonBytesResponse(w, http.StatusOK, data)
}
wip 2022-11-30 23:49:16 +02:00			`package api`

			`import (`
wip 2022-12-02 18:40:48 +02:00			`"encoding/json"`
			`"fmt"`
wip 2022-11-30 23:49:16 +02:00			`"net/http"`
wip 2022-12-02 18:40:48 +02:00			`"strconv"`
wip 2022-11-30 23:49:16 +02:00
			`"github.com/gorilla/mux"`
			`"github.com/mattermost/focalboard/server/model"`
wip 2022-12-24 06:31:39 +02:00
integration tests for GetBoardsForCompliance 2022-12-31 22:16:22 +02:00			`mm_model "github.com/mattermost/mattermost-server/v6/model"`
wip 2022-12-02 18:40:48 +02:00			`"github.com/mattermost/mattermost-server/v6/shared/mlog"`
			`)`

			`const (`
			`complianceDefaultPage = "0"`
			`complianceDefaultPerPage = "60"`
wip 2022-11-30 23:49:16 +02:00			`)`

			`func (a API) registerComplianceRoutes(r mux.Router) {`
			`// Compliance APIs`
wip 2022-12-24 06:31:39 +02:00			`r.HandleFunc("/admin/boards", a.sessionRequired(a.handleGetBoardsForCompliance)).Methods("GET")`
			`r.HandleFunc("/admin/boards_history", a.sessionRequired(a.handleGetBoardsComplianceHistory)).Methods("GET")`
			`r.HandleFunc("/admin/blocks_history", a.sessionRequired(a.handleGetBlocksComplianceHistory)).Methods("GET")`
wip 2022-11-30 23:49:16 +02:00			`}`

wip 2022-12-24 06:31:39 +02:00			`func (a API) handleGetBoardsForCompliance(w http.ResponseWriter, r http.Request) {`
wip 2022-11-30 23:49:16 +02:00			`// TODO(@pinjasaur): swagger`

wip 2022-12-02 18:40:48 +02:00			`query := r.URL.Query()`
			`teamID := query.Get("team_id")`
			`strPage := query.Get("page")`
			`strPerPage := query.Get("per_page")`

wip 2022-11-30 23:49:16 +02:00			// Valid authorization (`manage_system`)?
			`userID := getUserID(r)`
integration tests for GetBoardsForCompliance 2022-12-31 22:16:22 +02:00			`if !a.permissions.HasPermissionTo(userID, mm_model.PermissionManageSystem) {`
wip 2022-11-30 23:49:16 +02:00			`a.errorResponse(w, r, model.NewErrUnauthorized("access denied Compliance Export getAllBoards"))`
			`return`
			`}`

			`// Valid license feature (Compliance)?`
			`license := a.app.GetLicense()`
			`if license == nil \|\| !(*license.Features.Compliance) {`
			`a.errorResponse(w, r, model.NewErrNotImplemented("insufficient license Compliance Export getAllBoards"))`
			`return`
			`}`

integration tests for GetBoardsForCompliance 2022-12-31 22:16:22 +02:00			`// check for valid team`
			`_, err := a.app.GetTeam(teamID)`
			`if err != nil {`
			`a.errorResponse(w, r, model.NewErrBadRequest("invalid team id: "+teamID))`
			`return`
			`}`

wip 2022-12-02 18:40:48 +02:00			`if strPage == "" {`
			`strPage = complianceDefaultPage`
			`}`
			`if strPerPage == "" {`
			`strPerPage = complianceDefaultPerPage`
			`}`
			`page, err := strconv.Atoi(strPage)`
			`if err != nil {`
			message := fmt.Sprintf("invalid `page` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`
			`perPage, err := strconv.Atoi(strPerPage)`
			`if err != nil {`
			message := fmt.Sprintf("invalid `per_page` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`

wip 2022-12-24 06:31:39 +02:00			`opts := model.QueryBoardsForComplianceOptions{`
			`TeamID: teamID,`
			`Page: page,`
			`PerPage: perPage,`
			`}`

			`boards, more, err := a.app.GetBoardsForCompliance(opts)`
wip 2022-12-02 18:40:48 +02:00			`if err != nil {`
			`a.errorResponse(w, r, err)`
			`return`
			`}`

wip 2022-12-24 06:31:39 +02:00			`a.logger.Debug("GetBoardsForCompliance",`
wip 2022-12-02 18:40:48 +02:00			`mlog.String("teamID", teamID),`
			`mlog.Int("boardsCount", len(boards)),`
wip 2022-12-24 06:31:39 +02:00			`mlog.Bool("hasNext", more),`
wip 2022-12-02 18:40:48 +02:00			`)`

wip 2022-12-24 06:31:39 +02:00			`response := model.BoardsComplianceResponse{`
			`HasNext: more,`
wip: `interface{}` in JSON marshal struct 2022-12-06 00:10:03 +02:00			`Results: boards,`
			`}`
wip 2022-12-02 18:40:48 +02:00			`data, err := json.Marshal(response)`
			`if err != nil {`
			`a.errorResponse(w, r, err)`
			`return`
			`}`

			`jsonBytesResponse(w, http.StatusOK, data)`
wip 2022-11-30 23:49:16 +02:00			`}`

wip 2022-12-24 06:31:39 +02:00			`func (a API) handleGetBoardsComplianceHistory(w http.ResponseWriter, r http.Request) {`
wip 2022-11-30 23:49:16 +02:00			`// TODO(@pinjasaur): swagger`

wip 2022-12-02 18:40:48 +02:00			`query := r.URL.Query()`
			`strModifiedSince := query.Get("modified_since") // required, everything else optional`
			`includeDeleted := query.Get("include_deleted") == "true"`
			`teamID := query.Get("team_id")`
			`strPage := query.Get("page")`
			`strPerPage := query.Get("per_page")`

			`if strModifiedSince == "" {`
			a.errorResponse(w, r, model.NewErrBadRequest("`modified_since` parameter required"))
			`return`
			`}`

wip 2022-11-30 23:49:16 +02:00			// Valid authorization (`manage_system`)?
			`userID := getUserID(r)`
integration tests for GetBoardsForCompliance 2022-12-31 22:16:22 +02:00			`if !a.permissions.HasPermissionTo(userID, mm_model.PermissionManageSystem) {`
wip 2022-11-30 23:49:16 +02:00			`a.errorResponse(w, r, model.NewErrUnauthorized("access denied Compliance Export getBoardsHistory"))`
			`return`
			`}`

			`// Valid license feature (Compliance)?`
			`license := a.app.GetLicense()`
			`if license == nil \|\| !(*license.Features.Compliance) {`
			`a.errorResponse(w, r, model.NewErrNotImplemented("insufficient license Compliance Export getBoardsHistory"))`
			`return`
			`}`

integration tests for GetBoardsComplianceHistory 2022-12-31 23:33:05 +02:00			`// check for valid team`
			`_, err := a.app.GetTeam(teamID)`
			`if err != nil {`
			`a.errorResponse(w, r, model.NewErrBadRequest("invalid team id: "+teamID))`
			`return`
			`}`

wip 2022-12-02 18:40:48 +02:00			`if strPage == "" {`
			`strPage = complianceDefaultPage`
			`}`
			`if strPerPage == "" {`
			`strPerPage = complianceDefaultPerPage`
			`}`
			`page, err := strconv.Atoi(strPage)`
			`if err != nil {`
			message := fmt.Sprintf("invalid `page` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`
			`perPage, err := strconv.Atoi(strPerPage)`
			`if err != nil {`
			message := fmt.Sprintf("invalid `per_page` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`
wip 2022-12-24 06:31:39 +02:00			`modifiedSince, err := strconv.ParseInt(strModifiedSince, 10, 64)`
wip 2022-12-02 18:40:48 +02:00			`if err != nil {`
			message := fmt.Sprintf("invalid `modified_since` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`

wip 2022-12-24 06:31:39 +02:00			`opts := model.QueryBoardsComplianceHistoryOptions{`
			`ModifiedSince: modifiedSince,`
			`IncludeDeleted: includeDeleted,`
			`TeamID: teamID,`
			`Page: page,`
			`PerPage: perPage,`
			`}`

			`boards, more, err := a.app.GetBoardsComplianceHistory(opts)`
wip 2022-12-02 18:40:48 +02:00			`if err != nil {`
			`a.errorResponse(w, r, err)`
			`return`
			`}`

wip 2022-12-24 06:31:39 +02:00			`a.logger.Debug("GetBoardsComplianceHistory",`
wip 2022-12-02 18:40:48 +02:00			`mlog.String("teamID", teamID),`
			`mlog.Int("boardsCount", len(boards)),`
wip 2022-12-24 06:31:39 +02:00			`mlog.Bool("hasNext", more),`
wip 2022-12-02 18:40:48 +02:00			`)`

wip 2022-12-24 06:31:39 +02:00			`response := model.BoardsComplianceHistoryResponse{`
			`HasNext: more,`
wip: `interface{}` in JSON marshal struct 2022-12-06 00:10:03 +02:00			`Results: boards,`
wip 2022-12-02 18:40:48 +02:00			`}`
			`data, err := json.Marshal(response)`
			`if err != nil {`
			`a.errorResponse(w, r, err)`
			`return`
			`}`

			`jsonBytesResponse(w, http.StatusOK, data)`
wip 2022-11-30 23:49:16 +02:00			`}`

wip 2022-12-24 06:31:39 +02:00			`func (a API) handleGetBlocksComplianceHistory(w http.ResponseWriter, r http.Request) {`
wip 2022-11-30 23:49:16 +02:00			`// TODO(@pinjasaur): swagger`

wip 2022-12-02 18:40:48 +02:00			`query := r.URL.Query()`
			`strModifiedSince := query.Get("modified_since") // required, everything else optional`
			`includeDeleted := query.Get("include_deleted") == "true"`
			`teamID := query.Get("team_id")`
			`boardID := query.Get("board_id")`
			`strPage := query.Get("page")`
			`strPerPage := query.Get("per_page")`

			`if strModifiedSince == "" {`
			a.errorResponse(w, r, model.NewErrBadRequest("`modified_since` parameter required"))
			`return`
			`}`

wip 2022-11-30 23:49:16 +02:00			// Valid authorization (`manage_system`)?
			`userID := getUserID(r)`
integration tests for GetBoardsForCompliance 2022-12-31 22:16:22 +02:00			`if !a.permissions.HasPermissionTo(userID, mm_model.PermissionManageSystem) {`
wip 2022-11-30 23:49:16 +02:00			`a.errorResponse(w, r, model.NewErrUnauthorized("access denied Compliance Export getBlocksHistory"))`
			`return`
			`}`

			`// Valid license feature (Compliance)?`
			`license := a.app.GetLicense()`
			`if license == nil \|\| !(*license.Features.Compliance) {`
			`a.errorResponse(w, r, model.NewErrNotImplemented("insufficient license Compliance Export getBlocksHistory"))`
			`return`
			`}`

integration tests for GetBoardsComplianceHistory 2022-12-31 23:33:05 +02:00			`// check for valid team`
			`_, err := a.app.GetTeam(teamID)`
			`if err != nil {`
			`a.errorResponse(w, r, model.NewErrBadRequest("invalid team id: "+teamID))`
			`return`
			`}`

integration tests for GetBlocksComplianceHistory 2023-01-01 21:16:46 +02:00			`// check for valid team`
			`_, err = a.app.GetBoard(boardID)`
			`if err != nil {`
			`a.errorResponse(w, r, model.NewErrBadRequest("invalid board id: "+boardID))`
			`return`
			`}`

wip 2022-12-02 18:40:48 +02:00			`if strPage == "" {`
			`strPage = complianceDefaultPage`
			`}`
			`if strPerPage == "" {`
			`strPerPage = complianceDefaultPerPage`
			`}`
			`page, err := strconv.Atoi(strPage)`
			`if err != nil {`
			message := fmt.Sprintf("invalid `page` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`
			`perPage, err := strconv.Atoi(strPerPage)`
			`if err != nil {`
			message := fmt.Sprintf("invalid `per_page` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`
wip 2022-12-24 06:31:39 +02:00			`modifiedSince, err := strconv.ParseInt(strModifiedSince, 10, 64)`
wip 2022-12-02 18:40:48 +02:00			`if err != nil {`
			message := fmt.Sprintf("invalid `modified_since` parameter: %s", err)
			`a.errorResponse(w, r, model.NewErrBadRequest(message))`
			`return`
			`}`

wip 2022-12-24 06:31:39 +02:00			`opts := model.QueryBlocksComplianceHistoryOptions{`
			`ModifiedSince: modifiedSince,`
			`IncludeDeleted: includeDeleted,`
			`TeamID: teamID,`
			`BoardID: boardID,`
			`Page: page,`
			`PerPage: perPage,`
			`}`

			`blocks, more, err := a.app.GetBlocksComplianceHistory(opts)`
wip 2022-12-02 18:40:48 +02:00			`if err != nil {`
			`a.errorResponse(w, r, err)`
			`return`
			`}`

wip 2022-12-24 06:31:39 +02:00			`a.logger.Debug("GetBlocksComplianceHistory",`
wip 2022-12-02 18:40:48 +02:00			`mlog.String("teamID", teamID),`
			`mlog.String("boardID", boardID),`
			`mlog.Int("blocksCount", len(blocks)),`
wip 2022-12-24 06:31:39 +02:00			`mlog.Bool("hasNext", more),`
wip 2022-12-02 18:40:48 +02:00			`)`

wip 2022-12-24 06:31:39 +02:00			`response := model.BlocksComplianceHistoryResponse{`
			`HasNext: more,`
wip: `interface{}` in JSON marshal struct 2022-12-06 00:10:03 +02:00			`Results: blocks,`
wip 2022-12-02 18:40:48 +02:00			`}`
			`data, err := json.Marshal(response)`
			`if err != nil {`
			`a.errorResponse(w, r, err)`
			`return`
			`}`

			`jsonBytesResponse(w, http.StatusOK, data)`
wip 2022-11-30 23:49:16 +02:00			`}`