def post(self, request, group_id): """ Add a group library. Permission checking: 1. role permission, can_add_repo; 1. is group member; """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) if password and not config.ENABLE_ENCRYPTED_LIBRARY: error_msg = 'NOT allow to create encrypted library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check if not request.user.permissions.can_add_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not is_group_member(group_id, request.user.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create group repo org_id = -1 group_id = int(group_id) username = request.user.username is_org = False if is_org_context(request): is_org = True org_id = request.user.org.org_id repo_id = seafile_api.create_org_repo(repo_name, '', username, password, org_id) else: repo_id = seafile_api.create_repo(repo_name, '', username, password) repo = seafile_api.get_repo(repo_id) share_dir_to_group(repo, '/', username, username, group_id, permission, org_id if is_org else None) # for activities library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) # for perm audit send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, '/', permission) group_repo = seafile_api.get_group_shared_repo_by_path( repo_id, None, group_id, is_org) group_repo_info = get_group_repo_info(request, group_repo) group_repo_info['owner_email'] = username group_repo_info['owner_name'] = email2nickname(username) group_repo_info['owner_contact_email'] = email2contact_email(username) modifier = group_repo.last_modifier group_repo_info['modifier_email'] = modifier group_repo_info['modifier_name'] = email2nickname(modifier) group_repo_info['modifier_contact_email'] = email2contact_email( modifier) return Response(group_repo_info)
def put(self, request, repo_id, format=None): """ Update permission of a shared repo. Permission checking: 1. Only repo owner can update. """ # argument check permission = request.data.get('permission', None) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('personal', 'group', 'public'): error_msg = "share_type can only be 'personal' or 'group' or 'public'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if is_org_context(request): repo_owner = seafile_api.get_org_repo_owner(repo_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # update share permission if share_type == 'personal': shared_to = request.data.get('user', None) if not shared_to or not is_valid_username(shared_to): error_msg = 'user invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: if is_org_context(request): org_id = request.user.org.org_id update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission, org_id) else: update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('modify-repo-perm', username, shared_to, repo_id, '/', permission) if share_type == 'group': group_id = request.data.get('group_id', None) if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id must be integer.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(group_id) if not group: error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: if is_org_context(request): org_id = request.user.org.org_id update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission, org_id) else: update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, '/', permission) if share_type == 'public': try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.set_org_inner_pub_repo(org_id, repo_id, permission) else: if not request.user.permissions.can_add_public_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) seafile_api.add_inner_pub_repo(repo_id, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('modify-repo-perm', username, 'all', repo_id, '/', permission) return Response({'success': True})
def put(self, request, repo, path, share_type): """ Update user/group share permission. Permission checking: 1. admin user. """ # argument check permission = request.data.get('permission', None) if not permission or permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_info = {} share_info['repo_id'] = repo.repo_id share_info['path'] = path share_info['share_type'] = share_type # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo.repo_id) username = request.user.username share_to = request.data.get('share_to', None) if share_type == 'user': email = share_to if not email or not is_valid_username(email): error_msg = 'email %s invalid.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not has_shared_to_user(repo.repo_id, path, email): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: update_user_dir_permission(repo.repo_id, path, repo_owner, email, permission) send_perm_audit_msg('modify-repo-perm', username, email, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) share_info['user_email'] = email share_info['user_name'] = email2nickname(email) share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission share_info['is_admin'] = permission == PERMISSION_ADMIN if share_type == 'group': group_id = share_to try: group_id = int(group_id) except ValueError: error_msg = 'group_id %s invalid.' % group_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(group_id) if not group: error_msg = 'Group %s not found' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not has_shared_to_group(repo.repo_id, path, group_id): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: update_group_dir_permission(repo.repo_id, path, repo_owner, group_id, permission) send_perm_audit_msg('modify-repo-perm', username, group_id, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) share_info['group_id'] = group_id share_info['group_name'] = group.group_name share_info['permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission share_info['is_admin'] = permission == PERMISSION_ADMIN return Response(share_info)
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user ) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share( org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo(repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % ( username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo(repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send( sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission( repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share( org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission( repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission( repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo( repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission( repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)
def post(self, request, group_id): """ Add a group owned library by system admin. """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) permission = request.data.get('permission', PERMISSION_READ_WRITE) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check group_quota = seafile_api.get_group_quota(group_id) group_quota = int(group_quota) if group_quota <= 0 and group_quota != -2: error_msg = 'No group quota.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_org_context(request): # request called by org admin org_id = request.user.org.org_id else: org_id = -1 # create group owned repo group_id = int(group_id) if is_pro_version() and ENABLE_STORAGE_CLASSES: if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT', 'ROLE_BASED'): storages = get_library_storages(request) storage_id = request.data.get("storage_id", None) if storage_id and storage_id not in [s['storage_id'] for s in storages]: error_msg = 'storage_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = seafile_api.add_group_owned_repo(group_id, repo_name, password, permission, storage_id) else: # STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING' if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, password, permission) else: repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, password, permission) else: if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, password, permission) else: repo_id = seafile_api.add_group_owned_repo(group_id, repo_name, password, permission) # for activities username = request.user.username library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) info = get_group_owned_repo_info(request, repo_id) # TODO info['permission'] = permission return Response(info)
def post(self, request, repo, path, share_type): """ Admin share a library to user/group. Permission checking: 1. admin user. """ # argument check permission = request.data.get('permission', None) if not permission or permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] share_to = request.data.getlist('share_to') # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo.repo_id) username = request.user.username if share_type == 'user': for email in share_to: if repo_owner == email: result['failed'].append({ 'user_email': email, 'error_msg': _(u'User %s is already library owner.') % email }) continue if not is_valid_username(email): result['failed'].append({ 'user_email': email, 'error_msg': _('Email %s invalid.') % email }) continue try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'user_email': email, 'error_msg': 'User %s not found.' % email }) continue if has_shared_to_user(repo.repo_id, path, email): result['failed'].append({ 'email': email, 'error_msg': _(u'This item has been shared to %s.') % email }) continue try: share_dir_to_user(repo, path, repo_owner, username, email, permission) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=email, repo=repo, path=path, org_id=None) send_perm_audit_msg('add-repo-perm', username, email, repo.repo_id, path, permission) except Exception as e: logger.error(e) result['failed'].append({ 'user_email': email, 'error_msg': 'Internal Server Error' }) continue result['success'].append({ "repo_id": repo.repo_id, "path": path, "share_type": share_type, "user_email": email, "user_name": email2nickname(email), "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) if share_type == 'group': for group_id in share_to: try: group_id = int(group_id) except ValueError as e: logger.error(e) result['failed'].append({ 'group_id': group_id, 'error_msg': 'group_id %s invalid.' % group_id }) continue group = ccnet_api.get_group(group_id) if not group: result['failed'].append({ 'group_id': group_id, 'error_msg': 'Group %s not found' % group_id }) continue if has_shared_to_group(repo.repo_id, path, group_id): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _(u'This item has been shared to %s.') % group.group_name }) continue try: share_dir_to_group(repo, path, repo_owner, username, group_id, permission) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path=path, org_id=None) send_perm_audit_msg('add-repo-perm', username, group_id, repo.repo_id, path, permission) except Exception as e: logger.error(e) result['failed'].append({ "group_id": group_id, 'error_msg': 'Internal Server Error' }) continue result['success'].append({ "repo_id": repo.repo_id, "path": path, "share_type": share_type, "group_id": group_id, "group_name": group.group_name, "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) return Response(result)
def post(self, request, repo_id, format=None): """ Add repo group folder perm. Permission checking: 1. is group admin """ # argument check path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) perm = request.data.get('permission', None) if not perm or perm not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = normalize_dir_path(path) if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) result = {} result['failed'] = [] result['success'] = [] group_ids = request.data.getlist('group_id') for group_id in group_ids: try: group_id = int(group_id) except ValueError: result['failed'].append({ 'group_id': group_id, 'error_msg': 'group_id invalid.' }) continue if not ccnet_api.get_group(group_id): result['failed'].append({ 'group_id': group_id, 'error_msg': 'Group %s not found.' % group_id }) continue permission = seafile_api.get_folder_group_perm(repo_id, path, group_id) if permission: result['failed'].append({ 'group_id': group_id, 'error_msg': _(u'Permission already exists.') }) continue try: seafile_api.add_folder_group_perm(repo_id, path, perm, group_id) send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, path, perm) except Exception as e: logger.error(e) result['failed'].append({ 'group_id': group_id, 'error_msg': 'Internal Server Error' }) new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id) new_perm_info = self._get_group_folder_perm_info( group_id, repo_id, path, new_perm) result['success'].append(new_perm_info) return Response(result)
def post(self, request, repo, path, share_type): """ Admin share a library to user/group. Permission checking: 1. admin user. """ # argument check permission = request.data.get('permission', None) if not permission or permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] share_to = request.data.getlist('share_to') # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo.repo_id) username = request.user.username if share_type == 'user': for email in share_to: if repo_owner == email: result['failed'].append({ 'user_email': email, 'error_msg': _('User %s is already library owner.') % email }) continue if not is_valid_username(email): result['failed'].append({ 'user_email': email, 'error_msg': _('Email %s invalid.') % email }) continue try: User.objects.get(email=email) except User.DoesNotExist: result['failed'].append({ 'user_email': email, 'error_msg': 'User %s not found.' % email }) continue if has_shared_to_user(repo.repo_id, path, email): result['failed'].append({ 'email': email, 'error_msg': _('This item has been shared to %s.') % email }) continue try: share_dir_to_user(repo, path, repo_owner, username, email, permission) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=email, repo=repo, path=path, org_id=None) send_perm_audit_msg('add-repo-perm', username, email, repo.repo_id, path, permission) except Exception as e: logger.error(e) result['failed'].append({ 'user_email': email, 'error_msg': 'Internal Server Error' }) continue result['success'].append({ "repo_id": repo.repo_id, "path": path, "share_type": share_type, "user_email": email, "user_name": email2nickname(email), "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) if share_type == 'group': for group_id in share_to: try: group_id = int(group_id) except ValueError as e: logger.error(e) result['failed'].append({ 'group_id': group_id, 'error_msg': 'group_id %s invalid.' % group_id }) continue group = ccnet_api.get_group(group_id) if not group: result['failed'].append({ 'group_id': group_id, 'error_msg': 'Group %s not found' % group_id }) continue if has_shared_to_group(repo.repo_id, path, group_id): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _('This item has been shared to %s.') % group.group_name }) continue try: share_dir_to_group(repo, path, repo_owner, username, group_id, permission) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path=path, org_id=None) send_perm_audit_msg('add-repo-perm', username, group_id, repo.repo_id, path, permission) except Exception as e: logger.error(e) result['failed'].append({ "group_id": group_id, 'error_msg': 'Internal Server Error' }) continue result['success'].append({ "repo_id": repo.repo_id, "path": path, "share_type": share_type, "group_id": group_id, "group_name": group.group_name, "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) return Response(result)
def post(self, request, group_id): """ Add a group library. Permission checking: 1. role permission, can_add_repo; 1. is group member; """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) if password and not config.ENABLE_ENCRYPTED_LIBRARY: error_msg = 'NOT allow to create encrypted library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check if not request.user.permissions.can_add_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not is_group_member(group_id, request.user.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create group repo org_id = -1 group_id = int(group_id) username = request.user.username is_org = False if is_org_context(request): is_org = True org_id = request.user.org.org_id repo_id = seafile_api.create_org_repo(repo_name, '', username, password, org_id) else: repo_id = seafile_api.create_repo(repo_name, '', username, password) repo = seafile_api.get_repo(repo_id) share_dir_to_group(repo, '/', username, username, group_id, permission, org_id if is_org else None) # for activities library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) # for perm audit send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, '/', permission) group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org) group_repo_info = get_group_repo_info(request, group_repo) group_repo_info['owner_email'] = username group_repo_info['owner_name'] = email2nickname(username) group_repo_info['owner_contact_email'] = email2contact_email(username) modifier = group_repo.last_modifier group_repo_info['modifier_email'] = modifier group_repo_info['modifier_name'] = email2nickname(modifier) group_repo_info['modifier_contact_email'] = email2contact_email(modifier) return Response(group_repo_info)
def put(self, request, repo_id, format=None): """ Update permission of a shared repo. Permission checking: 1. Only repo owner can update. """ # argument check permission = request.data.get('permission', None) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('personal', 'group', 'public'): error_msg = "share_type can only be 'personal' or 'group' or 'public'." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # recourse check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if is_org_context(request): repo_owner = seafile_api.get_org_repo_owner(repo_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # update share permission if share_type == 'personal': shared_to = request.data.get('user', None) if not shared_to or not is_valid_username(shared_to): error_msg = 'user invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: if is_org_context(request): org_id = request.user.org.org_id update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission, org_id) else: update_user_dir_permission(repo_id, '/', repo_owner, shared_to, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('modify-repo-perm', username, shared_to, repo_id, '/', permission) if share_type == 'group': group_id = request.data.get('group_id', None) if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id must be integer.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(group_id) if not group: error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: if is_org_context(request): org_id = request.user.org.org_id update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission, org_id) else: update_group_dir_permission(repo_id, '/', repo_owner, group_id, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, '/', permission) if share_type == 'public': try: if is_org_context(request): org_id = request.user.org.org_id seafile_api.set_org_inner_pub_repo(org_id, repo_id, permission) else: if not request.user.permissions.can_add_public_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) seafile_api.add_inner_pub_repo(repo_id, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) send_perm_audit_msg('modify-repo-perm', username, 'all', repo_id, '/', permission) return Response({'success': True})
def put(self, request, repo_id, format=None): """ Modify repo group folder perm. Permission checking: 1. is group admin """ # argument check path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) perm = request.data.get('permission', None) if not perm or perm not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group_id = request.data.get('group_id') if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = normalize_dir_path(path) if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) library_group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(library_group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) permission = seafile_api.get_folder_group_perm(repo_id, path, group_id) if not permission: error_msg = 'Folder permission not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(library_group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # modify permission try: seafile_api.set_folder_group_perm(repo_id, path, perm, group_id) send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, path, perm) new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id) result = self._get_group_folder_perm_info(group_id, repo_id, path, new_perm) return Response(result) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def post(self, request, repo_id, format=None): """ Add repo group folder perm. Permission checking: 1. is group admin """ # argument check path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) perm = request.data.get('permission', None) if not perm or perm not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = normalize_dir_path(path) if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) result = {} result['failed'] = [] result['success'] = [] group_ids = request.data.getlist('group_id') for group_id in group_ids: try: group_id = int(group_id) except ValueError: result['failed'].append({ 'group_id': group_id, 'error_msg': 'group_id invalid.' }) continue if not ccnet_api.get_group(group_id): result['failed'].append({ 'group_id': group_id, 'error_msg': 'Group %s not found.' % group_id }) continue permission = seafile_api.get_folder_group_perm(repo_id, path, group_id) if permission: result['failed'].append({ 'group_id': group_id, 'error_msg': _(u'Permission already exists.') }) continue try: seafile_api.add_folder_group_perm(repo_id, path, perm, group_id) send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, path, perm) except Exception as e: logger.error(e) result['failed'].append({ 'group_id': group_id, 'error_msg': 'Internal Server Error' }) new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id) new_perm_info = self._get_group_folder_perm_info( group_id, repo_id, path, new_perm) result['success'].append(new_perm_info) return Response(result)
def post(self, request): """ prepare provider server info for ocm, and send post request to consumer three step: 1. send get request to remote server, ask if support ocm, and get other info 2. send post request to remote server, remote server create a recored in remote ocm_share_received table 3. store a recored in local ocm_share table """ # argument check to_user = request.data.get('to_user', '') if not to_user: error_msg = 'to_user invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) to_server_url = request.data.get('to_server_url', '').lower().strip() if not to_server_url or not is_valid_url(to_server_url): error_msg = 'to_server_url %s invalid.' % to_server_url return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = request.data.get('repo_id', '') if not repo_id: error_msg = 'repo_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.data.get('path', '/') # TODO # 1. folder check # 2. encrypted repo check # # if seafile_api.get_dir_id_by_path(repo.id, path) is None: # return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) # # if repo.encrypted and path != '/': # return api_error(status.HTTP_400_BAD_REQUEST, 'Folder invalid.') permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') username = request.user.username repo_owner = get_repo_owner(request, repo_id) if repo_owner != username: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') if OCMShare.objects.filter( from_user=request.user.username, to_user=to_user, to_server_url=to_server_url, repo_id=repo_id, repo_name=repo.repo_name, path=path, ).exists(): return api_error(status.HTTP_400_BAD_REQUEST, 'same share already exists.') consumer_protocol = get_remote_protocol(to_server_url + OCM_PROTOCOL_URL) shared_secret = gen_shared_secret() from_user = username post_data = { 'shareWith': to_user, 'name': repo.repo_name, 'description': '', 'providerId': OCM_PROVIDER_ID, 'owner': repo_owner, 'sender': from_user, 'ownerDisplayName': email2nickname(repo_owner), 'senderDisplayName': email2nickname(from_user), 'shareType': consumer_protocol['resourceTypes']['shareTypes'] [0], # currently only support user type 'resourceType': consumer_protocol['resourceTypes'] ['name'], # currently only support repo 'protocol': { 'name': OCM_SEAFILE_PROTOCOL, 'options': { 'sharedSecret': shared_secret, 'permissions': SEAFILE_PERMISSION2OCM_PERMISSION[permission], 'repoId': repo_id, 'seafileServiceURL': check_url_slash(config.SERVICE_URL), }, }, } url = consumer_protocol['endPoint'] + OCM_CREATE_SHARE_URL try: requests.post(url, json=post_data) except Exception as e: logging.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error') ocm_share = OCMShare.objects.add( shared_secret=shared_secret, from_user=request.user.username, to_user=to_user, to_server_url=to_server_url, repo_id=repo_id, repo_name=repo.repo_name, path=path, permission=permission, ) return Response(ocm_share.to_dict())
def post(self, request, repo_id, format=None): """Update shared item permission. """ username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') repo_owner = self.get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') shared_to_user, shared_to_group = self.handle_shared_to_args(request) if shared_to_user: shared_to = request.GET.get('username') if shared_to is None or not is_valid_username(shared_to): return api_error(status.HTTP_400_BAD_REQUEST, 'Email %s invalid.' % shared_to) try: User.objects.get(email=shared_to) except User.DoesNotExist: return api_error(status.HTTP_400_BAD_REQUEST, 'Invalid user, should be registered') if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id update_user_dir_permission(repo_id, path, repo_owner, shared_to, permission, org_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) update_user_dir_permission(repo_id, path, repo_owner, shared_to, permission) send_perm_audit_msg('modify-repo-perm', username, shared_to, repo_id, path, permission) if shared_to_group: gid = request.GET.get('group_id') try: gid = int(gid) except ValueError: return api_error(status.HTTP_400_BAD_REQUEST, 'group_id %s invalid.' % gid) group = seaserv.get_group(gid) if not group: return api_error(status.HTTP_404_NOT_FOUND, 'Group %s not found.' % gid) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id update_group_dir_permission(repo_id, path, repo_owner, gid, permission, org_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) update_group_dir_permission(repo_id, path, repo_owner, gid, permission, None) send_perm_audit_msg('modify-repo-perm', username, gid, repo_id, path, permission) return HttpResponse(json.dumps({'success': True}), status=200, content_type=json_content_type)
def put(self, request, repo_id, format=None): """ Modify repo group folder perm. Permission checking: 1. is group admin """ # argument check path = request.data.get('folder_path', None) if not path: error_msg = 'folder_path invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) perm = request.data.get('permission', None) if not perm or perm not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group_id = request.data.get('group_id') if not group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: group_id = int(group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) path = normalize_dir_path(path) if not seafile_api.get_dir_id_by_path(repo_id, path): error_msg = 'Folder %s not found.' % path return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not ccnet_api.get_group(group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) repo_owner = get_repo_owner(request, repo_id) library_group_id = get_group_id_by_repo_owner(repo_owner) if not ccnet_api.get_group(library_group_id): error_msg = 'Group %s not found.' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) permission = seafile_api.get_folder_group_perm(repo_id, path, group_id) if not permission: error_msg = 'Folder permission not found.' return api_error(status.HTTP_404_NOT_FOUND, error_msg) # permission check username = request.user.username if not is_group_admin(library_group_id, username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # modify permission try: seafile_api.set_folder_group_perm(repo_id, path, perm, group_id) send_perm_audit_msg('modify-repo-perm', username, group_id, repo_id, path, perm) new_perm = seafile_api.get_folder_group_perm(repo_id, path, group_id) result = self._get_group_folder_perm_info(group_id, repo_id, path, new_perm) return Response(result) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
def put(self, request, repo_id, format=None): username = request.user.username repo = seafile_api.get_repo(repo_id) if not repo: return api_error(status.HTTP_404_NOT_FOUND, 'Library %s not found.' % repo_id) path = request.GET.get('p', '/') if seafile_api.get_dir_id_by_path(repo.id, path) is None: return api_error(status.HTTP_404_NOT_FOUND, 'Folder %s not found.' % path) if repo.encrypted and path != '/': return api_error(status.HTTP_400_BAD_REQUEST, 'Folder invalid.') share_type = request.data.get('share_type') if share_type != 'user' and share_type != 'group': return api_error(status.HTTP_400_BAD_REQUEST, 'share_type invalid.') repo_owner = self.get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): return api_error(status.HTTP_400_BAD_REQUEST, 'permission invalid.') result = {} result['failed'] = [] result['success'] = [] if share_type == 'user': share_to_users = request.data.getlist('username') for to_user in share_to_users: if not is_valid_username(to_user): result['failed'].append({ 'email': to_user, 'error_msg': _('username invalid.') }) continue try: User.objects.get(email=to_user) except User.DoesNotExist: result['failed'].append({ 'email': to_user, 'error_msg': _('User %s not found.') % to_user }) continue if self.has_shared_to_user(request, repo_id, path, to_user): result['failed'].append({ 'email': to_user, 'error_msg': _('This item has been shared to %s.') % email2nickname(to_user) }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id if not is_org_user(to_user, int(org_id)): org_name = request.user.org.org_name error_msg = 'User %s is not member of organization %s.' \ % (to_user, org_name) result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) # can't share to owner if to_user == repo_owner: error_msg = "Library can not be shared to owner" return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_dir_to_user(repo, path, repo_owner, username, to_user, permission, org_id) else: if is_org_user(to_user): error_msg = 'User %s is a member of organization.' % to_user result['failed'].append({ 'email': to_user, 'error_msg': error_msg }) continue repo_owner = seafile_api.get_repo_owner(repo_id) # can't share to owner if to_user == repo_owner: error_msg = "Library can not be shared to owner" return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_dir_to_user(repo, path, repo_owner, username, to_user, permission, None) avatar_url, is_default, date_uploaded = api_avatar_url( to_user, 72) result['success'].append({ "share_type": "user", "user_info": { "name": to_user, "nickname": email2nickname(to_user), "contact_email": email2contact_email(to_user), "avatar_url": avatar_url, }, "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) # send a signal when sharing repo successful share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_user, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, to_user, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'email': to_user, 'error_msg': 'Internal Server Error' }) continue if share_type == 'group': group_ids = request.data.getlist('group_id') for gid in group_ids: try: gid = int(gid) except ValueError: result['failed'].append( {'error_msg': 'group_id %s invalid.' % gid}) continue group = ccnet_api.get_group(gid) if not group: result['failed'].append( {'error_msg': 'Group %s not found' % gid}) continue if not config.ENABLE_SHARE_TO_ALL_GROUPS and \ not is_group_member(gid, username): result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Permission denied.' }) continue if self.has_shared_to_group(request, repo_id, path, gid): result['failed'].append({ 'group_name': group.group_name, 'error_msg': _('This item has been shared to %s.') % group.group_name }) continue try: org_id = None if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. repo_owner = seafile_api.get_org_repo_owner(repo_id) org_id = request.user.org.org_id share_dir_to_group(repo, path, repo_owner, username, gid, permission, org_id) else: repo_owner = seafile_api.get_repo_owner(repo_id) share_dir_to_group(repo, path, repo_owner, username, gid, permission, None) result['success'].append({ "share_type": "group", "group_info": { "id": gid, "name": group.group_name, }, "permission": PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission, "is_admin": permission == PERMISSION_ADMIN }) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=gid, repo=repo, path=path, org_id=org_id) send_perm_audit_msg('add-repo-perm', username, gid, repo_id, path, permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'group_name': group.group_name, 'error_msg': 'Internal Server Error' }) continue return HttpResponse(json.dumps(result), status=200, content_type=json_content_type)
def post(self, request, group_id): """ Add a group owned library by system admin. """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) permission = request.data.get('permission', PERMISSION_READ_WRITE) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check group_quota = seafile_api.get_group_quota(group_id) group_quota = int(group_quota) if group_quota <= 0 and group_quota != -2: error_msg = 'No group quota.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_org_context(request): # request called by org admin org_id = request.user.org.org_id else: org_id = -1 # create group owned repo group_id = int(group_id) if is_pro_version() and ENABLE_STORAGE_CLASSES: if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT', 'ROLE_BASED'): storages = get_library_storages(request) storage_id = request.data.get("storage_id", None) if storage_id and storage_id not in [ s['storage_id'] for s in storages ]: error_msg = 'storage_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, permission, password, enc_version=ENCRYPTED_LIBRARY_VERSION, storage_id=storage_id) else: # STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING' if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) else: repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) else: if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) else: repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) # for activities username = request.user.username library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) info = get_group_owned_repo_info(request, repo_id) # TODO info['permission'] = permission return Response(info)
def put(self, request, repo, path, share_type): """ Update user/group share permission. Permission checking: 1. admin user. """ # argument check permission = request.data.get('permission', None) if not permission or permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) share_info = {} share_info['repo_id'] = repo.repo_id share_info['path'] = path share_info['share_type'] = share_type # current `request.user.username` is admin user, # so need to identify the repo owner specifically. repo_owner = seafile_api.get_repo_owner(repo.repo_id) username = request.user.username share_to = request.data.get('share_to', None) if share_type == 'user': email = share_to if not email or not is_valid_username(email): error_msg = 'email %s invalid.' % email return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=email) except User.DoesNotExist: error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not has_shared_to_user(repo.repo_id, path, email): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: update_user_dir_permission(repo.repo_id, path, repo_owner, email, permission) send_perm_audit_msg('modify-repo-perm', username, email, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) share_info['user_email'] = email share_info['user_name'] = email2nickname(email) share_info[ 'permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission share_info['is_admin'] = permission == PERMISSION_ADMIN if share_type == 'group': group_id = share_to try: group_id = int(group_id) except ValueError: error_msg = 'group_id %s invalid.' % group_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(group_id) if not group: error_msg = 'Group %s not found' % group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not has_shared_to_group(repo.repo_id, path, group_id): error_msg = 'Shared items not found' return api_error(status.HTTP_404_NOT_FOUND, error_msg) try: update_group_dir_permission(repo.repo_id, path, repo_owner, group_id, permission) send_perm_audit_msg('modify-repo-perm', username, group_id, repo.repo_id, path, permission) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) share_info['group_id'] = group_id share_info['group_name'] = group.group_name share_info[ 'permission'] = PERMISSION_READ_WRITE if permission == PERMISSION_ADMIN else permission share_info['is_admin'] = permission == PERMISSION_ADMIN return Response(share_info)
def post(self, request): # argument check operation = request.data.get('operation', None) if not operation: error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # operation could be `share`, `unshare`, `delete`, `transfer` # we now only use `share`, `unshare` if operation not in ('share', 'unshare'): error_msg = 'operation can only be "share", "unshare".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) result = {} result['failed'] = [] result['success'] = [] username = request.user.username repo_id_list = request.data.getlist('repo_id') valid_repo_id_list = [] # filter out invalid repo id for repo_id in repo_id_list: if not seafile_api.get_repo(repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Library %s not found.' % repo_id }) continue repo_owner = get_repo_owner(request, repo_id) if repo_owner != username and not is_repo_admin(username, repo_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Permission denied.' }) continue valid_repo_id_list.append(repo_id) # share repo if operation == 'share': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) permission = request.data.get('permission', 'rw') if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # share repo to user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=to_username) except User.DoesNotExist: error_msg = 'User %s not found.' % to_username return api_error(status.HTTP_404_NOT_FOUND, error_msg) # check if to_user is an org user try: org_of_to_user = ccnet_api.get_orgs_by_user(to_username) except Exception as e: logger.error(e) org_of_to_user = [] if is_org_context(request): org_id = request.user.org.org_id org_name = request.user.org.org_name if len(org_of_to_user) == 0 or org_id != org_of_to_user[0].org_id: error_msg = 'User %s is not member of organization %s.' \ % (to_username, org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if len(org_of_to_user) >= 1: error_msg = 'User %s is member of organization %s.' \ % (to_username, org_of_to_user[0].org_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % to_username }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seaserv.seafserv_threaded_rpc.org_add_share(org_id, repo_id, username, to_username, permission) else: seafile_api.share_repo( repo_id, username, to_username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_user_successful.send(sender=None, from_user=username, to_user=to_username, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "username": to_username, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_username, repo_id, '/', permission) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # share repo to group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) if not group: error_msg = 'Group %s not found.' % to_group_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) group_name = group.group_name if not is_group_member(to_group_id, username): error_msg = 'User %s is not member of group %s.' % (username, group_name) return api_error(status.HTTP_403_FORBIDDEN, error_msg) for repo_id in valid_repo_id_list: if self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has been shared to %s.' % group_name }) continue try: org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.add_org_group_repo( repo_id, org_id, to_group_id, username, permission) else: seafile_api.set_group_repo( repo_id, to_group_id, username, permission) # send a signal when sharing repo successful repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=to_group_id, repo=repo, path='/', org_id=org_id) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, "permission": permission }) send_perm_audit_msg('add-repo-perm', username, to_group_id, repo_id, '/', permission) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo if operation == 'unshare': share_type = request.data.get('share_type', None) if not share_type: error_msg = 'share_type invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if share_type not in ('user', 'group'): error_msg = 'share_type can only be "user", "group".' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # unshare repo from user if share_type == 'user': to_username = request.data.get('username', None) if not to_username: error_msg = 'username invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) for repo_id in valid_repo_id_list: if not self.has_shared_to_user(request, repo_id, to_username): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % to_username }) continue repo_owner = get_repo_owner(request, repo_id) try: # get share permission before unshare operation permission = check_user_share_out_permission(repo_id, '/', to_username, is_org_context(request)) if is_org_context(request): # when calling seafile API to share authority related functions, change the uesrname to repo owner. org_id = request.user.org.org_id seafile_api.org_remove_share(org_id, repo_id, repo_owner, to_username) else: seafile_api.remove_share(repo_id, repo_owner, to_username) # Delete share permission at ExtraSharePermission table. ExtraSharePermission.objects.delete_share_permission(repo_id, to_username) # send message send_perm_audit_msg('delete-repo-perm', username, to_username, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "username": to_username, }) except Exception as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) # unshare repo from group if share_type == 'group': to_group_id = request.data.get('group_id', None) if not to_group_id: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: to_group_id = int(to_group_id) except ValueError: error_msg = 'group_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) group = ccnet_api.get_group(to_group_id) group_name = group.group_name if group else '' for repo_id in valid_repo_id_list: if not self.has_shared_to_group(request, repo_id, to_group_id): result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'This item has not been shared to %s.' % group_name }) continue try: # get share permission before unshare operation permission = check_group_share_out_permission(repo_id, '/', to_group_id, is_org_context(request)) org_id = None if is_org_context(request): org_id = request.user.org.org_id seafile_api.del_org_group_repo(repo_id, org_id, to_group_id) else: seafile_api.unset_group_repo( repo_id, to_group_id, username) # Delete share permission at ExtraSharePermission table. ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, to_group_id) # send message send_perm_audit_msg('delete-repo-perm', username, to_group_id, repo_id, '/', permission) result['success'].append({ "repo_id": repo_id, "group_id": to_group_id, "group_name": group_name, }) except SearpcError as e: logger.error(e) result['failed'].append({ 'repo_id': repo_id, 'error_msg': 'Internal Server Error' }) return Response(result)