def restart(userinfo) : if not userinfo.isAdmin() : error("Only super user can reatart CELLAR.") return False info("CELLAR is being restarted by " + userinfo.username) call(["uwsgi", "--reload", "uwsgi.pid"])
def dir_reset(fullPath = None): """ Delete any or children index files of fullPath. @param fullPath replaces with ROOT if it is None.: """ if fullPath is None : fullPath = config.ROOT if fullPath == config.ROOT : info("index.dir.reset.full : start") dir_del(fullPath) for child in os.listdir(fullPath) : try : childPath = fullPath + os.path.sep + child if os.path.isfile(childPath) : continue dir_reset(childPath) except Exception as err : error("index.dir.reset : " + err.__str__()) if fullPath == config.ROOT : ok("index.dir.reset.full : finished") return True
def setAuth(fullPath, inherit=None, readable=None, writeable=None, deletable=None) : """ Directory 권한 설정 성공 시 경로 식별자 ID "" 실패 시 -1 예외 메시지 """ file_id = index.dir_get(fullPath) message = "" if file_id is None : params = {} if inherit is not None : params["inherit"] = inherit if readable is not None : params["readable"] = readable if writeable is not None : params["writeable"] = writeable if deletable is not None : params["deletable"] = deletable try : with transaction.atomic() : descriptor = FileDescriptor(file=fullPath, reference_id=0, **params) descriptor.save() index.dir_set(fullPath, descriptor.file_id) file_id = descriptor.file_id except Exception as err : error("auth.dir.set : " + err.__str__()) file_id = -1 message = err.__str__() else : try : descriptor = FileDescriptor.objects.get(file_id=file_id) file_id = descriptor.file_id if inherit is not None : descriptor.inherit = inherit if readable is not None : descriptor.readable = readable if writeable is not None : descriptor.writeable = writeable if deletable is not None : descriptor.deletable = deletable descriptor.save() except Exception as err : error("auth.dir.set : " + err.__str__()) file_id = -2 message = err.__str__() return (file_id, message)
def deleteFiles(request, *args, **kwargs): """ return { ... exts : [(ext, errno), ...] } 0 : 성공 1 : 대상이 경로입니다 2 : - 3 : 허용되지 않은 요청입니다 4 : 오류가 발생하였습니다 5 : 권한 없음 """ groupPath = request.POST.get("groupPath") exts = request.POST.getlist("exts[]") targetPath = os.path.normpath(os.path.dirname(groupPath)) + "/" filegroup = os.path.basename(groupPath) filenames = [] for ext in exts : filenames.append(filegroup + ext) fileManager = CELLAR_FileManager(request) resultSet = fileManager.rmfiles(targetPath, filenames) result = [] code = 0 info("file.delete : {0}".format(fileManager.getFullPath(groupPath))) for row in resultSet : ext = os.path.splitext(row[0])[1] result.append((ext, row[1])) if row[1] == 0 : ok("file.delete : {0}".format(ext)) else : error("dir.delete : E{0} {1}".format(code, ext)) if row[1] is not 0 : code = row[1] message = { 0 : "성공", 1 : "대상이 경로입니다", 2 : "", 3 : "허용되지 않은 요청입니다", 4 : "오류가 발생하였습니다", 5 : "권한 없음" } response = { "code" : code, "message" : message[code], "groupPath" : groupPath, "result" : result } return HttpResponse(json.dumps(response))
def dir_set(fullPath, file_id): """ Set or update file_id of index file in fullPath. Will return False unless it is done successfully. """ try : file = open(os.path.normpath(fullPath + config.INDEX_FILE), mode='w') file.write(str(file_id)) file.close() return True except Exception as err : error("index.dir.set : " + err.__str__()) return False
def createDir(request, *args, **kwargs): """ * Common 0 : "SUCCESS", 1 : "생성 위치가 존재하지 않습니다", 2 : "생성 위치가 파일입니다", 3 : "허용되지 않는 요청입니다", 4 : "오류가 발생하였습니다", 5 : "권한이 없습니다", * Additional newPath : 생성된 새 경로 """ parentPath = request.POST.get("parentPath") dirName = request.POST.get("dirName") newPath = parentPath + dirName + "/" fileManager = CELLAR_FileManager(request) code = fileManager.mkdir(parentPath, dirName) message = { 0 : "SUCCESS", 1 : "생성 위치가 존재하지 않습니다", 2 : "생성 위치가 파일입니다", 3 : "허용되지 않는 요청입니다", 4 : "오류가 발생하였습니다", 5 : "권한이 없습니다", } response = { "code" : code, "message" : message[code], "newPath" : newPath, } if code == 0 : ok("dir.create : {0}".format(fileManager.getFullPath(newPath))) else : error("dir.create : E{0} {1}".format(code, fileManager.getFullPath(newPath))) return HttpResponse(json.dumps(response))
def getUserInfo(request): if request.user.is_authenticated() : userinfo = None username = request.user.get_username() try : userinfo = UserInfo.objects.get(username = username); # django 관리자는 자동적으로 SUPER USER 권한 부여 if request.user.is_superuser : userinfo.usertype = UserInfo.SUPER except ObjectDoesNotExist as err : error("%s : %s" % (username, err.__str__())) # Userinfo 미 존재 시, 관리자에 한하여 자동 생성 if request.user.is_superuser : userinfo = UserInfo(username=username, usertype=UserInfo.SUPER) userinfo.save() return userinfo else : guest = UserInfo(username = '******') guest.home = config.HOME_GUEST guest.welcome = "" return guest
def deleteDir(request, *args, **kwargs): """ 0 : 성공 1 : 대상이 파일입니다 2 : - 3 : 허용되지 않은 요청입니다 4 : 오류가 발생하였습니다 5 : 권한 없음 """ dirPath = request.POST.get("dirPath") fileManager = CELLAR_FileManager(request) code = fileManager.rmdir(dirPath) message = { 0 : "성공", 1 : "대상이 파일입니다", 2 : "", 3 : "허용되지 않은 요청입니다", 4 : "오류가 발생하였습니다", 5 : "권한 없음" } response = { "code" : code, "message" : message[code], "dirPath" : dirPath } if code == 0 : ok("dir.delete : {0}".format(fileManager.getFullPath(dirPath))) else : error("dir.delete : E{0} {1}".format(code, fileManager.getFullPath(dirPath))) return HttpResponse(json.dumps(response))
def getUserInfo(request): if request.user.is_authenticated(): userinfo = None username = request.user.get_username() try: userinfo = UserInfo.objects.get(username=username) # django 관리자는 자동적으로 SUPER USER 권한 부여 if request.user.is_superuser: userinfo.usertype = UserInfo.SUPER except ObjectDoesNotExist as err: error("%s : %s" % (username, err.__str__())) # Userinfo 미 존재 시, 관리자에 한하여 자동 생성 if request.user.is_superuser: userinfo = UserInfo(username=username, usertype=UserInfo.SUPER) userinfo.save() return userinfo else: guest = UserInfo(username='******') guest.home = config.HOME_GUEST guest.welcome = "" return guest
def getAuth(userinfo, fullPath, mode = 0x07): """ 조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다. """ if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic() : return (True, True, True) readable = not (mode & 0x04) | userinfo.isMetic() writeable = not (mode & 0x02) deletable = not (mode & 0x01) normFullPath = os.path.normpath(fullPath) descriptor = None file_id = index.dir_get(fullPath) # 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음. # info("ROOT : " + userinfo.getHomePath()) # info("COMP : " + normFullPath) if normFullPath == userinfo.getHomePath() : inheritable = False else : inheritable = True if file_id is not None and file_id >= 0 : try : descriptor = FileDescriptor.objects.get(file_id=file_id) readable |= descriptor.readable writeable |= descriptor.writeable deletable |= descriptor.deletable if not (readable and writeable and deletable) : users = [] users.append(userinfo) for user in UserGroups.objects.filter(user=userinfo) : users.append(user.group) for userAuthority in UserAuthority.objects.filter(username__in=users, file_id=file_id) : readable |= userAuthority.readable writeable |= userAuthority.writeable deletable |= userAuthority.deletable if readable and writeable and deletable : break if not (readable and writeable and deletable) and inheritable and descriptor.inherit : auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] except Exception as err: error("auth.dir.get : " + err.__str__()) pass elif not userinfo.isGuest() or config.USING_GUEST : readable = config.DEFAULT_AUTH_DIR_READABLE writeable = config.DEFAULT_AUTH_DIR_WRITEABLE deletable = config.DEFAULT_AUTH_DIR_DELETABLE # 상속받는 경우 if not(readable and writeable and deletable) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT : auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] # 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다. if userinfo.isGuest() and normFullPath == config.getHomeGuest() : readable = True return (readable, writeable, deletable)
def setAuth(fullPath, inherit=None, readable=None, writeable=None, deletable=None): """ Directory 권한 설정 성공 시 경로 식별자 ID "" 실패 시 -1 예외 메시지 """ file_id = index.dir_get(fullPath) message = "" if file_id is None: params = {} if inherit is not None: params["inherit"] = inherit if readable is not None: params["readable"] = readable if writeable is not None: params["writeable"] = writeable if deletable is not None: params["deletable"] = deletable try: with transaction.atomic(): descriptor = FileDescriptor(file=fullPath, reference_id=0, **params) descriptor.save() index.dir_set(fullPath, descriptor.file_id) file_id = descriptor.file_id except Exception as err: error("auth.dir.set : " + err.__str__()) file_id = -1 message = err.__str__() else: try: descriptor = FileDescriptor.objects.get(file_id=file_id) file_id = descriptor.file_id if inherit is not None: descriptor.inherit = inherit if readable is not None: descriptor.readable = readable if writeable is not None: descriptor.writeable = writeable if deletable is not None: descriptor.deletable = deletable descriptor.save() except Exception as err: error("auth.dir.set : " + err.__str__()) file_id = -2 message = err.__str__() return (file_id, message)
def getAuth(userinfo, fullPath, mode=0x07): """ 조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다. """ if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic(): return (True, True, True) readable = not (mode & 0x04) | userinfo.isMetic() writeable = not (mode & 0x02) deletable = not (mode & 0x01) normFullPath = os.path.normpath(fullPath) descriptor = None file_id = index.dir_get(fullPath) # 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음. # info("ROOT : " + userinfo.getHomePath()) # info("COMP : " + normFullPath) if normFullPath == userinfo.getHomePath(): inheritable = False else: inheritable = True if file_id is not None and file_id >= 0: try: descriptor = FileDescriptor.objects.get(file_id=file_id) readable |= descriptor.readable writeable |= descriptor.writeable deletable |= descriptor.deletable if not (readable and writeable and deletable): users = [] users.append(userinfo) for user in UserGroups.objects.filter(user=userinfo): users.append(user.group) for userAuthority in UserAuthority.objects.filter( username__in=users, file_id=file_id): readable |= userAuthority.readable writeable |= userAuthority.writeable deletable |= userAuthority.deletable if readable and writeable and deletable: break if not (readable and writeable and deletable) and inheritable and descriptor.inherit: auth_inherit = Directory.getAuth( userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] except Exception as err: error("auth.dir.get : " + err.__str__()) pass elif not userinfo.isGuest() or config.USING_GUEST: readable = config.DEFAULT_AUTH_DIR_READABLE writeable = config.DEFAULT_AUTH_DIR_WRITEABLE deletable = config.DEFAULT_AUTH_DIR_DELETABLE # 상속받는 경우 if not (readable and writeable and deletable ) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT: auth_inherit = Directory.getAuth( userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] # 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다. if userinfo.isGuest() and normFullPath == config.getHomeGuest(): readable = True return (readable, writeable, deletable)
def userCreate(params, isAdmin = False) : response = { "code" : 0, } is_group = params.get('is_group') username = params.get('username') password = params.get("password") email = params.get("email") first_name = params.get("first_name") memo = params.get("memo") # 최고 관리자에 의해 등록되는 ID 는 E-MAIL 은 필요 없음 if not email and isAdmin : email = "" if is_group and not isAdmin : response["code"] = -2 response["message"] = "그룹 사용자는 관리자만이 추가할 수 있습니다." elif not re.match("[a-zA-Z0-9_]{6,}|@[a-zA-Z0-9_]{5,}", username) : response["code"] = -3 response["message"] = "ID 는 6글자 이상의 영숫자와 '_' 로 작성해주세요." elif is_group and not re.match("@.*", username) : response["code"] = -4 response["message"] = "그룹 사용자의 아이디는 @로 시작해야합니다." elif username and password and first_name and ( email or isAdmin ) : try : usertype = UserInfo.NORMAL if is_group : usertype = UserInfo.GROUP user = User.objects.create_user(username, email, password, first_name=first_name) userinfo = UserInfo(username=username, usertype=usertype, memo=memo) userinfo.save() response["code"] = 0 response["message"] = "사용자가 등록되었습니다." response["user"] = user ok("user.create : " + username) except Exception as err : error("user.create : " + err.__str__()) response["code"] = 1 response['message'] = "이미 존재하는 아이디 입니다." else : response["code"] = -1 response["message"] = "필수 항목을 모두 입력하여 주십시오." if isAdmin and is_group : response["is_group"] = is_group if username : response["username"] = username if email : response["email"] = email if first_name : response["first_name"] = first_name if memo : response["memo"] = memo return response