Beispiel #1
0
    def delete(self, request, repo, path, share_type):
        """ Delete user/group share permission.

        Permission checking:
        1. admin user.
        """

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        share_to = request.data.get('share_to', None)

        if share_type == 'user':
            email = share_to
            if not email or not is_valid_username(email):
                error_msg = 'email %s invalid.' % email
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_user(repo.repo_id, path, email):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                permission = check_user_share_out_permission(
                    repo.repo_id, path, email)

                if path == '/':
                    seafile_api.remove_share(repo.repo_id, repo_owner, email)
                else:
                    seafile_api.unshare_subdir_for_user(
                        repo.repo_id, path, repo_owner, email)

                if path == '/':
                    ExtraSharePermission.objects.delete_share_permission(
                        repo.repo_id, email)
                send_perm_audit_msg('delete-repo-perm', username, email,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        if share_type == 'group':
            group_id = share_to
            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id %s invalid' % group_id
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_group(repo.repo_id, path, group_id):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:

                permission = check_group_share_out_permission(
                    repo.repo_id, path, group_id)

                if path == '/':
                    seafile_api.unset_group_repo(repo.repo_id, group_id,
                                                 repo_owner)
                else:
                    seafile_api.unshare_subdir_for_group(
                        repo.repo_id, path, repo_owner, group_id)

                if path == '/':
                    ExtraGroupsSharePermission.objects.delete_share_permission(
                        repo.repo_id, group_id)

                send_perm_audit_msg('delete-repo-perm', username, group_id,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        return Response({'success': True})
Beispiel #2
0
    def put(self, request, repo, path, share_type):
        """ Update user/group share permission.

        Permission checking:
        1. admin user.
        """

        # argument check
        permission = request.data.get('permission', None)
        if not permission or permission not in get_available_repo_perms():
            error_msg = 'permission invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        share_info = {}
        share_info['repo_id'] = repo.repo_id
        share_info['path'] = path
        share_info['share_type'] = share_type

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        share_to = request.data.get('share_to', None)
        if share_type == 'user':
            email = share_to
            if not email or not is_valid_username(email):
                error_msg = 'email %s invalid.' % email
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            try:
                User.objects.get(email=email)
            except User.DoesNotExist:
                error_msg = 'User %s not found.' % email
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            if not has_shared_to_user(repo.repo_id, path, email):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                update_user_dir_permission(repo.repo_id, path, repo_owner,
                                           email, permission)

                send_perm_audit_msg('modify-repo-perm', username, email,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

            share_info['user_email'] = email
            share_info['user_name'] = email2nickname(email)
            share_info[
                'permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
            share_info['is_admin'] = permission == PERMISSION_ADMIN

        if share_type == 'group':
            group_id = share_to
            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id %s invalid.' % group_id
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            group = ccnet_api.get_group(group_id)
            if not group:
                error_msg = 'Group %s not found' % group_id
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            if not has_shared_to_group(repo.repo_id, path, group_id):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                update_group_dir_permission(repo.repo_id, path, repo_owner,
                                            group_id, permission)
                send_perm_audit_msg('modify-repo-perm', username, group_id,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

            share_info['group_id'] = group_id
            share_info['group_name'] = group.group_name
            share_info[
                'permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
            share_info['is_admin'] = permission == PERMISSION_ADMIN

        return Response(share_info)
Beispiel #3
0
    def post(self, request, repo, path, share_type):
        """ Admin share a library to user/group.

        Permission checking:
        1. admin user.
        """

        # argument check
        permission = request.data.get('permission', None)
        if not permission or permission not in get_available_repo_perms():
            error_msg = 'permission invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        result = {}
        result['failed'] = []
        result['success'] = []
        share_to = request.data.getlist('share_to')

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        if share_type == 'user':
            for email in share_to:
                if repo_owner == email:
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        _('User %s is already library owner.') % email
                    })

                    continue

                if not is_valid_username(email):
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        _('Email %s invalid.') % email
                    })

                    continue

                try:
                    User.objects.get(email=email)
                except User.DoesNotExist:
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        'User %s not found.' % email
                    })

                    continue

                if has_shared_to_user(repo.repo_id, path, email):
                    result['failed'].append({
                        'email':
                        email,
                        'error_msg':
                        _('This item has been shared to %s.') % email
                    })
                    continue

                try:

                    share_dir_to_user(repo, path, repo_owner, username, email,
                                      permission)
                    share_repo_to_user_successful.send(sender=None,
                                                       from_user=username,
                                                       to_user=email,
                                                       repo=repo,
                                                       path=path,
                                                       org_id=None)
                    send_perm_audit_msg('add-repo-perm', username, email,
                                        repo.repo_id, path, permission)

                except Exception as e:
                    logger.error(e)
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        'Internal Server Error'
                    })

                    continue

                result['success'].append({
                    "repo_id":
                    repo.repo_id,
                    "path":
                    path,
                    "share_type":
                    share_type,
                    "user_email":
                    email,
                    "user_name":
                    email2nickname(email),
                    "permission":
                    PERMISSION_READ_WRITE
                    if permission == PERMISSION_ADMIN else permission,
                    "is_admin":
                    permission == PERMISSION_ADMIN
                })

        if share_type == 'group':
            for group_id in share_to:
                try:
                    group_id = int(group_id)
                except ValueError as e:
                    logger.error(e)
                    result['failed'].append({
                        'group_id':
                        group_id,
                        'error_msg':
                        'group_id %s invalid.' % group_id
                    })

                    continue

                group = ccnet_api.get_group(group_id)
                if not group:
                    result['failed'].append({
                        'group_id':
                        group_id,
                        'error_msg':
                        'Group %s not found' % group_id
                    })

                    continue

                if has_shared_to_group(repo.repo_id, path, group_id):
                    result['failed'].append({
                        'group_name':
                        group.group_name,
                        'error_msg':
                        _('This item has been shared to %s.') %
                        group.group_name
                    })
                    continue

                try:
                    share_dir_to_group(repo, path, repo_owner, username,
                                       group_id, permission)

                    share_repo_to_group_successful.send(sender=None,
                                                        from_user=username,
                                                        group_id=group_id,
                                                        repo=repo,
                                                        path=path,
                                                        org_id=None)

                    send_perm_audit_msg('add-repo-perm', username, group_id,
                                        repo.repo_id, path, permission)
                except Exception as e:
                    logger.error(e)
                    result['failed'].append({
                        "group_id":
                        group_id,
                        'error_msg':
                        'Internal Server Error'
                    })

                    continue

                result['success'].append({
                    "repo_id":
                    repo.repo_id,
                    "path":
                    path,
                    "share_type":
                    share_type,
                    "group_id":
                    group_id,
                    "group_name":
                    group.group_name,
                    "permission":
                    PERMISSION_READ_WRITE
                    if permission == PERMISSION_ADMIN else permission,
                    "is_admin":
                    permission == PERMISSION_ADMIN
                })

        return Response(result)
Beispiel #4
0
    def delete(self, request, repo, path, share_type):
        """ Delete user/group share permission.

        Permission checking:
        1. admin user.
        """

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        share_to = request.data.get('share_to', None)

        if share_type == 'user':
            email = share_to
            if not email or not is_valid_username(email):
                error_msg = 'email %s invalid.' % email
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_user(repo.repo_id, path, email):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                permission = check_user_share_out_permission(repo.repo_id, path, email)

                if path == '/':
                    seafile_api.remove_share(repo.repo_id, repo_owner, email)
                else:
                    seafile_api.unshare_subdir_for_user(
                            repo.repo_id, path, repo_owner, email)

                if path == '/':
                    ExtraSharePermission.objects.delete_share_permission(repo.repo_id, 
                                                                         email)
                send_perm_audit_msg('delete-repo-perm', username, email,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        if share_type == 'group':
            group_id = share_to
            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id %s invalid' % group_id
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            if not has_shared_to_group(repo.repo_id, path, group_id):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:

                permission = check_group_share_out_permission(repo.repo_id, path, group_id)

                if path == '/':
                    seafile_api.unset_group_repo(repo.repo_id, group_id, repo_owner)
                else:
                    seafile_api.unshare_subdir_for_group(
                            repo.repo_id, path, repo_owner, group_id)

                if path == '/':
                    ExtraGroupsSharePermission.objects.delete_share_permission(repo.repo_id, 
                                                                               group_id)

                send_perm_audit_msg('delete-repo-perm', username, group_id,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        return Response({'success': True})
Beispiel #5
0
    def put(self, request, repo, path, share_type):
        """ Update user/group share permission.

        Permission checking:
        1. admin user.
        """

        # argument check
        permission = request.data.get('permission', None)
        if not permission or permission not in get_available_repo_perms():
            error_msg = 'permission invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        share_info = {}
        share_info['repo_id'] = repo.repo_id
        share_info['path'] = path
        share_info['share_type'] = share_type

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        share_to = request.data.get('share_to', None)
        if share_type == 'user':
            email = share_to
            if not email or not is_valid_username(email):
                error_msg = 'email %s invalid.' % email
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            try:
                User.objects.get(email=email)
            except User.DoesNotExist:
                error_msg = 'User %s not found.' % email
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            if not has_shared_to_user(repo.repo_id, path, email):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                update_user_dir_permission(repo.repo_id, path, repo_owner, email, permission)

                send_perm_audit_msg('modify-repo-perm', username, email,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            share_info['user_email'] = email
            share_info['user_name'] = email2nickname(email)
            share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
            share_info['is_admin'] = permission == PERMISSION_ADMIN

        if share_type == 'group':
            group_id = share_to
            try:
                group_id = int(group_id)
            except ValueError:
                error_msg = 'group_id %s invalid.' % group_id
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            group = ccnet_api.get_group(group_id)
            if not group:
                error_msg = 'Group %s not found' % group_id
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            if not has_shared_to_group(repo.repo_id, path, group_id):
                error_msg = 'Shared items not found'
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            try:
                update_group_dir_permission(repo.repo_id, path, repo_owner, group_id, permission)
                send_perm_audit_msg('modify-repo-perm', username, group_id,
                                    repo.repo_id, path, permission)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            share_info['group_id'] = group_id
            share_info['group_name'] = group.group_name
            share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission
            share_info['is_admin'] = permission == PERMISSION_ADMIN

        return Response(share_info)
Beispiel #6
0
    def post(self, request, repo, path, share_type):
        """ Admin share a library to user/group.

        Permission checking:
        1. admin user.
        """

        # argument check
        permission = request.data.get('permission', None)
        if not permission or permission not in get_available_repo_perms():
            error_msg = 'permission invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        result = {}
        result['failed'] = []
        result['success'] = []
        share_to = request.data.getlist('share_to')

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo.repo_id)
        username = request.user.username

        if share_type == 'user':
            for email in share_to:
                if repo_owner == email:
                    result['failed'].append({
                        'user_email': email,
                        'error_msg': _(u'User %s is already library owner.') % email
                        })

                    continue

                if not is_valid_username(email):
                    result['failed'].append({
                        'user_email': email,
                        'error_msg': _('Email %s invalid.') % email
                        })

                    continue

                try:
                    User.objects.get(email=email)
                except User.DoesNotExist:
                    result['failed'].append({
                        'user_email': email,
                        'error_msg': 'User %s not found.' % email
                        })

                    continue

                if has_shared_to_user(repo.repo_id, path, email):
                    result['failed'].append({
                        'email': email,
                        'error_msg': _(u'This item has been shared to %s.') % email
                    })
                    continue

                try:

                    share_dir_to_user(repo, path, repo_owner, username, email, permission)
                    share_repo_to_user_successful.send(sender=None, from_user=username,
                                                       to_user=email, repo=repo,
                                                       path=path, org_id=None)
                    send_perm_audit_msg('add-repo-perm', username, email,
                                         repo.repo_id, path, permission)

                except Exception as e:
                    logger.error(e)
                    result['failed'].append({
                        'user_email': email,
                        'error_msg': 'Internal Server Error'
                        })

                    continue

                result['success'].append({
                    "repo_id": repo.repo_id,
                    "path": path,
                    "share_type": share_type,
                    "user_email": email,
                    "user_name": email2nickname(email),
                    "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission,
                    "is_admin": permission == PERMISSION_ADMIN
                })

        if share_type == 'group':
            for group_id in share_to:
                try:
                    group_id = int(group_id)
                except ValueError as e:
                    logger.error(e)
                    result['failed'].append({
                        'group_id': group_id,
                        'error_msg': 'group_id %s invalid.' % group_id
                        })

                    continue

                group = ccnet_api.get_group(group_id)
                if not group:
                    result['failed'].append({
                        'group_id': group_id,
                        'error_msg': 'Group %s not found' % group_id
                        })

                    continue

                if has_shared_to_group(repo.repo_id, path, group_id):
                    result['failed'].append({
                        'group_name': group.group_name,
                        'error_msg': _(u'This item has been shared to %s.') % group.group_name
                        })
                    continue

                try:
                    share_dir_to_group(repo, path, repo_owner, username, group_id, permission)

                    share_repo_to_group_successful.send(sender=None,
                                                        from_user=username,
                                                        group_id=group_id, repo=repo,
                                                        path=path, org_id=None)

                    send_perm_audit_msg('add-repo-perm', username, group_id,
                                        repo.repo_id, path, permission)
                except Exception as e:
                    logger.error(e)
                    result['failed'].append({
                        "group_id": group_id,
                        'error_msg': 'Internal Server Error'
                        })

                    continue

                result['success'].append({
                    "repo_id": repo.repo_id,
                    "path": path,
                    "share_type": share_type,
                    "group_id": group_id,
                    "group_name": group.group_name,
                    "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission,
                    "is_admin": permission == PERMISSION_ADMIN
                })

        return Response(result)