def check_group_share_in_permission(repo_id, group_id, is_org=False):
# Returns the permission to share the group you joined.
repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, group_id, is_org)
if not repo:
return None
extra_permission = ExtraGroupsSharePermission.objects.get_group_permission(repo_id, group_id)
return extra_permission if extra_permission else repo.permission
def delete(self, request, group_id, repo_id):
""" Delete a group library.
Permission checking:
1. is repo owner;
2. is repo admin;
3. is group admin;
"""
group_id = int(group_id)
repo = seafile_api.get_repo(repo_id)
if not repo:
error_msg = 'Library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
is_org = False
if is_org_context(request):
is_org = True
group_repo = seafile_api.get_group_shared_repo_by_path(repo_id,
None, group_id, is_org)
if not group_repo:
error_msg = 'Group library %s not found.' % repo_id
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# only group admin or repo owner can delete group repo.
username = request.user.username
repo_owner = get_repo_owner(request, repo_id)
if not is_group_admin(group_id, username) and \
repo_owner != username and \
not is_repo_admin(username, repo_id):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = check_group_share_in_permission(repo_id, group_id, is_org)
if is_org:
org_id = ccnet_api.get_org_id_by_group(group_id)
seafile_api.del_org_group_repo(repo_id, org_id, group_id)
else:
seafile_api.unset_group_repo(repo_id, group_id, username)
origin_repo_id = group_repo.origin_repo_id or repo_id
origin_path = group_repo.origin_path or '/'
send_perm_audit_msg('delete-repo-perm', username, group_id,
origin_repo_id, origin_path, permission)
# delete extra share permission
ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, group_id)
return Response({'success': True})
def check_group_share_out_permission(repo_id, path, group_id, is_org=False):
# Return the permission that share to other's group.
path = None if path == '/' else path
repo = seafile_api.get_group_shared_repo_by_path(repo_id, path, group_id, is_org)
if not repo:
return None
permission = repo.permission
if path is None:
extra_permission = ExtraGroupsSharePermission.objects.get_group_permission(repo_id, group_id)
permission = extra_permission if extra_permission else repo.permission
return permission
def post(self, request, group_id):
""" Add a group library.
Permission checking:
1. role permission, can_add_repo;
1. is group member;
"""
# argument check
repo_name = request.data.get("repo_name", None)
if not repo_name or \
not is_valid_dirent_name(repo_name):
error_msg = "repo_name invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get("password", None)
if password and not config.ENABLE_ENCRYPTED_LIBRARY:
error_msg = 'NOT allow to create encrypted library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
if not request.user.permissions.can_add_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not is_group_member(group_id, request.user.username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create group repo
org_id = -1
group_id = int(group_id)
username = request.user.username
is_org = False
if is_org_context(request):
is_org = True
org_id = request.user.org.org_id
repo_id = seafile_api.create_org_repo(repo_name, '', username,
password, org_id)
else:
repo_id = seafile_api.create_repo(repo_name, '', username,
password)
repo = seafile_api.get_repo(repo_id)
share_dir_to_group(repo, '/', username, username, group_id, permission,
org_id if is_org else None)
# for activities
library_template = request.data.get("library_template", '')
repo_created.send(sender=None,
org_id=org_id,
creator=username,
repo_id=repo_id,
repo_name=repo_name,
library_template=library_template)
# for notification
repo = seafile_api.get_repo(repo_id)
share_repo_to_group_successful.send(sender=None,
from_user=username,
group_id=group_id,
repo=repo,
path='/',
org_id=org_id)
# for perm audit
send_perm_audit_msg('add-repo-perm', username, group_id, repo_id, '/',
permission)
group_repo = seafile_api.get_group_shared_repo_by_path(
repo_id, None, group_id, is_org)
group_repo_info = get_group_repo_info(request, group_repo)
return Response(group_repo_info)
def test_share_repo_to_group(repo, group, permission):
assert api.check_permission(repo.id, USER) == 'rw'
assert api.check_permission(repo.id, USER2) is None
repos = api.get_repos_by_group(group.id)
assert len(repos) == 0
group_list = ccnet_api.get_groups(USER)
assert len(group_list) == 1
group_list = ccnet_api.get_groups(USER2)
assert len(group_list) == 0
api.group_share_repo(repo.id, group.id, USER, permission)
repos = api.get_repos_by_group(group.id)
assert_repo_with_permission(repo, repos, permission)
group_ids = api.get_shared_group_ids_by_repo(repo.id)
assert group_ids[0] == str(group.id)
group_list = api.list_repo_shared_group_by_user(USER, repo.id)
assert len(group_list) == 1
group_list = api.list_repo_shared_group_by_user(USER2, repo.id)
assert len(group_list) == 0
repo_get = api.get_group_shared_repo_by_path(repo.id, None, group.id)
assert repo_get and repo_get.repo_id == repo.id
ccnet_api.group_add_member(group.id, USER, USER2)
group_list = ccnet_api.get_groups(USER2)
assert len(group_list) == 1
group = group_list[0]
assert group.id == group.id
repos2 = api.get_repos_by_group(group.id)
assert_repo_with_permission(repo, repos2, permission)
assert api.check_permission(repo.id, USER2) == permission
repos = api.get_group_repos_by_user(USER)
assert len(repos) == 1
repoids = api.get_group_repoids(group.id)
assert len(repoids) == 1
repos = api.get_group_repos_by_owner(USER)
assert len(repos) == 1
api.remove_group_repos_by_owner(group.id, USER)
repos = api.get_group_repos_by_owner(USER)
assert len(repos) == 0
api.set_group_repo(repo.id, group.id, USER, permission)
repos = api.get_repos_by_group(group.id)
assert len(repos) == 1
api.remove_group_repos(group.id)
repos = api.get_repos_by_group(group.id)
assert len(repos) == 0
api.group_unshare_repo(repo.id, group.id, USER)
repos = api.get_repos_by_group(group.id)
assert len(repos) == 0
assert api.check_permission(repo.id, USER2) is None
def post(self, request, group_id):
""" Add a group library.
Permission checking:
1. role permission, can_add_repo;
1. is group member;
"""
# argument check
repo_name = request.data.get("repo_name", None)
if not repo_name or \
not is_valid_dirent_name(repo_name):
error_msg = "repo_name invalid."
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
password = request.data.get("password", None)
if password and not config.ENABLE_ENCRYPTED_LIBRARY:
error_msg = 'NOT allow to create encrypted library.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
permission = request.data.get('permission', PERMISSION_READ)
if permission not in get_available_repo_perms():
error_msg = 'permission invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check
if not request.user.permissions.can_add_repo():
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not is_group_member(group_id, request.user.username):
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
# create group repo
org_id = -1
group_id = int(group_id)
username = request.user.username
is_org = False
if is_org_context(request):
is_org = True
org_id = request.user.org.org_id
repo_id = seafile_api.create_org_repo(repo_name,
'', username, password, org_id)
else:
repo_id = seafile_api.create_repo(repo_name,
'', username, password)
repo = seafile_api.get_repo(repo_id)
share_dir_to_group(repo, '/', username, username, group_id,
permission, org_id if is_org else None)
# for activities
library_template = request.data.get("library_template", '')
repo_created.send(sender=None, org_id=org_id, creator=username,
repo_id=repo_id, repo_name=repo_name,
library_template=library_template)
# for notification
share_repo_to_group_successful.send(sender=None, from_user=username,
group_id=group_id, repo=repo, path='/', org_id=org_id)
# for perm audit
send_perm_audit_msg('add-repo-perm', username, group_id,
repo_id, '/', permission)
group_repo = seafile_api.get_group_shared_repo_by_path(repo_id,
None, group_id, is_org)
group_repo_info = get_group_repo_info(request, group_repo)
group_repo_info['owner_email'] = username
group_repo_info['owner_name'] = email2nickname(username)
group_repo_info['owner_contact_email'] = email2contact_email(username)
modifier = group_repo.last_modifier
group_repo_info['modifier_email'] = modifier
group_repo_info['modifier_name'] = email2nickname(modifier)
group_repo_info['modifier_contact_email'] = email2contact_email(modifier)
return Response(group_repo_info)
