From 5fced29ae6e127df8448d6a2923b4c5f20174d70 Mon Sep 17 00:00:00 2001 From: Saturnino Abril Date: Fri, 7 Apr 2017 06:04:54 +0900 Subject: [PATCH] APIv4 DELETE /commands/{command_id} --- api4/command.go | 38 ++++++++++++++++++++++++++ api4/command_test.go | 63 ++++++++++++++++++++++++++++++++++++++++++++ model/client4.go | 10 +++++++ 3 files changed, 111 insertions(+) diff --git a/api4/command.go b/api4/command.go index 2466567c13995..0638edd38f5aa 100644 --- a/api4/command.go +++ b/api4/command.go @@ -20,6 +20,7 @@ func InitCommand() { BaseRoutes.Commands.Handle("", ApiSessionRequired(listCommands)).Methods("GET") BaseRoutes.Command.Handle("", ApiSessionRequired(updateCommand)).Methods("PUT") + BaseRoutes.Command.Handle("", ApiSessionRequired(deleteCommand)).Methods("DELETE") BaseRoutes.Team.Handle("/commands/autocomplete", ApiSessionRequired(listAutocompleteCommands)).Methods("GET") } @@ -99,6 +100,43 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(rcmd.ToJson())) } +func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireCommandId() + if c.Err != nil { + return + } + + c.LogAudit("attempt") + + cmd, err := app.GetCommand(c.Params.CommandId) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) + return + } + + if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) + return + } + + err = app.DeleteCommand(cmd.Id) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success") + + ReturnStatusOK(w) +} + func listCommands(c *Context, w http.ResponseWriter, r *http.Request) { customOnly, failConv := strconv.ParseBool(r.URL.Query().Get("custom_only")) if failConv != nil { diff --git a/api4/command_test.go b/api4/command_test.go index 35fc0a3d52195..6c100ed08072f 100644 --- a/api4/command_test.go +++ b/api4/command_test.go @@ -146,6 +146,69 @@ func TestUpdateCommand(t *testing.T) { CheckUnauthorizedStatus(t, resp) } +func TestDeleteCommand(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.SystemAdminClient + user := th.SystemAdminUser + team := th.BasicTeam + + enableCommands := *utils.Cfg.ServiceSettings.EnableCommands + defer func() { + utils.Cfg.ServiceSettings.EnableCommands = &enableCommands + }() + *utils.Cfg.ServiceSettings.EnableCommands = true + + cmd1 := &model.Command{ + CreatorId: user.Id, + TeamId: team.Id, + URL: "http://nowhere.com", + Method: model.COMMAND_METHOD_POST, + Trigger: "trigger1", + } + + rcmd1, _ := app.CreateCommand(cmd1) + + ok, resp := Client.DeleteCommand(rcmd1.Id) + CheckNoError(t, resp) + + if !ok { + t.Fatal("should have returned true") + } + + rcmd1, _ = app.GetCommand(rcmd1.Id) + if rcmd1 != nil { + t.Fatal("should be nil") + } + + ok, resp = Client.DeleteCommand("junk") + CheckBadRequestStatus(t, resp) + + if ok { + t.Fatal("should have returned false") + } + + _, resp = Client.DeleteCommand(GenerateTestId()) + CheckNotFoundStatus(t, resp) + + cmd2 := &model.Command{ + CreatorId: user.Id, + TeamId: team.Id, + URL: "http://nowhere.com", + Method: model.COMMAND_METHOD_POST, + Trigger: "trigger2", + } + + rcmd2, _ := app.CreateCommand(cmd2) + + _, resp = th.Client.DeleteCommand(rcmd2.Id) + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = Client.DeleteCommand(rcmd2.Id) + CheckUnauthorizedStatus(t, resp) +} + func TestListCommands(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() diff --git a/model/client4.go b/model/client4.go index 634c477e287c0..8ef93768d1618 100644 --- a/model/client4.go +++ b/model/client4.go @@ -2202,6 +2202,16 @@ func (c *Client4) UpdateCommand(cmd *Command) (*Command, *Response) { } } +// DeleteCommand deletes a command based on the provided command id string +func (c *Client4) DeleteCommand(commandId string) (bool, *Response) { + if r, err := c.DoApiDelete(c.GetCommandRoute(commandId)); err != nil { + return false, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return CheckStatusOK(r), BuildResponse(r) + } +} + // ListCommands will retrieve a list of commands available in the team. func (c *Client4) ListCommands(teamId string, customOnly bool) ([]*Command, *Response) { query := fmt.Sprintf("?team_id=%v&custom_only=%v", teamId, customOnly)