Implement GET /users endpoint for APIv4 (#5277)

api/command_loadtest.go

@@ -291,7 +291,7 @@ func (me *LoadTestProvider) PostsCommand(c *Context, channelId string, message s
 
 	var usernames []string
 	if result := <-app.Srv.Store.User().GetProfiles(c.TeamId, 0, 1000); result.Err == nil {
-		profileUsers := result.Data.(map[string]*model.User)
+		profileUsers := result.Data.([]*model.User)
 		usernames = make([]string, len(profileUsers))
 		i := 0
 		for _, userprof := range profileUsers {

api/user.go

@@ -442,14 +442,10 @@ func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if profiles, err := app.GetUsers(offset, limit); err != nil {
+	if profiles, err := app.GetUsersMap(offset, limit, c.IsSystemAdmin()); err != nil {
 		c.Err = err
 		return
 	} else {
-		for k, p := range profiles {
-			profiles[k] = sanitizeProfile(c, p)
-		}
-
 		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
 		w.Write([]byte(model.UserMapToJson(profiles)))
 	}
@@ -482,14 +478,10 @@ func getProfilesInTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if profiles, err := app.GetUsersInTeam(teamId, offset, limit); err != nil {
+	if profiles, err := app.GetUsersInTeamMap(teamId, offset, limit, c.IsSystemAdmin()); err != nil {
 		c.Err = err
 		return
 	} else {
-		for k, p := range profiles {
-			profiles[k] = sanitizeProfile(c, p)
-		}
-
 		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
 		w.Write([]byte(model.UserMapToJson(profiles)))
 	}
@@ -523,17 +515,10 @@ func getProfilesInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var profiles map[string]*model.User
-	var profileErr *model.AppError
-
-	if profiles, err = app.GetUsersInChannel(channelId, offset, limit); profileErr != nil {
-		c.Err = profileErr
+	if profiles, err := app.GetUsersInChannelMap(channelId, offset, limit, c.IsSystemAdmin()); err != nil {
+		c.Err = err
 		return
 	} else {
-		for k, p := range profiles {
-			profiles[k] = sanitizeProfile(c, p)
-		}
-
 		w.Write([]byte(model.UserMapToJson(profiles)))
 	}
 }
@@ -566,14 +551,10 @@ func getProfilesNotInChannel(c *Context, w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	if profiles, err := app.GetUsersNotInChannel(c.TeamId, channelId, offset, limit); err != nil {
+	if profiles, err := app.GetUsersNotInChannelMap(c.TeamId, channelId, offset, limit, c.IsSystemAdmin()); err != nil {
 		c.Err = err
 		return
 	} else {
-		for k, p := range profiles {
-			profiles[k] = sanitizeProfile(c, p)
-		}
-
 		w.Write([]byte(model.UserMapToJson(profiles)))
 	}
 }

api4/apitestlib.go

@@ -97,6 +97,8 @@ func (me *TestHelper) InitBasic() *TestHelper {
 	LinkUserToTeam(me.BasicUser, me.BasicTeam)
 	me.BasicUser2 = me.CreateUser()
 	LinkUserToTeam(me.BasicUser2, me.BasicTeam)
+	app.AddUserToChannel(me.BasicUser, me.BasicChannel)
+	app.AddUserToChannel(me.BasicUser2, me.BasicChannel)
 	app.UpdateUserRoles(me.BasicUser.Id, model.ROLE_SYSTEM_USER.Id)
 	me.LoginBasic()
 

api4/channel_test.go

@@ -77,17 +77,17 @@ func TestCreateChannel(t *testing.T) {
 	// Check permissions with policy config changes
 	isLicensed := utils.IsLicensed
 	license := utils.License
-	restrictPublicChannel := *utils.Cfg.TeamSettings.RestrictPublicChannelManagement
-	restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelManagement
+	restrictPublicChannel := *utils.Cfg.TeamSettings.RestrictPublicChannelCreation
+	restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelCreation
 	defer func() {
-		*utils.Cfg.TeamSettings.RestrictPublicChannelManagement = restrictPublicChannel
-		*utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = restrictPrivateChannel
+		*utils.Cfg.TeamSettings.RestrictPublicChannelCreation = restrictPublicChannel
+		*utils.Cfg.TeamSettings.RestrictPrivateChannelCreation = restrictPrivateChannel
 		utils.IsLicensed = isLicensed
 		utils.License = license
 		utils.SetDefaultRolesBasedOnConfig()
 	}()
-	*utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_ALL
-	*utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_ALL
+	*utils.Cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_ALL
+	*utils.Cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_ALL
 	utils.SetDefaultRolesBasedOnConfig()
 	utils.IsLicensed = true
 	utils.License = &model.License{Features: &model.Features{}}

api4/params.go

@@ -5,10 +5,17 @@ package api4
 
 import (
 	"net/http"
+	"strconv"
 
 	"github.com/gorilla/mux"
 )
 
+const (
+	PAGE_DEFAULT     = 0
+	PER_PAGE_DEFAULT = 60
+	PER_PAGE_MAXIMUM = 200
+)
+
 type ApiParams struct {
 	UserId    string
 	TeamId    string
@@ -18,6 +25,8 @@ type ApiParams struct {
 	CommandId string
 	HookId    string
 	EmojiId   string
+	Page      int
+	PerPage   int
 }
 
 func ApiParamsFromRequest(r *http.Request) *ApiParams {
@@ -57,5 +66,19 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams {
 		params.EmojiId = val
 	}
 
+	if val, err := strconv.Atoi(r.URL.Query().Get("page")); err != nil {
+		params.Page = PAGE_DEFAULT
+	} else {
+		params.Page = val
+	}
+
+	if val, err := strconv.Atoi(r.URL.Query().Get("per_page")); err != nil {
+		params.PerPage = PER_PAGE_DEFAULT
+	} else if val > PER_PAGE_MAXIMUM {
+		params.PerPage = PER_PAGE_MAXIMUM
+	} else {
+		params.PerPage = val
+	}
+
 	return params
 }

api4/user.go

@@ -16,6 +16,7 @@ func InitUser() {
 	l4g.Debug(utils.T("api.user.init.debug"))
 
 	BaseRoutes.Users.Handle("", ApiHandler(createUser)).Methods("POST")
+	BaseRoutes.Users.Handle("", ApiSessionRequired(getUsers)).Methods("GET")
 	BaseRoutes.Users.Handle("/ids", ApiSessionRequired(getUsersByIds)).Methods("POST")
 
 	BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET")
@@ -86,6 +87,67 @@ func getUser(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func getUsers(c *Context, w http.ResponseWriter, r *http.Request) {
+	inTeamId := r.URL.Query().Get("in_team")
+	inChannelId := r.URL.Query().Get("in_channel")
+	notInChannelId := r.URL.Query().Get("not_in_channel")
+
+	if len(notInChannelId) > 0 && len(inTeamId) == 0 {
+		c.SetInvalidParam("team_id")
+		return
+	}
+
+	var profiles []*model.User
+	var err *model.AppError
+	etag := ""
+
+	if len(notInChannelId) > 0 {
+		if !app.SessionHasPermissionToChannel(c.Session, notInChannelId, model.PERMISSION_READ_CHANNEL) {
+			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+			return
+		}
+
+		profiles, err = app.GetUsersNotInChannelPage(inTeamId, notInChannelId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin())
+	} else if len(inTeamId) > 0 {
+		if !app.SessionHasPermissionToTeam(c.Session, inTeamId, model.PERMISSION_VIEW_TEAM) {
+			c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
+			return
+		}
+
+		etag = app.GetUsersInTeamEtag(inTeamId)
+		if HandleEtag(etag, "Get Users in Team", w, r) {
+			return
+		}
+
+		profiles, err = app.GetUsersInTeamPage(inTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin())
+	} else if len(inChannelId) > 0 {
+		if !app.SessionHasPermissionToChannel(c.Session, inChannelId, model.PERMISSION_READ_CHANNEL) {
+			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+			return
+		}
+
+		profiles, err = app.GetUsersInChannelPage(inChannelId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin())
+	} else {
+		// No permission check required
+
+		etag = app.GetUsersEtag()
+		if HandleEtag(etag, "Get Users", w, r) {
+			return
+		}
+		profiles, err = app.GetUsersPage(c.Params.Page, c.Params.PerPage, c.IsSystemAdmin())
+	}
+
+	if err != nil {
+		c.Err = err
+		return
+	} else {
+		if len(etag) > 0 {
+			w.Header().Set(model.HEADER_ETAG_SERVER, etag)
+		}
+		w.Write([]byte(model.UserListToJson(profiles)))
+	}
+}
+
 func getUsersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
 	userIds := model.ArrayFromJson(r.Body)