Fix some errors and add permissions

packages/rocketchat-integrations/client/route.coffee

@@ -16,7 +16,7 @@ FlowRouter.route '/admin/integrations/new',
 			pageTemplate: 'integrationsNew'
 
 
-FlowRouter.route '/admin/integrations/incoming/:token?',
+FlowRouter.route '/admin/integrations/incoming/:id?',
 	name: 'admin-integrations-incoming'
 	action: (params) ->
 		BlazeLayout.render 'main',

packages/rocketchat-integrations/client/views/integrations.html

@@ -7,7 +7,7 @@
 				<div class="section">
 					<div class="admin-integrations-new-panel">
 						{{#each integrations}}
-							<a href="{{pathFor "admin-integrations-incoming" token=token}}">
+							<a href="{{pathFor "admin-integrations-incoming" id=_id}}">
 								<div class="admin-integrations-new-item">
 									<i class="icon-login"></i>
 									<div class="admin-integrations-new-item-body">
@@ -21,6 +21,8 @@
 									<i class="icon-angle-right"></i>
 								</div>
 							</a>
+						{{else}}
+							<h1>There is no integrations</h1>
 						{{/each}}
 					</div>
 				</div>

packages/rocketchat-integrations/client/views/integrationsIncoming.coffee

@@ -4,15 +4,15 @@ Template.integrationsIncoming.helpers
 		return RocketChat.authz.hasAllPermission 'manage-integrations'
 
 	data: ->
-		params = Template.instance().data.params()
+		params = Template.instance().data.params?()
 
-		if params.token?
-			data = ChatIntegrations.findOne({token: params.token})
-			data.url = Meteor.absoluteUrl("hooks/#{data._id}/#{data.userId}/#{data.token}")
-			return data
+		if params?.id?
+			data = ChatIntegrations.findOne({_id: params.id})
+			if data?
+				data.url = Meteor.absoluteUrl("hooks/#{data._id}/#{data.userId}/#{data.token}")
+				return data
 
-		return {} =
-			channelType: 'c'
+		return {}
 
 
 Template.integrationsIncoming.events
@@ -30,7 +30,7 @@ Template.integrationsIncoming.events
 			closeOnConfirm: false
 			html: false
 		, ->
-			Meteor.call "deleteIntegration", params._id, (err, data) ->
+			Meteor.call "deleteIntegration", params.id, (err, data) ->
 				swal
 					title: t('Deleted')
 					text: t('Your_entry_has_been_deleted')
@@ -38,6 +38,8 @@ Template.integrationsIncoming.events
 					timer: 1000
 					showConfirmButton: false
 
+				FlowRouter.go "admin-integrations"
+
 	"click .submit > .save": ->
 		name = $('[name=name]').val().trim()
 		channel = $('[name=channel]').val().trim()
@@ -53,11 +55,12 @@ Template.integrationsIncoming.events
 			channel: channel
 			name: name if name isnt ''
 
-		params = Template.instance().data.params()
-		if params._id?
-			Meteor.call "updateIntegration", params._id, integration, (err, data) ->
+		params = Template.instance().data.params?()
+		if params?.id?
+			Meteor.call "updateIntegration", params.id, integration, (err, data) ->
 				if err?
-					toastr.error TAPi18n.__(err.error)
+					return toastr.error TAPi18n.__(err.error)
+
 				toastr.success TAPi18n.__("Integration_updated")
 		else
 			integration.type = 'webhook-incoming'
@@ -65,6 +68,7 @@ Template.integrationsIncoming.events
 
 			Meteor.call "addIntegration", integration, (err, data) ->
 				if err?
-					toastr.error TAPi18n.__(err.error)
+					return toastr.error TAPi18n.__(err.error)
+
 				toastr.success TAPi18n.__("Integration_added")
-				FlowRouter.go "admin-integrations-incoming", {token: data.token}
+				FlowRouter.go "admin-integrations-incoming", {id: data._id}

packages/rocketchat-integrations/client/views/integrationsIncoming.html

 <template name="integrationsIncoming">
 	<div class="permissions-manager">
 		{{#if hasPermission}}
-			<a href="{{pathFor "admin-integrations-new"}}"><i class="icon-angle-left"></i> {{_ "Back_to_integrations"}}</a><br><br>
+			<a href="{{pathFor "admin-integrations"}}"><i class="icon-angle-left"></i> {{_ "Back_to_integrations"}}</a><br><br>
 			<div class="rocket-form">
 				<div class="section">
 					<div class="section-content">
@@ -21,7 +21,7 @@
 							</div>
 						</div>
 						<div class="input-line double-col">
-							<label>Post as:</label>
+							<label>Post as</label>
 							<div>
 								{{#if data.username}}
 									<input type="text" name="username" value="{{data.username}}" disabled="disabled" />

packages/rocketchat-integrations/server/methods/addIntegration.coffee

 Meteor.methods
 	addIntegration: (integration) ->
+		if not RocketChat.authz.hasPermission @userId, 'manage-integrations'
+			throw new Meteor.Error 'not_authorized'
+
 		if not _.isString(integration.channel)
 			throw new Meteor.Error 'invalid_channel', '[methods] addIntegration -> channel must be string'
 
@@ -16,18 +19,21 @@ Meteor.methods
 			throw new Meteor.Error 'invalid_username', '[methods] addIntegration -> username can\'t be empty'
 
 		record = undefined
-		switch integration.channel[0]
+		channelType = integration.channel[0]
+		channel = integration.channel.substr(1)
+
+		switch channelType
 			when '#'
 				record = RocketChat.models.Rooms.findOne
 					$or: [
-						{_id: integration.channel}
-						{name: integration.channel}
+						{_id: channel}
+						{name: channel}
 					]
 			when '@'
 				record = RocketChat.models.Users.findOne
 					$or: [
-						{_id: integration.channel}
-						{username: integration.channel}
+						{_id: channel}
+						{username: channel}
 					]
 
 		if record is undefined
@@ -52,6 +58,6 @@ Meteor.methods
 
 		RocketChat.models.Users.update {_id: user._id}, updateObj
 
-		RocketChat.models.Integrations.insert integration
+		integration._id = RocketChat.models.Integrations.insert integration
 
 		return integration

packages/rocketchat-integrations/server/methods/deleteIntegration.coffee

 Meteor.methods
 	deleteIntegration: (integrationId) ->
-		if not RocketChat.models.Integrations.findOne(integrationId)?
+		if not RocketChat.authz.hasPermission @userId, 'manage-integrations'
+			throw new Meteor.Error 'not_authorized'
+
+		integration = RocketChat.models.Integrations.findOne(integrationId)
+
+		if not integration?
 			throw new Meteor.Error 'invalid_integration', '[methods] addIntegration -> integration not found'
 
+		updateObj =
+			$pull:
+				'services.resume.loginTokens':
+					hashedToken: integration.token
+					integration: true
+
+		RocketChat.models.Users.update {_id: integration.userId}, updateObj
+
 		RocketChat.models.Integrations.remove _id: integrationId
 
 		return true

packages/rocketchat-integrations/server/methods/updateIntegration.coffee

 Meteor.methods
 	updateIntegration: (integrationId, integration) ->
+		if not RocketChat.authz.hasPermission @userId, 'manage-integrations'
+			throw new Meteor.Error 'not_authorized'
+
 		if not _.isString(integration.channel)
 			throw new Meteor.Error 'invalid_channel', '[methods] addIntegration -> channel must be string'
 
@@ -13,18 +16,21 @@ Meteor.methods
 			throw new Meteor.Error 'invalid_integration', '[methods] addIntegration -> integration not found'
 
 		record = undefined
-		switch integration.channel[0]
+		channelType = integration.channel[0]
+		channel = integration.channel.substr(1)
+
+		switch channelType
 			when '#'
 				record = RocketChat.models.Rooms.findOne
 					$or: [
-						{_id: integration.channel}
-						{name: integration.channel}
+						{_id: channel}
+						{name: channel}
 					]
 			when '@'
 				record = RocketChat.models.Users.findOne
 					$or: [
-						{_id: integration.channel}
-						{username: integration.channel}
+						{_id: channel}
+						{username: channel}
 					]
 
 		if record is undefined