def post(self, request, group_id): """ Add a group member. """ email = request.data.get('email', None) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) username = request.user.username try: # only group owner/admin can add a group member if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_group_member(group_id, email): error_msg = _(u'User %s is already a group member.') % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) seaserv.ccnet_threaded_rpc.group_add_member(group_id, username, email) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) member_info = get_group_member_info(request, group_id, email) return Response(member_info, status=status.HTTP_201_CREATED)
def post(self, request, group_id): """ Add a group member. """ email = request.data.get('email', None) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) username = request.user.username try: # only group owner/admin can add a group member if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_group_member(group_id, email): error_msg = _(u'User %s is already group member.') % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) seaserv.ccnet_threaded_rpc.group_add_member( group_id, username, email) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) member_info = get_group_member_info(request, group_id, email) return Response(member_info, status=status.HTTP_201_CREATED)
def delete(self, request, group_id, email): """ User leave group or group owner/admin delete a group member. """ try: if not is_group_member(group_id, email): error_msg = 'Email %s invalid.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) username = request.user.username # user leave group if username == email: try: seaserv.ccnet_threaded_rpc.quit_group(group_id, username) # remove repo-group share info of all 'email' owned repos seafile_api.remove_group_repos_by_owner(group_id, email) return Response({'success': True}) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # group owner/admin delete a group member try: if is_group_owner(group_id, username): # group owner can delete all group member seaserv.ccnet_threaded_rpc.group_remove_member( group_id, username, email) seafile_api.remove_group_repos_by_owner(group_id, email) return Response({'success': True}) elif is_group_admin(group_id, username): # group admin can NOT delete group owner/admin if not is_group_admin_or_owner(group_id, email): seaserv.ccnet_threaded_rpc.group_remove_member( group_id, username, email) seafile_api.remove_group_repos_by_owner(group_id, email) return Response({'success': True}) else: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def delete(self, request, group_id, email): """ User leave group or group owner/admin delete a group member. """ try: if not is_group_member(group_id, email): error_msg = 'Email %s invalid.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) username = request.user.username # user leave group if username == email: try: seaserv.ccnet_threaded_rpc.quit_group(group_id, username) # remove repo-group share info of all 'email' owned repos seafile_api.remove_group_repos_by_owner(group_id, email) return Response({'success': True}) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # group owner/admin delete a group member try: if is_group_owner(group_id, username): # group owner can delete all group member seaserv.ccnet_threaded_rpc.group_remove_member(group_id, username, email) seafile_api.remove_group_repos_by_owner(group_id, email) return Response({'success': True}) elif is_group_admin(group_id, username): # group admin can NOT delete group owner/admin if not is_group_admin_or_owner(group_id, email): seaserv.ccnet_threaded_rpc.group_remove_member(group_id, username, email) seafile_api.remove_group_repos_by_owner(group_id, email) return Response({'success': True}) else: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def check_dtable_admin_permission(username, owner): """Check workspace/dtable access permission of an admin. """ if '@seafile_group' in owner: group_id = int(owner.split('@')[0]) if is_group_admin_or_owner(group_id, username): return True else: return False else: if username == owner: return True else: return False
def test_can_create_by_group_admin(self): repo = seafile_api.get_repo( self.create_repo(name='group-repo', desc='', username=self.user.username, passwd=None)) workspace = Workspaces.objects.create_workspace( str(self.group_id) + '@seafile_group', repo.id, -1) # create dtable self.dtable_url = reverse('api-v2.1-dtables') resp = self.client.post(self.dtable_url, { 'name': 'table11', 'owner': str(self.group_id) + '@seafile_group' }) self.assertEqual(201, resp.status_code) json_resp = json.loads(resp.content) assert json_resp["table"]["name"] == 'table11' # main self.logout() self.add_admin_to_group() ccnet_api.group_set_admin(self.group_id, self.admin.username) assert is_group_admin_or_owner(self.group_id, self.admin.username) self.login_as(self.admin) api_tokens_url = reverse('api-v2.1-dtable-api-tokens', args=[workspace.id, 'table11']) resp = self.client.post(api_tokens_url, { 'app_name': 'mail_client', 'permission': 'rw' }) self.assertEqual(201, resp.status_code) json_resp = json.loads(resp.content) assert json_resp['api_token'] assert json_resp['app_name'] == 'mail_client' assert json_resp['api_token'] assert json_resp['generated_by'] == self.admin.username assert json_resp['generated_at'] assert json_resp['last_access'] assert json_resp['permission'] == 'rw' Workspaces.objects.delete_workspace(workspace.id) self.remove_repo(repo.id)
def post(self, request, group_id): """ Add a group member. """ username = request.user.username # only group owner/admin can add a group member if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) email = request.data.get('email', None) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: if is_group_member(group_id, email): error_msg = _('User %s is already a group member.' ) % email2nickname(email) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_org_context(request): org_id = request.user.org.org_id if not ccnet_api.org_user_exists(org_id, email): error_msg = _('User %s not found in organization.' ) % email2nickname(email) return api_error(status.HTTP_404_NOT_FOUND, error_msg) elif is_org_user(email): error_msg = _('User %s is an organization user.') % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) ccnet_api.group_add_member(group_id, username, email) add_user_to_group.send(sender=None, group_staff=username, group_id=group_id, added_user=email) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) member_info = get_group_member_info(request, group_id, email) return Response(member_info, status=status.HTTP_201_CREATED)
def post(self, request, group_id): """ Add a group member. """ username = request.user.username # only group owner/admin can add a group member if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) email = request.data.get('email', None) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: if is_group_member(group_id, email): error_msg = _(u'User %s is already a group member.') % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_org_context(request): org_id = request.user.org.org_id if not ccnet_api.org_user_exists(org_id, email): error_msg = _(u'User %s not found in organization.') % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) ccnet_api.group_add_member(group_id, username, email) add_user_to_group.send(sender=None, group_staff=username, group_id=group_id, added_user=email) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) member_info = get_group_member_info(request, group_id, email) return Response(member_info, status=status.HTTP_201_CREATED)
def delete(self, request, group_id, discuss_id, format=None): """Remove a group discussion. Only discussion creator or group owner/admin can perform this op. """ username = request.user.username group_id = int(group_id) try: discussion = GroupMessage.objects.get(pk=discuss_id) except GroupMessage.DoesNotExist: return api_error(status.HTTP_400_BAD_REQUEST, 'Discussion id %s not found.' % discuss_id) # perm check if not is_group_admin_or_owner(group_id, username) and \ discussion.from_email != username: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') discussion.delete() return Response(status=204)
def can_manage_by_user(self, username, dtable=None): """ user can manage dataset, when 1. user can manage dataset's original dtable """ if not dtable: try: dtable = DTables.objects.get(uuid=self.dtable_uuid) except DTables.DoesNotExist: return False owner = dtable.workspace.owner group_id = dtable.get_owner_group_id() if group_id > 0: if is_group_admin_or_owner(group_id, username): return True else: return False else: if username == owner: return True else: return False return False
def put(self, request, group_id): """ Rename, transfer a specific group """ username = request.user.username new_group_name = request.data.get('name', None) # rename a group if new_group_name: try: # only group owner/admin can rename a group if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # Check whether group name is validate. if not validate_group_name(new_group_name): error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # Check whether group name is duplicated. if check_group_name_conflict(request, new_group_name): error_msg = _(u'There is already a group with that name.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) new_owner = request.data.get('owner', None) # transfer a group if new_owner: try: # only group owner can transfer a group if not is_group_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # augument check if not is_valid_username(new_owner): error_msg = 'Email %s invalid.' % new_owner return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_group_owner(group_id, new_owner): error_msg = _(u'User %s is already group owner.') % new_owner return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # transfer a group if not is_group_member(group_id, new_owner): ccnet_api.group_add_member(group_id, username, new_owner) if not is_group_admin(group_id, new_owner): ccnet_api.group_set_admin(group_id, new_owner) ccnet_api.set_group_creator(group_id, new_owner) ccnet_api.group_unset_admin(group_id, username) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) wiki_enabled = request.data.get('wiki_enabled', None) # turn on/off group wiki if wiki_enabled: try: # only group owner/admin can turn on a group wiki if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # augument check if wiki_enabled != 'true' and wiki_enabled != 'false': error_msg = 'wiki_enabled invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # turn on/off group wiki if wiki_enabled == 'true': enable_mod_for_group(group_id, MOD_GROUP_WIKI) else: disable_mod_for_group(group_id, MOD_GROUP_WIKI) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) group_info = get_group_info(request, group_id) return Response(group_info)
def post(self, request, group_id): """ Bulk add group members. """ username = request.user.username try: if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) emails_str = request.data.get('emails', '') emails_list = string2list(emails_str) emails_list = [x.lower() for x in emails_list] result = {} result['failed'] = [] result['success'] = [] emails_need_add = [] org_id = None if is_org_context(request): org_id = request.user.org.org_id for email in emails_list: try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'email': email, 'error_msg': 'User %s not found.' % email }) continue if seaserv.is_group_user(group_id, email): result['failed'].append({ 'email': email, 'error_msg': _(u'User %s is already a group member.') % email }) continue # Can only invite organization users to group if org_id and not \ seaserv.ccnet_threaded_rpc.org_user_exists(org_id, email): result['failed'].append({ 'email': email, 'error_msg': _(u'User %s not found in organization.') % email }) continue emails_need_add.append(email) # Add user to group. for email in emails_need_add: try: seaserv.ccnet_threaded_rpc.group_add_member( group_id, username, email) member_info = get_group_member_info(request, group_id, email) result['success'].append(member_info) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': email, 'error_msg': 'Internal Server Error' }) return Response(result)
def ajax_group_members_import(request, group_id): """Import users to group. Permission checking: 1. Only group admin can add import group members """ result = {} username = request.user.username content_type = 'application/json; charset=utf-8' group_id = int(group_id) try: group = seaserv.get_group(group_id) if not group: result['error'] = 'Group %s not found.' % group_id return HttpResponse(json.dumps(result), status=404, content_type=content_type) # check permission if not is_group_admin_or_owner(group_id, username): result['error'] = 'Permission denied.' return HttpResponse(json.dumps(result), status=403, content_type=content_type) except SearpcError as e: logger.error(e) result['error'] = 'Internal Server Error' return HttpResponse(json.dumps(result), status=500, content_type=content_type) # get and convert uploaded file uploaded_file = request.FILES['file'] if uploaded_file.size > 10 * 1024 * 1024: result['error'] = _(u'Failed, file is too large') return HttpResponse(json.dumps(result), status=403, content_type=content_type) try: content = uploaded_file.read() encoding = chardet.detect(content)['encoding'] if encoding != 'utf-8': content = content.decode(encoding, 'replace').encode('utf-8') filestream = StringIO.StringIO(content) reader = csv.reader(filestream) except Exception as e: logger.error(e) result['error'] = 'Internal Server Error' return HttpResponse(json.dumps(result), status=500, content_type=content_type) # prepare email list from uploaded file emails_list = [] for row in reader: if not row: continue email = row[0].strip().lower() emails_list.append(email) org_id = None if is_org_context(request): org_id = request.user.org.org_id result = {} result['failed'] = [] result['success'] = [] emails_need_add = [] # check email validation for email in emails_list: try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'email': email, 'error_msg': 'User %s not found.' % email }) continue if is_group_member(group_id, email): result['failed'].append({ 'email': email, 'error_msg': _(u'User %s is already a group member.') % email }) continue # Can only invite organization users to group if org_id and not \ seaserv.ccnet_threaded_rpc.org_user_exists(org_id, email): result['failed'].append({ 'email': email, 'error_msg': _(u'User %s not found in organization.') % email }) continue emails_need_add.append(email) # Add email to group. for email in emails_need_add: try: seaserv.ccnet_threaded_rpc.group_add_member(group_id, username, email) member_info = get_group_member_info(request, group_id, email) result['success'].append(member_info) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': email, 'error_msg': 'Internal Server Error' }) return HttpResponse(json.dumps(result), content_type=content_type)
def post(self, request, group_id): """ Import members from xlsx file Permission checking: 1. group admin or owner. """ xlsx_file = request.FILES.get('file', None) if not xlsx_file: error_msg = 'file can not be found.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) file_type, ext = get_file_type_and_ext(xlsx_file.name) if ext != 'xlsx': error_msg = file_type_error_msg(ext, 'xlsx') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check group_id = int(group_id) group = ccnet_api.get_group(group_id) if not group: error_msg = _('Group does not exist') return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check permission # only group owner/admin can add group members username = request.user.username if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) content = xlsx_file.read() try: fs = BytesIO(content) wb = load_workbook(filename=fs, read_only=True) except Exception as e: logger.error(e) # example file is like: # Email # [email protected] # [email protected] rows = wb.worksheets[0].rows records = [] # skip first row(head field). next(rows) for row in rows: records.append([col.value for col in row]) emails_list = [] for record in records: if record[0]: email = record[0].strip().lower() emails_list.append(email) result = {} result['failed'] = [] result['success'] = [] emails_need_add = [] org_id = None if is_org_context(request): org_id = request.user.org.org_id for email in emails_list: email_name = email2nickname(email) try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': 'User %s not found.' % email_name }) continue if is_group_member(group_id, email, in_structure=False): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s is already a group member.') % email_name }) continue # Can only invite organization users to group if org_id and not ccnet_api.org_user_exists(org_id, email): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s not found in organization.') % email_name }) continue if not org_id and is_org_user(email): result['failed'].append({ 'email': email, 'email_name': email_name, 'error_msg': _('User %s is an organization user.') % email_name }) continue emails_need_add.append(email) # Add user to group. for email in emails_need_add: try: ccnet_api.group_add_member(group_id, username, email) member_info = get_group_member_info(request, group_id, email) result['success'].append(member_info) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': email, 'error_msg': 'Internal Server Error' }) add_user_to_group.send(sender=None, group_staff=username, group_id=group_id, added_user=email) return Response(result)
def post(self, request, group_id): """ Bulk add group members. """ username = request.user.username try: if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) emails_str = request.data.get('emails', '') emails_list = string2list(emails_str) emails_list = [x.lower() for x in emails_list] result = {} result['failed'] = [] result['success'] = [] emails_need_add = [] org_id = None if is_org_context(request): org_id = request.user.org.org_id for email in emails_list: try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'email': email, 'error_msg': 'User %s not found.' % email }) continue if seaserv.is_group_user(group_id, email): result['failed'].append({ 'email': email, 'error_msg': _(u'User %s is already a group member.') % email }) continue # Can only invite organization users to group if org_id and not \ seaserv.ccnet_threaded_rpc.org_user_exists(org_id, email): result['failed'].append({ 'email': email, 'error_msg': _(u'User %s not found in organization.') % email }) continue emails_need_add.append(email) # Add user to group. for email in emails_need_add: try: seaserv.ccnet_threaded_rpc.group_add_member(group_id, username, email) member_info = get_group_member_info(request, group_id, email) result['success'].append(member_info) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': email, 'error_msg': 'Internal Server Error' }) return Response(result)
def put(self, request, group_id): """ Rename, transfer a specific group """ username = request.user.username new_group_name = request.data.get('name', None) # rename a group if new_group_name: try: # only group owner/admin can rename a group if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # Check whether group name is validate. if not validate_group_name(new_group_name): error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # Check whether group name is duplicated. if check_group_name_conflict(request, new_group_name): error_msg = _(u'There is already a group with that name.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) new_owner = request.data.get('owner', None) # transfer a group if new_owner: try: # only group owner can transfer a group if not is_group_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # augument check if not is_valid_username(new_owner): error_msg = 'Email %s invalid.' % new_owner return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if is_group_owner(group_id, new_owner): error_msg = _(u'User %s is already group owner.') % new_owner return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # transfer a group if not is_group_member(group_id, new_owner): ccnet_api.group_add_member(group_id, username, new_owner) if not is_group_admin(group_id, new_owner): ccnet_api.group_set_admin(group_id, new_owner) ccnet_api.set_group_creator(group_id, new_owner) ccnet_api.group_unset_admin(group_id, username) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) wiki_enabled = request.data.get('wiki_enabled', None) # turn on/off group wiki if wiki_enabled: try: # only group owner/admin can turn on a group wiki if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # augument check if wiki_enabled != 'true' and wiki_enabled != 'false': error_msg = 'wiki_enabled invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # turn on/off group wiki if wiki_enabled == 'true': enable_mod_for_group(group_id, MOD_GROUP_WIKI) else: disable_mod_for_group(group_id, MOD_GROUP_WIKI) except SearpcError as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) group_info = get_group_info(request, group_id) return Response(group_info)
def post(self, request, workspace_id, name): """share dtable to user """ from_user = request.user.username table_name = name table_file_name = table_name + FILE_TYPE # argument check permission = request.data.get('permission') if not permission or permission not in permission_tuple: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) to_user = request.data.get('email') if not to_user or not is_valid_username(to_user): error_msg = 'email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check try: user = User.objects.get(email=to_user) except User.DoesNotExist: error_msg = 'User %s not found.' % to_user return api_error(status.HTTP_404_NOT_FOUND, error_msg) workspace = Workspaces.objects.get_workspace_by_id(workspace_id) if not workspace: error_msg = 'Workspace %s not found.' % workspace_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_id = '' if '@seafile_group' in workspace.owner: group_id = workspace.owner.split('@')[0] group = seaserv.get_group(group_id) if not group: error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_id = workspace.repo_id repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) dtable = DTables.objects.get_dtable(workspace, table_name) if not dtable: error_msg = 'dtable %s not found.' % table_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) table_path = normalize_file_path(table_file_name) table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path) if not table_file_id: error_msg = 'file %s not found.' % table_file_name return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if group_id: if not is_group_admin_or_owner(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_group_member(group_id, to_user): error_msg = 'table %s can not be shared to group member.' % table_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) from_user = group_id + GROUP_DOMAIN else: if from_user != dtable.creator: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if from_user == to_user: error_msg = 'table %s can not be shared to owner.' % table_name return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # org check if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if not is_org_user(to_user, org_id): error_msg = 'User %s is not member of organization %s.' % ( to_user, org_name) return api_error(status.HTTP_400_BAD_REQUEST, error_msg) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # main try: obj = DTableShare.objects.get_by_dtable_and_to_user( dtable, to_user) if obj: error_msg = 'table %s already shared to %s.' % (table_name, to_user) return api_error(status.HTTP_409_CONFLICT, error_msg) DTableShare.objects.add(dtable, from_user, to_user, permission) share_dtable_to_user.send(sender=None, table_id=dtable.id, share_user=username, to_user=to_user) except Exception as e: logger.error(e) error_msg = 'Internal Server Error.' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({"success": True}, status=status.HTTP_201_CREATED)