def post(self, request, group_id):
"""
Add a group member.
"""
email = request.data.get('email', None)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
try:
# only group owner/admin can add a group member
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_group_member(group_id, email):
error_msg = _(u'User %s is already a group member.') % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.group_add_member(group_id, username, email)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info, status=status.HTTP_201_CREATED)
def post(self, request, group_id):
"""
Add a group member.
"""
email = request.data.get('email', None)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
username = request.user.username
try:
# only group owner/admin can add a group member
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_group_member(group_id, email):
error_msg = _(u'User %s is already group member.') % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.group_add_member(
group_id, username, email)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info, status=status.HTTP_201_CREATED)
def delete(self, request, group_id, email):
"""
User leave group or group owner/admin delete a group member.
"""
try:
if not is_group_member(group_id, email):
error_msg = 'Email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
username = request.user.username
# user leave group
if username == email:
try:
seaserv.ccnet_threaded_rpc.quit_group(group_id, username)
# remove repo-group share info of all 'email' owned repos
seafile_api.remove_group_repos_by_owner(group_id, email)
return Response({'success': True})
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR,
error_msg)
# group owner/admin delete a group member
try:
if is_group_owner(group_id, username):
# group owner can delete all group member
seaserv.ccnet_threaded_rpc.group_remove_member(
group_id, username, email)
seafile_api.remove_group_repos_by_owner(group_id, email)
return Response({'success': True})
elif is_group_admin(group_id, username):
# group admin can NOT delete group owner/admin
if not is_group_admin_or_owner(group_id, email):
seaserv.ccnet_threaded_rpc.group_remove_member(
group_id, username, email)
seafile_api.remove_group_repos_by_owner(group_id, email)
return Response({'success': True})
else:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def delete(self, request, group_id, email):
"""
User leave group or group owner/admin delete a group member.
"""
try:
if not is_group_member(group_id, email):
error_msg = 'Email %s invalid.' % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
username = request.user.username
# user leave group
if username == email:
try:
seaserv.ccnet_threaded_rpc.quit_group(group_id, username)
# remove repo-group share info of all 'email' owned repos
seafile_api.remove_group_repos_by_owner(group_id, email)
return Response({'success': True})
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
# group owner/admin delete a group member
try:
if is_group_owner(group_id, username):
# group owner can delete all group member
seaserv.ccnet_threaded_rpc.group_remove_member(group_id, username, email)
seafile_api.remove_group_repos_by_owner(group_id, email)
return Response({'success': True})
elif is_group_admin(group_id, username):
# group admin can NOT delete group owner/admin
if not is_group_admin_or_owner(group_id, email):
seaserv.ccnet_threaded_rpc.group_remove_member(group_id, username, email)
seafile_api.remove_group_repos_by_owner(group_id, email)
return Response({'success': True})
else:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
else:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def check_dtable_admin_permission(username, owner):
"""Check workspace/dtable access permission of an admin.
"""
if '@seafile_group' in owner:
group_id = int(owner.split('@')[0])
if is_group_admin_or_owner(group_id, username):
return True
else:
return False
else:
if username == owner:
return True
else:
return False
def test_can_create_by_group_admin(self):
repo = seafile_api.get_repo(
self.create_repo(name='group-repo',
desc='',
username=self.user.username,
passwd=None))
workspace = Workspaces.objects.create_workspace(
str(self.group_id) + '@seafile_group', repo.id, -1)
# create dtable
self.dtable_url = reverse('api-v2.1-dtables')
resp = self.client.post(self.dtable_url, {
'name': 'table11',
'owner': str(self.group_id) + '@seafile_group'
})
self.assertEqual(201, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp["table"]["name"] == 'table11'
# main
self.logout()
self.add_admin_to_group()
ccnet_api.group_set_admin(self.group_id, self.admin.username)
assert is_group_admin_or_owner(self.group_id, self.admin.username)
self.login_as(self.admin)
api_tokens_url = reverse('api-v2.1-dtable-api-tokens',
args=[workspace.id, 'table11'])
resp = self.client.post(api_tokens_url, {
'app_name': 'mail_client',
'permission': 'rw'
})
self.assertEqual(201, resp.status_code)
json_resp = json.loads(resp.content)
assert json_resp['api_token']
assert json_resp['app_name'] == 'mail_client'
assert json_resp['api_token']
assert json_resp['generated_by'] == self.admin.username
assert json_resp['generated_at']
assert json_resp['last_access']
assert json_resp['permission'] == 'rw'
Workspaces.objects.delete_workspace(workspace.id)
self.remove_repo(repo.id)
def post(self, request, group_id):
"""
Add a group member.
"""
username = request.user.username
# only group owner/admin can add a group member
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
email = request.data.get('email', None)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_group_member(group_id, email):
error_msg = _('User %s is already a group member.'
) % email2nickname(email)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
if not ccnet_api.org_user_exists(org_id, email):
error_msg = _('User %s not found in organization.'
) % email2nickname(email)
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
elif is_org_user(email):
error_msg = _('User %s is an organization user.') % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
ccnet_api.group_add_member(group_id, username, email)
add_user_to_group.send(sender=None,
group_staff=username,
group_id=group_id,
added_user=email)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info, status=status.HTTP_201_CREATED)
def post(self, request, group_id):
"""
Add a group member.
"""
username = request.user.username
# only group owner/admin can add a group member
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
email = request.data.get('email', None)
try:
User.objects.get(email=email)
except User.DoesNotExist:
error_msg = 'User %s not found.' % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
try:
if is_group_member(group_id, email):
error_msg = _(u'User %s is already a group member.') % email
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_org_context(request):
org_id = request.user.org.org_id
if not ccnet_api.org_user_exists(org_id, email):
error_msg = _(u'User %s not found in organization.') % email
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
ccnet_api.group_add_member(group_id, username, email)
add_user_to_group.send(sender=None,
group_staff=username,
group_id=group_id,
added_user=email)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
member_info = get_group_member_info(request, group_id, email)
return Response(member_info, status=status.HTTP_201_CREATED)
def delete(self, request, group_id, discuss_id, format=None):
"""Remove a group discussion.
Only discussion creator or group owner/admin can perform this op.
"""
username = request.user.username
group_id = int(group_id)
try:
discussion = GroupMessage.objects.get(pk=discuss_id)
except GroupMessage.DoesNotExist:
return api_error(status.HTTP_400_BAD_REQUEST, 'Discussion id %s not found.' % discuss_id)
# perm check
if not is_group_admin_or_owner(group_id, username) and \
discussion.from_email != username:
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
discussion.delete()
return Response(status=204)
def can_manage_by_user(self, username, dtable=None):
"""
user can manage dataset, when
1. user can manage dataset's original dtable
"""
if not dtable:
try:
dtable = DTables.objects.get(uuid=self.dtable_uuid)
except DTables.DoesNotExist:
return False
owner = dtable.workspace.owner
group_id = dtable.get_owner_group_id()
if group_id > 0:
if is_group_admin_or_owner(group_id, username):
return True
else:
return False
else:
if username == owner:
return True
else:
return False
return False
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def post(self, request, group_id):
"""
Bulk add group members.
"""
username = request.user.username
try:
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
emails_str = request.data.get('emails', '')
emails_list = string2list(emails_str)
emails_list = [x.lower() for x in emails_list]
result = {}
result['failed'] = []
result['success'] = []
emails_need_add = []
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
for email in emails_list:
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'email':
email,
'error_msg':
'User %s not found.' % email
})
continue
if seaserv.is_group_user(group_id, email):
result['failed'].append({
'email':
email,
'error_msg':
_(u'User %s is already a group member.') % email
})
continue
# Can only invite organization users to group
if org_id and not \
seaserv.ccnet_threaded_rpc.org_user_exists(org_id, email):
result['failed'].append({
'email':
email,
'error_msg':
_(u'User %s not found in organization.') % email
})
continue
emails_need_add.append(email)
# Add user to group.
for email in emails_need_add:
try:
seaserv.ccnet_threaded_rpc.group_add_member(
group_id, username, email)
member_info = get_group_member_info(request, group_id, email)
result['success'].append(member_info)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
return Response(result)
def ajax_group_members_import(request, group_id):
"""Import users to group.
Permission checking:
1. Only group admin can add import group members
"""
result = {}
username = request.user.username
content_type = 'application/json; charset=utf-8'
group_id = int(group_id)
try:
group = seaserv.get_group(group_id)
if not group:
result['error'] = 'Group %s not found.' % group_id
return HttpResponse(json.dumps(result), status=404,
content_type=content_type)
# check permission
if not is_group_admin_or_owner(group_id, username):
result['error'] = 'Permission denied.'
return HttpResponse(json.dumps(result), status=403,
content_type=content_type)
except SearpcError as e:
logger.error(e)
result['error'] = 'Internal Server Error'
return HttpResponse(json.dumps(result), status=500,
content_type=content_type)
# get and convert uploaded file
uploaded_file = request.FILES['file']
if uploaded_file.size > 10 * 1024 * 1024:
result['error'] = _(u'Failed, file is too large')
return HttpResponse(json.dumps(result), status=403,
content_type=content_type)
try:
content = uploaded_file.read()
encoding = chardet.detect(content)['encoding']
if encoding != 'utf-8':
content = content.decode(encoding, 'replace').encode('utf-8')
filestream = StringIO.StringIO(content)
reader = csv.reader(filestream)
except Exception as e:
logger.error(e)
result['error'] = 'Internal Server Error'
return HttpResponse(json.dumps(result), status=500,
content_type=content_type)
# prepare email list from uploaded file
emails_list = []
for row in reader:
if not row:
continue
email = row[0].strip().lower()
emails_list.append(email)
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
result = {}
result['failed'] = []
result['success'] = []
emails_need_add = []
# check email validation
for email in emails_list:
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'email': email,
'error_msg': 'User %s not found.' % email
})
continue
if is_group_member(group_id, email):
result['failed'].append({
'email': email,
'error_msg': _(u'User %s is already a group member.') % email
})
continue
# Can only invite organization users to group
if org_id and not \
seaserv.ccnet_threaded_rpc.org_user_exists(org_id, email):
result['failed'].append({
'email': email,
'error_msg': _(u'User %s not found in organization.') % email
})
continue
emails_need_add.append(email)
# Add email to group.
for email in emails_need_add:
try:
seaserv.ccnet_threaded_rpc.group_add_member(group_id,
username, email)
member_info = get_group_member_info(request, group_id, email)
result['success'].append(member_info)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
return HttpResponse(json.dumps(result), content_type=content_type)
def post(self, request, group_id):
""" Import members from xlsx file
Permission checking:
1. group admin or owner.
"""
xlsx_file = request.FILES.get('file', None)
if not xlsx_file:
error_msg = 'file can not be found.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
file_type, ext = get_file_type_and_ext(xlsx_file.name)
if ext != 'xlsx':
error_msg = file_type_error_msg(ext, 'xlsx')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# recourse check
group_id = int(group_id)
group = ccnet_api.get_group(group_id)
if not group:
error_msg = _('Group does not exist')
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# check permission
# only group owner/admin can add group members
username = request.user.username
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
content = xlsx_file.read()
try:
fs = BytesIO(content)
wb = load_workbook(filename=fs, read_only=True)
except Exception as e:
logger.error(e)
# example file is like:
# Email
# [email protected]
# [email protected]
rows = wb.worksheets[0].rows
records = []
# skip first row(head field).
next(rows)
for row in rows:
records.append([col.value for col in row])
emails_list = []
for record in records:
if record[0]:
email = record[0].strip().lower()
emails_list.append(email)
result = {}
result['failed'] = []
result['success'] = []
emails_need_add = []
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
for email in emails_list:
email_name = email2nickname(email)
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
'User %s not found.' % email_name
})
continue
if is_group_member(group_id, email, in_structure=False):
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
_('User %s is already a group member.') % email_name
})
continue
# Can only invite organization users to group
if org_id and not ccnet_api.org_user_exists(org_id, email):
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
_('User %s not found in organization.') % email_name
})
continue
if not org_id and is_org_user(email):
result['failed'].append({
'email':
email,
'email_name':
email_name,
'error_msg':
_('User %s is an organization user.') % email_name
})
continue
emails_need_add.append(email)
# Add user to group.
for email in emails_need_add:
try:
ccnet_api.group_add_member(group_id, username, email)
member_info = get_group_member_info(request, group_id, email)
result['success'].append(member_info)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
add_user_to_group.send(sender=None,
group_staff=username,
group_id=group_id,
added_user=email)
return Response(result)
def post(self, request, group_id):
"""
Bulk add group members.
"""
username = request.user.username
try:
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
emails_str = request.data.get('emails', '')
emails_list = string2list(emails_str)
emails_list = [x.lower() for x in emails_list]
result = {}
result['failed'] = []
result['success'] = []
emails_need_add = []
org_id = None
if is_org_context(request):
org_id = request.user.org.org_id
for email in emails_list:
try:
User.objects.get(email=email)
except User.DoesNotExist:
result['failed'].append({
'email': email,
'error_msg': 'User %s not found.' % email
})
continue
if seaserv.is_group_user(group_id, email):
result['failed'].append({
'email': email,
'error_msg': _(u'User %s is already a group member.') % email
})
continue
# Can only invite organization users to group
if org_id and not \
seaserv.ccnet_threaded_rpc.org_user_exists(org_id, email):
result['failed'].append({
'email': email,
'error_msg': _(u'User %s not found in organization.') % email
})
continue
emails_need_add.append(email)
# Add user to group.
for email in emails_need_add:
try:
seaserv.ccnet_threaded_rpc.group_add_member(group_id,
username, email)
member_info = get_group_member_info(request, group_id, email)
result['success'].append(member_info)
except SearpcError as e:
logger.error(e)
result['failed'].append({
'email': email,
'error_msg': 'Internal Server Error'
})
return Response(result)
def put(self, request, group_id):
""" Rename, transfer a specific group
"""
username = request.user.username
new_group_name = request.data.get('name', None)
# rename a group
if new_group_name:
try:
# only group owner/admin can rename a group
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# Check whether group name is validate.
if not validate_group_name(new_group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, new_group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
seaserv.ccnet_threaded_rpc.set_group_name(group_id, new_group_name)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
new_owner = request.data.get('owner', None)
# transfer a group
if new_owner:
try:
# only group owner can transfer a group
if not is_group_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if not is_valid_username(new_owner):
error_msg = 'Email %s invalid.' % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
if is_group_owner(group_id, new_owner):
error_msg = _(u'User %s is already group owner.') % new_owner
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# transfer a group
if not is_group_member(group_id, new_owner):
ccnet_api.group_add_member(group_id, username, new_owner)
if not is_group_admin(group_id, new_owner):
ccnet_api.group_set_admin(group_id, new_owner)
ccnet_api.set_group_creator(group_id, new_owner)
ccnet_api.group_unset_admin(group_id, username)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
wiki_enabled = request.data.get('wiki_enabled', None)
# turn on/off group wiki
if wiki_enabled:
try:
# only group owner/admin can turn on a group wiki
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# augument check
if wiki_enabled != 'true' and wiki_enabled != 'false':
error_msg = 'wiki_enabled invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# turn on/off group wiki
if wiki_enabled == 'true':
enable_mod_for_group(group_id, MOD_GROUP_WIKI)
else:
disable_mod_for_group(group_id, MOD_GROUP_WIKI)
except SearpcError as e:
logger.error(e)
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
group_info = get_group_info(request, group_id)
return Response(group_info)
def post(self, request, workspace_id, name):
"""share dtable to user
"""
from_user = request.user.username
table_name = name
table_file_name = table_name + FILE_TYPE
# argument check
permission = request.data.get('permission')
if not permission or permission not in permission_tuple:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
to_user = request.data.get('email')
if not to_user or not is_valid_username(to_user):
error_msg = 'email invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# resource check
try:
user = User.objects.get(email=to_user)
except User.DoesNotExist:
error_msg = 'User %s not found.' % to_user
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
workspace = Workspaces.objects.get_workspace_by_id(workspace_id)
if not workspace:
error_msg = 'Workspace %s not found.' % workspace_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
group_id = ''
if '@seafile_group' in workspace.owner:
group_id = workspace.owner.split('@')[0]
group = seaserv.get_group(group_id)
if not group:
error_msg = 'Group %s not found.' % group_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
repo_id = workspace.repo_id
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
dtable = DTables.objects.get_dtable(workspace, table_name)
if not dtable:
error_msg = 'dtable %s not found.' % table_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
table_path = normalize_file_path(table_file_name)
table_file_id = seafile_api.get_file_id_by_path(repo_id, table_path)
if not table_file_id:
error_msg = 'file %s not found.' % table_file_name
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# permission check
username = request.user.username
if group_id:
if not is_group_admin_or_owner(group_id, username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_group_member(group_id, to_user):
error_msg = 'table %s can not be shared to group member.' % table_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
from_user = group_id + GROUP_DOMAIN
else:
if from_user != dtable.creator:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if from_user == to_user:
error_msg = 'table %s can not be shared to owner.' % table_name
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# org check
if is_org_context(request):
org_id = request.user.org.org_id
org_name = request.user.org.org_name
if not is_org_user(to_user, org_id):
error_msg = 'User %s is not member of organization %s.' % (
to_user, org_name)
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
else:
if is_org_user(to_user):
error_msg = 'User %s is a member of organization.' % to_user
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# main
try:
obj = DTableShare.objects.get_by_dtable_and_to_user(
dtable, to_user)
if obj:
error_msg = 'table %s already shared to %s.' % (table_name,
to_user)
return api_error(status.HTTP_409_CONFLICT, error_msg)
DTableShare.objects.add(dtable, from_user, to_user, permission)
share_dtable_to_user.send(sender=None,
table_id=dtable.id,
share_user=username,
to_user=to_user)
except Exception as e:
logger.error(e)
error_msg = 'Internal Server Error.'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
return Response({"success": True}, status=status.HTTP_201_CREATED)
