def put(self, request, repo_id, comment_id, format=None): """Update a comment, only comment author or repo owner can perform this op 1.Change resolved of comment 2.Add comment_detail """ # argument check resolved = request.data.get('resolved') if resolved not in ('true', 'false', None): error_msg = 'resolved invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) detail = request.data.get('detail') # resource check try: file_comment = FileComment.objects.get(pk=comment_id) except FileComment.DoesNotExist: error_msg = 'FileComment %s not found.' % comment_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if username != file_comment.author and not is_repo_owner(request, repo_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if resolved is not None: comment_resolved = to_python_boolean(resolved) try: file_comment.resolved = comment_resolved file_comment.save() except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal error.') if detail is not None: try: file_comment.detail = detail file_comment.save() except Exception as e: logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal error.') try: avatar_size = int(request.GET.get('avatar_size', AVATAR_DEFAULT_SIZE)) except ValueError: avatar_size = AVATAR_DEFAULT_SIZE comment = file_comment.to_dict() comment.update(user_to_dict(file_comment.author, request=request, avatar_size=avatar_size)) return Response(comment)
def post(self, request, repo_id): """ Only used for reset encrypted repo's password, and then send new password to user's mainbox. Permission checking: 1. repo owner. """ if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD or \ not IS_EMAIL_CONFIGURED: error_msg = _('Feature disabled.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not repo.encrypted: error_msg = 'Library %s is not encrypted.' % repo_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username if not is_repo_owner(request, repo_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) secret_key = RepoSecretKey.objects.get_secret_key(repo_id) if not secret_key: error_msg = _("Can not reset this library's password.") return api_error(HTTP_520_OPERATION_FAILED, error_msg) new_password = get_random_string(10) try: seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password) content = { 'repo_name': repo.name, 'password': new_password, } send_html_email( _('New password of library %s') % repo.name, 'snippets/reset_repo_password.html', content, None, [email2contact_email(username)]) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def permission_check_admin_owner(request, username, repo_id): # maybe add more complex logic in the future """ if repo is owned by user return true or check whether repo is owned by group and whether user is group's staff so finally the code is: check user == repo's owner else check user is the such group's staff """ if is_repo_owner(request, repo_id, username): return True else: return is_group_repo_staff(request, repo_id, username)
def repo_snapshot(request, repo_id): """View repo in history. """ repo = get_repo(repo_id) if not repo: raise Http404 username = request.user.username user_perm = check_folder_permission(request, repo.id, '/') if user_perm is None: return render_error(request, _('Permission denied')) try: server_crypto = UserOptions.objects.is_server_crypto(username) except CryptoOptionNotSetError: # Assume server_crypto is ``False`` if this option is not set. server_crypto = False reverse_url = reverse('lib_view', args=[repo_id, repo.name, '']) if repo.encrypted and \ (repo.enc_version == 1 or (repo.enc_version == 2 and server_crypto)) \ and not is_password_set(repo.id, username): return render( request, 'decrypt_repo_form.html', { 'repo': repo, 'next': get_next_url_from_request(request) or reverse_url, }) commit_id = request.GET.get('commit_id', None) if commit_id is None: return HttpResponseRedirect(reverse_url) current_commit = get_commit(repo.id, repo.version, commit_id) if not current_commit: current_commit = get_commit(repo.id, repo.version, repo.head_cmmt_id) has_perm = is_repo_owner(request, repo.id, username) # department admin if not has_perm: repo_owner = seafile_api.get_repo_owner(repo_id) if '@seafile_group' in repo_owner: group_id = get_group_id_by_repo_owner(repo_owner) has_perm = is_group_admin(group_id, username) return render( request, 'repo_snapshot_react.html', { 'repo': repo, "can_restore_repo": has_perm, 'current_commit': current_commit, })
def post(self, request, repo_id, commit_id, format=None): """ revert commit in repo history Permission checking: 1. only repo owner can perform this action. """ username = request.user.username # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) commit = seafile_api.get_commit(repo.id, repo.version, commit_id) if not commit: error_msg = 'Commit %s not found.' % commit_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check has_perm = is_repo_owner(request, repo.id, username) if not has_perm: repo_owner = get_repo_owner(request, repo_id) # department admin if '@seafile_group' in repo_owner: group_id = get_group_id_by_repo_owner(repo_owner) has_perm = is_group_admin(group_id, username) if not has_perm: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # main if repo.encrypted: ret = seafile_api.is_password_set(repo_id, username) is_decrypted = False if ret == 0 else True if not is_decrypted: error_msg = _('This library has not been decrypted.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: seafile_api.revert_repo(repo_id, commit_id, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def delete(self, request, repo_id, comment_id, format=None): """Delete a comment, only comment author or repo owner can perform this op. """ try: file_comment = FileComment.objects.get(pk=comment_id) except FileComment.DoesNotExist: return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong comment id') username = request.user.username if username != file_comment.author and not is_repo_owner(request, repo_id, username): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') file_comment.delete() return Response(status=204)
def delete(self, request, repo_id, comment_id, format=None): """Delete a comment, only comment author or repo owner can perform this op. """ try: file_comment = FileComment.objects.get(pk=comment_id) except FileComment.DoesNotExist: return api_error(status.HTTP_400_BAD_REQUEST, 'Wrong comment id') username = request.user.username if username != file_comment.author and not is_repo_owner(request, repo_id, username): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') file_comment.delete() return Response(status=204)
def post(self, request, repo_id): """ Only used for reset encrypted repo's password, and then send new password to user's mainbox. Permission checking: 1. repo owner. """ if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD or \ not IS_EMAIL_CONFIGURED: error_msg = _(u'Feature disabled.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not repo.encrypted: error_msg = 'Library %s is not encrypted.' % repo_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username if not is_repo_owner(request, repo_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) secret_key = RepoSecretKey.objects.get_secret_key(repo_id) if not secret_key: error_msg = _(u"Can not reset this library's password.") return api_error(HTTP_520_OPERATION_FAILED, error_msg) new_password = get_random_string(10) try: seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password) content = {'repo_name': repo.name, 'password': new_password,} send_html_email(_(u'New password of library %s') % repo.name, 'snippets/reset_repo_password.html', content, None, [email2contact_email(username)]) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def put(self, request, repo_id): """ Change/Init repo password. Permission checking: 1. repo owner """ # argument check operation = request.data.get('operation', 'change-password') operation = operation.lower() if operation not in ('change-password', 'reset-password', 'can-reset-password'): error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not repo.encrypted: error_msg = 'Library %s is not encrypted.' % repo_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username if not is_repo_owner(request, repo_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if operation == 'change-password': old_password = request.data.get('old_password', None) if not old_password: error_msg = 'old_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) new_password = request.data.get('new_password', None) if not new_password: error_msg = 'new_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seafile_api.change_repo_passwd(repo_id, old_password, new_password, username) except Exception as e: if e.msg == 'Incorrect password': error_msg = _('Wrong old password') return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: add_encrypted_repo_secret_key_to_database( repo_id, new_password) if operation == 'can-reset-password': if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not RepoSecretKey.objects.get_secret_key(repo_id): return Response({'allowed': False}) else: return Response({'allowed': True}) if operation == 'reset-password': if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) new_password = request.data.get('new_password', None) if not new_password: error_msg = 'new_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) secret_key = RepoSecretKey.objects.get_secret_key(repo_id) if not secret_key: error_msg = _("Can not reset this library's password.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def post(self, request, format=None): """Add a new wiki. """ username = request.user.username org_id = -1 if is_org_context(request): org_id = request.user.org.org_id repo_id = request.POST.get('repo_id', '') if not repo_id: msg = 'Repo id is invalid.' return api_error(status.HTTP_400_BAD_REQUEST, msg) repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check perm if not (request.user.permissions.can_publish_repo() and request.user.permissions.can_generate_share_link()): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) is_owner = is_repo_owner(request, repo_id, username) if not is_owner: repo_admin = is_repo_admin(username, repo_id) if not repo_admin: is_group_repo_admin = is_group_repo_staff(request, repo_id, username) if not is_group_repo_admin: error_msg = _('Permission denied.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: wiki = Wiki.objects.add(wiki_name=repo.repo_name, username=username, repo_id=repo.repo_id, org_id=org_id, permission='public') except DuplicateWikiNameError: msg = _('%s is taken by others, please try another name.') % repo.repo_name return api_error(status.HTTP_400_BAD_REQUEST, msg) except IntegrityError: msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) # create home page if not exist page_name = "home.md" if not seafile_api.get_file_id_by_path(repo_id, "/" + page_name): try: seafile_api.post_empty_file(repo_id, '/', page_name, username) except SearpcError as e: logger.error(e) msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) fs = FileShare.objects.get_dir_link_by_path(username, repo_id, '/') if not fs: fs = FileShare.objects.create_dir_link(username, repo_id, '/', permission='view_download', org_id=org_id) return Response(wiki.to_dict())
def put(self, request, repo_id, format=None): """ Currently only support lock, unlock, refresh-lock file. Permission checking: 1. user with 'rw' permission for current file; """ if not is_pro_version(): error_msg = 'file lock feature only supported in professional edition.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # argument check path = request.GET.get('p', None) if not path: error_msg = 'p invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) path = normalize_file_path(path) operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) operation = operation.lower() if operation not in ('lock', 'unlock', 'refresh-lock'): error_msg = "operation can only be 'lock', 'unlock' or 'refresh-lock'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) file_id = seafile_api.get_file_id_by_path(repo_id, path) if not file_id: error_msg = 'File %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check parent_dir = os.path.dirname(path) if check_folder_permission(request, repo_id, parent_dir) != PERMISSION_READ_WRITE: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) username = request.user.username try: is_locked, locked_by_me = check_file_lock(repo_id, path, username) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # check if is locked by online office locked_by_online_office = if_locked_by_online_office(repo_id, path) if operation == 'lock': if is_locked: error_msg = _("File is locked") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) expire = request.data.get('expire', 0) try: expire = int(expire) except ValueError: error_msg = 'expire invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if expire < 0: error_msg = 'expire invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # lock file try: if expire > 0: seafile_api.lock_file(repo_id, path, username, int(time.time()) + expire) else: seafile_api.lock_file(repo_id, path, username, 0) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if operation == 'unlock': if not is_locked: error_msg = _("File is not locked.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if locked_by_me or locked_by_online_office or \ is_repo_owner(request, repo_id, username) or \ is_repo_admin(username, repo_id): # unlock file try: seafile_api.unlock_file(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) else: error_msg = 'You can not unlock this file.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if operation == 'refresh-lock': if not is_locked: error_msg = _("File is not locked.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) expire = request.data.get('expire', 0) try: expire = int(expire) except ValueError: error_msg = 'expire invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if expire < 0: error_msg = 'expire invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if locked_by_me or locked_by_online_office: # refresh lock file try: if expire > 0: seafile_api.refresh_file_lock( repo_id, path, int(time.time()) + expire) else: seafile_api.refresh_file_lock(repo_id, path) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) else: error_msg = _("You can not refresh this file's lock.") return api_error(status.HTTP_403_FORBIDDEN, error_msg) file_info = self.get_file_info(username, repo_id, path) return Response(file_info)
def post(self, request, format=None): """Add a new wiki. """ username = request.user.username org_id = -1 if is_org_context(request): org_id = request.user.org.org_id repo_id = request.POST.get('repo_id', '') if not repo_id: msg = 'Repo id is invalid.' return api_error(status.HTTP_400_BAD_REQUEST, msg) repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check perm if not request.user.permissions.can_publish_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) is_owner = is_repo_owner(request, repo_id, username) if not is_owner: repo_admin = is_repo_admin(username, repo_id) if not repo_admin: is_group_repo_admin = is_group_repo_staff(request, repo_id, username) if not is_group_repo_admin: error_msg = _('Permission denied.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: wiki = Wiki.objects.add(wiki_name=repo.repo_name, username=username, repo_id=repo.repo_id, org_id=org_id, permission='public') except DuplicateWikiNameError: msg = _('%s is taken by others, please try another name.') % repo.repo_name return api_error(status.HTTP_400_BAD_REQUEST, msg) except IntegrityError: msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) # create home page if not exist page_name = "home.md" if not seafile_api.get_file_id_by_path(repo_id, "/" + page_name): try: seafile_api.post_empty_file(repo_id, '/', page_name, username) except SearpcError as e: logger.error(e) msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) fs = FileShare.objects.get_dir_link_by_path(username, repo_id, '/') if not fs: fs = FileShare.objects.create_dir_link(username, repo_id, '/', permission='view_download', org_id=org_id) return Response(wiki.to_dict())
def post(self, request, format=None): """Add a new wiki. """ use_exist_repo = request.POST.get('use_exist_repo', '') if not use_exist_repo: msg = 'Use exist repo is invalid' return api_error(status.HTTP_400_BAD_REQUEST, msg) name = request.POST.get('name', '') if not name: msg = 'Name is invalid' return api_error(status.HTTP_400_BAD_REQUEST, msg) if not is_valid_wiki_name(name): msg = _( 'Name can only contain letters, numbers, blank, hyphen or underscore.' ) return api_error(status.HTTP_400_BAD_REQUEST, msg) username = request.user.username org_id = -1 if is_org_context(request): org_id = request.user.org.org_id if use_exist_repo == 'false': try: wiki = Wiki.objects.add(name, username, org_id=org_id) except DuplicateWikiNameError: msg = _( '%s is taken by others, please try another name.') % name return api_error(status.HTTP_400_BAD_REQUEST, msg) except IntegrityError: msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) # create home page page_name = "home.md" try: seafile_api.post_empty_file(wiki.repo_id, '/', page_name, request.user.username) except SearpcError as e: logger.error(e) msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) return Response(wiki.to_dict()) if use_exist_repo == 'true': repo_id = request.POST.get('repo_id', '') if not repo_id: msg = 'Repo id is invalid.' return api_error(status.HTTP_400_BAD_REQUEST, msg) repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check perm is_owner = is_repo_owner(request, repo_id, username) if not is_owner: repo_admin = is_repo_admin(username, repo_id) if not repo_admin: is_group_repo_admin = is_group_repo_staff( request, repo_id, username) if not is_group_repo_admin: error_msg = _('Permission denied.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) try: wiki = Wiki.objects.add(wiki_name=repo.repo_name, username=username, repo_id=repo.repo_id, org_id=org_id) except DuplicateWikiNameError: msg = _('%s is taken by others, please try another name.' ) % repo.repo_name return api_error(status.HTTP_400_BAD_REQUEST, msg) except IntegrityError: msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) # create home page if not exist page_name = "home.md" if not seafile_api.get_file_id_by_path(repo_id, "/" + page_name): try: seafile_api.post_empty_file(repo_id, '/', page_name, username) except SearpcError as e: logger.error(e) msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, msg) return Response(wiki.to_dict())
def put(self, request, repo_id): """ Change/Init repo password. Permission checking: 1. repo owner """ # argument check operation = request.data.get('operation', 'change-password') operation = operation.lower() if operation not in ('change-password', 'reset-password', 'can-reset-password'): error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not repo.encrypted: error_msg = 'Library %s is not encrypted.' % repo_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username if not is_repo_owner(request, repo_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if operation == 'change-password': old_password = request.data.get('old_password', None) if not old_password: error_msg = 'old_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) new_password = request.data.get('new_password', None) if not new_password: error_msg = 'new_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seafile_api.change_repo_passwd(repo_id, old_password, new_password, username) except Exception as e: if e.msg == 'Incorrect password': error_msg = _(u'Wrong old password') return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: add_encrypted_repo_secret_key_to_database(repo_id, new_password) if operation == 'can-reset-password': if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not RepoSecretKey.objects.get_secret_key(repo_id): return Response({'allowed': False}) else: return Response({'allowed': True}) if operation == 'reset-password': if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) new_password = request.data.get('new_password', None) if not new_password: error_msg = 'new_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) secret_key = RepoSecretKey.objects.get_secret_key(repo_id) if not secret_key: error_msg = _(u"Can not reset this library's password.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})