def get(self, request, email): """ return all groups user joined Permission checking: 1. Admin user; """ if not request.user.admin_permissions.can_manage_user(): return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') try: User.objects.get(email=email) except User.DoesNotExist as e: logger.error(e) error_msg = 'User %s not found.' % email return api_error(status.HTTP_404_NOT_FOUND, error_msg) groups_info = [] try: groups = ccnet_api.get_groups(email) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) # Use dict to reduce memcache fetch cost in large for-loop. nickname_dict = {} creator_name_set = set([g.creator_name for g in groups]) for e in creator_name_set: if e not in nickname_dict: nickname_dict[e] = email2nickname(e) for group in groups: isoformat_timestr = timestamp_to_isoformat_timestr(group.timestamp) group_info = { "id": group.id, "name": group.group_name, "owner_email": group.creator_name, "owner_name": nickname_dict.get(group.creator_name, ''), "created_at": isoformat_timestr, "parent_group_id": group.parent_group_id if is_pro_version() else 0 } groups_info.append(group_info) try: is_group_staff = ccnet_api.check_group_staff(group.id, email) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if email == group.creator_name: group_info['role'] = 'Owner' elif is_group_staff: group_info['role'] = 'Admin' else: group_info['role'] = 'Member' return Response({'group_list': groups_info})
def get_group_member_info(request, group_id, email, avatar_size=AVATAR_DEFAULT_SIZE): p = Profile.objects.get_profile_by_user(email) if p: login_id = p.login_id if p.login_id else '' else: login_id = '' avatar_url, is_default, date_uploaded = api_avatar_url(email, avatar_size) role = 'Member' group = ccnet_api.get_group(int(group_id)) is_admin = bool(ccnet_api.check_group_staff(int(group_id), email)) if email == group.creator_name: role = 'Owner' elif is_admin: role = 'Admin' member_info = { 'group_id': group_id, "name": email2nickname(email), 'email': email, "contact_email": Profile.objects.get_contact_email_by_user(email), "login_id": login_id, "avatar_url": avatar_url, "is_admin": is_admin, "role": role, } return member_info
def get_group_member_info(request, group_id, email, avatar_size=AVATAR_DEFAULT_SIZE): p = Profile.objects.get_profile_by_user(email) if p: login_id = p.login_id if p.login_id else '' else: login_id = '' try: avatar_url, is_default, date_uploaded = api_avatar_url(email, avatar_size) except Exception as e: logger.error(e) avatar_url = get_default_avatar_url() role = 'Member' group = ccnet_api.get_group(int(group_id)) is_admin = bool(ccnet_api.check_group_staff(int(group_id), email)) if email == group.creator_name: role = 'Owner' elif is_admin: role = 'Admin' member_info = { 'group_id': group_id, "name": email2nickname(email), 'email': email, "contact_email": Profile.objects.get_contact_email_by_user(email), "login_id": login_id, "avatar_url": request.build_absolute_uri(avatar_url), "is_admin": is_admin, "role": role, } return member_info
def post(self, request, repo_id): """ Only used for reset encrypted repo's password, and then send new password to user's mainbox. Permission checking: 1. repo owner. """ if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD or \ not IS_EMAIL_CONFIGURED: error_msg = _('Feature disabled.') return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not repo.encrypted: error_msg = 'Library %s is not encrypted.' % repo_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username repo_owner = get_repo_owner(request, repo_id) if '@seafile_group' in repo_owner: group_id = email2nickname(repo_owner) if not ccnet_api.check_group_staff(int(group_id), username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) secret_key = RepoSecretKey.objects.get_secret_key(repo_id) if not secret_key: error_msg = _("Can not reset this library's password.") return api_error(HTTP_520_OPERATION_FAILED, error_msg) new_password = get_random_string(10) try: seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password) content = {'repo_name': repo.name, 'password': new_password} send_html_email( _('New password of library %s') % repo.name, 'snippets/reset_repo_password.html', content, None, [email2contact_email(username)]) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})
def delete(self, request, group_id, discuss_id, format=None): """Remove a group discussion. Only discussion creator or group admin can perform this op. """ username = request.user.username group_id = int(group_id) try: discussion = GroupMessage.objects.get(pk=discuss_id) except GroupMessage.DoesNotExist: return api_error(status.HTTP_400_BAD_REQUEST, 'Discussion id %s not found.' % discuss_id) # perm check if not ccnet_api.check_group_staff(group_id, username) and \ discussion.from_email != username: return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') discussion.delete() return Response(status=204)
def is_group_admin(group_id, email): return ccnet_api.check_group_staff(int(group_id), email)
def is_group_admin(group_id, email): return ccnet_api.check_group_staff(int(group_id), email)
def put(self, request, repo_id): """ Change/Init repo password. Permission checking: 1. repo owner """ # argument check operation = request.data.get('operation', 'change-password') operation = operation.lower() if operation not in ('change-password', 'reset-password', 'can-reset-password'): error_msg = 'operation invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # resource check repo = seafile_api.get_repo(repo_id) if not repo: error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) if not repo.encrypted: error_msg = 'Library %s is not encrypted.' % repo_id return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check username = request.user.username repo_owner = get_repo_owner(request, repo_id) if '@seafile_group' in repo_owner: group_id = email2nickname(repo_owner) if not ccnet_api.check_group_staff(int(group_id), username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: if username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if operation == 'change-password': old_password = request.data.get('old_password', None) if not old_password: error_msg = 'old_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) new_password = request.data.get('new_password', None) if not new_password: error_msg = 'new_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seafile_api.change_repo_passwd(repo_id, old_password, new_password, username) except Exception as e: if e.msg == 'Incorrect password': error_msg = _('Wrong old password') return api_error(status.HTTP_403_FORBIDDEN, error_msg) else: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) if ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: add_encrypted_repo_secret_key_to_database(repo_id, new_password) if operation == 'can-reset-password': if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not RepoSecretKey.objects.get_secret_key(repo_id): return Response({'allowed': False}) else: return Response({'allowed': True}) if operation == 'reset-password': if not ENABLE_RESET_ENCRYPTED_REPO_PASSWORD: error_msg = 'Feature disabled.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) new_password = request.data.get('new_password', None) if not new_password: error_msg = 'new_password invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) secret_key = RepoSecretKey.objects.get_secret_key(repo_id) if not secret_key: error_msg = _("Can not reset this library's password.") return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: seafile_api.reset_repo_passwd(repo_id, username, secret_key, new_password) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) return Response({'success': True})