def test_reshare_to_group_after_transfer_repo(self):
# If new owner in group repo shared to, reshare to group
# share user's repo to group with 'r' permission
seafile_api.set_group_repo(self.user_repo_id, self.group_id,
self.user_name, 'r')
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
# add admin user to group
ccnet_api.group_add_member(self.group_id, self.user_name,
self.admin.username)
self.login_as(self.user)
url = reverse("api2-repo-owner", args=[self.user_repo_id])
data = 'owner=%s' % self.admin.email
# transfer repo to admin
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
def test_delete_if_login_user_is_group_repo_admin(self):
self.login_as(self.admin)
# commont user can not delete
resp = self.client.delete(self.group_library_url)
self.assertEqual(403, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert len(group_repos) == 1
# share library to group with `admin` permission
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin_name)
ExtraGroupsSharePermission.objects.create_share_permission(
self.repo_id, self.group_id, PERMISSION_ADMIN)
# repo admin user(not group admin) can not delete
resp = self.client.delete(self.group_library_url)
self.assertEqual(403, resp.status_code)
# repo admin user(also is group admin) can delete
ccnet_api.group_set_admin(self.group_id, self.admin_name)
resp = self.client.delete(self.group_library_url)
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert len(group_repos) == 0
def test_reshare_to_user_group_after_transfer_repo(self):
tmp_user = '******'
User.objects.create_user(tmp_user)
# add admin user to group
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin.username)
# share user's repo to tmp_user with 'rw' permission
seafile_api.share_repo(self.user_repo_id, self.user.username,
tmp_user, 'rw')
# share user's repo to group with 'r' permission
seafile_api.set_group_repo(self.user_repo_id, self.group_id,
self.user_name, 'r')
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
self.login_as(self.user)
url = reverse("api2-repo-owner", args=[self.user_repo_id])
data = 'owner=%s' % self.admin.email
# transfer repo to admin
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
def test_delete_with_login_user_is_group_member(self):
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin_name)
self.login_as(self.admin)
resp = self.client.delete(self.group_library_url)
self.assertEqual(403, resp.status_code)
def test_reshare_to_user_group_after_transfer_repo(self):
tmp_user = '******'
User.objects.create_user(tmp_user)
# add admin user to group
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin.username)
# share user's repo to tmp_user with 'rw' permission
seafile_api.share_repo(self.user_repo_id, self.user.username,
tmp_user, 'rw')
# share user's repo to group with 'r' permission
seafile_api.set_group_repo(self.user_repo_id, self.group_id,
self.user_name, 'r')
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
self.login_as(self.user)
url = reverse("api2-repo-owner", args=[self.user_repo_id])
data = 'owner=%s' % self.admin.email
# transfer repo to admin
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
assert seafile_api.check_permission_by_path(self.user_repo_id,
'/', tmp_user) == 'rw'
def put(self, request, group_id):
""" Admin transfer a group
Permission checking:
1. Admin user;
"""
# argument check
new_owner = request.data.get('new_owner', None)
if not new_owner or not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group.group_name,
"from": old_owner,
"to": new_owner,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=GROUP_TRANSFER, detail=admin_op_detail)
group_info = get_group_info(group_id)
return Response(group_info)
def test_share_repo_to_group(repo, group, permission):
assert api.check_permission(repo.id, USER) == 'rw'
assert api.check_permission(repo.id, USER2) is None
repos = api.get_repos_by_group(group.id)
assert len(repos) == 0
group_list = ccnet_api.get_groups(USER)
assert len(group_list) == 1
group_list = ccnet_api.get_groups(USER2)
assert len(group_list) == 0
api.group_share_repo(repo.id, group.id, USER, permission)
repos = api.get_repos_by_group(group.id)
assert_repo_with_permission(repo, repos, permission)
ccnet_api.group_add_member(group.id, USER, USER2)
group_list = ccnet_api.get_groups(USER2)
assert len(group_list) == 1
group = group_list[0]
assert group.id == group.id
repos2 = api.get_repos_by_group(group.id)
assert_repo_with_permission(repo, repos2, permission)
assert api.check_permission(repo.id, USER2) == permission
api.group_unshare_repo(repo.id, group.id, USER)
repos = api.get_repos_by_group(group.id)
assert len(repos) == 0
assert api.check_permission(repo.id, USER2) is None
def test_delete_if_login_user_is_repo_owner(self):
self.login_as(self.admin)
# admin user can not delete
resp = self.client.delete(self.group_library_url)
self.assertEqual(403, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert len(group_repos) == 1
# add admin user to group
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin_name)
# transfer repo to admin user
library_url = reverse('api-v2.1-admin-library', args=[self.repo_id])
data = 'owner=%s' % self.admin_name
resp = self.client.put(library_url, data, 'application/x-www-form-urlencoded')
# admin user can delete
resp = self.client.delete(self.group_library_url)
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert len(group_repos) == 0
def setUp(self):
self.user2 = self.create_user()
ccnet_api.group_add_member(self.group.id, self.user.username,
self.user2.username)
g_members = [
x.user_name for x in seaserv.get_group_members(self.group.id)
]
assert self.user2.username in g_members
def test_get_with_login_user_is_group_member(self):
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin_name)
self.login_as(self.admin)
resp = self.client.get(self.group_libraries_url)
self.assertEqual(200, resp.status_code)
def post(self, request, group_id):
"""
Bulk add group members.
Permission checking:
1. only admin can perform this action.
"""
# argument check
group_id = int(group_id)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
emails = request.POST.getlist('email', '')
if not emails:
error_msg = 'Email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
emails_need_add = []
for email in emails:
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'email': email,
'error_msg': 'User %s not found.' % email
})
continue
if ccnet_api.is_group_user(group_id, email):
result['failed'].append({
'email': email,
'error_msg': 'User %s is already a group member.' % email
})
continue
emails_need_add.append(email)
# Add user to group.
for email in emails_need_add:
try:
ccnet_api.group_add_member(group_id, group.creator_name, email)
member_info = get_group_member_info(request, group_id, email)
result['success'].append(member_info)
except Exception as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
return Response(result)
def test_can_clean_department_repo_trash(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a department
group_id = ccnet_api.create_group('department_test',
'system admin',
parent_group_id=-1)
seafile_api.set_group_quota(group_id, -2)
repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw')
repo_owner = seafile_api.get_repo_owner(repo_id)
assert '@seafile_group' in repo_owner
group_repos = seafile_api.get_repos_by_group(group_id)
assert len(group_repos) == 1
group = ccnet_api.get_group(group_id)
# department add user
ccnet_api.group_add_member(group_id, group.creator_name,
self.user_name)
ccnet_api.group_add_member(group_id, group.creator_name,
self.tmp_user.username)
ccnet_api.group_set_admin(group_id, self.user_name)
ccnet_api.group_unset_admin(group_id, self.tmp_user.username)
assert is_group_admin(group_id, self.user_name)
assert not is_group_admin(group_id, self.tmp_user.username)
file_name = 'dep_test.txt'
self.create_file(repo_id=repo_id,
parent_dir='/',
filename=file_name,
username=self.user_name)
# delete a file first
seafile_api.del_file(repo_id, '/', file_name, self.user_name)
# get trash item count
self.login_as(self.user)
resp = self.client.get(reverse('api-v2.1-repo-trash', args=[repo_id]))
json_resp = json.loads(resp.content)
assert len(json_resp['data']) > 0
# department member can not clean trash
self.logout()
self.login_as(self.tmp_user)
resp = self.client.delete(self.url)
self.assertEqual(403, resp.status_code)
# department admin can clean library trash
self.logout()
self.login_as(self.user)
ccnet_api.group_set_admin(group_id, self.user_name)
resp = self.client.delete(self.url)
self.assertEqual(200, resp.status_code)
# get trash item count again
resp = self.client.get(self.url)
json_resp = json.loads(resp.content)
assert len(json_resp['data']) == 0
def post(self, request, group_id):
"""
Bulk add group members.
Permission checking:
1. only admin can perform this action.
"""
# argument check
group_id = int(group_id)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
emails = request.POST.getlist('email', '')
if not emails:
error_msg = 'Email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
result = {}
result['failed'] = []
result['success'] = []
emails_need_add = []
for email in emails:
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'email': email,
'error_msg': 'User %s not found.' % email
})
continue
if is_group_member(group_id, email, in_structure=False):
result['failed'].append({
'email': email,
'error_msg': 'User %s is already a group member.' % email2nickname(email)
})
continue
emails_need_add.append(email)
# Add user to group.
for email in emails_need_add:
try:
ccnet_api.group_add_member(group_id, group.creator_name, email)
member_info = get_group_member_info(request, group_id, email)
result['success'].append(member_info)
except Exception as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
return Response(result)
def test_update_share_subdir_perm_for_group(repo, group, permission_to_update, permission_to_share):
ccnet_api.group_add_member(group.id, USER, USER2)
v_repo_id = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id, permission_to_share)
assert api.check_permission(v_repo_id, USER2) == permission_to_share
api.update_share_subdir_perm_for_group(repo.id, '/dir1', USER, group.id, permission_to_update)
assert api.check_permission(v_repo_id, USER2) == permission_to_update
api.unshare_subdir_for_group(repo.id, '/dir1', USER, group.id)
def set_group_repo_permission(repo, group, permission_to_share, permission_to_set):
ccnet_api.group_add_member(group.id, USER, USER2)
assert api.check_permission(repo.id, USER2) == None
api.set_group_repo(repo.id, group.id, USER, permission_to_share)
assert api.check_permission(repo.id, USER2) == permission_to_share
api.set_group_repo_permission(group.id, repo.id, permission_to_set)
assert api.check_permission(repo.id, USER2) == permission_to_set
api.group_unshare_repo(repo.id, group.id, USER)
def test_get_shared_users_by_repo(repo, group, permission):
ccnet_api.group_add_member(group.id, USER, USER2)
t_users = api.get_shared_users_by_repo(repo.id)
assert len(t_users) == 0
api.share_repo(repo.id, USER, USER2, permission)
api.set_group_repo(repo.id, group.id, ADMIN_USER, permission)
t_users = api.get_shared_users_by_repo(repo.id)
assert len(t_users) == 2
api.remove_share(repo.id, USER, USER2)
api.group_unshare_repo(repo.id, group.id, USER)
def put(self, request, group_id):
""" Admin transfer a group
Permission checking:
1. Admin user;
"""
# argument check
new_owner = request.data.get('new_owner', None)
if not new_owner or not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(group_id)
return Response(group_info)
def add_members(group_id, members):
group = ccnet_api.get_group(group_id)
print("Adding users to group %s (%d):" % (group.group_name, group_id))
# WARNING: no check, if user exists!
for member in members:
try:
ccnet_api.group_add_member(group_id, group.creator_name, member)
except SearpcError:
print("Error adding %s" % member)
else:
print("Added %s" % member)
print("")
def test_subdir_permission_in_virtual_repo(repo, group, permission):
api.post_dir(repo.id, '/dir1', 'subdir1', USER)
api.post_dir(repo.id, '/dir2', 'subdir2', USER)
v_repo_id_1 = api.share_subdir_to_user(repo.id, '/dir1', USER, USER2,
permission)
v_subdir_repo_id_1 = api.create_virtual_repo(v_repo_id_1,
'/subdir1',
'subdir1',
'test_desc',
USER,
passwd='')
assert api.check_permission(v_subdir_repo_id_1, USER2) == permission
assert ccnet_api.group_add_member(group.id, USER, USER2) == 0
v_repo_id_2 = api.share_subdir_to_group(repo.id, '/dir2', USER, group.id,
permission)
v_subdir_repo_id_2 = api.create_virtual_repo(v_repo_id_2,
'/subdir2',
'subdir2',
'test_desc',
USER,
passwd='')
assert api.check_permission(v_subdir_repo_id_2, USER2) == permission
assert api.unshare_subdir_for_user(repo.id, '/dir1', USER, USER2) == 0
assert api.unshare_subdir_for_group(repo.id, '/dir2', USER, group.id) == 0
def post(self, request, group_id):
"""
Add a group member.
"""
username = request.user.username
# only group owner/admin can add a group member
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
email = request.data.get('email', None)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_group_member(group_id, email):
error_msg = _('User %s is already a group member.'
) % email2nickname(email)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
if not ccnet_api.org_user_exists(org_id, email):
error_msg = _('User %s not found in organization.'
) % email2nickname(email)
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
elif is_org_user(email):
error_msg = _('User %s is an organization user.') % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
ccnet_api.group_add_member(group_id, username, email)
add_user_to_group.send(sender=None,
group_staff=username,
group_id=group_id,
added_user=email)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info, status=status.HTTP_201_CREATED)
def test_can_set_department_repo(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a department
group_id = ccnet_api.create_group('department_test',
'system admin',
parent_group_id=-1)
seafile_api.set_group_quota(group_id, -2)
repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw')
repo_owner = seafile_api.get_repo_owner(repo_id)
assert '@seafile_group' in repo_owner
group_repos = seafile_api.get_repos_by_group(group_id)
assert len(group_repos) == 1
group = ccnet_api.get_group(group_id)
# department add user
ccnet_api.group_add_member(group_id, group.creator_name,
self.user.username)
ccnet_api.group_add_member(group_id, group.creator_name,
self.tmp_user.username)
ccnet_api.group_set_admin(group_id, self.user.username)
ccnet_api.group_unset_admin(group_id, self.tmp_user.username)
assert is_group_admin(group_id, self.user.username)
assert not is_group_admin(group_id, self.tmp_user.username)
url = reverse("api2-repo-history-limit", args=[repo_id])
self.config.ENABLE_REPO_HISTORY_SETTING = True
# department member can not set
self.logout()
self.login_as(self.tmp_user)
data = 'keep_days=%s' % 6
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
# department admin can set
self.logout()
self.login_as(self.user)
data = 'keep_days=%s' % 6
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
self.remove_group(group_id)
self.remove_repo(repo_id)
def test_can_not_delete_if_not_admin(self):
ccnet_api.group_add_member(self.group_id, self.user_name,
self.admin_name)
# make sure member in group
members = ccnet_api.get_group_members(self.group_id)
assert len(members) == 2
self.login_as(self.user)
url = reverse('api-v2.1-admin-group-member',
args=[self.group_id, self.admin_name])
resp = self.client.delete(url)
self.assertEqual(403, resp.status_code)
# make sure member is not deleted
members = ccnet_api.get_group_members(self.group_id)
assert len(members) == 2
def test_create_with_login_user_is_group_member(self):
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin_name)
self.login_as(self.admin)
repo_name = randstring(6)
resp = self.client.post(self.group_libraries_url, {
'repo_name': repo_name
})
self.assertEqual(200, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['repo_name'] == repo_name
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert len(group_repos) == 1
def test_can_not_delete_if_not_admin(self):
ccnet_api.group_add_member(self.group_id, self.user_name,
self.admin_name)
# make sure member in group
members = ccnet_api.get_group_members(self.group_id)
assert len(members) == 2
self.login_as(self.user)
url = reverse('api-v2.1-admin-group-member',
args=[self.group_id, self.admin_name])
resp = self.client.delete(url)
self.assertEqual(403, resp.status_code)
# make sure member is not deleted
members = ccnet_api.get_group_members(self.group_id)
assert len(members) == 2
def post(self, request, group_id):
"""
Add a group member.
"""
username = request.user.username
# only group owner/admin can add a group member
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
email = request.data.get('email', None)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_group_member(group_id, email):
error_msg = _(u'User %s is already a group member.') % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
if not ccnet_api.org_user_exists(org_id, email):
error_msg = _(u'User %s not found in organization.') % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
ccnet_api.group_add_member(group_id, username, email)
add_user_to_group.send(sender=None,
group_staff=username,
group_id=group_id,
added_user=email)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info, status=status.HTTP_201_CREATED)
def test_can_notify_others_including_group(self):
self.logout()
self.login_as(self.tmp_user)
assert len(UserNotification.objects.all()) == 0
# share repo to tmp_user
username = self.user.username
seafile_api.share_repo(self.repo.id, username, self.tmp_user.username,
'rw')
# share repo to group(owner, admin)
ccnet_api.group_add_member(self.group.id, username,
self.admin.username)
seafile_api.set_group_repo(self.repo.id, self.group.id, username, 'rw')
# tmp_user comment a file
resp = self.client.post(self.endpoint, {'comment': 'new comment'})
self.assertEqual(201, resp.status_code)
assert len(UserNotification.objects.all()) == 2
def setUp(self):
self.login_as(self.user)
self.group_id = self.group.id
self.group_name = self.group.group_name
self.repo_id = self.repo.id
self.url = reverse('api-v2.1-related-user', args=[self.repo_id])
# add tmp user to group
self.tmp_user = self.create_user('*****@*****.**' % randstring(4),
is_staff=False)
ccnet_api.group_add_member(self.group_id, self.user.username,
self.tmp_user.username)
# share repo to group
seafile_api.set_group_repo(self.repo_id, self.group_id,
self.user.username, 'rw')
# share repo to admin
seafile_api.share_repo(self.repo.id, self.user.username,
self.admin.username, 'rw')
def test_delete_if_login_user_is_group_staff(self):
self.login_as(self.admin)
# admin user can not delete
resp = self.client.delete(self.group_library_url)
self.assertEqual(403, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert len(group_repos) == 1
# set admin user as group staff
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin_name)
ccnet_api.group_set_admin(self.group_id, self.admin_name)
# admin user can delete
resp = self.client.delete(self.group_library_url)
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert len(group_repos) == 0
def test_repo_perm_in_structure(repo, permission):
id1 = ccnet_api.create_group('group1', USER, parent_group_id=-1)
id2 = ccnet_api.create_group('group2', USER, parent_group_id=id1)
assert id1 != -1 and id2 != -1
assert ccnet_api.group_add_member(id2, USER, USER2) != -1
assert api.group_share_repo(repo.id, id1, USER2, permission) != -1
assert api.check_permission(repo.id, USER2) == permission
assert api.group_unshare_repo(repo.id, id1, USER2) != -1
assert api.check_permission(repo.id, USER2) == None
assert ccnet_api.remove_group(id2) != -1
assert ccnet_api.remove_group(id1) != -1
def test_share_dir_to_group(repo, group, permission):
assert ccnet_api.group_add_member(group.id, USER, USER2) == 0
v_repo_id_1 = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id,
permission)
v_repo_id_2 = api.share_subdir_to_group(repo.id, '/dir2', USER, group.id,
permission)
assert api.check_permission(v_repo_id_1, USER2) == permission
assert api.check_permission(v_repo_id_2, USER2) == permission
assert api.del_file(repo.id, '/', 'dir1', USER) == 0
assert api.unshare_subdir_for_group(repo.id, '/dir2', USER, group.id) == 0
assert api.check_permission(v_repo_id_1, USER2) is None
assert api.check_permission(v_repo_id_2, USER2) is None
def test_reshare_to_group_after_transfer_repo(self):
# If new owner in group repo shared to, reshare to group
# share user's repo to group with 'r' permission
seafile_api.set_group_repo(self.user_repo_id, self.group_id,
self.user_name, 'r')
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
# add admin user to group
ccnet_api.group_add_member(self.group_id, self.user_name, self.admin.username)
self.login_as(self.user)
url = reverse("api2-repo-owner", args=[self.user_repo_id])
data = 'owner=%s' % self.admin.email
# transfer repo to admin
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
group_repos = seafile_api.get_repos_by_group(self.group_id)
assert group_repos[0].permission == 'r'
def test_can_notify_others_including_group(self):
self.logout()
self.login_as(self.tmp_user)
assert len(UserNotification.objects.all()) == 0
# share repo to tmp_user
username = self.user.username
seafile_api.share_repo(self.repo.id, username,
self.tmp_user.username, 'rw')
# share repo to group(owner, admin)
ccnet_api.group_add_member(self.group.id, username,
self.admin.username)
seafile_api.set_group_repo(self.repo.id, self.group.id,
username, 'rw')
# tmp_user comment a file
resp = self.client.post(self.endpoint, {
'comment': 'new comment'
})
self.assertEqual(201, resp.status_code)
assert len(UserNotification.objects.all()) == 2
def test_share_dir_to_group(repo, group, permission):
assert ccnet_api.group_add_member(group.id, USER, USER2) == 0
v_repo_id_1 = api.share_subdir_to_group(repo.id, '/dir1', USER, group.id, permission)
v_repo_id_2 = api.share_subdir_to_group(repo.id, '/dir2', USER, group.id, permission)
assert api.check_permission(v_repo_id_1, USER2) == permission
assert api.check_permission(v_repo_id_2, USER2) == permission
repo_get = api.get_group_shared_repo_by_path (repo.id, '/dir1', group.id)
assert repo_get and repo_get.repo_id == v_repo_id_1
users = api.get_shared_groups_for_subdir(repo.id, '/dir1', USER)
assert len(users) == 1
assert api.del_file(repo.id, '/', 'dir1', USER) == 0
assert api.unshare_subdir_for_group(repo.id, '/dir2', USER, group.id) == 0
assert api.check_permission(v_repo_id_1, USER2) is None
assert api.check_permission(v_repo_id_2, USER2) is None
def post(self, request):
"""import department from work weixin
permission: IsProVersion
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# argument check
department_id = request.data.get('work_weixin_department_id')
try:
department_id = int(department_id)
except Exception as e:
logger.error(e)
error_msg = 'work_weixin_department_ids invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# is pro version and work weixin check
if not IsProVersion or not admin_work_weixin_departments_check():
error_msg = 'Feature is not enabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
access_token = get_work_weixin_access_token()
if not access_token:
logger.error('can not get work weixin access_token')
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# list departments from work weixin
api_department_list = self._list_departments_from_work_weixin(
access_token, department_id)
if api_department_list is None:
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# list department members from work weixin
api_user_list = self._list_department_members_from_work_weixin(
access_token, department_id)
if api_user_list is None:
error_msg = '获取企业微信组织架构成员失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# main
success = list()
failed = list()
department_map_to_group_dict = dict()
for index, department_obj in enumerate(api_department_list):
# check department argument
new_group_name = department_obj.get('name')
department_obj_id = department_obj.get('id')
if department_obj_id is None or not new_group_name or not validate_group_name(
new_group_name):
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门参数错误')
failed.append(failed_msg)
continue
# check parent group
if index == 0:
parent_group_id = -1
else:
parent_department_id = department_obj.get('parentid')
parent_group_id = department_map_to_group_dict.get(
parent_department_id)
if parent_group_id is None:
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '父级部门不存在')
failed.append(failed_msg)
continue
# check department exist by group name
exist, exist_group = self._admin_check_group_name_conflict(
new_group_name)
if exist:
department_map_to_group_dict[
department_obj_id] = exist_group.id
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门已存在')
failed.append(failed_msg)
continue
# import department
try:
group_id = ccnet_api.create_group(
new_group_name,
DEPARTMENT_OWNER,
parent_group_id=parent_group_id)
seafile_api.set_group_quota(group_id, -2)
department_map_to_group_dict[department_obj_id] = group_id
success_msg = self._api_department_success_msg(
department_obj_id, new_group_name, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门导入失败')
failed.append(failed_msg)
# todo filter ccnet User database
social_auth_queryset = SocialAuthUser.objects.filter(
provider=WORK_WEIXIN_PROVIDER,
uid__contains=WORK_WEIXIN_UID_PREFIX)
# import api_user
for api_user in api_user_list:
uid = WORK_WEIXIN_UID_PREFIX + api_user.get('userid', '')
api_user['contact_email'] = api_user['email']
api_user_name = api_user.get('name')
# determine the user exists
if social_auth_queryset.filter(uid=uid).exists():
email = social_auth_queryset.get(uid=uid).username
else:
# create user
email = gen_user_virtual_id()
create_user_success = _import_user_from_work_weixin(
email, api_user)
if not create_user_success:
failed_msg = self._api_user_failed_msg(
'', api_user_name, department_id, '导入用户失败')
failed.append(failed_msg)
continue
# bind user to department
api_user_department_list = api_user.get('department')
for department_obj_id in api_user_department_list:
group_id = department_map_to_group_dict.get(department_obj_id)
if group_id is None:
# the api_user also exist in the brother department which not import
continue
if ccnet_api.is_group_user(group_id, email):
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_obj_id, '部门成员已存在')
failed.append(failed_msg)
continue
try:
ccnet_api.group_add_member(group_id, DEPARTMENT_OWNER,
email)
success_msg = self._api_user_success_msg(
email, api_user_name, department_obj_id, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_id, '导入部门成员失败')
failed.append(failed_msg)
return Response({
'success': success,
'failed': failed,
})
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def put(self, request, group_id):
""" Admin update a group
1. transfer a group.
2. set group quota
Permission checking:
1. Admin user;
"""
# recourse check
group_id = int(group_id) # Checked by URL Conf
group = ccnet_api.get_group(group_id)
if not group:
error_msg = 'Group %d not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
new_owner = request.data.get('new_owner', '')
if new_owner:
if not is_valid_username(new_owner):
error_msg = 'new_owner %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# check if new_owner exists,
# NOT need to check old_owner for old_owner may has been deleted.
try:
User.objects.get(email=new_owner)
except User.DoesNotExist:
error_msg = 'User %s not found.' % new_owner
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
old_owner = group.creator_name
if new_owner == old_owner:
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
try:
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, old_owner, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, old_owner)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# send admin operation log signal
admin_op_detail = {
"id": group_id,
"name": group.group_name,
"from": old_owner,
"to": new_owner,
}
admin_operation.send(sender=None, admin_name=request.user.username,
operation=GROUP_TRANSFER, detail=admin_op_detail)
# set group quota
group_quota = request.data.get('quota', '')
if group_quota:
try:
group_quota = int(group_quota)
except ValueError:
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if not (group_quota > 0 or group_quota == -2):
error_msg = 'quota invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
try:
seafile_api.set_group_quota(group_id, group_quota)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(group_id)
return Response(group_info)
def add_admin_to_group(self):
ccnet_api.group_add_member(self.group.id, self.user.username,
self.admin.username)
assert ccnet_api.is_group_user(self.group.id, self.admin.username)
def setUp(self):
self.user2 = self.create_user()
ccnet_api.group_add_member(self.group.id, self.user.username,
self.user2.username)
g_members = [x.user_name for x in seaserv.get_group_members(self.group.id)]
assert self.user2.username in g_members
def post(self, request, group_id):
""" Import members from xlsx file
Permission checking:
1. group admin or owner.
"""
xlsx_file = request.FILES.get('file', None)
if not xlsx_file:
error_msg = 'file can not be found.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
file_type, ext = get_file_type_and_ext(xlsx_file.name)
if ext != 'xlsx':
error_msg = file_type_error_msg(ext, 'xlsx')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
group_id = int(group_id)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = _('Group does not exist')
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check permission
# only group owner/admin can add group members
username = request.user.username
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
content = xlsx_file.read()
try:
fs = BytesIO(content)
wb = load_workbook(filename=fs, read_only=True)
except Exception as e:
logger.error(e)
# example file is like:
# Email
# [email protected]
# [email protected]
rows = wb.worksheets[0].rows
records = []
# skip first row(head field).
next(rows)
for row in rows:
records.append([col.value for col in row])
emails_list = []
for record in records:
if record[0]:
email = record[0].strip().lower()
emails_list.append(email)
result = {}
result['failed'] = []
result['success'] = []
emails_need_add = []
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
for email in emails_list:
email_name = email2nickname(email)
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
'User %s not found.' % email_name
})
continue
if is_group_member(group_id, email, in_structure=False):
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
_('User %s is already a group member.') % email_name
})
continue
# Can only invite organization users to group
if org_id and not ccnet_api.org_user_exists(org_id, email):
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
_('User %s not found in organization.') % email_name
})
continue
if not org_id and is_org_user(email):
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
_('User %s is an organization user.') % email_name
})
continue
emails_need_add.append(email)
# Add user to group.
for email in emails_need_add:
try:
ccnet_api.group_add_member(group_id, username, email)
member_info = get_group_member_info(request, group_id, email)
result['success'].append(member_info)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
add_user_to_group.send(sender=None,
group_staff=username,
group_id=group_id,
added_user=email)
return Response(result)
def add_admin_to_group(self):
ccnet_api.group_add_member(
self.group.id, self.user.username, self.admin.username)
assert ccnet_api.is_group_user(self.group.id, self.admin.username)
