PLT-3105 Files table migration (mattermost#4068)

* Implemented initial changes for files table

* Removed *_benchmark_test.go files

* Re-implemented GetPublicFile and added support for old path

* Localization for files table

* Moved file system code into utils package

* Finished server-side changes and added initial upgrade script

* Added getPostFiles api

* Re-add Extension and HasPreviewImage fields to FileInfo

* Removed unused translation

* Fixed merge conflicts left over after permissions changes

* Forced FileInfo.extension to be lower case

* Changed FileUploadResponse to contain the FileInfos instead of FileIds

* Fixed permissions on getFile* calls

* Fixed notifications for file uploads

* Added initial version of client code for files changes

* Permanently added FileIds field to Post object and removed Post.HasFiles

* Updated PostStore.Update to be usable in more circumstances

* Re-added Filenames field and switched file migration to be entirely lazy-loaded

* Increased max listener count for FileStore

* Removed unused fileInfoCache

* Moved file system code back into api

* Removed duplicate test case

* Fixed unit test running on ports other than 8065

* Renamed HasPermissionToPostContext to HasPermissionToChannelByPostContext

* Refactored handleImages to make it more easily understandable

* Renamed getPostFiles to getFileInfosForPost

* Re-added pre-FileIds posts to analytics

* Changed files to be saved as their ids as opposed to id/filename.ext

* Renamed FileInfo.UserId to FileInfo.CreatorId

* Fixed detection of language in CodePreview

* Fixed switching between threads in the RHS not loading new files

* Add serverside protection against a rare bug where the client sends the same file twice for a single post

* Refactored the important parts of uploadFile api call into a function that can be called without a web context

Author: hmhealey

api/api.go

@@ -33,7 +33,9 @@ type Routes struct {
 	Commands *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/commands'
 	Hooks    *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/hooks'
 
-	Files *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/files'
+	TeamFiles *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/files'
+	Files     *mux.Router // 'api/v3/files'
+	NeedFile  *mux.Router // 'api/v3/files/{file_id:[A-Za-z0-9]+}'
 
 	OAuth *mux.Router // 'api/v3/oauth'
 
@@ -70,7 +72,9 @@ func InitApi() {
 	BaseRoutes.Posts = BaseRoutes.NeedChannel.PathPrefix("/posts").Subrouter()
 	BaseRoutes.NeedPost = BaseRoutes.Posts.PathPrefix("/{post_id:[A-Za-z0-9]+}").Subrouter()
 	BaseRoutes.Commands = BaseRoutes.NeedTeam.PathPrefix("/commands").Subrouter()
-	BaseRoutes.Files = BaseRoutes.NeedTeam.PathPrefix("/files").Subrouter()
+	BaseRoutes.TeamFiles = BaseRoutes.NeedTeam.PathPrefix("/files").Subrouter()
+	BaseRoutes.Files = BaseRoutes.ApiRoot.PathPrefix("/files").Subrouter()
+	BaseRoutes.NeedFile = BaseRoutes.Files.PathPrefix("/{file_id:[A-Za-z0-9]+}").Subrouter()
 	BaseRoutes.Hooks = BaseRoutes.NeedTeam.PathPrefix("/hooks").Subrouter()
 	BaseRoutes.OAuth = BaseRoutes.ApiRoot.PathPrefix("/oauth").Subrouter()
 	BaseRoutes.Admin = BaseRoutes.ApiRoot.PathPrefix("/admin").Subrouter()

api/authorization.go

@@ -114,6 +114,42 @@ func HasPermissionToChannel(user *model.User, teamMember *model.TeamMember, chan
 	return HasPermissionToTeam(user, teamMember, permission)
 }
 
+func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool {
+	cmc := Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId)
+
+	var channelRoles []string
+	if cmcresult := <-cmc; cmcresult.Err == nil {
+		channelMember := cmcresult.Data.(*model.ChannelMember)
+		channelRoles = channelMember.GetRoles()
+
+		if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
+			return true
+		}
+	}
+
+	cc := Srv.Store.Channel().GetForPost(postId)
+	if ccresult := <-cc; ccresult.Err == nil {
+		channel := ccresult.Data.(*model.Channel)
+
+		if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
+			roles := teamMember.GetRoles()
+
+			if CheckIfRolesGrantPermission(roles, permission.Id) {
+				return true
+			}
+		}
+
+	}
+
+	if HasPermissionToContext(c, permission) {
+		return true
+	}
+
+	c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
+	c.Err.StatusCode = http.StatusForbidden
+	return false
+}
+
 func HasPermissionToUser(c *Context, userId string) bool {
 	// You are the user (users autmaticly have permissions to themselves)
 	if c.Session.UserId == userId {