def test_can_clean_department_repo_trash(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a department
group_id = ccnet_api.create_group('department_test',
'system admin',
parent_group_id=-1)
seafile_api.set_group_quota(group_id, -2)
repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw')
repo_owner = seafile_api.get_repo_owner(repo_id)
assert '@seafile_group' in repo_owner
group_repos = seafile_api.get_repos_by_group(group_id)
assert len(group_repos) == 1
group = ccnet_api.get_group(group_id)
# department add user
ccnet_api.group_add_member(group_id, group.creator_name,
self.user_name)
ccnet_api.group_add_member(group_id, group.creator_name,
self.tmp_user.username)
ccnet_api.group_set_admin(group_id, self.user_name)
ccnet_api.group_unset_admin(group_id, self.tmp_user.username)
assert is_group_admin(group_id, self.user_name)
assert not is_group_admin(group_id, self.tmp_user.username)
file_name = 'dep_test.txt'
self.create_file(repo_id=repo_id,
parent_dir='/',
filename=file_name,
username=self.user_name)
# delete a file first
seafile_api.del_file(repo_id, '/', file_name, self.user_name)
# get trash item count
self.login_as(self.user)
resp = self.client.get(reverse('api-v2.1-repo-trash', args=[repo_id]))
json_resp = json.loads(resp.content)
assert len(json_resp['data']) > 0
# department member can not clean trash
self.logout()
self.login_as(self.tmp_user)
resp = self.client.delete(self.url)
self.assertEqual(403, resp.status_code)
# department admin can clean library trash
self.logout()
self.login_as(self.user)
ccnet_api.group_set_admin(group_id, self.user_name)
resp = self.client.delete(self.url)
self.assertEqual(200, resp.status_code)
# get trash item count again
resp = self.client.get(self.url)
json_resp = json.loads(resp.content)
assert len(json_resp['data']) == 0
def add_group_owned_repo(self, group_id, repo_name, password, permission,
storage_id=None, org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, password, permission)
else:
return seafile_api.add_group_owned_repo(
group_id, repo_name, password, permission,
storage_id=storage_id)
def add_group_owned_repo(self,
group_id,
repo_name,
password,
permission,
storage_id=None,
org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, permission, password)
else:
return seafile_api.add_group_owned_repo(group_id,
repo_name,
permission,
password,
storage_id=storage_id)
def test_can_set_department_repo(self):
if not LOCAL_PRO_DEV_ENV:
return
# create a department
group_id = ccnet_api.create_group('department_test',
'system admin',
parent_group_id=-1)
seafile_api.set_group_quota(group_id, -2)
repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw')
repo_owner = seafile_api.get_repo_owner(repo_id)
assert '@seafile_group' in repo_owner
group_repos = seafile_api.get_repos_by_group(group_id)
assert len(group_repos) == 1
group = ccnet_api.get_group(group_id)
# department add user
ccnet_api.group_add_member(group_id, group.creator_name,
self.user.username)
ccnet_api.group_add_member(group_id, group.creator_name,
self.tmp_user.username)
ccnet_api.group_set_admin(group_id, self.user.username)
ccnet_api.group_unset_admin(group_id, self.tmp_user.username)
assert is_group_admin(group_id, self.user.username)
assert not is_group_admin(group_id, self.tmp_user.username)
url = reverse("api2-repo-history-limit", args=[repo_id])
self.config.ENABLE_REPO_HISTORY_SETTING = True
# department member can not set
self.logout()
self.login_as(self.tmp_user)
data = 'keep_days=%s' % 6
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(403, resp.status_code)
# department admin can set
self.logout()
self.login_as(self.user)
data = 'keep_days=%s' % 6
resp = self.client.put(url, data, 'application/x-www-form-urlencoded')
self.assertEqual(200, resp.status_code)
self.remove_group(group_id)
self.remove_repo(repo_id)
def add_group_owned_repo(self,
group_id,
repo_name,
password,
permission,
storage_id=None,
org_id=None):
if is_valid_org_id(org_id):
return seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, permission, password,
ENCRYPTED_LIBRARY_VERSION)
else:
return seafile_api.add_group_owned_repo(
group_id,
repo_name,
permission,
password,
enc_version=ENCRYPTED_LIBRARY_VERSION,
storage_id=storage_id)
def post(self, request, group_id):
""" Add a group owned library by system admin.
"""
# argument check
repo_name = request.data.get("repo_name", None)
if not repo_name or \
not is_valid_dirent_name(repo_name):
error_msg = "repo_name invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get("password", None)
permission = request.data.get('permission', PERMISSION_READ_WRITE)
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
group_quota = seafile_api.get_group_quota(group_id)
group_quota = int(group_quota)
if group_quota <= 0 and group_quota != -2:
error_msg = 'No group quota.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_org_context(request):
# request called by org admin
org_id = request.user.org.org_id
else:
org_id = -1
# create group owned repo
group_id = int(group_id)
if is_pro_version() and ENABLE_STORAGE_CLASSES:
if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT', 'ROLE_BASED'):
storages = get_library_storages(request)
storage_id = request.data.get("storage_id", None)
if storage_id and storage_id not in [
s['storage_id'] for s in storages
]:
error_msg = 'storage_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo_id = seafile_api.add_group_owned_repo(
group_id,
repo_name,
permission,
password,
enc_version=ENCRYPTED_LIBRARY_VERSION,
storage_id=storage_id)
else:
# STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING'
if org_id > 0:
repo_id = seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, permission, password,
ENCRYPTED_LIBRARY_VERSION)
else:
repo_id = seafile_api.add_group_owned_repo(
group_id, repo_name, permission, password,
ENCRYPTED_LIBRARY_VERSION)
else:
if org_id > 0:
repo_id = seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, permission, password,
ENCRYPTED_LIBRARY_VERSION)
else:
repo_id = seafile_api.add_group_owned_repo(
group_id, repo_name, permission, password,
ENCRYPTED_LIBRARY_VERSION)
# for activities
username = request.user.username
library_template = request.data.get("library_template", '')
repo_created.send(sender=None,
org_id=org_id,
creator=username,
repo_id=repo_id,
repo_name=repo_name,
library_template=library_template)
# for notification
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=group_id,
repo=repo,
path='/',
org_id=org_id)
info = get_group_owned_repo_info(request, repo_id)
# TODO
info['permission'] = permission
return Response(info)
def post(self, request, group_id, org_id):
""" Add a group owned library.
Permission checking:
1. role permission, can_add_repo;
1. is group admin;
"""
# argument check
repo_name = request.data.get("name", None)
if not repo_name or \
not is_valid_dirent_name(repo_name):
error_msg = "name invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get("passwd", None)
if password and not config.ENABLE_ENCRYPTED_LIBRARY:
error_msg = 'NOT allow to create encrypted library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = request.data.get('permission', PERMISSION_READ_WRITE)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
if not request.user.permissions.can_add_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not is_group_admin(group_id, request.user.username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
group_quota = seafile_api.get_group_quota(group_id)
group_quota = int(group_quota)
if group_quota <= 0 and group_quota != -2:
error_msg = 'No group quota.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create group owned repo
group_id = int(group_id)
if is_pro_version() and ENABLE_STORAGE_CLASSES:
if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT',
'ROLE_BASED'):
storages = get_library_storages(request)
storage_id = request.data.get("storage_id", None)
if storage_id and storage_id not in [s['storage_id'] for s in storages]:
error_msg = 'storage_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo_id = seafile_api.add_group_owned_repo(group_id, repo_name,
password, permission, storage_id)
else:
# STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING'
repo_id = SeafileAPI.add_group_owned_repo(
group_id, repo_name, password, permission, org_id=org_id)
else:
repo_id = SeafileAPI.add_group_owned_repo(
group_id, repo_name, password, permission, org_id=org_id)
# for activities
username = request.user.username
library_template = request.data.get("library_template", '')
repo_created.send(sender=None, org_id=org_id, creator=username,
repo_id=repo_id, repo_name=repo_name,
library_template=library_template)
# for notification
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None, from_user=username,
group_id=group_id, repo=repo, path='/', org_id=org_id)
info = get_group_owned_repo_info(request, repo_id)
# TODO
info['permission'] = permission
return Response(info)
def post(self, request, group_id, org_id):
""" Add a group owned library.
Permission checking:
1. role permission, can_add_repo;
1. is group admin;
"""
# argument check
repo_name = request.data.get("name", None)
if not repo_name or \
not is_valid_dirent_name(repo_name):
error_msg = "name invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get("passwd", None)
if password and not config.ENABLE_ENCRYPTED_LIBRARY:
error_msg = 'NOT allow to create encrypted library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = request.data.get('permission', PERMISSION_READ_WRITE)
if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]:
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
if not request.user.permissions.can_add_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not is_group_admin(group_id, request.user.username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
group_quota = seafile_api.get_group_quota(group_id)
group_quota = int(group_quota)
if group_quota <= 0 and group_quota != -2:
error_msg = 'No group quota.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create group owned repo
group_id = int(group_id)
if is_pro_version() and ENABLE_STORAGE_CLASSES:
if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT',
'ROLE_BASED'):
storages = get_library_storages(request)
storage_id = request.data.get("storage_id", None)
if storage_id and storage_id not in [s['storage_id'] for s in storages]:
error_msg = 'storage_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo_id = seafile_api.add_group_owned_repo(group_id, repo_name,
password, permission, storage_id)
else:
# STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING'
repo_id = SeafileAPI.add_group_owned_repo(
group_id, repo_name, password, permission, org_id=org_id)
else:
repo_id = SeafileAPI.add_group_owned_repo(
group_id, repo_name, password, permission, org_id=org_id)
# for activities
username = request.user.username
library_template = request.data.get("library_template", '')
repo_created.send(sender=None, org_id=org_id, creator=username,
repo_id=repo_id, repo_name=repo_name,
library_template=library_template)
# for notification
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None, from_user=username,
group_id=group_id, repo=repo, path='/', org_id=org_id)
info = get_group_owned_repo_info(request, repo_id)
# TODO
info['permission'] = permission
return Response(info)
def create_and_add_group_to_db(self, dn_name, group, group_dn_db,
group_data_ldap):
if group.is_department and group_dn_db.has_key(dn_name):
return group_dn_db[dn_name]
super_user = None
if group.is_department:
super_user = '******'
else:
super_user = LdapGroupSync.get_super_user()
parent_id = 0
if not group.is_department:
parent_id = 0
else:
if not group.parent_dn:
parent_id = -1
elif group_dn_db.has_key(group.parent_dn):
parent_id = group_dn_db[group.parent_dn]
else:
parent_group = group_data_ldap[group.parent_dn]
parent_id = self.create_and_add_group_to_db(
group.parent_dn, parent_group, group_dn_db,
group_data_ldap)
group_id = ccnet_api.create_group(group.cn, super_user, 'LDAP',
parent_id)
if group_id < 0:
logger.warning('create ldap group [%s] failed.' % group.cn)
return
ret = add_group_dn_pair(group_id, dn_name)
if ret < 0:
logger.warning('add group dn pair %d<->%s failed.' %
(group_id, dn_name))
# admin should remove created group manually in web
return
logger.debug('create group %d, and add dn pair %s<->%d success.' %
(group_id, dn_name, group_id))
self.agroup += 1
group.group_id = group_id
if group.is_department:
if group.config.default_department_quota > 0:
quota_to_set = group.config.default_department_quota * 1000000
else:
quota_to_set = group.config.default_department_quota
ret = seafile_api.set_group_quota(group_id, quota_to_set)
if ret < 0:
logger.warning('Failed to set group [%s] quota.' % group.cn)
if group.config.create_department_library:
ret = seafile_api.add_group_owned_repo(group_id, group.cn,
'rw')
if not ret:
logger.warning(
'Failed to create group owned repo for %s.' % group.cn)
for member in group.members:
ret = group_add_member(group_id, super_user, member)
if ret < 0:
logger.warning('add member %s to group %d failed.' %
(member, group_id))
return
logger.debug('add member %s to group %d success.' %
(member, group_id))
group_dn_db[dn_name] = group_id
return group_id
def post(self, request, group_id):
""" Add a group owned library by system admin.
"""
# argument check
repo_name = request.data.get("repo_name", None)
if not repo_name or \
not is_valid_dirent_name(repo_name):
error_msg = "repo_name invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get("password", None)
permission = request.data.get('permission', PERMISSION_READ_WRITE)
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
group_quota = seafile_api.get_group_quota(group_id)
group_quota = int(group_quota)
if group_quota <= 0 and group_quota != -2:
error_msg = 'No group quota.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if is_org_context(request):
# request called by org admin
org_id = request.user.org.org_id
else:
org_id = -1
# create group owned repo
group_id = int(group_id)
if is_pro_version() and ENABLE_STORAGE_CLASSES:
if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT',
'ROLE_BASED'):
storages = get_library_storages(request)
storage_id = request.data.get("storage_id", None)
if storage_id and storage_id not in [s['storage_id'] for s in storages]:
error_msg = 'storage_id invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
repo_id = seafile_api.add_group_owned_repo(group_id, repo_name,
password, permission, storage_id)
else:
# STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING'
if org_id > 0:
repo_id = seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, password, permission)
else:
repo_id = seafile_api.add_group_owned_repo(
group_id, repo_name, password, permission)
else:
if org_id > 0:
repo_id = seafile_api.org_add_group_owned_repo(
org_id, group_id, repo_name, password, permission)
else:
repo_id = seafile_api.add_group_owned_repo(group_id, repo_name,
password, permission)
# for activities
username = request.user.username
library_template = request.data.get("library_template", '')
repo_created.send(sender=None, org_id=org_id, creator=username,
repo_id=repo_id, repo_name=repo_name,
library_template=library_template)
# for notification
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None, from_user=username,
group_id=group_id, repo=repo, path='/', org_id=org_id)
info = get_group_owned_repo_info(request, repo_id)
# TODO
info['permission'] = permission
return Response(info)
