def test_get_user_role(self):
assert self.user.role is None
assert get_user_role(self.user) == DEFAULT_USER
User.objects.update_role(self.user.email, 'test_role')
u = User.objects.get(self.user.email)
assert get_user_role(u) == 'test_role'
def get_user_info(email):
user = User.objects.get(email=email)
profile = Profile.objects.get_profile_by_user(email)
info = {}
info['email'] = email
info['name'] = email2nickname(email)
info[
'contact_email'] = profile.contact_email if profile and profile.contact_email else ''
info['login_id'] = profile.login_id if profile and profile.login_id else ''
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
orgs = ccnet_api.get_orgs_by_user(email)
try:
if orgs:
org_id = orgs[0].org_id
info['org_id'] = org_id
info['org_name'] = orgs[0].org_name
except Exception as e:
logger.error(e)
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
if getattr(settings, 'MULTI_INSTITUTION', False):
info['institution'] = profile.institution if profile else ''
info['role'] = get_user_role(user)
return info
def get_info_of_users_order_by_quota_usage(self, source, direction, page,
per_page):
# get user's quota usage info
user_usage_dict = {}
users_with_usage = seafile_api.list_user_quota_usage()
for user in users_with_usage:
email = user.user
if email not in user_usage_dict:
user_usage_dict[email] = user.usage
# get all users and map quota usage to user
if source == 'db':
users = ccnet_api.get_emailusers('DB', -1, -1)
else:
users = ccnet_api.get_emailusers('LDAPImport', -1, -1)
for user in users:
email = user.email
user.quota_usage = user_usage_dict.get(email, -1)
# sort
users.sort(key=lambda item: item.quota_usage,
reverse=direction == 'desc')
data = []
MULTI_INSTITUTION = getattr(settings, 'MULTI_INSTITUTION', False)
for user in users[(page - 1) * per_page:page * per_page]:
info = {}
info['email'] = user.email
info['name'] = email2nickname(user.email)
info['contact_email'] = email2contact_email(user.email)
profile = Profile.objects.get_profile_by_user(user.email)
info[
'login_id'] = profile.login_id if profile and profile.login_id else ''
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
info['quota_usage'] = user.quota_usage
info['quota_total'] = seafile_api.get_user_quota(user.email)
last_login_obj = UserLastLogin.objects.get_by_username(user.email)
info['last_login'] = datetime_to_isoformat_timestr(
last_login_obj.last_login) if last_login_obj else ''
info['role'] = get_user_role(user)
if MULTI_INSTITUTION:
info['institution'] = profile.institution if profile else ''
data.append(info)
return data
def _handle_login_form_valid(request, user, redirect_to, remember_me):
if UserOptions.objects.passwd_change_required(user.username):
redirect_to = reverse('auth_password_change')
request.session['force_passwd_change'] = True
if user.permissions.role_quota():
user_role = get_user_role(user)
quota = get_quota_from_string(user.permissions.role_quota())
seafile_api.set_role_quota(user_role, quota)
# password is valid, log user in
request.session['remember_me'] = remember_me
return log_user_in(request, user, redirect_to)
def get_user_info(email):
user = User.objects.get(email=email)
profile = Profile.objects.get_profile_by_user(email)
info = {}
info['email'] = email
info['name'] = email2nickname(email)
info[
'contact_email'] = profile.contact_email if profile and profile.contact_email else ''
info['login_id'] = profile.login_id if profile and profile.login_id else ''
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
info['reference_id'] = user.reference_id if user.reference_id else ''
orgs = ccnet_api.get_orgs_by_user(email)
try:
if orgs:
org_id = orgs[0].org_id
info['org_id'] = org_id
info['org_name'] = orgs[0].org_name
info['quota_usage'] = seafile_api.get_org_user_quota_usage(
org_id, user.email)
info['quota_total'] = seafile_api.get_org_user_quota(
org_id, user.email)
else:
info['quota_usage'] = seafile_api.get_user_self_usage(user.email)
info['quota_total'] = seafile_api.get_user_quota(user.email)
except Exception as e:
logger.error(e)
info['quota_usage'] = -1
info['quota_total'] = -1
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
info['has_default_device'] = True if default_device(user) else False
info['is_force_2fa'] = UserOptions.objects.is_force_2fa(email)
if getattr(settings, 'MULTI_INSTITUTION', False):
info['institution'] = profile.institution if profile else ''
info['role'] = get_user_role(user)
return info
def get(self, request):
"""Search user from DB, LDAPImport and Profile
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
query_str = request.GET.get('query', '').lower()
if not query_str:
error_msg = 'query invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
users = []
# search user from ccnet db
users += ccnet_api.search_emailusers('DB', query_str, 0, 10)
# search user from ccnet ldapimport
users += ccnet_api.search_emailusers('LDAP', query_str, 0, 10)
ccnet_user_emails = [u.email for u in users]
# get institution for user from ccnet
if getattr(settings, 'MULTI_INSTITUTION', False):
user_institution_dict = {}
profiles = Profile.objects.filter(user__in=ccnet_user_emails)
for profile in profiles:
email = profile.user
if email not in user_institution_dict:
user_institution_dict[email] = profile.institution
for user in users:
user.institution = user_institution_dict.get(user.email, '')
# search user from profile
searched_profile = Profile.objects.filter(
(Q(nickname__icontains=query_str))
| Q(contact_email__icontains=query_str))[:10]
for profile in searched_profile:
email = profile.user
institution = profile.institution
# remove duplicate emails
if email not in ccnet_user_emails:
try:
# get is_staff and is_active info
user = User.objects.get(email=email)
user.institution = institution
users.append(user)
except User.DoesNotExist:
continue
data = []
for user in users:
info = {}
info['email'] = user.email
info['name'] = email2nickname(user.email)
info['contact_email'] = email2contact_email(user.email)
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
info['source'] = user.source.lower()
orgs = ccnet_api.get_orgs_by_user(user.email)
if orgs:
org_id = orgs[0].org_id
info['org_id'] = org_id
info['org_name'] = orgs[0].org_name
info['quota_usage'] = seafile_api.get_org_user_quota_usage(
org_id, user.email)
info['quota_total'] = seafile_api.get_org_user_quota(
org_id, user.email)
else:
info['quota_usage'] = seafile_api.get_user_self_usage(
user.email)
info['quota_total'] = seafile_api.get_user_quota(user.email)
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
last_login_obj = UserLastLogin.objects.get_by_username(user.email)
info['last_login'] = datetime_to_isoformat_timestr(
last_login_obj.last_login) if last_login_obj else ''
info['role'] = get_user_role(user)
if getattr(settings, 'MULTI_INSTITUTION', False):
info['institution'] = user.institution
data.append(info)
result = {'user_list': data}
return Response(result)
def get(self, request):
"""List all users in DB or LDAPImport
Permission checking:
1. only admin can perform this action.
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# parameter check
try:
page = int(request.GET.get('page', '1'))
per_page = int(request.GET.get('per_page', '25'))
except ValueError:
page = 1
per_page = 25
start = (page - 1) * per_page
source = request.GET.get('source', 'DB').lower().strip()
if source not in ['db', 'ldapimport']:
# source: 'DB' or 'LDAPImport', default is 'DB'
error_msg = 'source %s invalid.' % source
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
order_by = request.GET.get('order_by', '').lower().strip()
if order_by:
if order_by not in ('quota_usage'):
error_msg = 'order_by invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
direction = request.GET.get('direction', 'desc').lower().strip()
if direction not in ('asc', 'desc'):
error_msg = 'direction invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if source == 'db':
total_count = ccnet_api.count_emailusers('DB') + \
ccnet_api.count_inactive_emailusers('DB')
if order_by:
if total_count > 500 and \
not getattr(settings, 'ALWAYS_SORT_USERS_BY_QUOTA_USAGE', False):
error_msg = _(
"There are more than 500 users, and sort is not offered."
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
data = self.get_info_of_users_order_by_quota_usage(
source, direction, page, per_page)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
result = {'data': data, 'total_count': total_count}
return Response(result)
else:
users = ccnet_api.get_emailusers('DB', start, per_page)
elif source == 'ldapimport':
# api param is 'LDAP', but actually get count of 'LDAPImport' users
total_count = ccnet_api.count_emailusers('LDAP') + \
ccnet_api.count_inactive_emailusers('LDAP')
if order_by:
if total_count > 500 and \
not getattr(settings, 'ALWAYS_SORT_USERS_BY_QUOTA_USAGE', False):
error_msg = _(
"There are more than 500 users, and sort is not offered."
)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
data = self.get_info_of_users_order_by_quota_usage(
source, direction, page, per_page)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
result = {'data': data, 'total_count': total_count}
return Response(result)
else:
users = ccnet_api.get_emailusers('LDAPImport', start, per_page)
data = []
for user in users:
profile = Profile.objects.get_profile_by_user(user.email)
info = {}
info['email'] = user.email
info['name'] = email2nickname(user.email)
info['contact_email'] = email2contact_email(user.email)
info[
'login_id'] = profile.login_id if profile and profile.login_id else ''
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
orgs = ccnet_api.get_orgs_by_user(user.email)
try:
if orgs:
org_id = orgs[0].org_id
info['org_id'] = org_id
info['org_name'] = orgs[0].org_name
info['quota_usage'] = seafile_api.get_org_user_quota_usage(
org_id, user.email)
info['quota_total'] = seafile_api.get_org_user_quota(
org_id, user.email)
else:
info['quota_usage'] = seafile_api.get_user_self_usage(
user.email)
info['quota_total'] = seafile_api.get_user_quota(
user.email)
except Exception as e:
logger.error(e)
info['quota_usage'] = -1
info['quota_total'] = -1
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
last_login_obj = UserLastLogin.objects.get_by_username(user.email)
info['last_login'] = datetime_to_isoformat_timestr(
last_login_obj.last_login) if last_login_obj else ''
info['role'] = get_user_role(user)
if getattr(settings, 'MULTI_INSTITUTION', False):
info['institution'] = profile.institution if profile else ''
data.append(info)
result = {'data': data, 'total_count': total_count}
return Response(result)
def get(self, request):
"""List all users in DB or LDAPImport
Permission checking:
1. only admin can perform this action.
"""
try:
page = int(request.GET.get('page', '1'))
per_page = int(request.GET.get('per_page', '25'))
except ValueError:
page = 1
per_page = 25
start = (page - 1) * per_page
# source: 'DB' or 'LDAPImport', default is 'DB'
source = request.GET.get('source', 'DB')
source = source.lower()
if source not in ['db', 'ldapimport']:
error_msg = 'source %s invalid.' % source
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if source == 'db':
users = ccnet_api.get_emailusers('DB', start, per_page)
total_count = ccnet_api.count_emailusers('DB') + \
ccnet_api.count_inactive_emailusers('DB')
elif source == 'ldapimport':
users = ccnet_api.get_emailusers('LDAPImport', start, per_page)
# api param is 'LDAP', but actually get count of 'LDAPImport' users
total_count = ccnet_api.count_emailusers('LDAP') + \
ccnet_api.count_inactive_emailusers('LDAP')
data = []
for user in users:
profile = Profile.objects.get_profile_by_user(user.email)
info = {}
info['email'] = user.email
info['name'] = email2nickname(user.email)
info['contact_email'] = email2contact_email(user.email)
info[
'login_id'] = profile.login_id if profile and profile.login_id else ''
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
orgs = ccnet_api.get_orgs_by_user(user.email)
try:
if orgs:
org_id = orgs[0].org_id
info['org_id'] = org_id
info['org_name'] = orgs[0].org_name
except Exception as e:
logger.error(e)
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
last_login_obj = UserLastLogin.objects.get_by_username(user.email)
info['last_login'] = datetime_to_isoformat_timestr(
last_login_obj.last_login) if last_login_obj else ''
info['role'] = get_user_role(user)
info['storage_usage'] = Workspaces.objects.get_owner_total_storage(
owner=user.email)
if getattr(settings, 'MULTI_INSTITUTION', False):
info['institution'] = profile.institution if profile else ''
data.append(info)
result = {'data': data, 'total_count': total_count}
return Response(result)
def post(self, request):
""" Import users from xlsx file
Permission checking:
1. admin user.
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
xlsx_file = request.FILES.get('file', None)
if not xlsx_file:
error_msg = 'file can not be found.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
file_type, ext = get_file_type_and_ext(xlsx_file.name)
if ext != 'xlsx':
error_msg = file_type_error_msg(ext, 'xlsx')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
content = xlsx_file.read()
try:
fs = BytesIO(content)
wb = load_workbook(filename=fs, read_only=True)
except Exception as e:
logger.error(e)
# example file is like:
# Email Password Name(Optional) Role(Optional) Space Quota(MB, Optional) Login ID
# [email protected] a a default 1024 login id a
# [email protected] b b default 2048 login id b
rows = wb.worksheets[0].rows
records = []
# skip first row(head field).
next(rows)
for row in rows:
if not all(col.value is None for col in row):
records.append([col.value for col in row])
if user_number_over_limit(new_users=len(records)):
error_msg = 'The number of users exceeds the limit.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
for record in records:
if record[0]:
email = record[0].strip()
if not is_valid_username(email):
result['failed'].append({
'email': email,
'error_msg': 'email %s invalid.' % email
})
continue
else:
result['failed'].append({
'email': '',
'error_msg': 'email invalid.'
})
continue
if record[1]:
password = record[1].strip()
if not password:
result['failed'].append({
'email': email,
'error_msg': 'password invalid.'
})
continue
else:
result['failed'].append({
'email': email,
'error_msg': 'password invalid.'
})
continue
try:
User.objects.get(email=email)
result['failed'].append({
'email': email,
'error_msg': 'user %s exists.' % email
})
continue
except User.DoesNotExist:
pass
User.objects.create_user(email, password, is_staff=False, is_active=True)
if config.FORCE_PASSWORD_CHANGE:
UserOptions.objects.set_force_passwd_change(email)
# update the user's optional info
# update nikename
if record[2]:
try:
nickname = record[2].strip()
if len(nickname) <= 64 and '/' not in nickname:
Profile.objects.add_or_update(email, nickname, '')
except Exception as e:
logger.error(e)
# update role
if record[3]:
try:
role = record[3].strip()
if is_pro_version() and role in get_available_roles():
User.objects.update_role(email, role)
except Exception as e:
logger.error(e)
# update quota
if record[4]:
try:
space_quota_mb = int(record[4])
if space_quota_mb >= 0:
space_quota = int(space_quota_mb) * get_file_size_unit('MB')
seafile_api.set_user_quota(email, space_quota)
except Exception as e:
logger.error(e)
# login id
if record[5]:
try:
Profile.objects.add_or_update(email, login_id=record[5])
except Exception as e:
logger.error(e)
send_html_email_with_dj_template(email,
subject=_('You are invited to join %s') % get_site_name(),
dj_template='sysadmin/user_batch_add_email.html',
context={
'user': email2nickname(request.user.username),
'email': email,
'password': password
})
user = User.objects.get(email=email)
info = {}
info['email'] = email
info['name'] = email2nickname(email)
info['contact_email'] = email2contact_email(email)
info['is_staff'] = user.is_staff
info['is_active'] = user.is_active
info['quota_usage'] = seafile_api.get_user_self_usage(user.email)
info['quota_total'] = seafile_api.get_user_quota(user.email)
info['create_time'] = timestamp_to_isoformat_timestr(user.ctime)
info['role'] = get_user_role(user)
result['success'].append(info)
# send admin operation log signal
admin_op_detail = {
"email": email,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=USER_ADD, detail=admin_op_detail)
return Response(result)