mirror of
https://github.com/mattermost/focalboard.git
synced 2025-01-11 18:13:52 +02:00
182 lines
4.6 KiB
Go
182 lines
4.6 KiB
Go
|
package api
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
"io/ioutil"
|
||
|
"net/http"
|
||
|
|
||
|
"github.com/gorilla/mux"
|
||
|
"github.com/mattermost/focalboard/server/model"
|
||
|
"github.com/mattermost/focalboard/server/services/audit"
|
||
|
|
||
|
"github.com/mattermost/mattermost-server/v6/shared/mlog"
|
||
|
)
|
||
|
|
||
|
func (a *API) registerSharingRoutes(r *mux.Router) {
|
||
|
// Sharing APIs
|
||
|
r.HandleFunc("/boards/{boardID}/sharing", a.sessionRequired(a.handlePostSharing)).Methods("POST")
|
||
|
r.HandleFunc("/boards/{boardID}/sharing", a.sessionRequired(a.handleGetSharing)).Methods("GET")
|
||
|
}
|
||
|
|
||
|
func (a *API) handleGetSharing(w http.ResponseWriter, r *http.Request) {
|
||
|
// swagger:operation GET /boards/{boardID}/sharing getSharing
|
||
|
//
|
||
|
// Returns sharing information for a board
|
||
|
//
|
||
|
// ---
|
||
|
// produces:
|
||
|
// - application/json
|
||
|
// parameters:
|
||
|
// - name: boardID
|
||
|
// in: path
|
||
|
// description: Board ID
|
||
|
// required: true
|
||
|
// type: string
|
||
|
// security:
|
||
|
// - BearerAuth: []
|
||
|
// responses:
|
||
|
// '200':
|
||
|
// description: success
|
||
|
// schema:
|
||
|
// "$ref": "#/definitions/Sharing"
|
||
|
// '404':
|
||
|
// description: board not found
|
||
|
// default:
|
||
|
// description: internal error
|
||
|
// schema:
|
||
|
// "$ref": "#/definitions/ErrorResponse"
|
||
|
|
||
|
vars := mux.Vars(r)
|
||
|
boardID := vars["boardID"]
|
||
|
|
||
|
userID := getUserID(r)
|
||
|
if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionShareBoard) {
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to sharing the board"})
|
||
|
return
|
||
|
}
|
||
|
|
||
|
auditRec := a.makeAuditRecord(r, "getSharing", audit.Fail)
|
||
|
defer a.audit.LogRecord(audit.LevelRead, auditRec)
|
||
|
auditRec.AddMeta("boardID", boardID)
|
||
|
|
||
|
sharing, err := a.app.GetSharing(boardID)
|
||
|
if err != nil {
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||
|
return
|
||
|
}
|
||
|
if sharing == nil {
|
||
|
jsonStringResponse(w, http.StatusOK, "")
|
||
|
return
|
||
|
}
|
||
|
|
||
|
sharingData, err := json.Marshal(sharing)
|
||
|
if err != nil {
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
jsonBytesResponse(w, http.StatusOK, sharingData)
|
||
|
|
||
|
a.logger.Debug("GET sharing",
|
||
|
mlog.String("boardID", boardID),
|
||
|
mlog.String("shareID", sharing.ID),
|
||
|
mlog.Bool("enabled", sharing.Enabled),
|
||
|
)
|
||
|
auditRec.AddMeta("shareID", sharing.ID)
|
||
|
auditRec.AddMeta("enabled", sharing.Enabled)
|
||
|
auditRec.Success()
|
||
|
}
|
||
|
|
||
|
func (a *API) handlePostSharing(w http.ResponseWriter, r *http.Request) {
|
||
|
// swagger:operation POST /boards/{boardID}/sharing postSharing
|
||
|
//
|
||
|
// Sets sharing information for a board
|
||
|
//
|
||
|
// ---
|
||
|
// produces:
|
||
|
// - application/json
|
||
|
// parameters:
|
||
|
// - name: boardID
|
||
|
// in: path
|
||
|
// description: Board ID
|
||
|
// required: true
|
||
|
// type: string
|
||
|
// - name: Body
|
||
|
// in: body
|
||
|
// description: sharing information for a root block
|
||
|
// required: true
|
||
|
// schema:
|
||
|
// "$ref": "#/definitions/Sharing"
|
||
|
// security:
|
||
|
// - BearerAuth: []
|
||
|
// responses:
|
||
|
// '200':
|
||
|
// description: success
|
||
|
// default:
|
||
|
// description: internal error
|
||
|
// schema:
|
||
|
// "$ref": "#/definitions/ErrorResponse"
|
||
|
|
||
|
boardID := mux.Vars(r)["boardID"]
|
||
|
|
||
|
userID := getUserID(r)
|
||
|
if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionShareBoard) {
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to sharing the board"})
|
||
|
return
|
||
|
}
|
||
|
|
||
|
requestBody, err := ioutil.ReadAll(r.Body)
|
||
|
if err != nil {
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
var sharing model.Sharing
|
||
|
err = json.Unmarshal(requestBody, &sharing)
|
||
|
if err != nil {
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
// Stamp boardID from the URL
|
||
|
sharing.ID = boardID
|
||
|
|
||
|
auditRec := a.makeAuditRecord(r, "postSharing", audit.Fail)
|
||
|
defer a.audit.LogRecord(audit.LevelModify, auditRec)
|
||
|
auditRec.AddMeta("shareID", sharing.ID)
|
||
|
auditRec.AddMeta("enabled", sharing.Enabled)
|
||
|
|
||
|
// Stamp ModifiedBy
|
||
|
modifiedBy := userID
|
||
|
if userID == model.SingleUser {
|
||
|
modifiedBy = ""
|
||
|
}
|
||
|
sharing.ModifiedBy = modifiedBy
|
||
|
|
||
|
if userID == model.SingleUser {
|
||
|
userID = ""
|
||
|
}
|
||
|
|
||
|
if !a.app.GetClientConfig().EnablePublicSharedBoards {
|
||
|
a.logger.Warn(
|
||
|
"Attempt to turn on sharing for board via API failed, sharing off in configuration.",
|
||
|
mlog.String("boardID", sharing.ID),
|
||
|
mlog.String("userID", userID))
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "Turning on sharing for board failed, see log for details.", nil)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
sharing.ModifiedBy = userID
|
||
|
|
||
|
err = a.app.UpsertSharing(sharing)
|
||
|
if err != nil {
|
||
|
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
jsonStringResponse(w, http.StatusOK, "{}")
|
||
|
|
||
|
a.logger.Debug("POST sharing", mlog.String("sharingID", sharing.ID))
|
||
|
auditRec.Success()
|
||
|
}
|