def test_can_clean_department_repo_trash(self): if not LOCAL_PRO_DEV_ENV: return # create a department group_id = ccnet_api.create_group('department_test', 'system admin', parent_group_id=-1) seafile_api.set_group_quota(group_id, -2) repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw') repo_owner = seafile_api.get_repo_owner(repo_id) assert '@seafile_group' in repo_owner group_repos = seafile_api.get_repos_by_group(group_id) assert len(group_repos) == 1 group = ccnet_api.get_group(group_id) # department add user ccnet_api.group_add_member(group_id, group.creator_name, self.user_name) ccnet_api.group_add_member(group_id, group.creator_name, self.tmp_user.username) ccnet_api.group_set_admin(group_id, self.user_name) ccnet_api.group_unset_admin(group_id, self.tmp_user.username) assert is_group_admin(group_id, self.user_name) assert not is_group_admin(group_id, self.tmp_user.username) file_name = 'dep_test.txt' self.create_file(repo_id=repo_id, parent_dir='/', filename=file_name, username=self.user_name) # delete a file first seafile_api.del_file(repo_id, '/', file_name, self.user_name) # get trash item count self.login_as(self.user) resp = self.client.get(reverse('api-v2.1-repo-trash', args=[repo_id])) json_resp = json.loads(resp.content) assert len(json_resp['data']) > 0 # department member can not clean trash self.logout() self.login_as(self.tmp_user) resp = self.client.delete(self.url) self.assertEqual(403, resp.status_code) # department admin can clean library trash self.logout() self.login_as(self.user) ccnet_api.group_set_admin(group_id, self.user_name) resp = self.client.delete(self.url) self.assertEqual(200, resp.status_code) # get trash item count again resp = self.client.get(self.url) json_resp = json.loads(resp.content) assert len(json_resp['data']) == 0
def add_group_owned_repo(self, group_id, repo_name, password, permission, storage_id=None, org_id=None): if is_valid_org_id(org_id): return seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, password, permission) else: return seafile_api.add_group_owned_repo( group_id, repo_name, password, permission, storage_id=storage_id)
def add_group_owned_repo(self, group_id, repo_name, password, permission, storage_id=None, org_id=None): if is_valid_org_id(org_id): return seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, permission, password) else: return seafile_api.add_group_owned_repo(group_id, repo_name, permission, password, storage_id=storage_id)
def test_can_set_department_repo(self): if not LOCAL_PRO_DEV_ENV: return # create a department group_id = ccnet_api.create_group('department_test', 'system admin', parent_group_id=-1) seafile_api.set_group_quota(group_id, -2) repo_id = seafile_api.add_group_owned_repo(group_id, 'dep_test', 'rw') repo_owner = seafile_api.get_repo_owner(repo_id) assert '@seafile_group' in repo_owner group_repos = seafile_api.get_repos_by_group(group_id) assert len(group_repos) == 1 group = ccnet_api.get_group(group_id) # department add user ccnet_api.group_add_member(group_id, group.creator_name, self.user.username) ccnet_api.group_add_member(group_id, group.creator_name, self.tmp_user.username) ccnet_api.group_set_admin(group_id, self.user.username) ccnet_api.group_unset_admin(group_id, self.tmp_user.username) assert is_group_admin(group_id, self.user.username) assert not is_group_admin(group_id, self.tmp_user.username) url = reverse("api2-repo-history-limit", args=[repo_id]) self.config.ENABLE_REPO_HISTORY_SETTING = True # department member can not set self.logout() self.login_as(self.tmp_user) data = 'keep_days=%s' % 6 resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(403, resp.status_code) # department admin can set self.logout() self.login_as(self.user) data = 'keep_days=%s' % 6 resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) self.remove_group(group_id) self.remove_repo(repo_id)
def add_group_owned_repo(self, group_id, repo_name, password, permission, storage_id=None, org_id=None): if is_valid_org_id(org_id): return seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) else: return seafile_api.add_group_owned_repo( group_id, repo_name, permission, password, enc_version=ENCRYPTED_LIBRARY_VERSION, storage_id=storage_id)
def post(self, request, group_id): """ Add a group owned library by system admin. """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) permission = request.data.get('permission', PERMISSION_READ_WRITE) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check group_quota = seafile_api.get_group_quota(group_id) group_quota = int(group_quota) if group_quota <= 0 and group_quota != -2: error_msg = 'No group quota.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_org_context(request): # request called by org admin org_id = request.user.org.org_id else: org_id = -1 # create group owned repo group_id = int(group_id) if is_pro_version() and ENABLE_STORAGE_CLASSES: if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT', 'ROLE_BASED'): storages = get_library_storages(request) storage_id = request.data.get("storage_id", None) if storage_id and storage_id not in [ s['storage_id'] for s in storages ]: error_msg = 'storage_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, permission, password, enc_version=ENCRYPTED_LIBRARY_VERSION, storage_id=storage_id) else: # STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING' if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) else: repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) else: if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) else: repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, permission, password, ENCRYPTED_LIBRARY_VERSION) # for activities username = request.user.username library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) info = get_group_owned_repo_info(request, repo_id) # TODO info['permission'] = permission return Response(info)
def post(self, request, group_id, org_id): """ Add a group owned library. Permission checking: 1. role permission, can_add_repo; 1. is group admin; """ # argument check repo_name = request.data.get("name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("passwd", None) if password and not config.ENABLE_ENCRYPTED_LIBRARY: error_msg = 'NOT allow to create encrypted library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = request.data.get('permission', PERMISSION_READ_WRITE) if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check if not request.user.permissions.can_add_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not is_group_admin(group_id, request.user.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) group_quota = seafile_api.get_group_quota(group_id) group_quota = int(group_quota) if group_quota <= 0 and group_quota != -2: error_msg = 'No group quota.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create group owned repo group_id = int(group_id) if is_pro_version() and ENABLE_STORAGE_CLASSES: if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT', 'ROLE_BASED'): storages = get_library_storages(request) storage_id = request.data.get("storage_id", None) if storage_id and storage_id not in [s['storage_id'] for s in storages]: error_msg = 'storage_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = seafile_api.add_group_owned_repo(group_id, repo_name, password, permission, storage_id) else: # STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING' repo_id = SeafileAPI.add_group_owned_repo( group_id, repo_name, password, permission, org_id=org_id) else: repo_id = SeafileAPI.add_group_owned_repo( group_id, repo_name, password, permission, org_id=org_id) # for activities username = request.user.username library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) info = get_group_owned_repo_info(request, repo_id) # TODO info['permission'] = permission return Response(info)
def post(self, request, group_id, org_id): """ Add a group owned library. Permission checking: 1. role permission, can_add_repo; 1. is group admin; """ # argument check repo_name = request.data.get("name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("passwd", None) if password and not config.ENABLE_ENCRYPTED_LIBRARY: error_msg = 'NOT allow to create encrypted library.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) permission = request.data.get('permission', PERMISSION_READ_WRITE) if permission not in [PERMISSION_READ, PERMISSION_READ_WRITE]: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check if not request.user.permissions.can_add_repo(): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if not is_group_admin(group_id, request.user.username): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) group_quota = seafile_api.get_group_quota(group_id) group_quota = int(group_quota) if group_quota <= 0 and group_quota != -2: error_msg = 'No group quota.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) # create group owned repo group_id = int(group_id) if is_pro_version() and ENABLE_STORAGE_CLASSES: if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT', 'ROLE_BASED'): storages = get_library_storages(request) storage_id = request.data.get("storage_id", None) if storage_id and storage_id not in [s['storage_id'] for s in storages]: error_msg = 'storage_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = seafile_api.add_group_owned_repo(group_id, repo_name, password, permission, storage_id) else: # STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING' repo_id = SeafileAPI.add_group_owned_repo( group_id, repo_name, password, permission, org_id=org_id) else: repo_id = SeafileAPI.add_group_owned_repo( group_id, repo_name, password, permission, org_id=org_id) # for activities username = request.user.username library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) info = get_group_owned_repo_info(request, repo_id) # TODO info['permission'] = permission return Response(info)
def create_and_add_group_to_db(self, dn_name, group, group_dn_db, group_data_ldap): if group.is_department and group_dn_db.has_key(dn_name): return group_dn_db[dn_name] super_user = None if group.is_department: super_user = '******' else: super_user = LdapGroupSync.get_super_user() parent_id = 0 if not group.is_department: parent_id = 0 else: if not group.parent_dn: parent_id = -1 elif group_dn_db.has_key(group.parent_dn): parent_id = group_dn_db[group.parent_dn] else: parent_group = group_data_ldap[group.parent_dn] parent_id = self.create_and_add_group_to_db( group.parent_dn, parent_group, group_dn_db, group_data_ldap) group_id = ccnet_api.create_group(group.cn, super_user, 'LDAP', parent_id) if group_id < 0: logger.warning('create ldap group [%s] failed.' % group.cn) return ret = add_group_dn_pair(group_id, dn_name) if ret < 0: logger.warning('add group dn pair %d<->%s failed.' % (group_id, dn_name)) # admin should remove created group manually in web return logger.debug('create group %d, and add dn pair %s<->%d success.' % (group_id, dn_name, group_id)) self.agroup += 1 group.group_id = group_id if group.is_department: if group.config.default_department_quota > 0: quota_to_set = group.config.default_department_quota * 1000000 else: quota_to_set = group.config.default_department_quota ret = seafile_api.set_group_quota(group_id, quota_to_set) if ret < 0: logger.warning('Failed to set group [%s] quota.' % group.cn) if group.config.create_department_library: ret = seafile_api.add_group_owned_repo(group_id, group.cn, 'rw') if not ret: logger.warning( 'Failed to create group owned repo for %s.' % group.cn) for member in group.members: ret = group_add_member(group_id, super_user, member) if ret < 0: logger.warning('add member %s to group %d failed.' % (member, group_id)) return logger.debug('add member %s to group %d success.' % (member, group_id)) group_dn_db[dn_name] = group_id return group_id
def post(self, request, group_id): """ Add a group owned library by system admin. """ # argument check repo_name = request.data.get("repo_name", None) if not repo_name or \ not is_valid_dirent_name(repo_name): error_msg = "repo_name invalid." return api_error(status.HTTP_400_BAD_REQUEST, error_msg) password = request.data.get("password", None) permission = request.data.get('permission', PERMISSION_READ_WRITE) if permission not in get_available_repo_perms(): error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check group_quota = seafile_api.get_group_quota(group_id) group_quota = int(group_quota) if group_quota <= 0 and group_quota != -2: error_msg = 'No group quota.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) if is_org_context(request): # request called by org admin org_id = request.user.org.org_id else: org_id = -1 # create group owned repo group_id = int(group_id) if is_pro_version() and ENABLE_STORAGE_CLASSES: if STORAGE_CLASS_MAPPING_POLICY in ('USER_SELECT', 'ROLE_BASED'): storages = get_library_storages(request) storage_id = request.data.get("storage_id", None) if storage_id and storage_id not in [s['storage_id'] for s in storages]: error_msg = 'storage_id invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) repo_id = seafile_api.add_group_owned_repo(group_id, repo_name, password, permission, storage_id) else: # STORAGE_CLASS_MAPPING_POLICY == 'REPO_ID_MAPPING' if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, password, permission) else: repo_id = seafile_api.add_group_owned_repo( group_id, repo_name, password, permission) else: if org_id > 0: repo_id = seafile_api.org_add_group_owned_repo( org_id, group_id, repo_name, password, permission) else: repo_id = seafile_api.add_group_owned_repo(group_id, repo_name, password, permission) # for activities username = request.user.username library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, repo_id=repo_id, repo_name=repo_name, library_template=library_template) # for notification repo = seafile_api.get_repo(repo_id) share_repo_to_group_successful.send(sender=None, from_user=username, group_id=group_id, repo=repo, path='/', org_id=org_id) info = get_group_owned_repo_info(request, repo_id) # TODO info['permission'] = permission return Response(info)