mattermost-community · wiggin77 · Oct 17, 2024 · Oct 2, 2024 · Oct 2, 2024 · Oct 2, 2024
diff --git a/server/plugin/api.go b/server/plugin/api.go
@@ -443,16 +443,16 @@ func (p *Plugin) handleFileCreation(c *Context, w http.ResponseWriter, r *http.R
 		return
 	}
 
-	err = p.handleFilePermissions(request.UserId, createdFileID, fileCreationParams.FileAccess, request.ChannelId)
+	err = p.handleFilePermissions(request.UserId, createdFileID, fileCreationParams.FileAccess, request.ChannelId, fileCreationParams.Name)
 	if err != nil {
 		p.API.LogError("Failed to modify file permissions", "err", err)
-		p.writeInteractiveDialogError(w, DialogErrorResponse{StatusCode: http.StatusInternalServerError})
+		p.writeInteractiveDialogError(w, DialogErrorResponse{Error: "File was successfully created but file permissions failed to apply. Please contact your system administrator.", StatusCode: http.StatusInternalServerError})
 		return
 	}
 	err = p.sendFileCreatedMessage(request.ChannelId, createdFileID, request.UserId, fileCreationParams.Message, fileCreationParams.ShareInChannel, authToken)
 	if err != nil {
 		p.API.LogError("Failed to send file creation post", "err", err)
-		p.writeInteractiveDialogError(w, DialogErrorResponse{StatusCode: http.StatusInternalServerError})
+		p.writeInteractiveDialogError(w, DialogErrorResponse{Error: "File was successfully created but failed to share to the channel. Please contact your system administrator.", StatusCode: http.StatusInternalServerError})
 		return
 	}
 }

diff --git a/server/plugin/create.go b/server/plugin/create.go
@@ -5,14 +5,17 @@ import (
 	"errors"
 	"fmt"
 	"slices"
+	"strings"
 	"time"
 
 	"github.com/mattermost/mattermost/server/public/model"
 	"github.com/mattermost/mattermost/server/public/plugin"
 	"golang.org/x/oauth2"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
+	driveV2 "google.golang.org/api/drive/v2"
 	"google.golang.org/api/drive/v3"
+
 	"google.golang.org/api/option"
 )
 
@@ -66,8 +69,9 @@ func (p *Plugin) sendFileCreatedMessage(channelID, fileID, userID, message strin
 	return nil
 }
 
-func (p *Plugin) handleFilePermissions(userID string, fileID string, fileAccess string, channelID string) error {
+func (p *Plugin) handleFilePermissions(userID string, fileID string, fileAccess string, channelID string, fileName string) error {
 	permissions := make([]*drive.Permission, 0)
+	userMap := make(map[string]*model.User, 0)
 	switch fileAccess {
 	case "all_view":
 		permissions = append(permissions, &drive.Permission{
@@ -94,6 +98,7 @@ func (p *Plugin) handleFilePermissions(userID string, fileID string, fileAccess
 						EmailAddress: user.Email,
 						Type:         "user",
 					})
+					userMap[user.Email] = user
 				}
 			}
 		}
@@ -107,6 +112,7 @@ func (p *Plugin) handleFilePermissions(userID string, fileID string, fileAccess
 						EmailAddress: user.Email,
 						Type:         "user",
 					})
+					userMap[user.Email] = user
 				}
 			}
 		}
@@ -120,6 +126,7 @@ func (p *Plugin) handleFilePermissions(userID string, fileID string, fileAccess
 						EmailAddress: user.Email,
 						Type:         "user",
 					})
+					userMap[user.Email] = user
 				}
 			}
 		}
@@ -135,14 +142,43 @@ func (p *Plugin) handleFilePermissions(userID string, fileID string, fileAccess
 		return err
 	}
 
+	usersWithoutAccesss := []string{}
+	config := p.API.GetConfig()
+	var permissionError error
+
 	for _, permission := range permissions {
+		// Continue through the permissions loop when we encounter an error so we can inform the user who wasn't granted access.
+		if permissionError != nil {
+			usersWithoutAccesss = appendUsersWithoutAccessSlice(config, usersWithoutAccesss, userMap[permission.EmailAddress].Username, permission.EmailAddress)
+			continue
+		}
 		_, err := srv.Permissions.Create(fileID, permission).Do()
 		if err != nil {
+			usersWithoutAccesss = appendUsersWithoutAccessSlice(config, usersWithoutAccesss, userMap[permission.EmailAddress].Username, permission.EmailAddress)
+			// This error will occur if the user is not allowed to share the file with someone outside of their domain.
+			if strings.Contains(err.Error(), "shareOutNotPermitted") {
+				continue
+			}
 			p.API.LogError("Something went wrong while updating permissions for file", "err", err, "fileID", fileID)
-			return err
+			permissionError = err
 		}
 	}
-	return nil
+
+	if len(usersWithoutAccesss) > 0 {
+		p.createBotDMPost(userID, fmt.Sprintf("Failed to share file, \"%s\", with the following users: %s", fileName, strings.Join(usersWithoutAccesss, ", ")), nil)
+	}
+
+	return permissionError
+}
+
+func appendUsersWithoutAccessSlice(config *model.Config, usersWithoutAccesss []string, username string, email string) []string {
+	if config.PrivacySettings.ShowEmailAddress == nil || !*config.PrivacySettings.ShowEmailAddress {
+		usersWithoutAccesss = append(usersWithoutAccesss, "@"+username)
+	} else {
+		usersWithoutAccesss = append(usersWithoutAccesss, email)
+	}
+
+	return usersWithoutAccesss
 }
 
 func (p *Plugin) handleCreate(c *plugin.Context, args *model.CommandArgs, parameters []string) string {
@@ -179,27 +215,46 @@ func (p *Plugin) handleCreate(c *plugin.Context, args *model.CommandArgs, parame
 		Optional:    true,
 	})
 
-	dialog.Dialog.Elements = append(dialog.Dialog.Elements, model.DialogElement{
-		DisplayName: "File Access",
-		Name:        "file_access",
-		Type:        "select",
-		Options: []*model.PostActionOptions{
-			{
-				Text:  "Keep file private",
-				Value: "private",
-			},
-			{
-				Text:  "Members of the channel can view",
-				Value: "members_view",
-			},
-			{
-				Text:  "Members of the channel can comment",
-				Value: "members_comment",
-			},
-			{
-				Text:  "Members of the channel can edit",
-				Value: "members_edit",
-			},
+	ctx := context.Background()
+	conf := p.getOAuthConfig()
+	authToken, err := p.getGoogleUserToken(args.UserId)
+	if err != nil {
+		p.API.LogError("Failed to get user token", "err", err)
+		return "Failed to open file creation dialog"
+	}
+
+	srvV2, err := driveV2.NewService(ctx, option.WithTokenSource(conf.TokenSource(ctx, authToken)))
+	if err != nil {
+		p.API.LogError("Failed to create drive client", "err", err)
+		return "Failed to open file creation dialog. Please contact your system administrator."
+	}
+
+	about, err := srvV2.About.Get().Fields("domainSharingPolicy").Do()
+	if err != nil {
+		p.API.LogError("Failed to get user information", "err", err)
+		return "Failed to open file creation dialog. Please contact your system administrator."
+	}
+
+	options := []*model.PostActionOptions{
+		{
+			Text:  "Keep file private",
+			Value: "private",
+		},
+		{
+			Text:  "Members of the channel can view",
+			Value: "members_view",
+		},
+		{
+			Text:  "Members of the channel can comment",
+			Value: "members_comment",
+		},
+		{
+			Text:  "Members of the channel can edit",
+			Value: "members_edit",
+		},
+	}
+	if strings.ToLower(about.DomainSharingPolicy) == "allowed" || strings.ToLower(about.DomainSharingPolicy) == "allowedwithwarning" {
+		options = append(options, []*model.PostActionOptions{
 			{
 				Text:  "Anyone with the link can view",
 				Value: "all_view",
@@ -212,7 +267,14 @@ func (p *Plugin) handleCreate(c *plugin.Context, args *model.CommandArgs, parame
 				Text:  "Anyone with the link can edit",
 				Value: "all_edit",
 			},
-		},
+		}...)
+	}
+
+	dialog.Dialog.Elements = append(dialog.Dialog.Elements, model.DialogElement{
+		DisplayName: "File Access",
+		Name:        "file_access",
+		Type:        "select",
+		Options:     options,
 	})
 
 	dialog.Dialog.Elements = append(dialog.Dialog.Elements, model.DialogElement{