def restart(userinfo) :
if not userinfo.isAdmin() :
error("Only super user can reatart CELLAR.")
return False
info("CELLAR is being restarted by " + userinfo.username)
call(["uwsgi", "--reload", "uwsgi.pid"])
def dir_reset(fullPath = None):
"""
Delete any or children index files of fullPath.
@param fullPath replaces with ROOT if it is None.:
"""
if fullPath is None :
fullPath = config.ROOT
if fullPath == config.ROOT :
info("index.dir.reset.full : start")
dir_del(fullPath)
for child in os.listdir(fullPath) :
try :
childPath = fullPath + os.path.sep + child
if os.path.isfile(childPath) : continue
dir_reset(childPath)
except Exception as err :
error("index.dir.reset : " + err.__str__())
if fullPath == config.ROOT :
ok("index.dir.reset.full : finished")
return True
def setAuth(fullPath, inherit=None, readable=None, writeable=None, deletable=None) :
"""
Directory 권한 설정
성공 시
경로 식별자 ID
""
실패 시
-1
예외 메시지
"""
file_id = index.dir_get(fullPath)
message = ""
if file_id is None :
params = {}
if inherit is not None :
params["inherit"] = inherit
if readable is not None :
params["readable"] = readable
if writeable is not None :
params["writeable"] = writeable
if deletable is not None :
params["deletable"] = deletable
try :
with transaction.atomic() :
descriptor = FileDescriptor(file=fullPath, reference_id=0, **params)
descriptor.save()
index.dir_set(fullPath, descriptor.file_id)
file_id = descriptor.file_id
except Exception as err :
error("auth.dir.set : " + err.__str__())
file_id = -1
message = err.__str__()
else :
try :
descriptor = FileDescriptor.objects.get(file_id=file_id)
file_id = descriptor.file_id
if inherit is not None :
descriptor.inherit = inherit
if readable is not None :
descriptor.readable = readable
if writeable is not None :
descriptor.writeable = writeable
if deletable is not None :
descriptor.deletable = deletable
descriptor.save()
except Exception as err :
error("auth.dir.set : " + err.__str__())
file_id = -2
message = err.__str__()
return (file_id, message)
def deleteFiles(request, *args, **kwargs):
"""
return {
...
exts : [(ext, errno), ...]
}
0 : 성공
1 : 대상이 경로입니다
2 : -
3 : 허용되지 않은 요청입니다
4 : 오류가 발생하였습니다
5 : 권한 없음
"""
groupPath = request.POST.get("groupPath")
exts = request.POST.getlist("exts[]")
targetPath = os.path.normpath(os.path.dirname(groupPath)) + "/"
filegroup = os.path.basename(groupPath)
filenames = []
for ext in exts :
filenames.append(filegroup + ext)
fileManager = CELLAR_FileManager(request)
resultSet = fileManager.rmfiles(targetPath, filenames)
result = []
code = 0
info("file.delete : {0}".format(fileManager.getFullPath(groupPath)))
for row in resultSet :
ext = os.path.splitext(row[0])[1]
result.append((ext, row[1]))
if row[1] == 0 :
ok("file.delete : {0}".format(ext))
else :
error("dir.delete : E{0} {1}".format(code, ext))
if row[1] is not 0 :
code = row[1]
message = {
0 : "성공",
1 : "대상이 경로입니다",
2 : "",
3 : "허용되지 않은 요청입니다",
4 : "오류가 발생하였습니다",
5 : "권한 없음"
}
response = {
"code" : code,
"message" : message[code],
"groupPath" : groupPath,
"result" : result
}
return HttpResponse(json.dumps(response))
def dir_set(fullPath, file_id):
"""
Set or update file_id of index file in fullPath. Will return False unless it is done successfully.
"""
try :
file = open(os.path.normpath(fullPath + config.INDEX_FILE), mode='w')
file.write(str(file_id))
file.close()
return True
except Exception as err :
error("index.dir.set : " + err.__str__())
return False
def createDir(request, *args, **kwargs):
"""
* Common
0 : "SUCCESS",
1 : "생성 위치가 존재하지 않습니다",
2 : "생성 위치가 파일입니다",
3 : "허용되지 않는 요청입니다",
4 : "오류가 발생하였습니다",
5 : "권한이 없습니다",
* Additional
newPath : 생성된 새 경로
"""
parentPath = request.POST.get("parentPath")
dirName = request.POST.get("dirName")
newPath = parentPath + dirName + "/"
fileManager = CELLAR_FileManager(request)
code = fileManager.mkdir(parentPath, dirName)
message = {
0 : "SUCCESS",
1 : "생성 위치가 존재하지 않습니다",
2 : "생성 위치가 파일입니다",
3 : "허용되지 않는 요청입니다",
4 : "오류가 발생하였습니다",
5 : "권한이 없습니다",
}
response = {
"code" : code,
"message" : message[code],
"newPath" : newPath,
}
if code == 0 :
ok("dir.create : {0}".format(fileManager.getFullPath(newPath)))
else :
error("dir.create : E{0} {1}".format(code, fileManager.getFullPath(newPath)))
return HttpResponse(json.dumps(response))
def getUserInfo(request):
if request.user.is_authenticated() :
userinfo = None
username = request.user.get_username()
try :
userinfo = UserInfo.objects.get(username = username);
# django 관리자는 자동적으로 SUPER USER 권한 부여
if request.user.is_superuser :
userinfo.usertype = UserInfo.SUPER
except ObjectDoesNotExist as err :
error("%s : %s" % (username, err.__str__()))
# Userinfo 미 존재 시, 관리자에 한하여 자동 생성
if request.user.is_superuser :
userinfo = UserInfo(username=username, usertype=UserInfo.SUPER)
userinfo.save()
return userinfo
else :
guest = UserInfo(username = '******')
guest.home = config.HOME_GUEST
guest.welcome = ""
return guest
def deleteDir(request, *args, **kwargs):
"""
0 : 성공
1 : 대상이 파일입니다
2 : -
3 : 허용되지 않은 요청입니다
4 : 오류가 발생하였습니다
5 : 권한 없음
"""
dirPath = request.POST.get("dirPath")
fileManager = CELLAR_FileManager(request)
code = fileManager.rmdir(dirPath)
message = {
0 : "성공",
1 : "대상이 파일입니다",
2 : "",
3 : "허용되지 않은 요청입니다",
4 : "오류가 발생하였습니다",
5 : "권한 없음"
}
response = {
"code" : code,
"message" : message[code],
"dirPath" : dirPath
}
if code == 0 :
ok("dir.delete : {0}".format(fileManager.getFullPath(dirPath)))
else :
error("dir.delete : E{0} {1}".format(code, fileManager.getFullPath(dirPath)))
return HttpResponse(json.dumps(response))
def getUserInfo(request):
if request.user.is_authenticated():
userinfo = None
username = request.user.get_username()
try:
userinfo = UserInfo.objects.get(username=username)
# django 관리자는 자동적으로 SUPER USER 권한 부여
if request.user.is_superuser:
userinfo.usertype = UserInfo.SUPER
except ObjectDoesNotExist as err:
error("%s : %s" % (username, err.__str__()))
# Userinfo 미 존재 시, 관리자에 한하여 자동 생성
if request.user.is_superuser:
userinfo = UserInfo(username=username,
usertype=UserInfo.SUPER)
userinfo.save()
return userinfo
else:
guest = UserInfo(username='******')
guest.home = config.HOME_GUEST
guest.welcome = ""
return guest
def getAuth(userinfo, fullPath, mode = 0x07):
"""
조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다.
"""
if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic() :
return (True, True, True)
readable = not (mode & 0x04) | userinfo.isMetic()
writeable = not (mode & 0x02)
deletable = not (mode & 0x01)
normFullPath = os.path.normpath(fullPath)
descriptor = None
file_id = index.dir_get(fullPath)
# 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음.
# info("ROOT : " + userinfo.getHomePath())
# info("COMP : " + normFullPath)
if normFullPath == userinfo.getHomePath() :
inheritable = False
else :
inheritable = True
if file_id is not None and file_id >= 0 :
try :
descriptor = FileDescriptor.objects.get(file_id=file_id)
readable |= descriptor.readable
writeable |= descriptor.writeable
deletable |= descriptor.deletable
if not (readable and writeable and deletable) :
users = []
users.append(userinfo)
for user in UserGroups.objects.filter(user=userinfo) :
users.append(user.group)
for userAuthority in UserAuthority.objects.filter(username__in=users, file_id=file_id) :
readable |= userAuthority.readable
writeable |= userAuthority.writeable
deletable |= userAuthority.deletable
if readable and writeable and deletable :
break
if not (readable and writeable and deletable) and inheritable and descriptor.inherit :
auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
except Exception as err:
error("auth.dir.get : " + err.__str__())
pass
elif not userinfo.isGuest() or config.USING_GUEST :
readable = config.DEFAULT_AUTH_DIR_READABLE
writeable = config.DEFAULT_AUTH_DIR_WRITEABLE
deletable = config.DEFAULT_AUTH_DIR_DELETABLE
# 상속받는 경우
if not(readable and writeable and deletable) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT :
auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
# 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다.
if userinfo.isGuest() and normFullPath == config.getHomeGuest() :
readable = True
return (readable, writeable, deletable)
def setAuth(fullPath,
inherit=None,
readable=None,
writeable=None,
deletable=None):
"""
Directory 권한 설정
성공 시
경로 식별자 ID
""
실패 시
-1
예외 메시지
"""
file_id = index.dir_get(fullPath)
message = ""
if file_id is None:
params = {}
if inherit is not None:
params["inherit"] = inherit
if readable is not None:
params["readable"] = readable
if writeable is not None:
params["writeable"] = writeable
if deletable is not None:
params["deletable"] = deletable
try:
with transaction.atomic():
descriptor = FileDescriptor(file=fullPath,
reference_id=0,
**params)
descriptor.save()
index.dir_set(fullPath, descriptor.file_id)
file_id = descriptor.file_id
except Exception as err:
error("auth.dir.set : " + err.__str__())
file_id = -1
message = err.__str__()
else:
try:
descriptor = FileDescriptor.objects.get(file_id=file_id)
file_id = descriptor.file_id
if inherit is not None:
descriptor.inherit = inherit
if readable is not None:
descriptor.readable = readable
if writeable is not None:
descriptor.writeable = writeable
if deletable is not None:
descriptor.deletable = deletable
descriptor.save()
except Exception as err:
error("auth.dir.set : " + err.__str__())
file_id = -2
message = err.__str__()
return (file_id, message)
def getAuth(userinfo, fullPath, mode=0x07):
"""
조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다.
"""
if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic():
return (True, True, True)
readable = not (mode & 0x04) | userinfo.isMetic()
writeable = not (mode & 0x02)
deletable = not (mode & 0x01)
normFullPath = os.path.normpath(fullPath)
descriptor = None
file_id = index.dir_get(fullPath)
# 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음.
# info("ROOT : " + userinfo.getHomePath())
# info("COMP : " + normFullPath)
if normFullPath == userinfo.getHomePath():
inheritable = False
else:
inheritable = True
if file_id is not None and file_id >= 0:
try:
descriptor = FileDescriptor.objects.get(file_id=file_id)
readable |= descriptor.readable
writeable |= descriptor.writeable
deletable |= descriptor.deletable
if not (readable and writeable and deletable):
users = []
users.append(userinfo)
for user in UserGroups.objects.filter(user=userinfo):
users.append(user.group)
for userAuthority in UserAuthority.objects.filter(
username__in=users, file_id=file_id):
readable |= userAuthority.readable
writeable |= userAuthority.writeable
deletable |= userAuthority.deletable
if readable and writeable and deletable:
break
if not (readable and writeable
and deletable) and inheritable and descriptor.inherit:
auth_inherit = Directory.getAuth(
userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
except Exception as err:
error("auth.dir.get : " + err.__str__())
pass
elif not userinfo.isGuest() or config.USING_GUEST:
readable = config.DEFAULT_AUTH_DIR_READABLE
writeable = config.DEFAULT_AUTH_DIR_WRITEABLE
deletable = config.DEFAULT_AUTH_DIR_DELETABLE
# 상속받는 경우
if not (readable and writeable and deletable
) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT:
auth_inherit = Directory.getAuth(
userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
# 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다.
if userinfo.isGuest() and normFullPath == config.getHomeGuest():
readable = True
return (readable, writeable, deletable)
def userCreate(params, isAdmin = False) :
response = {
"code" : 0,
}
is_group = params.get('is_group')
username = params.get('username')
password = params.get("password")
email = params.get("email")
first_name = params.get("first_name")
memo = params.get("memo")
# 최고 관리자에 의해 등록되는 ID 는 E-MAIL 은 필요 없음
if not email and isAdmin :
email = ""
if is_group and not isAdmin :
response["code"] = -2
response["message"] = "그룹 사용자는 관리자만이 추가할 수 있습니다."
elif not re.match("[a-zA-Z0-9_]{6,}|@[a-zA-Z0-9_]{5,}", username) :
response["code"] = -3
response["message"] = "ID 는 6글자 이상의 영숫자와 '_' 로 작성해주세요."
elif is_group and not re.match("@.*", username) :
response["code"] = -4
response["message"] = "그룹 사용자의 아이디는 @로 시작해야합니다."
elif username and password and first_name and ( email or isAdmin ) :
try :
usertype = UserInfo.NORMAL
if is_group :
usertype = UserInfo.GROUP
user = User.objects.create_user(username, email, password, first_name=first_name)
userinfo = UserInfo(username=username, usertype=usertype, memo=memo)
userinfo.save()
response["code"] = 0
response["message"] = "사용자가 등록되었습니다."
response["user"] = user
ok("user.create : " + username)
except Exception as err :
error("user.create : " + err.__str__())
response["code"] = 1
response['message'] = "이미 존재하는 아이디 입니다."
else :
response["code"] = -1
response["message"] = "필수 항목을 모두 입력하여 주십시오."
if isAdmin and is_group :
response["is_group"] = is_group
if username :
response["username"] = username
if email :
response["email"] = email
if first_name :
response["first_name"] = first_name
if memo :
response["memo"] = memo
return response
