def _add_shared_items(self):
        # create repo for user
        sub_repo_id = seafile_api.create_virtual_repo(self.repo.id,
                                                      self.folder,
                                                      self.repo.name, '',
                                                      self.user.username)

        self.sub_repo_id = sub_repo_id


        # create group for admin
        admin_group_id = seaserv.ccnet_threaded_rpc.create_group('admin-group',
                self.admin.email)
        self.admin_group_id = admin_group_id

        # A user shares a folder to admin with permission 'rw'.
        seafile_api.share_repo(sub_repo_id, self.user.username,
                               self.admin.username, 'rw')

        # A user shares a folder to admin group with permission 'rw'.
        seafile_api.set_group_repo(sub_repo_id, admin_group_id,
                                   self.user.username, 'rw')

        # A user shares a folder to public with permission 'rw'.
        seafile_api.add_inner_pub_repo(sub_repo_id, 'rw')
Beispiel #2
0
    def test_rename_folder_with_invalid_folder_perm(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        # share user's repo to admin with 'rw' permission
        seafile_api.share_repo(self.repo_id, self.user_name,
                self.admin_name, 'rw')

        # set sub-folder permisson as 'r' for admin
        seafile_api.add_folder_user_perm(self.repo_id,
                self.folder_path, 'r', self.admin_name)

        # admin can visit sub-folder with 'r' permission
        assert seafile_api.check_permission_by_path(self.repo_id,
                self.folder_path, self.admin_name) == 'r'

        # login as admin, then rename a 'r' permission folder
        self.login_as(self.admin)

        new_name = randstring(6)
        data = {'operation': 'rename', 'newname': new_name}

        resp = self.client.post(self.url + '?p=' + self.folder_path, data)
        self.assertEqual(403, resp.status_code)
Beispiel #3
0
    def test_delete_file_with_invalid_folder_perm(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        # create a file in user repo sub-folder
        file_name = randstring(6)
        seafile_api.post_empty_file(repo_id=self.repo_id,
                parent_dir=self.folder_path, filename=file_name,
                username=self.user_name)

        # share user's repo to admin with 'rw' permission
        seafile_api.share_repo(self.repo_id, self.user_name,
                self.admin_name, 'rw')

        # set sub-folder permisson as 'r' for admin
        seafile_api.add_folder_user_perm(self.repo_id,
                self.folder_path, 'r', self.admin_name)

        # admin can visit file with 'r' permission
        file_path = posixpath.join(self.folder_path, file_name)
        assert seafile_api.check_permission_by_path(self.repo_id,
                file_path, self.admin_name) == 'r'

        # login as admin, then delete a 'r' permission file
        self.login_as(self.admin)

        resp = self.client.delete(self.url + '?p=' + file_path,
                {}, 'application/x-www-form-urlencoded')
        self.assertEqual(403, resp.status_code)
Beispiel #4
0
def share_to_user(request, repo, from_user, to_user, permission):
    """Share repo to a user with given permission.
    """
    repo_id = repo.id

    if from_user == to_user:
        msg = _(u'You can not share libray to yourself.')
        messages.error(request, msg)
        return

    if is_registered_user(to_user):
        try:
            seafile_api.share_repo(repo_id, from_user, to_user, permission)
        except Exception, e:
            logger.error(e)
            msg = _(u'Failed to share to %s, please try again later.') % to_user
            messages.error(request, msg)
        else:
            # send a signal when sharing repo successful
            share_repo_to_user_successful.send(sender=None,
                                               from_user=from_user,
                                               to_user=to_user, repo=repo)
            msg = _(u'Shared to %(email)s successfully,go check it at <a href="%(share)s">Shares</a>.') % \
                {'email':to_user, 'share':reverse('share_admin')}
            messages.success(request, msg)
Beispiel #5
0
    def setUp(self):

        self.login_as(self.admin)

        # create group for admin user
        self.admin_group_1_name = randstring(6)
        self.admin_group_1_id = ccnet_threaded_rpc.create_group(self.admin_group_1_name,
                self.admin.email)

        # create another group for admin user
        self.admin_group_2_name = randstring(6)
        self.admin_group_2_id = ccnet_threaded_rpc.create_group(self.admin_group_2_name,
                self.admin.email)

        # create repo for admin user
        self.admin_repo_name = randstring(6)
        r = seafile_api.get_repo(self.create_repo(name=self.admin_repo_name,
            desc='', username=self.admin.email, passwd=None))
        self.admin_repo_id = r.id

        # set common user as staff in admin user's group
        ccnet_threaded_rpc.group_add_member(self.admin_group_1_id,
                self.admin.email, self.user.email)
        ccnet_threaded_rpc.group_set_admin(self.admin_group_1_id, self.user.email)

        # add common user to admin user's another group
        ccnet_threaded_rpc.group_add_member(self.admin_group_2_id,
                self.admin.email, self.user.email)

        # share admin user's repo to common user
        seafile_api.share_repo(self.admin_repo_id, self.admin.email,
                               self.user.email, 'rw')
    def test_reshare_to_user_group_after_transfer_repo(self):

        tmp_user = '******'
        User.objects.create_user(tmp_user)

        # add admin user to group
        ccnet_api.group_add_member(self.group_id, self.user_name, self.admin.username)

        # share user's repo to tmp_user with 'rw' permission
        seafile_api.share_repo(self.user_repo_id, self.user.username,
                tmp_user, 'rw')

        # share user's repo to group with 'r' permission
        seafile_api.set_group_repo(self.user_repo_id, self.group_id,
                self.user_name, 'r')
        group_repos = seafile_api.get_repos_by_group(self.group_id)

        assert group_repos[0].permission == 'r'
        assert seafile_api.check_permission_by_path(self.user_repo_id,
                '/', tmp_user) == 'rw'

        self.login_as(self.user)

        url = reverse("api2-repo-owner", args=[self.user_repo_id])
        data = 'owner=%s' % self.admin.email

        # transfer repo to admin
        resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
        self.assertEqual(200, resp.status_code)

        group_repos = seafile_api.get_repos_by_group(self.group_id)
        assert group_repos[0].permission == 'r'
        assert seafile_api.check_permission_by_path(self.user_repo_id,
                '/', tmp_user) == 'rw'
Beispiel #7
0
    def test_rename_file_with_invalid_folder_perm(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        # create a file as old file in user repo sub-folder
        old_file_name = randstring(6)
        seafile_api.post_empty_file(repo_id=self.repo_id,
                parent_dir=self.folder_path, filename=old_file_name,
                username=self.user_name)

        # share user's repo to admin with 'rw' permission
        seafile_api.share_repo(self.repo_id, self.user_name,
                self.admin_name, 'rw')

        # set sub-folder permisson as 'r' for admin
        seafile_api.add_folder_user_perm(self.repo_id,
                self.folder_path, 'r', self.admin_name)

        # admin can visit old file with 'r' permission
        old_file_path = posixpath.join(self.folder_path, old_file_name)
        assert seafile_api.check_permission_by_path(self.repo_id,
                old_file_path, self.admin_name) == 'r'

        # login as admin, then rename a 'r' permission old file
        self.login_as(self.admin)

        new_name = randstring(6)
        data = {'operation': 'rename', 'newname': new_name}

        resp = self.client.post(self.url + '?p=' + old_file_path, data)
        self.assertEqual(403, resp.status_code)
Beispiel #8
0
def share_dir_to_user(repo, path, owner, share_from, share_to, permission, org_id=None):
    # Share  repo or subdir to user with permission(r, rw, admin).
    extra_share_permission = ''
    if permission == PERMISSION_ADMIN:
        extra_share_permission = permission
        permission = PERMISSION_READ_WRITE

    if is_valid_org_id(org_id):
        if path == '/':
            seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo.repo_id, 
                                                        owner, share_to, 
                                                        permission)
        else:
            seafile_api.org_share_subdir_to_user(org_id, repo.repo_id, 
                                                               path, owner, 
                                                               share_to, permission)
    else:
        if path == '/':
            seafile_api.share_repo(repo.repo_id, owner, share_to, permission)
        else:
            seafile_api.share_subdir_to_user(repo.repo_id, path, 
                                                           owner, share_to, 
                                                           permission)
    if path == '/' and extra_share_permission == PERMISSION_ADMIN:
        ExtraSharePermission.objects.create_share_permission(repo.repo_id, share_to, extra_share_permission)
Beispiel #9
0
def share_to_user(request, repo, to_user, permission):
    """Share repo to a user with given permission.
    """
    repo_id = repo.id
    from_user = request.user.username

    if from_user == to_user:
        return False

    # permission check
    if is_org_context(request):
        org_id = request.user.org.org_id
        if not seaserv.ccnet_threaded_rpc.org_user_exists(org_id, to_user):
            return False
    else:
        if not is_registered_user(to_user):
            return False

    try:
        if is_org_context(request):
            org_id = request.user.org.org_id
            org_share_repo(org_id, repo_id, from_user, to_user, permission)
        else:
            seafile_api.share_repo(repo_id, from_user, to_user, permission)
    except SearpcError as e:
            return False
            logger.error(e)
    else:
        # send a signal when sharing repo successful
        share_repo_to_user_successful.send(sender=None,
                                           from_user=from_user,
                                           to_user=to_user, repo=repo)
        return True
    def share_repo_to_user_and_group(self):

        # share repo to user
        seafile_api.share_repo(self.repo_id,
                self.user_name, self.admin_name, 'rw')

        # share repo to group
        seafile_api.set_group_repo(self.repo_id,
                self.group_id, self.user_name, 'rw')
Beispiel #11
0
 def _add_shared_items(self):
     sub_repo_id = seafile_api.create_virtual_repo(self.repo.id,
                                                   self.folder,
                                                   self.repo.name, '',
                                                   self.user.username)
     # A user shares a folder to admin with permission 'rw'.
     seafile_api.share_repo(sub_repo_id, self.user.username,
                            self.admin.username, 'rw')
     # A user shares a folder to group with permission 'rw'.
     seafile_api.set_group_repo(sub_repo_id, self.group.id,
                                self.user.username, 'rw')
Beispiel #12
0
    def set_user_folder_rw_permission_to_admin(self):

        # share user's repo to admin with 'r' permission
        seafile_api.share_repo(self.repo.id, self.user.username,
                self.admin.username, 'r')

        # set user sub-folder 'rw' permisson to admin
        seafile_api.add_folder_user_perm(self.repo.id,
                self.folder, 'rw', self.admin.username)

        # admin can visit user sub-folder with 'rw' permission
        assert seafile_api.check_permission_by_path(self.repo.id,
                self.folder, self.admin.username) == 'rw'
    def test_can_notify_others(self):
        assert len(UserNotification.objects.all()) == 0

        username = self.user.username
        seafile_api.share_repo(self.repo.id, username,
                               self.admin.username, 'rw')

        resp = self.client.post(self.endpoint, {
            'comment': 'new comment'
        })
        self.assertEqual(201, resp.status_code)

        assert len(UserNotification.objects.all()) == 1
        assert UserNotification.objects.all()[0].to_user == self.admin.username
    def test_can_list_personal_shared_repo(self):
        self._prepare_repo_and_group()

        # A user shares a folder to admin with permission 'rw'.
        seafile_api.share_repo(self.sub_repo_id,
                               self.user.username,
                               self.admin.username,
                               'rw')


        resp = self.client.get('/api2/beshared-repos/')
        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert json_resp[0]['repo_id'] == self.sub_repo_id
        assert json_resp[0]['share_type'] == 'personal'
Beispiel #15
0
    def test_can_get(self):
        username = self.user.username

        owner = get_repo_owner(self.fake_request, self.repo.id)
        assert owner == username
        assert get_repo_shared_users(self.repo.id, owner) == []

        # user share a repo to admin
        seafile_api.share_repo(self.repo.id, username,
                               self.admin.username, 'rw')
        assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username]

        # user share a repo to group
        seafile_api.set_group_repo(self.repo.id, self.group.id,
                                   username, 'rw')
        assert get_repo_shared_users(self.repo.id, owner) == [self.admin.username, self.user2.username]
Beispiel #16
0
    def test_delete_repo_user_share_permission(self):

        # user share repo to tmp user
        init_permission = 'rw'
        seafile_api.share_repo(self.repo_id,
                self.user_name, self.tmp_user_email, init_permission)

        assert seafile_api.check_permission_by_path(self.repo_id, \
                '/', self.tmp_user_email) == init_permission

        self.login_as(self.admin)

        data = 'repo_id=%s&share_type=%s&share_to=%s' % \
                (self.repo_id, 'user', self.tmp_user_email)
        resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
        self.assertEqual(200, resp.status_code)

        assert seafile_api.check_permission_by_path(self.repo_id, \
                '/', self.tmp_user_email) is None
Beispiel #17
0
def share_to_user(request, repo, to_user, permission):
    """Share repo to a user with given permission.
    """
    repo_id = repo.id
    from_user = request.user.username

    if from_user == to_user:
        msg = _(u'You can not share libray to yourself.')
        messages.error(request, msg)
        return

    # permission check
    if is_org_context(request):
        org_id = request.user.org.org_id
        if not seaserv.ccnet_threaded_rpc.org_user_exists(org_id, to_user):
            msg = _(u'Failed to share to %s, user is not found.') % to_user
            messages.error(request, msg)
            return
    else:
        if not is_registered_user(to_user):
            msg = _(u'Failed to share to %s, as the email is not registered.') % to_user
            messages.error(request, msg)
            return

    try:
        if is_org_context(request):
            org_id = request.user.org.org_id
            org_share_repo(org_id, repo_id, from_user, to_user, permission)
        else:
            seafile_api.share_repo(repo_id, from_user, to_user, permission)
    except SearpcError as e:
            logger.error(e)
            msg = _(u'Failed to share to %s, please try again later.') % to_user
            messages.error(request, msg)
    else:
        # send a signal when sharing repo successful
        share_repo_to_user_successful.send(sender=None,
                                           from_user=from_user,
                                           to_user=to_user, repo=repo)
        msg = _(u'Shared to %(email)s successfully, go check it at <a href="%(share)s">Shares</a>.') % \
            {'email': to_user, 'share': reverse('share_admin')}
        messages.success(request, msg)
Beispiel #18
0
    def test_reshare_to_user_after_transfer_repo(self):

        tmp_user = '******'
        User.objects.create_user(tmp_user)

        # share user's repo to tmp_user with 'rw' permission
        seafile_api.share_repo(self.user_repo_id, self.user.username,
                tmp_user, 'rw')

        assert seafile_api.check_permission_by_path(self.user_repo_id,
                '/', tmp_user) == 'rw'

        self.login_as(self.user)

        url = reverse("api2-repo-owner", args=[self.user_repo_id])
        data = 'owner=%s' % self.admin.email

        resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
        self.assertEqual(200, resp.status_code)

        assert seafile_api.check_permission_by_path(self.user_repo_id,
                '/', tmp_user) == 'rw'
Beispiel #19
0
    def test_not_reshare_to_user_after_transfer_repo(self):
        # Remove share if repo already shared to new owner

        # share user's repo to admin with 'rw' permission
        seafile_api.share_repo(self.user_repo_id, self.user.username,
                self.admin.username, 'rw')

        # repo in admin's be shared repo list
        shared_repos = seafile_api.get_share_in_repo_list(self.admin.username, -1, -1)
        assert shared_repos[0].repo_name == self.repo.repo_name

        self.login_as(self.user)

        url = reverse("api2-repo-owner", args=[self.user_repo_id])
        data = 'owner=%s' % self.admin.email

        resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
        self.assertEqual(200, resp.status_code)

        # repo NOT in admin's be shared repo list
        shared_repos = seafile_api.get_share_in_repo_list(self.admin.username, -1, -1)
        assert len(shared_repos) == 0
    def test_can_list_priv_shared_folders(self):
        repo_id = self.repo.id
        username = self.user.username

        parent_dir = '/'
        dirname = '<img onerror=alert(1) src=a>_"_Ω_%2F_W_#_12_这'
        full_dir_path = os.path.join(parent_dir, dirname)

        # create folder
        self.create_folder(repo_id=repo_id,
                           parent_dir=parent_dir,
                           dirname=dirname,
                           username=username)

        sub_repo_id = seafile_api.create_virtual_repo(repo_id, full_dir_path, dirname, dirname, username)
        seafile_api.share_repo(sub_repo_id, username, self.admin.username, 'rw')

        self.login_as(self.user)
        resp = self.client.get(reverse('list_priv_shared_folders'))
        self.assertEqual(200, resp.status_code)
        href = reverse("view_common_lib_dir", args=[repo_id, urlquote(full_dir_path).strip('/')])
        self.assertRegexpMatches(resp.content, href)
Beispiel #21
0
    def test_delete_folder_with_invalid_folder_perm(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        # share user's repo to admin with 'rw' permission
        seafile_api.share_repo(self.repo_id, self.user_name,
                self.admin_name, 'rw')

        # set sub-folder permisson as 'r' for admin
        seafile_api.add_folder_user_perm(self.repo_id,
                self.folder_path, 'r', self.admin_name)

        # admin can visit sub-folder with 'r' permission
        assert seafile_api.check_permission_by_path(self.repo_id,
                self.folder_path, self.admin_name) == 'r'

        # login as admin, then delete a 'r' permission folder
        self.login_as(self.admin)

        resp = self.client.delete(self.url + '?p=' + self.folder_path,
                {}, 'application/x-www-form-urlencoded')
        self.assertEqual(403, resp.status_code)
Beispiel #22
0
    def test_copy_file_with_invalid_dst_folder_perm(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        # share user's repo to admin with 'rw' permission
        seafile_api.share_repo(self.repo_id, self.user_name,
                self.admin_name, 'rw')

        # set sub-folder permisson as 'r' for admin
        seafile_api.add_folder_user_perm(self.repo_id,
                self.folder_path, 'r', self.admin_name)

        # admin can visit sub-folder with 'r' permission
        assert seafile_api.check_permission_by_path(self.repo_id,
                self.folder_path, self.admin_name) == 'r'

        # create a file for admin repo
        admin_repo_id = self.admin_create_new_repo()
        admin_file_name = randstring(6)
        seafile_api.post_empty_file(repo_id=admin_repo_id,
                parent_dir='/', filename=admin_file_name,
                username=self.admin_name)

        # login as admin, then move file to a 'r' permission folder
        self.login_as(self.admin)

        # create new repo for admin
        data = {
            'operation': 'copy',
            'dst_repo': self.repo_id,
            'dst_dir': self.folder_path,
        }

        url = reverse('api-v2.1-file-view', args=[admin_repo_id])
        resp = self.client.post(url + '?p=/' + admin_file_name, data)
        self.assertEqual(403, resp.status_code)
    def test_can_notify_others_including_group(self):
        self.logout()
        self.login_as(self.tmp_user)

        assert len(UserNotification.objects.all()) == 0

        # share repo to tmp_user
        username = self.user.username
        seafile_api.share_repo(self.repo.id, username,
                               self.tmp_user.username, 'rw')

        # share repo to group(owner, admin)
        ccnet_api.group_add_member(self.group.id, username,
                                   self.admin.username)
        seafile_api.set_group_repo(self.repo.id, self.group.id,
                                   username, 'rw')

        # tmp_user comment a file
        resp = self.client.post(self.endpoint, {
            'comment': 'new comment'
        })
        self.assertEqual(201, resp.status_code)

        assert len(UserNotification.objects.all()) == 2
Beispiel #24
0
    def put(self, request, repo_id, format=None):
        username = request.user.username
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_404_NOT_FOUND,
                             'Library %s not found.' % repo_id)

        path = request.GET.get('p', '/')
        if seafile_api.get_dir_id_by_path(repo.id, path) is None:
            return api_error(status.HTTP_404_NOT_FOUND,
                             'Folder %s not found.' % path)

        if username != self.get_repo_owner(request, repo_id):
            return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')

        share_type = request.data.get('share_type')
        if share_type != 'user' and share_type != 'group':
            return api_error(status.HTTP_400_BAD_REQUEST,
                             'share_type invalid.')

        permission = request.data.get('permission', 'r')
        if permission not in ['r', 'rw']:
            return api_error(status.HTTP_400_BAD_REQUEST,
                             'permission invalid.')

        result = {}
        result['failed'] = []
        result['success'] = []

        if share_type == 'user':
            share_to_users = request.data.getlist('username')
            for to_user in share_to_users:
                if not is_valid_username(to_user):
                    result['failed'].append({
                        'email': to_user,
                        'error_msg': 'username invalid.'
                    })
                    continue

                try:
                    User.objects.get(email=to_user)
                except User.DoesNotExist:
                    result['failed'].append({
                        'email':
                        to_user,
                        'error_msg':
                        'User %s not found.' % to_user
                    })
                    continue

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        if path == '/':
                            seaserv.seafserv_threaded_rpc.org_add_share(
                                org_id, repo_id, username, to_user, permission)
                        else:
                            seafile_api.org_share_subdir_to_user(
                                org_id, repo_id, path, username, to_user,
                                permission)
                    else:
                        if path == '/':
                            seafile_api.share_repo(repo_id, username, to_user,
                                                   permission)
                        else:
                            seafile_api.share_subdir_to_user(
                                repo_id, path, username, to_user, permission)

                    # send a signal when sharing repo successful
                    share_repo_to_user_successful.send(sender=None,
                                                       from_user=username,
                                                       to_user=to_user,
                                                       repo=repo)
                    result['success'].append({
                        "share_type": "user",
                        "user_info": {
                            "name": to_user,
                            "nickname": email2nickname(to_user),
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, to_user,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    result['failed'].append({
                        'email':
                        to_user,
                        'error_msg':
                        'Internal Server Error'
                    })
                    continue

        if share_type == 'group':
            group_ids = request.data.getlist('group_id')
            for gid in group_ids:
                try:
                    gid = int(gid)
                except ValueError:
                    return api_error(status.HTTP_400_BAD_REQUEST,
                                     'group_id %s invalid.' % gid)
                group = seaserv.get_group(gid)
                if not group:
                    return api_error(status.HTTP_404_NOT_FOUND,
                                     'Group %s not found' % gid)

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        if path == '/':
                            seafile_api.add_org_group_repo(
                                repo_id, org_id, gid, username, permission)
                        else:
                            seafile_api.org_share_subdir_to_group(
                                org_id, repo_id, path, username, gid,
                                permission)
                    else:
                        if path == '/':
                            seafile_api.set_group_repo(repo_id, gid, username,
                                                       permission)
                        else:
                            seafile_api.share_subdir_to_group(
                                repo_id, path, username, gid, permission)

                    share_repo_to_group_successful.send(sender=None,
                                                        from_user=username,
                                                        group_id=gid,
                                                        repo=repo)

                    result['success'].append({
                        "share_type": "group",
                        "group_info": {
                            "id": gid,
                            "name": group.group_name,
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, gid,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    result['failed'].append({
                        'group_name':
                        group.group_name,
                        'error_msg':
                        'Internal Server Error'
                    })
                    continue

        return HttpResponse(json.dumps(result),
                            status=200,
                            content_type=json_content_type)
Beispiel #25
0
    def test_copy_dir(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        self.login_as(self.user)

        # create two folders in src repo
        src_folder_1 = self.get_random_path()
        src_folder_2 = self.get_random_path()
        for path in [src_folder_1, src_folder_2]:
            seafile_api.mkdir_with_parents(self.repo_id, '/', path.strip('/'),
                                           self.user_name)

        # share admin's tmp repo to user
        tmp_repo_id = self.create_new_repo(self.admin_name)
        seafile_api.share_repo(tmp_repo_id, self.admin_name, self.user_name,
                               'rw')

        # create two folders as parent dirs in dst repo for admin user
        dst_folder_1 = self.get_random_path()
        seafile_api.mkdir_with_parents(tmp_repo_id, '/',
                                       dst_folder_1.strip('/'),
                                       self.admin_name)

        dst_folder_2 = '/'

        # copy folders
        data = {
            "src_repo_id":
            self.repo_id,
            "dst_repo_id":
            tmp_repo_id,
            "paths": [
                {
                    "src_path": src_folder_1,
                    "dst_path": dst_folder_1
                },
                {
                    "src_path": src_folder_2,
                    "dst_path": dst_folder_2
                },
            ]
        }

        resp = self.client.post(self.url, json.dumps(data), 'application/json')
        self.assertEqual(200, resp.status_code)

        json_resp = json.loads(resp.content)
        assert len(json_resp['success']) == 2
        assert len(json_resp['failed']) == 0

        def folder_exist(src_folder, dst_repo_id, dst_folder):
            src_obj_name = os.path.basename(src_folder.rstrip('/'))
            full_dst_folder_path = posixpath.join(dst_folder.strip('/'),
                                                  src_obj_name.strip('/'))
            full_dst_folder_path = normalize_dir_path(full_dst_folder_path)
            return seafile_api.get_dir_id_by_path(
                dst_repo_id, full_dst_folder_path) is not None

        assert folder_exist(src_folder_1, tmp_repo_id, dst_folder_1)
        assert folder_exist(src_folder_2, tmp_repo_id, dst_folder_2)

        self.remove_repo(tmp_repo_id)
def test_user_management(repo):
    email1 = '%s@%s.com' % (randstring(6), randstring(6))
    email2 = '%s@%s.com' % (randstring(6), randstring(6))
    passwd1 = 'randstring(6)'
    passwd2 = 'randstring(6)'

    ccnet_api.add_emailuser(email1, passwd1, 1, 1)
    ccnet_api.add_emailuser(email2, passwd2, 0, 0)

    ccnet_email1 = ccnet_api.get_emailuser(email1)
    ccnet_email2 = ccnet_api.get_emailuser(email2)
    assert ccnet_email1.is_active == True
    assert ccnet_email1.is_staff == True
    assert ccnet_email2.is_active == False
    assert ccnet_email2.is_staff == False

    assert ccnet_api.validate_emailuser(email1, passwd1) == 0
    assert ccnet_api.validate_emailuser(email2, passwd2) == 0

    users = ccnet_api.search_emailusers('DB', email1, -1, -1)
    assert len(users) == 1
    user_ccnet = users[0]
    assert user_ccnet.email == email1

    user_counts = ccnet_api.count_emailusers('DB')
    user_numbers = ccnet_api.get_emailusers('DB', -1, -1)

    ccnet_api.update_emailuser('DB', ccnet_email2.id, passwd2, 1, 1)
    email2_new = ccnet_api.get_emailuser(email2)
    assert email2_new.is_active == True
    assert email2_new.is_staff == True

    #test group when update user id
    id1 = ccnet_api.create_group('group1', email1, parent_group_id=-1)
    assert id1 != -1
    group1 = ccnet_api.get_group(id1)
    assert group1.parent_group_id == -1

    # test shared repo when update user id
    api.share_repo(repo.id, USER, email1, "rw")
    assert api.repo_has_been_shared(repo.id)

    new_email1 = '%s@%s.com' % (randstring(6), randstring(6))
    assert ccnet_api.update_emailuser_id(email1, new_email1) == 0

    shared_users = api.list_repo_shared_to(USER, repo.id)
    assert len(shared_users) == 1
    assert shared_users[0].repo_id == repo.id
    assert shared_users[0].user == new_email1
    assert shared_users[0].perm == "rw"

    api.remove_share(repo.id, USER, new_email1)

    email1_groups = ccnet_api.get_groups(new_email1)
    assert len(email1_groups) == 1
    assert email1_groups[0].id == id1
    rm1 = ccnet_api.remove_group(id1)
    assert rm1 == 0

    ccnet_api.remove_emailuser('DB', new_email1)
    ccnet_api.remove_emailuser('DB', email2)
Beispiel #27
0
    def put(self, request, repo_id, format=None):
        username = request.user.username
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_404_NOT_FOUND,
                             'Library %s not found.' % repo_id)

        path = request.GET.get('p', '/')
        if seafile_api.get_dir_id_by_path(repo.id, path) is None:
            return api_error(status.HTTP_404_NOT_FOUND,
                             'Folder %s not found.' % path)

        if username != self.get_repo_owner(request, repo_id):
            return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')

        if path != '/':
            try:
                sub_repo = self.get_or_create_sub_repo_by_path(
                    request, repo, path)
            except SearpcError as e:
                logger.error(e)
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 'Failed to get sub repo.')
        else:
            sub_repo = None

        share_type = request.data.get('share_type')
        if share_type != 'user' and share_type != 'group':
            return api_error(status.HTTP_400_BAD_REQUEST,
                             'share_type invalid.')

        permission = request.data.get('permission', 'r')
        if permission not in ['r', 'rw']:
            return api_error(status.HTTP_400_BAD_REQUEST,
                             'permission invalid.')

        shared_repo = repo if path == '/' else sub_repo
        result = {}
        result['failed'] = []
        result['success'] = []

        if share_type == 'user':
            share_to_users = request.data.getlist('username')
            for to_user in share_to_users:
                if not is_valid_username(to_user):
                    result['failed'].append({
                        'email':
                        to_user,
                        'error_msg':
                        'Nutzername oder E-Mail-Adresse ung&uuml;ltig.'
                    })
                    continue

                try:
                    User.objects.get(email=to_user)
                except User.DoesNotExist:
                    result['failed'].append({
                        'email':
                        to_user,
                        'error_msg':
                        'Es wurde kein Nutzer mit der E-Mail-Adresse %s gefunden. Benutzen Sie die Option &bdquo;Download-Link erstellen&rdquo; bzw. &bdquo;Upload-Link erstellen&rdquo;, um Elemente f&uuml;r nicht-registrierte Nutzer freizugeben.'
                        % to_user
                    })
                    continue

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seaserv.seafserv_threaded_rpc.org_add_share(
                            org_id, shared_repo.id, username, to_user,
                            permission)
                    else:
                        seafile_api.share_repo(shared_repo.id, username,
                                               to_user, permission)

                    # send a signal when sharing repo successful
                    share_repo_to_user_successful.send(sender=None,
                                                       from_user=username,
                                                       to_user=to_user,
                                                       repo=shared_repo)
                    result['success'].append({
                        "share_type": "user",
                        "user_info": {
                            "name": to_user,
                            "nickname": email2nickname(to_user),
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, to_user,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    result['failed'].append({
                        'email':
                        to_user,
                        'error_msg':
                        'Internal Server Error'
                    })
                    continue

        if share_type == 'group':
            group_ids = request.data.getlist('group_id')
            for gid in group_ids:
                try:
                    gid = int(gid)
                except ValueError:
                    return api_error(status.HTTP_400_BAD_REQUEST,
                                     'group_id %s invalid.' % gid)
                group = seaserv.get_group(gid)
                if not group:
                    return api_error(status.HTTP_404_NOT_FOUND,
                                     'Group %s not found' % gid)

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seafile_api.add_org_group_repo(shared_repo.repo_id,
                                                       org_id, gid, username,
                                                       permission)
                    else:
                        seafile_api.set_group_repo(shared_repo.repo_id, gid,
                                                   username, permission)

                    share_repo_to_group_successful.send(sender=None,
                                                        from_user=username,
                                                        group_id=gid,
                                                        repo=shared_repo)

                    result['success'].append({
                        "share_type": "group",
                        "group_info": {
                            "id": gid,
                            "name": group.group_name,
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, gid,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    result['failed'].append({
                        'group_name':
                        group.group_name,
                        'error_msg':
                        'Internal Server Error'
                    })
                    continue

        return HttpResponse(json.dumps(result),
                            status=200,
                            content_type=json_content_type)
 def share_repo_to_user(self, repo_id):
     seafile_api.share_repo(
             repo_id, self.user.username,
             self.admin.username, 'rw')
Beispiel #29
0
    def put(self, request, repo_id, format=None):
        username = request.user.username
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_404_NOT_FOUND, "Library %s not found." % repo_id)

        path = request.GET.get("p", "/")
        if seafile_api.get_dir_id_by_path(repo.id, path) is None:
            return api_error(status.HTTP_404_NOT_FOUND, "Folder %s not found." % path)

        if username != self.get_repo_owner(request, repo_id):
            return api_error(status.HTTP_403_FORBIDDEN, "Permission denied.")

        if path != "/":
            try:
                sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
            except SearpcError as e:
                logger.error(e)
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, "Failed to get sub repo.")
        else:
            sub_repo = None

        share_type = request.data.get("share_type")
        if share_type != "user" and share_type != "group":
            return api_error(status.HTTP_400_BAD_REQUEST, "share_type invalid.")

        permission = request.data.get("permission", "r")
        if permission not in ["r", "rw"]:
            return api_error(status.HTTP_400_BAD_REQUEST, "permission invalid.")

        shared_repo = repo if path == "/" else sub_repo
        success, failed = [], []
        if share_type == "user":
            share_to_users = request.data.getlist("username")
            for to_user in share_to_users:
                if not is_valid_username(to_user):
                    failed.append(to_user)
                    continue

                try:
                    User.objects.get(email=to_user)
                except User.DoesNotExist:
                    failed.append(to_user)
                    continue

                if not check_user_share_quota(username, shared_repo, users=[to_user]):
                    return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.")

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seaserv.seafserv_threaded_rpc.org_add_share(
                            org_id, shared_repo.id, username, to_user, permission
                        )
                    else:
                        seafile_api.share_repo(shared_repo.id, username, to_user, permission)

                    # send a signal when sharing repo successful
                    share_repo_to_user_successful.send(
                        sender=None, from_user=username, to_user=to_user, repo=shared_repo
                    )
                    success.append(
                        {
                            "share_type": "user",
                            "user_info": {"name": to_user, "nickname": email2nickname(to_user)},
                            "permission": permission,
                        }
                    )

                    send_perm_audit_msg("add-repo-perm", username, to_user, repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    failed.append(to_user)
                    continue

        if share_type == "group":
            group_ids = request.data.getlist("group_id")
            for gid in group_ids:
                try:
                    gid = int(gid)
                except ValueError:
                    return api_error(status.HTTP_400_BAD_REQUEST, "group_id %s invalid." % gid)
                group = seaserv.get_group(gid)
                if not group:
                    return api_error(status.HTTP_404_NOT_FOUND, "Group %s not found" % gid)

                if not check_user_share_quota(username, shared_repo, groups=[group]):
                    return api_error(status.HTTP_403_FORBIDDEN, "Not enough quota.")

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seafile_api.add_org_group_repo(shared_repo.repo_id, org_id, gid, username, permission)
                    else:
                        seafile_api.set_group_repo(shared_repo.repo_id, gid, username, permission)

                    success.append(
                        {
                            "share_type": "group",
                            "group_info": {"id": gid, "name": group.group_name},
                            "permission": permission,
                        }
                    )

                    send_perm_audit_msg("add-repo-perm", username, gid, repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    failed.append(group.group_name)
                    continue

        return HttpResponse(
            json.dumps({"success": success, "failed": failed}), status=200, content_type=json_content_type
        )
Beispiel #30
0
 def share_repo_to_user(self):
     seafile_api.share_repo(self.repo.id, self.user.username,
                            self.admin.username, 'rw')
Beispiel #31
0
    def put(self, request, repo_id, format=None):
        """ update a library status, transfer a library, rename a library

        Permission checking:
        1. only admin can perform this action.
        """
        # argument check
        new_status = request.data.get('status', None)
        if new_status:
            if new_status not in ('normal', 'read-only'):
                error_msg = 'status invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        new_repo_name = request.data.get('name', None)
        if new_repo_name:
            if not is_valid_dirent_name(new_repo_name):
                error_msg = 'name invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        new_owner = request.data.get('owner', None)
        if new_owner:
            if not is_valid_email(new_owner):
                error_msg = 'owner invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # resource check
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library %s not found.' % repo_id
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        if new_status:
            try:
                seafile_api.set_repo_status(
                    repo_id, normalize_repo_status_str(new_status))
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        if new_repo_name:
            try:
                res = seafile_api.edit_repo(repo_id, new_repo_name, '', None)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

            if res == -1:
                e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \
                        repo_id
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

        if new_owner:
            try:
                new_owner_obj = User.objects.get(email=new_owner)
            except User.DoesNotExist:
                error_msg = 'User %s not found.' % new_owner
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            if not new_owner_obj.permissions.can_add_repo():
                error_msg = _(u'Transfer failed: role of %s is %s, can not add library.') % \
                        (new_owner, new_owner_obj.role)
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            if MULTI_TENANCY:
                try:
                    if seafile_api.get_org_id_by_repo_id(repo_id) > 0:
                        error_msg = 'Can not transfer organization library.'
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                    if ccnet_api.get_orgs_by_user(new_owner):
                        error_msg = 'Can not transfer library to organization user %s' % new_owner
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)
                except Exception as e:
                    logger.error(e)
                    error_msg = 'Internal Server Error'
                    return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                     error_msg)

            repo_owner = seafile_api.get_repo_owner(repo_id)

            if new_owner == repo_owner:
                error_msg = _(u"Library can not be transferred to owner.")
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # get repo shared to user/group list
            shared_users = seafile_api.list_repo_shared_to(repo_owner, repo_id)
            shared_groups = seafile_api.list_repo_shared_group_by_user(
                repo_owner, repo_id)

            # get all pub repos
            pub_repos = []
            if not request.cloud_mode:
                pub_repos = seafile_api.list_inner_pub_repos_by_owner(
                    repo_owner)

            # transfer repo
            seafile_api.set_repo_owner(repo_id, new_owner)

            # reshare repo to user
            for shared_user in shared_users:
                shared_username = shared_user.user

                if new_owner == shared_username:
                    continue

                seafile_api.share_repo(repo_id, new_owner, shared_username,
                                       shared_user.perm)

            # reshare repo to group
            for shared_group in shared_groups:
                shared_group_id = shared_group.group_id

                if not is_group_member(shared_group_id, new_owner):
                    continue

                seafile_api.set_group_repo(repo_id, shared_group_id, new_owner,
                                           shared_group.perm)

            # reshare repo to links
            try:
                UploadLinkShare.objects.filter(
                    username=repo_owner,
                    repo_id=repo_id).update(username=new_owner)
                FileShare.objects.filter(
                    username=repo_owner,
                    repo_id=repo_id).update(username=new_owner)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 error_msg)

            # check if current repo is pub-repo
            # if YES, reshare current repo to public
            for pub_repo in pub_repos:
                if repo_id != pub_repo.id:
                    continue

                seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission)

                break

            # send admin operation log signal
            admin_op_detail = {
                "id": repo_id,
                "name": repo.name,
                "from": repo_owner,
                "to": new_owner,
            }
            admin_operation.send(sender=None,
                                 admin_name=request.user.username,
                                 operation=REPO_TRANSFER,
                                 detail=admin_op_detail)

        repo = seafile_api.get_repo(repo_id)
        repo_info = get_repo_info(repo)

        return Response(repo_info)
Beispiel #32
0
    def put(self, request, repo_id, format=None):
        """ transfer a library, rename a library

        Permission checking:
        1. only admin can perform this action.
        """
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library %s not found.' % repo_id
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        new_repo_name = request.data.get('name', None)
        if new_repo_name:
            try:
                res = seafile_api.edit_repo(repo_id, new_repo_name, '', None)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            if res == -1:
                e = 'Admin rename failed: ID of library is %s, edit_repo api called failed.' % \
                        repo_id
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        new_owner = request.data.get('owner', None)
        if new_owner:
            try:
                new_owner_obj = User.objects.get(email=new_owner)
            except User.DoesNotExist:
                error_msg = 'User %s not found.' % new_owner
                return api_error(status.HTTP_404_NOT_FOUND, error_msg)

            if not new_owner_obj.permissions.can_add_repo():
                error_msg = _(u'Transfer failed: role of %s is %s, can not add library.') % \
                        (new_owner, new_owner_obj.role)
                return api_error(status.HTTP_403_FORBIDDEN, error_msg)

            if MULTI_TENANCY:
                try:
                    if seafile_api.get_org_id_by_repo_id(repo_id) > 0:
                        error_msg = 'Can not transfer organization library.'
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                    if ccnet_api.get_orgs_by_user(new_owner):
                        error_msg = 'Can not transfer library to organization user %s' % new_owner
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)
                except Exception as e:
                    logger.error(e)
                    error_msg = 'Internal Server Error'
                    return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            repo_owner = seafile_api.get_repo_owner(repo_id)

            if new_owner == repo_owner:
                error_msg = _(u"Library can not be transferred to owner.")
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # get repo shared to user/group list
            shared_users = seafile_api.list_repo_shared_to(
                    repo_owner, repo_id)
            shared_groups = seafile_api.list_repo_shared_group_by_user(
                    repo_owner, repo_id)

            # get all pub repos
            pub_repos = []
            if not request.cloud_mode:
                pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner)

            # transfer repo
            seafile_api.set_repo_owner(repo_id, new_owner)

            # reshare repo to user
            for shared_user in shared_users:
                shared_username = shared_user.user

                if new_owner == shared_username:
                    continue

                seafile_api.share_repo(repo_id, new_owner,
                        shared_username, shared_user.perm)

            # reshare repo to group
            for shared_group in shared_groups:
                shared_group_id = shared_group.group_id

                if not is_group_member(shared_group_id, new_owner):
                    continue

                seafile_api.set_group_repo(repo_id, shared_group_id,
                        new_owner, shared_group.perm)

            # reshare repo to links
            try:
                UploadLinkShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner)
                FileShare.objects.filter(username=repo_owner, repo_id=repo_id).update(username=new_owner)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

            # check if current repo is pub-repo
            # if YES, reshare current repo to public
            for pub_repo in pub_repos:
                if repo_id != pub_repo.id:
                    continue

                seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission)

                break

            # send admin operation log signal
            admin_op_detail = {
                "id": repo_id,
                "name": repo.name,
                "from": repo_owner,
                "to": new_owner,
            }
            admin_operation.send(sender=None, admin_name=request.user.username,
                    operation=REPO_TRANSFER, detail=admin_op_detail)

        repo = seafile_api.get_repo(repo_id)
        repo_info = get_repo_info(repo)

        return Response(repo_info)
Beispiel #33
0
    def post(self, request, repo_id, path, share_type):
        """ Admin share a library to user/group.

        Permission checking:
        1. admin user.
        """

        # argument check
        permission = request.data.get('permission', None)
        if not permission or permission not in ('r', 'rw'):
            error_msg = 'permission invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        result = {}
        result['failed'] = []
        result['success'] = []
        share_to = request.data.getlist('share_to')

        # current `request.user.username` is admin user,
        # so need to identify the repo owner specifically.
        repo_owner = seafile_api.get_repo_owner(repo_id)

        if share_type == 'user':
            for email in share_to:
                if repo_owner == email:
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        _(u'User %s is already library owner.') % email
                    })

                    continue

                if not is_valid_username(email):
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        _('Email %s invalid.') % email
                    })

                    continue

                try:
                    User.objects.get(email=email)
                except User.DoesNotExist:
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        'User %s not found.' % email
                    })

                    continue

                try:
                    if path == '/':
                        seafile_api.share_repo(repo_id, repo_owner, email,
                                               permission)
                    else:
                        seafile_api.share_subdir_to_user(
                            repo_id, path, repo_owner, email, permission)

                except Exception as e:
                    logger.error(e)
                    result['failed'].append({
                        'user_email':
                        email,
                        'error_msg':
                        'Internal Server Error'
                    })

                    continue

                new_perm = seafile_api.check_permission_by_path(
                    repo_id, path, email)
                result['success'].append({
                    "repo_id": repo_id,
                    "path": path,
                    "share_type": share_type,
                    "user_email": email,
                    "user_name": email2nickname(email),
                    "permission": new_perm
                })

        if share_type == 'group':
            for group_id in share_to:
                try:
                    group_id = int(group_id)
                except ValueError as e:
                    logger.error(e)
                    result['failed'].append({
                        'group_id':
                        group_id,
                        'error_msg':
                        'group_id %s invalid.' % group_id
                    })

                    continue

                group = ccnet_api.get_group(group_id)
                if not group:
                    result['failed'].append({
                        'group_id':
                        group_id,
                        'error_msg':
                        'Group %s not found' % group_id
                    })

                    continue

                try:
                    if path == '/':
                        seafile_api.set_group_repo(repo_id, group_id,
                                                   repo_owner, permission)
                    else:
                        seafile_api.share_subdir_to_group(
                            repo_id, path, repo_owner, group_id, permission)
                except Exception as e:
                    logger.error(e)
                    result['failed'].append({
                        "group_id":
                        group_id,
                        'error_msg':
                        'Internal Server Error'
                    })

                    continue

                result['success'].append({
                    "repo_id": repo_id,
                    "path": path,
                    "share_type": share_type,
                    "group_id": group_id,
                    "group_name": group.group_name,
                    "permission": permission
                })

        return Response(result)
 def share_repo_to_user(self, repo_id):
     seafile_api.share_repo(repo_id, self.user.username,
                            self.admin.username, 'rw')
Beispiel #35
0
    def put(self, request, repo_id, format=None):
        """ transfer a library

        Permission checking:
        1. only admin can perform this action.
        """
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            error_msg = 'Library %s not found.' % repo_id
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        new_owner = request.data.get('owner', None)
        if not new_owner:
            error_msg = 'owner invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        try:
            User.objects.get(email=new_owner)
        except User.DoesNotExist:
            error_msg = 'User %s not found.' % new_owner
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        if MULTI_TENANCY:
            try:
                if seafserv_threaded_rpc.get_org_id_by_repo_id(repo_id) > 0:
                    error_msg = 'Can not transfer organization library.'
                    return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                if ccnet_api.get_orgs_by_user(new_owner):
                    error_msg = 'Can not transfer library to organization user %s' % new_owner
                    return api_error(status.HTTP_403_FORBIDDEN, error_msg)
            except Exception as e:
                logger.error(e)
                error_msg = 'Internal Server Error'
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        repo_owner = seafile_api.get_repo_owner(repo_id)

        # get repo shared to user/group list
        shared_users = seafile_api.list_repo_shared_to(
                repo_owner, repo_id)
        shared_groups = seafile_api.list_repo_shared_group_by_user(
                repo_owner, repo_id)

        # get all pub repos
        pub_repos = []
        if not request.cloud_mode:
            pub_repos = seafile_api.list_inner_pub_repos_by_owner(repo_owner)

        # transfer repo
        seafile_api.set_repo_owner(repo_id, new_owner)

        # reshare repo to user
        for shared_user in shared_users:
            shared_username = shared_user.user

            if new_owner == shared_username:
                continue

            seafile_api.share_repo(repo_id, new_owner,
                    shared_username, shared_user.perm)

        # reshare repo to group
        for shared_group in shared_groups:
            shared_group_id = shared_group.group_id

            if not ccnet_api.is_group_user(shared_group_id, new_owner):
                continue

            seafile_api.set_group_repo(repo_id, shared_group_id,
                    new_owner, shared_group.perm)

        # check if current repo is pub-repo
        # if YES, reshare current repo to public
        for pub_repo in pub_repos:
            if repo_id != pub_repo.id:
                continue

            seafile_api.add_inner_pub_repo(repo_id, pub_repo.permission)

            break

        repo = seafile_api.get_repo(repo_id)
        repo_info = get_repo_info(repo)

        return Response(repo_info)
Beispiel #36
0
    def put(self, request, repo_id, format=None):
        username = request.user.username
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')

        path = request.GET.get('p', '/')
        if seafile_api.get_dir_id_by_path(repo.id, path) is None:
            return api_error(status.HTTP_400_BAD_REQUEST, 'Directory not found.')

        if path != '/':
            try:
                sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
            except SearpcError as e:
                logger.error(e)
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo')
        else:
            sub_repo = None

        share_type = request.DATA.get('share_type')
        if share_type != 'user' and share_type != 'group':
            return api_error(status.HTTP_400_BAD_REQUEST, 'Bad share type')

        permission = request.DATA.get('permission', 'r')
        if permission not in ['r', 'rw']:
            return api_error(status.HTTP_400_BAD_REQUEST, 'Bad permission')

        shared_repo = repo if path == '/' else sub_repo
        success, failed = [], []
        if share_type == 'user':
            share_to_users = request.DATA.getlist('username')
            for to_user in share_to_users:
                if not is_valid_username(to_user):
                    return api_error(status.HTTP_400_BAD_REQUEST,
                                     'Username must be a valid email address.')

                if not check_user_share_quota(username, shared_repo, users=[to_user]):
                    return api_error(status.HTTP_403_FORBIDDEN,
                                     'Failed to share: No enough quota.')

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seaserv.seafserv_threaded_rpc.org_add_share(
                            org_id, shared_repo.id, username, to_user,
                            permission)
                    else:
                        seafile_api.share_repo(shared_repo.id, username,
                                               to_user, permission)

                    # send a signal when sharing repo successful
                    share_repo_to_user_successful.send(sender=None,
                                                       from_user=username,
                                                       to_user=to_user,
                                                       repo=shared_repo)
                    success.append({
                        "share_type": "user",
                        "user_info": {
                            "name": to_user,
                            "nickname": email2nickname(to_user),
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, to_user,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    failed.append(to_user)
                    continue

        if share_type == 'group':
            group_ids = request.DATA.getlist('group_id')
            for gid in group_ids:
                try:
                    gid = int(gid)
                except ValueError:
                    return api_error(status.HTTP_400_BAD_REQUEST, 'Bad group id: %s' % gid)
                group = seaserv.get_group(gid)
                if not group:
                    return api_error(status.HTTP_400_BAD_REQUEST, 'Group not found: %s' % gid)

                if not check_user_share_quota(username, shared_repo, groups=[group]):
                    return api_error(status.HTTP_403_FORBIDDEN,
                                     'Failed to share: No enough quota.')

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seafile_api.add_org_group_repo(shared_repo.repo_id,
                                                       org_id, gid, username,
                                                       permission)
                    else:
                        seafile_api.set_group_repo(shared_repo.repo_id, gid,
                                                   username, permission)

                    success.append({
                        "share_type": "group",
                        "group_info": {
                            "id": gid,
                            "name": group.group_name,
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, gid,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    failed.append(group.group_name)
                    continue

        return HttpResponse(json.dumps({
            "success": success,
            "failed": failed
        }), status=200, content_type=json_content_type)
Beispiel #37
0
 def share_repo_to_admin_with_rw_permission(self):
     # share user's repo to admin with 'rw' permission
     seafile_api.share_repo(self.repo.id, self.user.username,
                            self.admin.username, 'rw')
Beispiel #38
0
 def share_repo_to_admin_with_admin_permission(self):
     # share user's repo to admin with 'admin' permission
     seafile_api.share_repo(self.repo.id, self.user.username,
                            self.admin.username, 'rw')
     ExtraSharePermission.objects.create_share_permission(
         self.repo.id, self.admin.username, 'admin')
Beispiel #39
0
 def share_repo_to_admin_with_rw_permission(self):
     # share user's repo to admin with 'rw' permission
     seafile_api.share_repo(self.repo.id, self.user.username,
             self.admin.username, 'rw')
    def put(self, request, repo_id, format=None):
        username = request.user.username
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id)

        path = request.GET.get('p', '/')
        if seafile_api.get_dir_id_by_path(repo.id, path) is None:
            return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path)

        if username != self.get_repo_owner(request, repo_id):
            return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')

        if path != '/':
            try:
                sub_repo = self.get_or_create_sub_repo_by_path(request, repo, path)
            except SearpcError as e:
                logger.error(e)
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Failed to get sub repo.')
        else:
            sub_repo = None

        share_type = request.data.get('share_type')
        if share_type != 'user' and share_type != 'group':
            return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.')

        permission = request.data.get('permission', 'r')
        if permission not in ['r', 'rw']:
            return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.')

        shared_repo = repo if path == '/' else sub_repo
        result = {}
        result['failed'] = []
        result['success'] = []

        if share_type == 'user':
            share_to_users = request.data.getlist('username')
            for to_user in share_to_users:
                if not is_valid_username(to_user):
                    result['failed'].append({
                        'email': to_user,
                        'error_msg': 'username invalid.'
                        })
                    continue

                try:
                    User.objects.get(email=to_user)
                except User.DoesNotExist:
                    result['failed'].append({
                        'email': to_user,
                        'error_msg': 'User %s not found.' % to_user
                        })
                    continue

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seaserv.seafserv_threaded_rpc.org_add_share(
                            org_id, shared_repo.id, username, to_user,
                            permission)
                    else:
                        seafile_api.share_repo(shared_repo.id, username,
                                               to_user, permission)

                    # send a signal when sharing repo successful
                    share_repo_to_user_successful.send(sender=None,
                                                       from_user=username,
                                                       to_user=to_user,
                                                       repo=shared_repo)
                    result['success'].append({
                        "share_type": "user",
                        "user_info": {
                            "name": to_user,
                            "nickname": email2nickname(to_user),
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, to_user,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    result['failed'].append({
                        'email': to_user,
                        'error_msg': 'Internal Server Error'
                        })
                    continue

        if share_type == 'group':
            group_ids = request.data.getlist('group_id')
            for gid in group_ids:
                try:
                    gid = int(gid)
                except ValueError:
                    return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid)
                group = seaserv.get_group(gid)
                if not group:
                    return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found' % gid)

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seafile_api.add_org_group_repo(shared_repo.repo_id,
                                                       org_id, gid, username,
                                                       permission)
                    else:
                        seafile_api.set_group_repo(shared_repo.repo_id, gid,
                                                   username, permission)

                    share_repo_to_group_successful.send(sender=None,
                        from_user=username, group_id=gid, repo=shared_repo)

                    result['success'].append({
                        "share_type": "group",
                        "group_info": {
                            "id": gid,
                            "name": group.group_name,
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, gid,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    result['failed'].append({
                        'group_name': group.group_name,
                        'error_msg': 'Internal Server Error'
                        })
                    continue

        return HttpResponse(json.dumps(result),
            status=200, content_type=json_content_type)
Beispiel #41
0
 def share_repo_to_admin_with_admin_permission(self):
     # share user's repo to admin with 'admin' permission
     seafile_api.share_repo(self.repo.id, self.user.username,
             self.admin.username, 'rw')
     ExtraSharePermission.objects.create_share_permission(self.repo.id, self.admin.username, 'admin')
Beispiel #42
0
    def put(self, request, repo_id, format=None):
        username = request.user.username
        repo = seafile_api.get_repo(repo_id)
        if not repo:
            return api_error(status.HTTP_400_BAD_REQUEST, 'Repo not found.')

        path = request.GET.get('p', '/')
        if seafile_api.get_dir_id_by_path(repo.id, path) is None:
            return api_error(status.HTTP_400_BAD_REQUEST,
                             'Directory not found.')

        if path != '/':
            try:
                sub_repo = self.get_or_create_sub_repo_by_path(
                    request, repo, path)
            except SearpcError as e:
                logger.error(e)
                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
                                 'Failed to get sub repo')
        else:
            sub_repo = None

        share_type = request.data.get('share_type')
        if share_type != 'user' and share_type != 'group':
            return api_error(status.HTTP_400_BAD_REQUEST, 'Bad share type')

        permission = request.data.get('permission', 'r')
        if permission not in ['r', 'rw']:
            return api_error(status.HTTP_400_BAD_REQUEST, 'Bad permission')

        shared_repo = repo if path == '/' else sub_repo
        success, failed = [], []
        if share_type == 'user':
            share_to_users = request.data.getlist('username')
            for to_user in share_to_users:
                if not is_valid_username(to_user):
                    return api_error(
                        status.HTTP_400_BAD_REQUEST,
                        'Username must be a valid email address.')

                if not check_user_share_quota(
                        username, shared_repo, users=[to_user]):
                    return api_error(status.HTTP_403_FORBIDDEN,
                                     'Failed to share: No enough quota.')

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seaserv.seafserv_threaded_rpc.org_add_share(
                            org_id, shared_repo.id, username, to_user,
                            permission)
                    else:
                        seafile_api.share_repo(shared_repo.id, username,
                                               to_user, permission)

                    # send a signal when sharing repo successful
                    share_repo_to_user_successful.send(sender=None,
                                                       from_user=username,
                                                       to_user=to_user,
                                                       repo=shared_repo)
                    success.append({
                        "share_type": "user",
                        "user_info": {
                            "name": to_user,
                            "nickname": email2nickname(to_user),
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, to_user,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    failed.append(to_user)
                    continue

        if share_type == 'group':
            group_ids = request.data.getlist('group_id')
            for gid in group_ids:
                try:
                    gid = int(gid)
                except ValueError:
                    return api_error(status.HTTP_400_BAD_REQUEST,
                                     'Bad group id: %s' % gid)
                group = seaserv.get_group(gid)
                if not group:
                    return api_error(status.HTTP_400_BAD_REQUEST,
                                     'Group not found: %s' % gid)

                if not check_user_share_quota(
                        username, shared_repo, groups=[group]):
                    return api_error(status.HTTP_403_FORBIDDEN,
                                     'Failed to share: No enough quota.')

                try:
                    if is_org_context(request):
                        org_id = request.user.org.org_id
                        seafile_api.add_org_group_repo(shared_repo.repo_id,
                                                       org_id, gid, username,
                                                       permission)
                    else:
                        seafile_api.set_group_repo(shared_repo.repo_id, gid,
                                                   username, permission)

                    success.append({
                        "share_type": "group",
                        "group_info": {
                            "id": gid,
                            "name": group.group_name,
                        },
                        "permission": permission
                    })

                    send_perm_audit_msg('add-repo-perm', username, gid,
                                        repo_id, path, permission)
                except SearpcError as e:
                    logger.error(e)
                    failed.append(group.group_name)
                    continue

        return HttpResponse(json.dumps({
            "success": success,
            "failed": failed
        }),
                            status=200,
                            content_type=json_content_type)
Beispiel #43
0
    def post(self, request):

        # argument check
        operation = request.data.get('operation')

        # operation could be `share`, `delete`, `transfer`
        # we now only use `share`
        if not operation or operation not in ('share'):
            error_msg = 'operation invalid.'
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        result = {}
        result['failed'] = []
        result['success'] = []

        username = request.user.username
        repo_id_list = request.data.getlist('repo_id')
        valid_repo_id_list = []

        # filter out invalid repo id
        for repo_id in repo_id_list:

            if not seafile_api.get_repo(repo_id):
                result['failed'].append({
                    'repo_id':
                    repo_id,
                    'error_msg':
                    'Library %s not found.' % repo_id
                })
                continue

            if is_org_context(request):
                org_id = request.user.org.org_id
                org_repo_owner = seafile_api.get_org_repo_owner(repo_id)
                if not username == org_repo_owner:
                    result['failed'].append({
                        'repo_id': repo_id,
                        'error_msg': 'Permission denied.'
                    })
                    continue
            else:
                if not seafile_api.is_repo_owner(username, repo_id):
                    result['failed'].append({
                        'repo_id': repo_id,
                        'error_msg': 'Permission denied.'
                    })
                    continue

            valid_repo_id_list.append(repo_id)

        # share repo
        if operation == 'share':

            share_type = request.data.get('share_type')
            if share_type != 'user' and share_type != 'group':
                error_msg = 'share_type invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            permission = request.data.get('permission', 'rw')
            if permission not in ('r', 'rw'):
                error_msg = 'permission invalid.'
                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

            # share repo to user
            if share_type == 'user':
                to_username = request.data.get('username', None)
                if not to_username:
                    error_msg = 'username invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    User.objects.get(email=to_username)
                except User.DoesNotExist:
                    error_msg = 'User %s not found.' % to_username
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)

                # check if to_user is an org user
                try:
                    org_of_to_user = ccnet_api.get_orgs_by_user(to_username)
                except Exception as e:
                    logger.debug(e)
                    org_of_to_user = []

                if is_org_context(request):
                    org_id = request.user.org.org_id
                    org_name = request.user.org.org_name
                    if len(org_of_to_user
                           ) == 0 or org_id != org_of_to_user[0].org_id:
                        error_msg = 'User %s is not member of organization %s.' \
                                % (to_username, org_name)
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)
                else:
                    if len(org_of_to_user) >= 1:
                        error_msg = 'User %s is member of organization %s.' \
                                % (to_username, org_of_to_user[0].org_name)
                        return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                for repo_id in valid_repo_id_list:
                    if self.has_shared_to_user(request, repo_id, to_username):
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'This item has been shared to %s.' % to_username
                        })
                        continue

                    try:
                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seaserv.seafserv_threaded_rpc.org_add_share(
                                org_id, repo_id, username, to_username,
                                permission)
                        else:
                            seafile_api.share_repo(repo_id, username,
                                                   to_username, permission)

                        # send a signal when sharing repo successful
                        repo = seafile_api.get_repo(repo_id)
                        share_repo_to_user_successful.send(sender=None,
                                                           from_user=username,
                                                           to_user=to_username,
                                                           repo=repo,
                                                           path='/',
                                                           org_id=org_id)

                        result['success'].append({
                            "repo_id": repo_id,
                            "username": to_username,
                            "permission": permission
                        })

                        send_perm_audit_msg('add-repo-perm', username,
                                            to_username, repo_id, '/',
                                            permission)
                    except Exception as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'Internal Server Error'
                        })

            # share repo to group
            if share_type == 'group':
                to_group_id = request.data.get('group_id', None)
                if not to_group_id:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                try:
                    to_group_id = int(to_group_id)
                except ValueError:
                    error_msg = 'group_id invalid.'
                    return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

                group = ccnet_api.get_group(to_group_id)
                if not group:
                    error_msg = 'Group %s not found.' % to_group_id
                    return api_error(status.HTTP_404_NOT_FOUND, error_msg)

                group_name = group.group_name
                if not is_group_member(to_group_id, username):
                    error_msg = 'User %s is not member of group %s.' % (
                        username, group_name)
                    return api_error(status.HTTP_403_FORBIDDEN, error_msg)

                for repo_id in valid_repo_id_list:
                    if self.has_shared_to_group(request, repo_id, to_group_id):
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'This item has been shared to %s.' % group_name
                        })
                        continue

                    try:
                        org_id = None
                        if is_org_context(request):
                            org_id = request.user.org.org_id
                            seafile_api.add_org_group_repo(
                                repo_id, org_id, to_group_id, username,
                                permission)
                        else:
                            seafile_api.set_group_repo(repo_id, to_group_id,
                                                       username, permission)

                        # send a signal when sharing repo successful
                        repo = seafile_api.get_repo(repo_id)
                        share_repo_to_group_successful.send(
                            sender=None,
                            from_user=username,
                            group_id=to_group_id,
                            repo=repo,
                            path='/',
                            org_id=org_id)

                        result['success'].append({
                            "repo_id": repo_id,
                            "group_id": to_group_id,
                            "group_name": group_name,
                            "permission": permission
                        })

                        send_perm_audit_msg('add-repo-perm', username,
                                            to_group_id, repo_id, '/',
                                            permission)

                    except SearpcError as e:
                        logger.error(e)
                        result['failed'].append({
                            'repo_id':
                            repo_id,
                            'error_msg':
                            'Internal Server Error'
                        })

        return Response(result)