focalboard/server/api/sharing.go

package api

import (
	"encoding/json"
	"io/ioutil"
	"net/http"

	"github.com/gorilla/mux"
	"github.com/mattermost/focalboard/server/model"
	"github.com/mattermost/focalboard/server/services/audit"

	"github.com/mattermost/mattermost-server/v6/shared/mlog"
)

func (a *API) registerSharingRoutes(r *mux.Router) {
	// Sharing APIs
	r.HandleFunc("/boards/{boardID}/sharing", a.sessionRequired(a.handlePostSharing)).Methods("POST")
	r.HandleFunc("/boards/{boardID}/sharing", a.sessionRequired(a.handleGetSharing)).Methods("GET")
}

func (a *API) handleGetSharing(w http.ResponseWriter, r *http.Request) {
	// swagger:operation GET /boards/{boardID}/sharing getSharing
	//
	// Returns sharing information for a board
	//
	// ---
	// produces:
	// - application/json
	// parameters:
	// - name: boardID
	//   in: path
	//   description: Board ID
	//   required: true
	//   type: string
	// security:
	// - BearerAuth: []
	// responses:
	//   '200':
	//     description: success
	//     schema:
	//       "$ref": "#/definitions/Sharing"
	//   '404':
	//     description: board not found
	//   default:
	//     description: internal error
	//     schema:
	//       "$ref": "#/definitions/ErrorResponse"

	vars := mux.Vars(r)
	boardID := vars["boardID"]

	userID := getUserID(r)
	if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionShareBoard) {
		a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to sharing the board"})
		return
	}

	auditRec := a.makeAuditRecord(r, "getSharing", audit.Fail)
	defer a.audit.LogRecord(audit.LevelRead, auditRec)
	auditRec.AddMeta("boardID", boardID)

	sharing, err := a.app.GetSharing(boardID)
	if err != nil {
		a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
		return
	}
	if sharing == nil {
		jsonStringResponse(w, http.StatusOK, "")
		return
	}

	sharingData, err := json.Marshal(sharing)
	if err != nil {
		a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
		return
	}

	jsonBytesResponse(w, http.StatusOK, sharingData)

	a.logger.Debug("GET sharing",
		mlog.String("boardID", boardID),
		mlog.String("shareID", sharing.ID),
		mlog.Bool("enabled", sharing.Enabled),
	)
	auditRec.AddMeta("shareID", sharing.ID)
	auditRec.AddMeta("enabled", sharing.Enabled)
	auditRec.Success()
}

func (a *API) handlePostSharing(w http.ResponseWriter, r *http.Request) {
	// swagger:operation POST /boards/{boardID}/sharing postSharing
	//
	// Sets sharing information for a board
	//
	// ---
	// produces:
	// - application/json
	// parameters:
	// - name: boardID
	//   in: path
	//   description: Board ID
	//   required: true
	//   type: string
	// - name: Body
	//   in: body
	//   description: sharing information for a root block
	//   required: true
	//   schema:
	//     "$ref": "#/definitions/Sharing"
	// security:
	// - BearerAuth: []
	// responses:
	//   '200':
	//     description: success
	//   default:
	//     description: internal error
	//     schema:
	//       "$ref": "#/definitions/ErrorResponse"

	boardID := mux.Vars(r)["boardID"]

	userID := getUserID(r)
	if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionShareBoard) {
		a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to sharing the board"})
		return
	}

	requestBody, err := ioutil.ReadAll(r.Body)
	if err != nil {
		a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
		return
	}

	var sharing model.Sharing
	err = json.Unmarshal(requestBody, &sharing)
	if err != nil {
		a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
		return
	}

	// Stamp boardID from the URL
	sharing.ID = boardID

	auditRec := a.makeAuditRecord(r, "postSharing", audit.Fail)
	defer a.audit.LogRecord(audit.LevelModify, auditRec)
	auditRec.AddMeta("shareID", sharing.ID)
	auditRec.AddMeta("enabled", sharing.Enabled)

	// Stamp ModifiedBy
	modifiedBy := userID
	if userID == model.SingleUser {
		modifiedBy = ""
	}
	sharing.ModifiedBy = modifiedBy

	if userID == model.SingleUser {
		userID = ""
	}

	if !a.app.GetClientConfig().EnablePublicSharedBoards {
		a.logger.Warn(
			"Attempt to turn on sharing for board via API failed, sharing off in configuration.",
			mlog.String("boardID", sharing.ID),
			mlog.String("userID", userID))
		a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "Turning on sharing for board failed, see log for details.", nil)
		return
	}

	sharing.ModifiedBy = userID

	err = a.app.UpsertSharing(sharing)
	if err != nil {
		a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
		return
	}

	jsonStringResponse(w, http.StatusOK, "{}")

	a.logger.Debug("POST sharing", mlog.String("sharingID", sharing.ID))
	auditRec.Success()
}
Rest API reorganization (#3624) * reorg API * reorg api * fix system route * remove newline Co-authored-by: Mattermod <mattermod@users.noreply.github.com> 2022-08-10 14:20:42 +02:00			`package api`

			`import (`
			`"encoding/json"`
			`"io/ioutil"`
			`"net/http"`

			`"github.com/gorilla/mux"`
			`"github.com/mattermost/focalboard/server/model"`
			`"github.com/mattermost/focalboard/server/services/audit"`

			`"github.com/mattermost/mattermost-server/v6/shared/mlog"`
			`)`

			`func (a API) registerSharingRoutes(r mux.Router) {`
			`// Sharing APIs`
			`r.HandleFunc("/boards/{boardID}/sharing", a.sessionRequired(a.handlePostSharing)).Methods("POST")`
			`r.HandleFunc("/boards/{boardID}/sharing", a.sessionRequired(a.handleGetSharing)).Methods("GET")`
			`}`

			`func (a API) handleGetSharing(w http.ResponseWriter, r http.Request) {`
			`// swagger:operation GET /boards/{boardID}/sharing getSharing`
			`//`
			`// Returns sharing information for a board`
			`//`
			`// ---`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: boardID`
			`// in: path`
			`// description: Board ID`
			`// required: true`
			`// type: string`
			`// security:`
			`// - BearerAuth: []`
			`// responses:`
			`// '200':`
			`// description: success`
			`// schema:`
			`// "$ref": "#/definitions/Sharing"`
			`// '404':`
			`// description: board not found`
			`// default:`
			`// description: internal error`
			`// schema:`
			`// "$ref": "#/definitions/ErrorResponse"`

			`vars := mux.Vars(r)`
			`boardID := vars["boardID"]`

			`userID := getUserID(r)`
			`if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionShareBoard) {`
			`a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to sharing the board"})`
			`return`
			`}`

			`auditRec := a.makeAuditRecord(r, "getSharing", audit.Fail)`
			`defer a.audit.LogRecord(audit.LevelRead, auditRec)`
			`auditRec.AddMeta("boardID", boardID)`

			`sharing, err := a.app.GetSharing(boardID)`
			`if err != nil {`
			`a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)`
			`return`
			`}`
			`if sharing == nil {`
			`jsonStringResponse(w, http.StatusOK, "")`
			`return`
			`}`

			`sharingData, err := json.Marshal(sharing)`
			`if err != nil {`
			`a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)`
			`return`
			`}`

			`jsonBytesResponse(w, http.StatusOK, sharingData)`

			`a.logger.Debug("GET sharing",`
			`mlog.String("boardID", boardID),`
			`mlog.String("shareID", sharing.ID),`
			`mlog.Bool("enabled", sharing.Enabled),`
			`)`
			`auditRec.AddMeta("shareID", sharing.ID)`
			`auditRec.AddMeta("enabled", sharing.Enabled)`
			`auditRec.Success()`
			`}`

			`func (a API) handlePostSharing(w http.ResponseWriter, r http.Request) {`
			`// swagger:operation POST /boards/{boardID}/sharing postSharing`
			`//`
			`// Sets sharing information for a board`
			`//`
			`// ---`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: boardID`
			`// in: path`
			`// description: Board ID`
			`// required: true`
			`// type: string`
			`// - name: Body`
			`// in: body`
			`// description: sharing information for a root block`
			`// required: true`
			`// schema:`
			`// "$ref": "#/definitions/Sharing"`
			`// security:`
			`// - BearerAuth: []`
			`// responses:`
			`// '200':`
			`// description: success`
			`// default:`
			`// description: internal error`
			`// schema:`
			`// "$ref": "#/definitions/ErrorResponse"`

			`boardID := mux.Vars(r)["boardID"]`

			`userID := getUserID(r)`
			`if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionShareBoard) {`
			`a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to sharing the board"})`
			`return`
			`}`

			`requestBody, err := ioutil.ReadAll(r.Body)`
			`if err != nil {`
			`a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)`
			`return`
			`}`

			`var sharing model.Sharing`
			`err = json.Unmarshal(requestBody, &sharing)`
			`if err != nil {`
			`a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)`
			`return`
			`}`

			`// Stamp boardID from the URL`
			`sharing.ID = boardID`

			`auditRec := a.makeAuditRecord(r, "postSharing", audit.Fail)`
			`defer a.audit.LogRecord(audit.LevelModify, auditRec)`
			`auditRec.AddMeta("shareID", sharing.ID)`
			`auditRec.AddMeta("enabled", sharing.Enabled)`

			`// Stamp ModifiedBy`
			`modifiedBy := userID`
			`if userID == model.SingleUser {`
			`modifiedBy = ""`
			`}`
			`sharing.ModifiedBy = modifiedBy`

			`if userID == model.SingleUser {`
			`userID = ""`
			`}`

			`if !a.app.GetClientConfig().EnablePublicSharedBoards {`
			`a.logger.Warn(`
			`"Attempt to turn on sharing for board via API failed, sharing off in configuration.",`
			`mlog.String("boardID", sharing.ID),`
			`mlog.String("userID", userID))`
			`a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "Turning on sharing for board failed, see log for details.", nil)`
			`return`
			`}`

			`sharing.ModifiedBy = userID`

			`err = a.app.UpsertSharing(sharing)`
			`if err != nil {`
			`a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)`
			`return`
			`}`

			`jsonStringResponse(w, http.StatusOK, "{}")`

			`a.logger.Debug("POST sharing", mlog.String("sharingID", sharing.ID))`
			`auditRec.Success()`
			`}`